08-04-2010 11:40 PM - edited 03-06-2019 12:19 PM
Greetings to everybody,
I think I have encountered a problem while configuring SLB probes in VRF environment. C6500 is displaying that probes are unsuccessful.
I want to configure probes for a serverfarm which contains two servers. Servers are in a separate VLAN and there are two SVIs that are in separate VRF (Virtual IP and real server IPs).
Just to mention, load balancing works fine, but the only issue is with probes.
Here is some debug output:
telnet command was issued to Virtual IP TCP7777 port – request is redirected to one of the real servers - connection works fine:
Aug 4 16:39:41.130: SLB_CONN_DEBUG: TCP event= SYN_CLIENT, state= INIT ->SYNCLIENT
Aug 4 16:39:41.130: v_ip= 10.70.23.167:7777 ( 7), real= 10.80.123.4,NAT= S
Aug 4 16:39:41.130: client= 10.70.28.10:60162, vrf= PRD
Aug 4 16:39:41.130: SLB_CONN_DEBUG: TCP event= SYNACK_SERVER, state= SYNCLIENT-> ESTAB
Aug 4 16:39:41.130: v_ip= 10.70.23.167:7777 ( 7), real= 10.80.123.4,NAT= S
Aug 4 16:39:41.130: client= 10.70.28.10:60162, vrf= PRD
Aug 4 16:39:41.130: SLB_CONN_DEBUG: TCP event= DATA_CLIENT, state= ESTAB ->ESTAB
Aug 4 16:39:41.130: v_ip= 10.70.23.167:7777 ( 7), real= 10.80.123.4,NAT= S
Aug 4 16:39:41.130: client= 10.70.28.10:60162, vrf= PRD
Simple slb probe configuration and the debug output straight after the last line is entered:
ip slb probe APP_SFARM ping
interval 5
!
ip slb serverfarm APP_SFARM
nat server
predictorleastconns
probe APP_SFARM
!
real 10.80.123.4
inservice
!
real 10.80.123.5
inservice
!
Aug 4 16:46:41.048: SLB_PROBE: RTR Entry 71
Aug 4 16:46:41.048: SLB_PROBE: RTR Entry 72
Aug 4 16:46:41.048: SLB_CONN_DEBUG: ICMP event= DATA_CLIENT, state= INIT ->ESTAB
Aug 4 16:46:41.048: v_ip= 10.70.23.167:0 ( 7), real= 10.80.123.4, NAT=S
Aug 4 16:46:41.048: client= 10.80.123.2:102, vrf=
Aug 4 16:46:41.048: SLB_CONN_DEBUG: ICMP event= DATA_CLIENT, state= INIT ->ESTAB
Aug 4 16:46:41.048: v_ip= 10.70.23.167:0 ( 7), real= 10.80.123.5, NAT=S
Aug 4 16:46:41.048: client= 10.80.123.2:103, vrf=
Aug 4 16:46:42.048: SLB_CONN_DEBUG: ICMP event= DESTROY, state= ESTAB -> ZOMBIE
Aug 4 16:46:42.048: v_ip= 10.70.23.167:0 ( 7), real= 10.80.123.4, NAT=S
Aug 4 16:46:42.048: client= 10.80.123.2:102, vrf=
Aug 4 16:46:42.048: SLB_PROBE: ping server:10.80.123.4:7777 target:10.70.23.167:0tests:1
Aug 4 16:46:42.048: SLB_CONN_DEBUG: ICMP event= DESTROY, state= ESTAB -> ZOMBIE
Aug 4 16:46:42.048: v_ip= 10.70.23.167:0 ( 7), real= 10.80.123.5, NAT=S
Aug 4 16:46:42.048: client= 10.80.123.2:103, vrf=
Aug 4 16:46:42.048: SLB_PROBE: ping server:10.80.123.5:7777 target:10.70.23.167:0tests:1
Aug 4 16:46:43.048: SLB_CONN_DEBUG: ICMP event= DATA_CLIENT, state= INIT ->ESTAB
Aug 4 16:46:43.048: v_ip= 10.70.23.167:0 ( 7), real= 10.80.123.4, NAT=S
Aug 4 16:46:43.048: client= 10.80.123.2:102, vrf=
Aug 4 16:46:43.048: SLB_CONN_DEBUG: ICMP event= DATA_CLIENT, state= INIT ->ESTAB
Aug 4 16:46:43.048: v_ip= 10.70.23.167:0 ( 7), real= 10.80.123.5, NAT=S
Aug 4 16:46:43.048: client= 10.80.123.2:103, vrf=
Aug 4 16:46:44.049: SLB_CONN_DEBUG: ICMP event= DESTROY, state= ESTAB -> ZOMBIE
Aug 4 16:46:44.049: v_ip= 10.70.23.167:0 ( 7), real= 10.80.123.4, NAT=S
Aug 4 16:46:44.049: client= 10.80.123.2:102, vrf=
Aug 4 16:47:02.049 EEST: %SLB-6-REAL: Real 10.80.123.4 (APP_SFARM) has changedstate to PROBE_TESTING
Aug 4 16:47:02.049 EEST: %SLB-6-REAL: Real 10.80.123.5 (APP_SFARM) has changedstate to PROBE_TESTING
Simple testing with icmp from C6500:
sw1#pingvrf PRD 10.80.123.4
Type escape sequence to abort.
Sending5, 100-byte ICMP Echos to 10.80.123.4, timeout is 2 seconds:
!!!!!
Successrate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
sw1#pingvrf PRD 10.80.123.5
Type escape sequence to abort.
Sending5, 100-byte ICMP Echos to 10.80.123.5, timeout is 2 seconds:
!!!!!
Successrate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
As you probably noticed from debug output of the successful telnet TCP7777 connection and debug of the probe testing in the latter there is no VRF information. Could this be a problem? How could I bypass it?
Thanks in Advance.
Kind Regards,
Ivan
08-19-2010 11:12 PM
In case someone will encounter similar problem.
Solution: Configure "access" option for serverfarm and vserver.
11-25-2011 02:00 PM
Hi Ivan
We are having the same problem - searching for a way of making the probe "VRF"-aware.
Could you please paste the "access" also?
Best Regards
Jarle Steffensen
11-26-2011 12:35 AM
Hi Jarle,
you just need to specify outgoing interface with "access outbound
For Example:
ip slb firewallfarm SERVER access outbound Vlan107 inservice
In this way probes will use proper interface and VRF.
Regards,
Ivan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide