Health monitoring on the ACE tracks the state of a server by sending out probes. In case of out-of-band health monitoring, the ACE verifies the server response or checks for any network problems that can prevent a client from reaching a server. This is the default method and in this case ACE uses ARP and health probes to monitor the health of all real servers. When you configure the inband health monitoring feature, it informs the ACE load balancer of connection failures on the real servers in a server farm. This method is much faster in determining the failure of real servers. When failure-count threshold is configured and the number of these failures exceeds the threshold within the reset-time interval, the ACE immediately marks the server as failed, takes it out of service, and removes it from load balancing.
By default, no probes are configured in the ACE. Also referred to as out-of-band (OOB) health monitoring, the ACE verifies the server response to a probe or checks for any network problems that can prevent a client from reaching a server. Based on the server response, the ACE can place the server in or out of service and can make reliable load-balancing decisions. You can also use health monitoring to detect failures for a gateway or a host in high-availability (redundant) configurations.
The ACE evaluates the health of a server by marking the probes as follows:
Passed—The server returns a valid response. Failed—The server fails to provide a valid response to the ACE and the ACE is unable to reach a server for a specified number of retries.
Requirements and Considerations
In case of inband health monitoring the resume-service option affects behavior of real server. In case the state of a real server changes because of inband health monitoring the standby ACE is not made aware of this change. The inband health monitoring and out of band health monitoring can monitor different ports if you configure different port for probes than what is used for traffic forwarding. You need to configure a inactiivty timeout if you are configuring inband health monitoring containing a layer 4 or layer 7 class map.
Inband health monitoring is enabled within the server farm object of the configuration. For TCP connections, inband health monitoring feature monitors connection setup related errors such as TCP RST and SYN timeout. For UDP connections, it monitors the ICMP destination unreachable messages from the server or intermediate routers.
The following configuration will remove a real server from the load-balancing rotation if the number of connection failures in 100 milliseconds interval crosses 500 and again bring the server back to the rotation after 300 sec of it’s removal. In other words, once the connection failure threshold crosses the configured limit (500), the server is removed from the rotation. ACE again starts sending connections to that server after 300 sec.
Note: ACE uses reset= 100 milliseconds as the default value. It is recommended to use the default, unless the nominal traffic to the VIP is very low (less than 100 connections per second).
Configuring inband health monitoring for UDP connection is similar to that of TCP connection. When enabled, this feature monitors ICMP related errors from servers or intermediate routers. Follow the steps:
a) Create a new VIP for UDP traffic.
ACE-1/routed(config)# class-map udp-vip
ACE-1/routed(config-cmap)# match virtual-address 172.16.1.101 udp any
b) Make a new serverfarm for the UDP service, and assume it is a low utilization service, requiring the sampling time to be extended.
It is important to verify the access-list on the server side interface, allowing the ACE to accept the ICMP error messages from the real servers or intermediate routers. Inband health monitoring with UDP traffic will not work if the ICMP protocol is not allowed in access-list.
ACE-1/routed# show access-list everyone
access-list:everyone, elements: 2, status: ACTIVE
access-list everyone line 8 extended permit ip any any (hitcount=55)
access-list everyone line 16 extended permit icmp any any (hitcount=20)
Use following commands to check if inband health monitoring is working fine. For TCP connections:
Hi all, I'm trying to upgrade my Tetration Cluster from version 220.127.116.11 Patch 18.104.22.168 to version 22.214.171.124 I have downloaded the 6 rpm files and requested the upgrade link. When I open the upgrade link it shows me the RPM upload page. I can ...
We have configured VRRP between two ASR9k as you can see in the picture below. One is MASTER second router is backup. We have a laptop connected to Leaf-C1. The laptop runs the ping command to VIP, then we reload Leaf-C-3 which is connected to Master. Pin...
Hey Folks, is there anybody using port-profiles in Cisco Nexus switches? Or how do you manage ports like ESXi server ports with the same vlans on your Nexus Switches? I use it and managed it by DCNM Lan Classic. Now, I updated DCNM to 11.5 and L...
Dear all,When it configures like the following, it can verify without statistics per-entry however I can not check the relationship betweenthe configured ACL and Physical interface, if the show hardware access-list vlan [vlan-id] input statistics, it show...
I should qualify and say - trying to talk. I have a small lab with a couple of servers, a couple of NAS devices, a switch a router... all the toys to make for a pleasant evening of testing. I have sub interfaces on my router and traffic is getti...