Introduction
Cisco ACE modules support virtualized architecture to increase datacenter scalability. You can create upto 250 virtualized contexts on an ACE module. Cisco ACE working as loadbalancer helps to decide which server should serve a client request.
You can configure static sticky table entries based on the source IP address, destination IP address, or real server name and port. Static sticky-IP values remain constant over time and you can configure multiple static entries.
Note: 
When you configure a static entry, the ACE enters it into the sticky table immediately. You can create a maximum of 4096 static entries.
Topology overview
ACE One-arm deployment (VLAN 903), I had three servers for testing r1,r2,r3 all of them are L2 connected to VLAN903, the ACE VLAN903 IP address is the default gateway for all these servers.
r2 is mapped to r3 and r3 is mapped to r2 using static source sticky group. r1 is the backup server for r3.
Version
The configuration shown in this document is created on ACE-20 module running A2(3.4) version software.
ACE Configuration
\\define the rserver hosts
rserver host r1
ip address 172.16.4.4
inservice
rserver host r2
ip address 172.16.4.5
inservice
rserver host r3
ip address 172.16.4.6
\\map the rserver's to the serverfarm
serverfarm host webfarm
rserver r1
inservice standby
rserver r2
inservice
rserver r3
backup-rserver r1
inservice
\\define static sticky server, here we are mapping r2 to r3 and r3 to r2
sticky ip-netmask 255.255.255.255 address source sticky_webfarm
serverfarm webfarm
8 static client source 172.16.4.5 rserver r3
16 static client source 172.16.4.6 rserver r2
\\class map to match the VIP traffic
class-map match-all internalweb1
2 match virtual-address 172.16.4.7 tcp eq www
\\policy map to define action for sticky_webfarm
policy-map type loadbalance first-match internalweb1-lb
class class-default
sticky-serverfarm sticky_webfarm
\\policy map to define action on traffic matched by class internalweb1
policy-map multi-match internalweb-policy
class internalweb1
loadbalance vip inservice
loadbalance policy internalweb1-lb
loadbalance vip icmp-reply
nat dynamic 1 vlan 903
interface vlan 903
ip address 172.16.4.2 255.255.255.240
alias 172.16.4.1 255.255.255.240
peer ip address 172.16.4.3 255.255.255.240
access-group input everyones
access-group output everyones
nat-pool 1 172.16.4.8 172.16.4.8 netmask 255.255.255.255 pat
service-policy input remote-mgmt
service-policy input internalweb-policy
no shutdown
Scenario
1st: All servers are up:
ACE20-Rack3-Primary/Routed-c1-STATIC# show serverfarm webfarm
serverfarm : webfarm, type: HOST
total rservers : 3
---------------------------------
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: r1
172.16.4.4:0 8 STANDBY 0 0 0
rserver: r2
172.16.4.5:0 8 OPERATIONAL 0 0 0
rserver: r3
172.16.4.6:0 8 OPERATIONAL 0 0 0
ACE20-Rack3-Primary/Routed-c1-STATIC# show conn
total current connections : 4
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+
81263 2 in TCP 903 172.16.4.5:41886 172.16.4.7:80 ESTAB
81264 2 out TCP 903 172.16.4.6:80 172.16.4.8:1031 ESTAB
81265 2 in TCP 903 172.16.4.6:51251 172.16.4.7:80 ESTAB
81266 2 out TCP 903 172.16.4.5:80 172.16.4.8:1032 ESTAB
ACE20-Rack3-Primary/Routed-c1-STATIC#
ACE20-Rack3-Primary/Routed-c1-STATIC# show sticky database static
sticky group : sticky_webfarm
type : IP
timeout : 1440 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+--------------------------------+--------------+-------+
172.16.4.6 r2:0 never -
sticky group : sticky_webfarm
type : IP
timeout : 1440 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+--------------------------------+--------------+-------+
172.16.4.5 r3:0 never -
ACE20-Rack3-Primary/Routed-c1-STATIC#
2nd: r2 and r1 is up, r3 is down:
ACE20-Rack3-Primary/Routed-c1-STATIC# show serverfarm webfarm
serverfarm : webfarm, type: HOST
total rservers : 3
---------------------------------
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: r1
172.16.4.4:0 8 OPERATIONAL 0 1 0
rserver: r2
172.16.4.5:0 8 OPERATIONAL 0 6 0
rserver: r3
172.16.4.6:0 8 OUTOFSERVICE 0 6 0
ACE20-Rack3-Primary/Routed-c1-STATIC#
ACE20-Rack3-Primary/Routed-c1-STATIC# show conn
total current connections : 4
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+
63244 1 in TCP 903 172.16.4.5:41887 172.16.4.7:80 ESTAB
63245 1 out TCP 903 172.16.4.4:80 172.16.4.8:1035 ESTAB
63248 1 in TCP 903 172.16.4.6:51252 172.16.4.7:80 ESTAB
63249 1 out TCP 903 172.16.4.5:80 172.16.4.8:1037 ESTAB
ACE20-Rack3-Primary/Routed-c1-STATIC# show sticky database static
sticky group : sticky_webfarm
type : IP
timeout : 1440 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+--------------------------------+--------------+-------+
172.16.4.6 r2:0 never -
sticky group : sticky_webfarm
type : IP
timeout : 1440 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+--------------------------------+--------------+-------+
172.16.4.5 r3:0 never -
ACE20-Rack3-Primary/Routed-c1-STATIC#
3rd: r3 backup (all servers are up):
ACE20-Rack3-Primary/Routed-c1-STATIC# show serverfarm webfarm
serverfarm : webfarm, type: HOST
total rservers : 3
---------------------------------
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: r1
172.16.4.4:0 8 STANDBY 0 1 0
rserver: r2
172.16.4.5:0 8 OPERATIONAL 1 5 0
rserver: r3
172.16.4.6:0 8 OPERATIONAL 1 2 0
ACE20-Rack3-Primary/Routed-c1-STATIC# show conn | in EST
246 1 in TCP 903 172.16.4.5:50948 172.16.4.7:80 ESTAB
247 1 out TCP 903 172.16.4.6:80 172.16.4.8:1033 ESTAB
181 2 in TCP 903 172.16.4.6:55509 172.16.4.7:80 ESTAB
182 2 out TCP 903 172.16.4.5:80 172.16.4.8:1029 ESTAB
ACE20-Rack3-Primary/Routed-c1-STATIC# show sticky database static
sticky group : sticky_webfarm
type : IP
timeout : 1440 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+--------------------------------+--------------+-------+
172.16.4.6 r2:0 never -
sticky group : sticky_webfarm
type : IP
timeout : 1440 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+--------------------------------+--------------+-------+
172.16.4.5 r3:0 never -
ACE20-Rack3-Primary/Routed-c1-STATIC#
4th: r3 and r1 is down, r2 is up:
ACE20-Rack3-Primary/Routed-c1-STATIC# show serverfarm webfarm
serverfarm : webfarm, type: HOST
total rservers : 3
---------------------------------
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: r1
172.16.4.4:0 8 OUTOFSERVICE 1 2 0
rserver: r2
172.16.4.5:0 8 OPERATIONAL 1 7 0
rserver: r3
172.16.4.6:0 8 OUTOFSERVICE 0 6 0
ACE20-Rack3-Primary/Routed-c1-STATIC#
ACE20-Rack3-Primary/Routed-c1-STATIC# show conn
total current connections : 4
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+
63278 1 in TCP 903 172.16.4.5:56804 172.16.4.7:80 ESTAB
63279 1 out TCP 903 172.16.4.5:80 172.16.4.8:1039 ESTAB
81301 2 in TCP 903 172.16.4.6:51253 172.16.4.7:80 ESTAB
81302 2 out TCP 903 172.16.4.5:80 172.16.4.8:1034 ESTAB
ACE20-Rack3-Primary/Routed-c1-STATIC# show sticky database static
sticky group : sticky_webfarm
type : IP
timeout : 1440 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+--------------------------------+--------------+-------+
172.16.4.6 r2:0 never -
sticky group : sticky_webfarm
type : IP
timeout : 1440 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+--------------------------------+--------------+-------+
172.16.4.5 r3:0 never -
ACE20-Rack3-Primary/Routed-c1-STATIC#
5th: r1 is back up but r3 still down, r2 is up:
ACE20-Rack3-Primary/Routed-c1-STATIC# show serverfarm webfarm
serverfarm : webfarm, type: HOST
total rservers : 3
---------------------------------
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: r1
172.16.4.4:0 8 OPERATIONAL 0 1 0
rserver: r2
172.16.4.5:0 8 OPERATIONAL 2 6 0
rserver: r3
172.16.4.6:0 8 OUTOFSERVICE 0 2 0
ACE20-Rack3-Primary/Routed-c1-STATIC#
ACE20-Rack3-Primary/Routed-c1-STATIC# show conn | in EST
290 1 in TCP 903 172.16.4.5:56767 172.16.4.7:80 ESTAB
291 1 out TCP 903 172.16.4.4:80 172.16.4.8:1035 ESTAB
181 2 in TCP 903 172.16.4.6:55509 172.16.4.7:80 ESTAB
182 2 out TCP 903 172.16.4.5:80 172.16.4.8:1029 ESTAB
Conclusion
- If r3 is down the ACE will start send the traffic to its backup server r1 (2nd test).
- Once r3 is back up the ACE will start using the static sticky entry and start sending the new connections to r3 again, old connection will not be RST (3rd test).
- If r3 and r1 are down the ACE will load balance the traffic to other servers on the serverfarm (r2) (4th test).
- As soon as r3 or r1 comes back up the ACE return to use the static entry and will start sending the new connections to one of them, old connections will not be RST (5th test).
Related Information
Configure URL Load balancing on Cisco ACE
Deploying GSS and ACE in least loaded GSLB based on VIP conn number
