05-30-2012 03:22 AM - edited 03-01-2019 07:07 AM
Hi All
Thanks to some help from marcel I have managed to set up a test loadbalancing environment.
However my plan was to have 2 servers loadbalanced and one just straight routed.
This doesnt work with my current setup - which is as follows -
admin context -
boot system image:c4710ace-mz.A4_2_0.bin
interface gigabitEthernet 1/1
switchport trunk allowed vlan 121
no shutdown
interface gigabitEthernet 1/2
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/3
switchport trunk allowed vlan 122
no shutdown
interface gigabitEthernet 1/4
shutdown
access-list ALL line 8 extended permit ip any any
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
interface vlan 1000
ip address xx.xx.253.20 255.255.255.0
access-group input ALL
service-policy input remote_mgmt_allow_policy
no shutdown
context Testing-11
description Testing Context
allocate-interface vlan 121-122
allocate-interface vlan 199-342
allocate-interface vlan 1000
Testing context -
access-list EVERYONE line 8 extended permit tcp any any
access-list INBOUND line 1 extended permit tcp host xx.xx.253.4 any
rserver host TEST-1
ip address xx.xx.122.200
inservice
rserver host TEST-2
ip address xx.xx.122.201
inservice
rserver host TEST-3
ip address xx.xx.122.3
inservice
serverfarm host TESTFARM
rserver TEST-1
inservice
rserver TEST-2
inservice
class-map type management match-any REMOTE-ACCESS
2 match protocol icmp any
3 match protocol telnet any
4 match protocol ssh any
5 match protocol https any
6 match protocol http any
7 match protocol xml-https any
class-map match-all VIP-150
2 match virtual-address xx.xx.121.150 any
class-map match-all slb-vip
2 match virtual-address xx.xx.121.150 any
policy-map type management first-match MGMT_TEST
class REMOTE-ACCESS
permit
policy-map type loadbalance first-match lb-logic
class class-default
serverfarm TESTFARM
policy-map multi-match CLIENT-VIPS
class VIP-150
loadbalance vip inservice
loadbalance policy lb-logic
interface vlan 121
description Clients
ip address xx.xx.121.10 255.255.255.0
access-group input EVERYONE
service-policy input CLIENT-VIPS
service-policy input MGMT_TEST
no shutdown
interface vlan 122
description Servers Vlan
ip address xx.xx.122.10 255.255.255.0
access-group input EVERYONE
service-policy input MGMT_TEST
no shutdown
interface vlan 1000
ip address 10.14.253.21 255.255.255.0
service-policy input MGMT_TEST
no shutdown
ip route 0.0.0.0 0.0.0.0 xx.xx.121.1
Like i said TEST-1 and TEST-2 are loadbalancing ok
but i cannot get to the webserver TEST-3 ehich is not
supposed to be loadbalanced.
Thanks in advance
Steve
Solved! Go to Solution.
05-30-2012 04:03 AM
Hi Steve
Theres no need to configure the third server on the ACE if you just want to route traffic to it:
no rserver host TEST-3
You may also change your ACL:
no access-list EVERYONE line 8 extended permit tcp any any
access-list EVERYONE extended permit ip any any
-Check the configuration of your Server TEST-3. Is xx.xx.122.10 configured as the default-gateway on your server?
-On your device with the IP xx.xx.121.1 (it's a router/layer 3 switch or a firewall, I think) do you have a route for your server subnet pointing to the ACE (ie ip route xx.xx.122.0 255.255.255.0 xx.xx.121.10)?
Maybe there is a layer 2 issue - your server TEST-3 is configured in vlan122, right? Could you please post the following outputs from your ACE:
show arp
show ip route
Regards
Marcel
05-30-2012 04:03 AM
Hi Steve
Theres no need to configure the third server on the ACE if you just want to route traffic to it:
no rserver host TEST-3
You may also change your ACL:
no access-list EVERYONE line 8 extended permit tcp any any
access-list EVERYONE extended permit ip any any
-Check the configuration of your Server TEST-3. Is xx.xx.122.10 configured as the default-gateway on your server?
-On your device with the IP xx.xx.121.1 (it's a router/layer 3 switch or a firewall, I think) do you have a route for your server subnet pointing to the ACE (ie ip route xx.xx.122.0 255.255.255.0 xx.xx.121.10)?
Maybe there is a layer 2 issue - your server TEST-3 is configured in vlan122, right? Could you please post the following outputs from your ACE:
show arp
show ip route
Regards
Marcel
05-30-2012 07:23 AM
hi maur.........marcel ;-)
Thanks again - i now have 3 web servers set up -
can talk to one via routing and the other 2 are supposed
to be loadbalancing.
When i do the command - sh service-policy CLIENT-VIPS detail
i can see the -
curr conns : 1 , hit count : 45
incrementing - but when i look at the servers only one is incrementing
i can ping both from the ACE 4710.
Still we are getting somewhere.
Steve
05-31-2012 02:08 AM
Problem solved thanks marcel have a very nice day !!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide