4 ACE's to get 64Gbps loadbalancing
Hi,
How are 4 ACE's aggregated together to combine to give a total of 64Gbps throughput?
I have a need to loadbalance around 40G.
Loadbalancing will be done based on Client source IP with 4 server each of 10G capability.
This also implies that another set of ACE's are used for the FWLB feature, in order the make sure that the return trafic hits the same server
TIA
Alan
Because it's built-in to the iP4S only. Only Apple knows why but perhaps the iP4 does not have enough processing power to run it as well as Apple requires.
Similar Messages
-
ACE : can't get to loadbalance
Hi
I've got a ACE wich should loadbalance to 2 web servers.
From the router itself (ssh) I can ping the 2 servers with their internal address.
I can also ping the ACE, but when I try to telnet the router on port 80 to see if loadbalancing is functional, my request timed out.
I used the OVH documentation (my hoster) and I cannot find what's wrong ! And I think it's a really basic configuration...
Here is my actual configuration :
(vlan 265 is my external interface)
access-list ANY line 8 extended permit icmp any anyaccess-list ANY line 16 extended permit ip any anyprobe tcp PROBE_TCP interval 30 passdetect interval 60rserver host LABS ip address 172.16.0.1 inservicerserver host MICHELINE ip address 172.16.0.2 inserviceserverfarm host FARM_LABS predictor leastconns probe PROBE_TCP rserver LABS inservice rserver MICHELINE inserviceparameter-map type http HTTP_PARAMETER_MAP persistence-rebalanceclass-map match-all L4-WEB-IP 2 match virtual-address 178.33.159.32 tcp eq wwwclass-map type management match-all REMOTE_ACCESS 2 match protocol ssh anypolicy-map type management first-match REMOTE_MGMT_ALLOW_POLICY class REMOTE_ACCESS permitpolicy-map type loadbalance http first-match WEB_L7_POLICY class class-default serverfarm FARM_LABS insert-http x-forward header-value "%is"policy-map multi-match WEB-to-vIPs class L4-WEB-IP loadbalance vip inservice loadbalance policy WEB_L7_POLICY loadbalance vip icmp-reply active nat dynamic 1 vlan 2369 appl-parameter http advanced-options HTTP_PARAMETER_MAPinterface vlan 265 ip address 178.33.159.170 255.255.255.240 alias 178.33.159.169 255.255.255.240 peer ip address 178.33.159.171 255.255.255.240 access-group input ANY service-policy input REMOTE_MGMT_ALLOW_POLICY service-policy input WEB-to-vIPs no shutdowninterface vlan 2369 ip address 172.31.255.250 255.240.0.0 alias 172.31.255.249 255.240.0.0 peer ip address 172.31.255.251 255.240.0.0 access-group input ANY nat-pool 1 172.31.255.248 172.31.255.248 netmask 255.240.0.0 pat no shutdownft track interface VLAN265 track-interface vlan 265 peer track-interface vlan 265 priority 50 peer priority 5
Thanks for any help !Hi Ahmad,
I misunderstood by using of one IP address wich is pingable but it was a wrong lead.
My test was to telnet the VIP on port 80 so that a connection should be opened on one of the load-balanced servers.
These are the results :
rbx-s1-ace/vrack2369# show conntotal current connections : 2conn-id np dir proto vlan source destination state----------+--+---+-----+----+---------------------+---------------------+------+892000 2 in TCP 265 93.17.95.165:56172 178.33.159.169:22 ESTAB3169004 2 out TCP 265 178.33.159.169:22 93.17.95.165:56172 ESTAB
I'm trying to make http traces but since I can't reach the ACE itself I don't have any atm.
I *think* it's ACE module, ovh give me that link
Thanks ! -
ACE - limit of GET requests in the HTTP 1.1 pipelining
Hello. Is possible to limit the count of HTTP GET requests in the pipelining connection on the ACE?? For example when an attacker sends a lot of requests in the pipelining connection. Thank you.
You should not worry about that.
ACE has normalization to protect itself.
We also limit the amount of memory each connection can consume.
So one user will not be able to cause problem by using pipelining.
g. -
ACE: Routing in addition to Loadbalancing
I'm planning to route some traffic while loadbalancing other traffic.
For guidance, what can I refer for simple routing in ACE.
In addition, both routing and loadbalancing traffics need to pass a same Vlan in the ACE.
In the attached Steps 1,2,3 doing loadbalancing via vlan80
Steps 4,5,6 doing routing via same VLAN 80
Is simple routing possible in ACE?
Regards
SSas long as you permit the traffic with an access-list inside the access-group, ace will route the traffic that does not match any class-map.
This is the default and no particular config is required.
Gilles. -
All,
I am trying to configure simple load balancing to 4 servers on a ACE (ver 3.0.0A13B), but I can't get it to work.
See config below. I have L3 vlan interfaces on my Cat6513 for vlan 22, 29 and 121.
Can anyone spot the issue?
Thanks, Pieter-Jon
probe tcp TCP
description TCP PROBE
interval 2
faildetect 2
passdetect interval 2
connection term forced
open 2
parameter-map type connection IDLE
set timeout inactivity 600
rserver host INFO-Realserver-1
ip address 38.22.175.1
probe TCP
inservice
rserver host INFO-Realserver-2
ip address 38.22.175.2
probe TCP
inservice
rserver host INFO-Realserver-3
ip address 38.22.175.3
probe TCP
inservice
rserver host INFO-Realserver-4
ip address 38.22.175.4
probe TCP
inservice
serverfarm host INFO2008
predictor leastconns slowstart 15
probe TCP
rserver INFO-Realserver-1
inservice
rserver INFO-Realserver-2
inservice
rserver INFO-Realserver-3
inservice
rserver INFO-Realserver-4
inservice
class-map match-all L4_VIP_ADDRESS_CLASS
2 match virtual-address 38.29.250.250 tcp any
class-map type management match-any MGMT-Class
2 match protocol icmp any
3 match protocol ssh any
4 match protocol telnet any
class-map type management match-all SNMP_ALLOW_CLASS
2 match protocol snmp any
class-map type management match-all TELNET_ALLOW_ALL
2 match protocol telnet any
policy-map type management first-match MGMT-Policy
class MGMT-Class
permit
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class TELNET_ALLOW_ALL
permit
policy-map type management first-match SNMP_ALLOW_POLICY
class SNMP_ALLOW_CLASS
permit
policy-map type loadbalance first-match L7_VIP_LB_ORDER_POLICY
class class-default
serverfarm INFO2008
policy-map multi-match L4_LB_VIP_POLICY
class L4_VIP_ADDRESS_CLASS
loadbalance vip inservice
loadbalance policy L7_VIP_LB_ORDER_POLICY
loadbalance vip icmp-reply
loadbalance vip advertise
interface vlan 22
description Info Servers vlan
ip address 38.22.1.250 255.255.0.0
no shutdown
interface vlan 29
description Info Front End vlan
ip address 38.29.1.250 255.255.0.0
service-policy input L4_LB_VIP_POLICY
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
interface vlan 121
ip address 38.121.6.1 255.255.0.0
service-policy input REMOTE_MGMT_ALLOW_POLICY
service-policy input SNMP_ALLOW_POLICY
no shutdown
ip route 0.0.0.0 0.0.0.0 38.121.1.1> I have L3 vlan interfaces on my Cat6513 for vlan 22, 29 and 121.
That is your problem first of all.
If i get it right from your config.
VLAN 121 is your transfer network / or client side vlan
VLAN 22 and VLAN 29 are Server VLANS?
What you should keep in mind is that you define the server side vlans only on the ACE contexts with L3. You don't define them on the supervisor.
If you use the ACE in routed mode you have to assign networks exclusive to the ace like routing networks to a layer 3 device in your network. If you use those vlans (22,29) on other parts of your net you should subnet them or take another network.
Your setup should look like this.
6513
L3 ~ VLAN 121
L2 ~ VLAN 22,29,121
ACE Module
L3 ~ VLAN 22,29,121
You assign the 3 vlans or any other to a vlan group and assign this group to the ace module.
Create a new context -> assign the vlan 22,29 and 121 to this context.
6513(L3) <-- vlan 121 --> ACE (L3) /Admin Context
6513(L3) <-- vlan 121 --> ACE(L3) / Server Context --> VLAN 22,29
ACE Admin Context (VLAN121)
ACE Server Context (VLAN 121,22,29)
After you have a working L2/L3 setup start troubleshooting the ace config itself. :)
Hope it helps
Roble -
ACE HTTP prove get - not able to contain '?' in URL?
Trying to put a probe together..
probe http probeElvis
interval 5
passdetect interval 10
request method get url 8888/livelink/llisapi.dll?func=LL.getlogin&NextURL=%2Flivelink%2Fllisapi%2Edll%3FRedirect%3D1
expect status 100 404
connection term forced
But when typing or pasting that URL in - when it gets to the '?" after llisapi.dll the CLI is interpreting that as a query for HELP - but i want it to be part of the string!!
Is my only choice to go to TCL scripting? I don't know how to do that! I'm a network guy!! :)Hello Gilles.
is there a cance to bypass the ctrl-v into the config? The reason i ask, i genereate my configs via a script and i then copy&past the whole config on the CLI.
So i search for a solution to embed the ctrl-v into my configuration.
I hope you have an idea for me.
Sven -
ACE HTTP probe get - not able to contain '?' in URL?
Trying to put a probe together..
probe http probeElvis
interval 5
passdetect interval 10
request method get url 8888/livelink/llisapi.dll?func=LL.getlogin&NextURL=%2Flivelink%2Fllisapi%2Edll%3FRedirect%3D1
expect status 100 404
connection term forced
But when typing or pasting that URL in - when it gets to the '?" after llisapi.dll the CLI is interpreting that as a query for HELP - but i want it to be part of the string!!
Is my only choice to go to TCL scripting? I don't know how to do that! I'm a network guy!! :)Precede the question mark with Ctrl-V to prevent the question mark from being interpreted as a help command.
-
Debug commands for load-balancing on ACE
is possible to debug the load-balancing decision which is provided by ACE? For example: when the traffic comes to the VIP address I need to see which serverfarm is used for this traffic and which rserver was choosen for this traffic. Thank you.
no, you there is no debug to see the decision.
You could capture the queues infos and see what it contains but it is quite complicated.
A simple way is to capture a sniffer trace of front-end and backend simultaneously and you will be able to see where the traffic was loadbalanced.
You can also use the capture feature of the ACE module to get this info.
Gilles. -
Cisco ACE 4710 - Health Monitoring for Real Servers
Hi,
I have setup the following health probe to check for the existence of a specific web page. My intention is that when the web page is removed, the health check fails and the rserver status changes to 'out of service'. Unfortunately, when I remove the web page, I see the health check fail, and the rserver state change to 'PROBE-FAILED', however the rserver does not go 'out of service' and continues to respond to requests.
Can anyone see where I'am going wrong?
Health check probe config
probe http live_http_int
interval 15
passdetect interval 60
request method get url /loadbalancer/internal.html
expect status 199 201
open 10
RSERVER config
rserver host Server1
description Server1
ip address 10.10.10.1
conn-limit max 4000000 min 4000000
probe live_http_int
inservice
rserver host Server2
ip address 10.10.10.2
conn-limit max 4000000 min 4000000
probe live_http_int
inserviceHi syannetwork,
I think you have to "force" the failed server to close the connection when it has failed. Otherwise it will still serve the available HTML pages.
Have a look at the "Configuring the ACE Action when a Server Fails" in the "Cisco Application Control Engine Module Server Load-Balancing Configuration Guide" and let me know if the following command helped:
conf t
serverfarm host ServerFarm
failaction purge
Have a good WE.
Cheers
LPL -
Per-ServerFarm SNAT on ACE Module.
Dear all,
I hace an ACE Module configured in Multiple Routed Contexts.
My cust wants to configure some NAT Feature that prevents the real server IP Address appear outside the ACE. They want that the only IP address outside the ACE will be the Virtual IP Adress (VIP) that represents the serverfarm.
Also, the cust wants that different serverfarms comunicate each other within the same VLAN.
I was reading and the option that acomplish both tasks is Dynamic (PAT) Per-ServerFarm SNAT using the VIP address.
Is this correct?
The software version is A2(3,5).
Thanks a lot!
DavidHi David
Could you please calrify and maybe separate tasks you have ?
As I understand you have such tasks for now :
1) Don't show rserver IPs anywere outside ACE
2) Servers in the same VLAN should be able to communicate with serverfarm which is located in the same VLAN via VIP
First task is a little bit unclear. I mean - actually you have VIP outiside of ACE and all outiside clients communicate to serverfarm via VIP and don't need to know rserers IPs (e.g. they can even be private and VIP is public, if we're talking about Internet)
Or do you mean that rservers need to communicate with outside world through ACE but you want to NAT these flows too ?
2) Yes, it's possible. For such configuration you need to create a service policy, with the same VIP and configuration as you have for outside interface and put it on inside interface. The only one key difference is that you need to add NAT statement , because return traffic should go to ACE and as rservers and clients in this case are in the same VLAN, you need to use NAT.
E.g.
policy-map multi-match VIP_IN
class MY-CLASS
loadb vip ins
loadb policy MY-L7Policy
nat 1 dynamic vlan X << - inside interface
and then on inside interface
inter vlan X
nat-pool 1Y.Y.Y.Y netmask 255.255.255.255 pat
In this case it will work in this way : say you have servers in vlan 10. Servers #1 and #2 are rservers in your serverfarms and server #3 wants to connect to serverfarm through VIP. Let's say that vlan 10 has subnet 10.0.0.0/24 and VIP for this serverfarm is 8.8.8.8. When you confiure like I wrote above this will happen :
Server #3 connects to 8.8.8.8, traffic goes to ACE as a gateway, as you have a policy map on inside interface which catches traffic to 8.8.8.8 , ACE will catch it an proceed it. You have a SNAT statement there, so ACE will perform standard loadblanacing and replace source IP with NAT IP (say 10.0.0.100) , thus when server #1 which gets this loadbalanced traffic receives it , it will send return traffic to 10.0.0.100 , thus to ACE. -
We are migrating a large application to a new serverfarm one folder at a time. the exiting applicaiton server is not loadbalanced via the ACE.
We want to set a vip on the ACE as the primary DNS entry for host ans.company.com. When users requrest ans.company.com/dfr they will get L7 loadbalanced (via url matching) to a new local serverfarm.
When the users request ans.company.com/cms we want to redirect them to the old application server that wull be renamed via dns as classic.ans.company.com.
As each folder is migrated to the new servers the L7 rules will be modified to keep that traffic local
example
user requests ans.company.com/bfr or ans.company.com/cms they will be sent to the local new serverfarm.
user requests ans.company.com/dma1 or ans.company.com/dma2 they will be redirected to classic.ans.company.com/dma1 or classic.ans.comapny.com/dma2 (depending on the original request).
Does anyone have an sample script for this type of senario? I have the loadbalancing working fine. It's the redirection that is not working. I am trying to use a L7 url match to send the requrest to a redirect rserver
Any help would be appreciated.It should be some thing like
rserver redirect REDIRECT-TO-OLD
webhost-redirection http://classic.ans.company.com/%p 302
inservice
serverfarm redirect REDIRECT-SERVERFARM
rserver REDIRECT-TO-OLD
inservice
class-map type http loadbalance match-any local-new
match http url /bfr
match http url /cms
class-map type http loadbalance match-any remote-old
match http url /dma1
match http url /dma2
policy-map type loadbalance first-match L7_LOGIC
class local-new
serverfarm local-serverfarm
class remote-old
serverfarm REDIRECT-SERVERFARM
policy-map multi-match CLIENT_VIPS
class VIPs
loadbalance vip inservice
loadbalance policy L7_LOGIC
HTH
Syed Iftekhar Ahmed -
ACE 4710 - DM initialization failed
When trying to get to the device manager GUI on my ACE 4710 I get to the login screen. On entering credentials I am given an error
"DM initialization failed (Failed to import ACE configuration: Device discovery failed: unknown). Contact your technical support team."
I have tried "dm reload" but I am still getting the error.
Any help greatfully appreciated.You are probably hitting CSCsv95366. This is fixed in A3(2.2).
You can get the details about this bug at
http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
HTH
Syed Iftekhar Ahmed -
Hi gyus.
I have a doubt with IP Adresses in BVI interfaces:
Why we need IP addresses? I have configures MAC STICKY on client VLAN.
I need alias in BVI in a HA deploy?
Thanks!Hi David,
If you will not define an IP address on BVI, ACE won't get enabled and pass traffic. To initiate traffic, such as ARP requests, from the ACE or for management traffic, a bridge group requires an interface with an IP address on the same subnet. From user guide:
A BVI is associated with a corresponding bridge group to routed interfaces within the router but acts as a routed interface that does not support bridging. The BVI is assigned with the number of the associated bridge group. Only one BVI is supported for each bridge group. The MAC address of the BVI is the same as the addresses of the associated bridge-group interfaces. You must enable the BVI and the associated bridge-group interfaces to forward traffic.
You don't need an alias IP in HA deployment since ACE is not the DG of the servers.
Regards,
Kanwal -
Hi,
I have a scenario where I have a pair of 6509 switches and I need to add an ACE module on both of them. All clients Default gateway are on internal 5580 ASAs so there are no SVI interfaces on the 6509 switches, it's only doing layer 2 switching.
I need to add an ACE module to the above setup, what's the ideal scenario in terms of routing without having to modify and add SVIs on the 6509?
Regardshttp://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_One_Arm_Mode_with_Source_NAT_on_the_Cisco_Application_Control_Engine_Configuration_Example
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/getting/started/guide/one_arm.pdf -
Hello,
we are using the ACE to establish a redundancy for our vpn devices.
In this setup there is one aktiv and one standby box.
If the primary box goes down all the tunnels are put to the standby box, this is working as expected.
Now we have the Problem that If the primary box comes back online the tunnel is not correctly balanced back to the primary box.
On the backup box the tunnel is still in qm idle and on the no back in service primäry box the tunnel is stucked in the state ag_init_exch.
To get the tunnel back to the primary box the connection table on the ace need to get cleared. (clear conn all)
Thus we do have an active/standby construct stickiness is not required. (and its not working either i tried it)
Here the snipets of the config
serverfarm host backup_1
transparent
failaction purge
probe ICMP
rserver ONE
backup-rserver TWO
inservice
rserver TWO
inservice standby
class-map match-any IPSEC
match virtual-address 1.1.1.1 50
match virtual-address 1.1.1.1 udp eq 500
match virtual-address 1.1.1.1 udp eq 4500
policy-map type loadbalance first-match IPSEC
class class-default
serverfarm serverfarm host backup_1
Same setup but with two serverfarms
serverfarm host backup_1
transparent
failaction purge
probe ICMP
rserver ONE
inservice
serverfarm host backup_2
transparent
failaction purge
probe ICMP
rserver TWO
inservice
class-map match-any IPSEC
match virtual-address 1.1.1.1 50
match virtual-address 1.1.1.1 udp eq 500
match virtual-address 1.1.1.1 udp eq 4500
policy-map type loadbalance first-match IPSEC
class class-default
serverfarm host backup_1 backup backup_2
Thanks for any help in advancedHi again,
@Joo you are right if a scenario is used with an primary and a backup rserver, but if you use a primary and backup serverfarm it should work in theory, but it does not work in practice.
Enabling Load Balancing to a Server Farm (Configuring a Backup Server Farm)
You can load balance a client request for content to a server farm by using the serverfarm command in policy-map class configuration mode. Server farms are groups of networked real servers that contain the same content and that typically reside in the same physical location. The syntax of this command is as follows:
serverfarm name1 [backup name2 [sticky] [aggregate-state]]
The keywords, arguments, and options are as follows:
•name1—Unique identifier of the server farm. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.
•backup name2—(Optional) Designates an existing server farm as a backup server farm in case all the servers in the original server farm become unavailable. When at least one server in the primary server farm becomes available again, the ACE sends all connections to the primary server farm. Enter the name of an existing server farm that you want to specify as a backup server farm as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.
regards
ed
Maybe you are looking for
-
Calendar colours are different in iPhone than what's on my iCal
Why is it that the colours that I assign in iCal on my computer is different than the colours I see for the same events on the Calendar in the iPhone? Say, for example, I set an event for MISC for a whole day for today, and make it Red in my iCal - w
-
Any idea how to set up an signature with photo on ipad?
trying to set up an signature on my ipad in mail. I would like to include a picture in the signature. Any Idea how to process?
-
Comments on Gtech G-Drive and G-drive mini
Anyone have any comments on the above firewire external drives ? I am looking at picking up one of each. the mini to take on the road with my Macbook Pro 17", and the G-Drive to stay at home and move between my G5's and MacPro. Reliability? Etc... th
-
Maintaining report in background
Hi experts, i have a question related to fico development, as follows: i've three folders created on appl server. the first month data should be uploaded to the folder one, the second month data should be uploaded to the folder two, the third mo
-
How to save one data point at every 10th cycle?
Hello, I am using LabVIEW 5.1 and PCI-6023E. In my application, I need to detect peak values from a load cell and save the one data point that detected at every 10th cycle. Do you know any ideal way to do this? Mine always save data values the whole