cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1251
Views
0
Helpful
2
Replies

c6506 IOS SLB Across VRFs

ryansharpe
Level 1
Level 1

I'm trying to setup IOS SLB in directed mode on a Cat6506. We are currently using IOS SLB is dispatched mode for other services. Below is the relevent config. Please note there is no L3 interface on the 6506 for the Virtual Servers network (10.0.131.160). The gateway is an ASA which has L2 connectivity to the 6506. Also to note that the Server Farm network is within its own VRF.

ip slb serverfarm ADOBE-CONNECT

nat server

predictor leastconns

probe ADOBE

access Vlan130

!

real 10.0.130.161

  weight 1

  inservice

!

real 10.0.130.162

  weight 1

  no inservice

!

ip slb vserver ADOBE-TCP443
virtual 10.0.131.160 tcp https
serverfarm ADOBE-CONNECT
sticky 60
idle 600
inservice
!
ip slb vserver ADOBE-TCP80
virtual 10.0.131.160 tcp www
serverfarm ADOBE-CONNECT
sticky 60
idle 600
inservice
!
What happens is essentially nothing as you can see below 0 connections have occured, and 0 syns. "debug ip slb all" shows absolutely nothing in regards to this VServer.
ADOBE-TCP80, state = OPERATIONAL, v_index = 19, interface(s) = <any>
  virtual = 10.0.131.160/32:80, TCP, service = NONE, advertise = TRUE
  server farm = ADOBE-CONNECT, delay = 10, idle = 600
  sticky: client ip, timer = 60, subnet = 255.255.255.255
  sticky: group id = 4098 <assigned>
  synguard counter = 0, synguard period = 0
  conns = 0, total conns = 23, syns = 0,  syn drops = 0
  standby group = None
However on the 6506 when I do a SPAN on the trunk interface between the 6506 and the ASA I can see the packet TCP SYNs arriving at the 6506. Where ever they go from there..... I have no clue. This SPAN/packet capture also shows the ARP requests from the ASA for the virtual IP address, however there is never a response.

2 Replies 2

Calin C.
Level 5
Level 5

Hi!

In which VLANs are the interfaces up to ASA and down to real servers?

Next, if you take out "access vlan 130" and try, does it work?

Last, you are speaking about VRFs...but on C6500 you have only L2 configuration, as I understood. Where are the VRFs defined?

Sorry for so many questions, but I'm trying to help you!

Calin

Interface Gi1/21 is a trunk interface on the c6506 and faces the ASA. It trunks VLAN 131 which is the DMZ network. The vserver IP address 10.0.131.160 is within this DMZ network.

The "real" server is on a VMware box and utilizes port Gi2/19 this is also a trunk port which contains VLAN 130. The c6506 has a layer 3 interface for this VLAN, VLAN130. This interface is in the "app" VRF with an IP address of 10.0.130.252, eventually it will be running HSRP with a virtual address of 10.0.130.254.

I have tried taking out all of the access commands. Nothing changes from what I can see.

I hope I have answered your questions. Your help is greatly appreciated.

Thanks,

Ryan

Review Cisco Networking for a $25 gift card