ACE 4710 Disable server
Hi again!
Some say that there is a script command, that can disable a server when we want it. It's something like "disable_real" , but i haven't found anything about it... can anyone help please?
Thanks!
Need help/advise regarding routing to make this method working.
When I change server gateway to ace server vlan interface, my server cannot communicate with other vlans. From context, I can ping server vlan and other vlans.
*Core interface -172.16.36.254 (server vlan),172.19.30.254(client vlan).
*Lb interface - 172.16.36.70, 172.19.30.65
*Real Server ip is using default gateway 172.16.36.70
Routing what I have done:
CORE- ip route 172.16.36.0 255.255.255.0 172.16.36.70
ip route 172.19.30.0 255.255.255.0 172.19.30.65
LB- ip route 0.0.0.0 0.0.0.0 172.19.30.254
Can someone help me to verify this?
Thanks
Similar Messages
-
ACE 4710 SSL server LB with stickiness
I will be replacing 11500 CSS which are not doing SSL termination, just load-balancing SSL sessions terminated on servers with ACE 4710.
On their CSS config, they were doing SSL-sticky. I understand the 4710 doesn't support SSL sticky, but can perform the same function by parsing the HTTP header. Has anyone done this config before and know where/how to parse the header to look for the SSL session# and stick connections to same server?
THANKS!In Ace 2.x code GPP (Generic protocol parsing) was introduced that enables ACE to look into the Layer 4 payload.Which is how this stickiness id achieved.
details at
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/sticky.html#wp1133923
I dont think its currently available on ACE appliance yet.
Syed -
Hi All,
Currently Im using nat to translate client source ip address, nat pool is configured on server side vlan interface.
but now I dont want to translate client source ip address:
-I have changed real server gateway to ace interface ip.
-I already remove nat configuration but now I cannot access to the vip using browser but I can ping vip.
But now I cannot access to vip through browser, any idea?
Design:
client--------------CORE--------ACE------------------Real Server.
ThanksNeed help/advise regarding routing to make this method working.
When I change server gateway to ace server vlan interface, my server cannot communicate with other vlans. From context, I can ping server vlan and other vlans.
*Core interface -172.16.36.254 (server vlan),172.19.30.254(client vlan).
*Lb interface - 172.16.36.70, 172.19.30.65
*Real Server ip is using default gateway 172.16.36.70
Routing what I have done:
CORE- ip route 172.16.36.0 255.255.255.0 172.16.36.70
ip route 172.19.30.0 255.255.255.0 172.19.30.65
LB- ip route 0.0.0.0 0.0.0.0 172.19.30.254
Can someone help me to verify this?
Thanks -
[ACE 4710] accessing server on serverfarm
hi,
i have 2 servers in serverfarm.
the real IP for this 2 server are 172.16.34.5 and 172.16.34.6
the virtual IP is 172.16.33.1
the ip for vlan on server side is 172.16.34.10. the gateway on the 2 servers is 172.16.34.10
the network gateway for vlan 34 is 172.16.34.62
my question is, how can we access the individual server inside the server farm if we are not from the same vlan as the server?Hi,
you need to create a static route on your upstream router for the server VLAN with next-hop the ACE.
In you case it will be something like this:
ip route 172.16.34.0 255.255.255.0 "ACE IP address of VLAN34"
In case you have fault tolerance configured, use the alias IP of the ACEs on VLAN34.
Don't forget that your ACL on the ACE needs to allow this traffic.
If you use permit any any it shouldn't be a problem.
HTH,
Dario -
Rservers initiated traffic not sourcing the traffic as VIP in Ace 4710
One of the feature of our application is that our Application Server initiate text message to our devices sourcing from UDP 1120 and device need to see the message come from a specific pubic IP (2.2.2.2) with UDP port 1120 and reply back with the same Public IP (2.2.2.2) with UDP port 1120.The problem is we can make that happen if we have only one server in our ACE Serverfarm when we do a SNAT the real servers with the VIP address (10.1.246.32) but it does not work when we have more than one server in the Serverfarm. Since we have 2 servers, i cannot nat the real servers with the VIP address, if I do a PAT, obviously it is changing the source port of the request.
Note: This setup is working fine with the Cisco Content Switch module running on chasis 6509. When I sniff the traffic initiated from the server coming the CSM load balancer, it is sourcing the traffic as the VIP and the source port remains the same by default but this is not the case with ACE 4710
Traffic flow as follows
===============
ACE 4710 FWSM (Firewall static NAT) Device ( configured with 2.2.2.2:1120 (udp) to snd/rcv msg)
VIP
Rserver 1 - 10.1.104.80 10.1.246.32 10.1.246.32 < - > 2.2.2.2 1.1.1.1
Rserver 2 - 10.1.104.81c
----------------------------------------------------------> -------------------------------> - traffic flow from server to the device when we send msg
Configs:
======
rserver host server1
ip address 10.1.104.80
inservice
rserver host server2
ip address 10.1.104.81
inservice
serverfarm host SFARM
failaction purge
probe ICMP
rserver server1
inservice
rserver server2
inservice
access-list TEST-1120 line 8 extended permit udp host 10.1.104.80 eq 1120 any
access-list TEST-1120 line 16 extended permit udp host 10.1.104.81 eq 1120 any
parameter-map type connection UDP_TIMEOUT
set timeout inactivity 3600
sticky ip-netmask 255.255.255.255 address source STKY-SFARM
serverfarm SFARM
timeout 180
replicate sticky
class-map match-all CLS-SFARM
2 match virtual-address 10.1.246.32 udp eq 1120
class-map match-all SERVERNAT
2 match access-list TEST-1120
policy-map type loadbalance first-match POL-SFARM
class class-default
sticky-serverfarm STKY-SFARM
policy-map multi-match POL-LB
class CLS-SFARM
loadbalance vip inservice
loadbalance policy POL-SFARM
loadbalance vip icmp-reply active
connection advanced-options UDP_TIMEOUT
class SERVERNAT
nat dynamic 1 vlan 244
int vlan 244
ip address 10.1.246.2 255.255.255.0
service-policy input POL-LB
nat-pool 1 10.1.246.32 10.1.246.32 netmask 255.255.255.255
mac-sticky enable
no icmp-guard
no shut
interface vlan 2506
ip address 10.1.104.2 255.255.255.0
service-policy input POL-LB
mac-sticky enable
no icmp-guard
no shutI see in CSS, they are able to nat the source ip address with VIP and port-mapping diabled. How do I implement
portmap disable in ACE 4710
Disabling Port Mapping
By default, the CSS NATs source IP addresses and PATs source ports for a configured source group. If you configure the portmap disablecommand in a source group, the CSS performs NAT on the source IP addresses but does not perform PAT on the source ports of UDP traffic that matches on that source group.
For UDP applications with high-numbered assigned ports (for example, SIP and WAP), we recommend that you preserve those port numbers by configuring destination services in source groups instead of using the portmap disable command. Destination services cause the CSS to NAT the client source ports, but not the destination ports. For information about configuring destination services, -
ACE 4710 A3(2.0) and ACS - TACACS+
Hi.
I am having trouble getting my ACE 4710 (A3(2.0) Build 3.0) to cooperate with my Cisco Secure ACS-server. In the same environment I have it working on my ACE Module, with the same configuration.
ACE 4710:
tacacs-server host 10.7.50.20 key 7 "fewhg"
aaa group server tacacs+ tacacs_server_group
server 10.7.50.20
deadtime 15
aaa authentication login default group tacacs_server_group local none
aaa accounting default group tacacs_server_group local
aaa authentication login error-enable
ACS is configured correctly too. I have tried with several users, both in groups, with and without attributes and so forth. The ACS installation works with other devices and with my ACE modules running A2(3.1). I have tried this on both ACS 4.2(0).124 and 4.2(1).15.
The strange part is what I see when I set up Wireshark on my ACS-server to look at the traffic. From what I can see, the ACE only sends a request to the AAA-server if the user exists locally. But I do not get authenticated and Failed Attempts show a line with with Message-Type: "Unknown NAS".
It seems like others have the same problem. The problem is that the link attacked in the topic beneath only leads me back to forum and not to a topic with solution.
https://supportforums.cisco.com/thread/132445?decorator=print&displayFullThread=true#132445
Any help is appreciated and thanks in advance!are you using telnet or ssh ?
if ssh can you try telnet, allow telent on your management policy to do this. Then if it works via telnet , then try ssh again, if it now works then you have hit CSCsu36078
http://tools.cisco.com/squish/03240 -
ACE 4710 - can I dynamically sticky all traffic to 1 server based on URL?
Hello all, I'm new to the ACE 4710 and need to know some details about stickyness.
As background, we are a small company with a SaaS product and a pair of webservers.
I have set up the loadbalancing default L7 Load-balancing rule to sticky based on a Cookie based Stickey Group.
That seems to be working and session traffic is sticking to a server during the user's session.
Based on a request from our outsourced developer they would like the Loadbalancer to not only sticky the users sessions, but also sticky a url to a server.
I would like this to happen dynamically as each of our clients will have their own url based on our standard domain like clientname.fixeddomain.com and I don't want to have to come back to the loadbalancer every time we add a client.
As I said, I'm new to these devices but understand the concepts, and am in the position of having to make it work little to no tranining on this hardware and no budget at this point to pay someone else for configuration and setup.
I just need to know at this point if I can stick all requests for a specific URL to a server to avoid caching issue while those sessions are active and have new connections to other client urls balanced among the webservers.
Hopefully this request makes sense.
Thanks,
Mark Steeves.Daniel,
Thanks for the reply, but I cannot reach the URL you included. It gives me a 403.
Therfore without reading the article, I wanted to ask if the proper setup would be:
1. Default L7 load-balancing action: Primary action: Sticky: Stickey Group using
Type = HTTP Header: Header name = Host
2. Server Farm: Predictor: Least Connections or Round Robin to distribute the load between the 2 web servers.
Using this setting in testing, it looks like all the traffic keeps going to 1 server only. Granted there is not much traffic t the servers, but I have 2 different url being tested. url1.ourdomain.com & url2.ourdomain.com
If you have another link for the above document, please let me know.
Thanks,
Mark Steeves. -
ACE 4710 - Gracefully Shutting Down a Server
Hi,
Recently I had to stop an RServer to allow for software upgrades. I entered a no inservice command in the rserver config and all the connections on the serverfarm disappeared. I thought the no inservice should allow existing connections to finish. Is there another way of taking a server out of service?
We are running on an ACE 4710 version A3(2.5). We offload SSL on the ACE and use sticky connections using cookie insert
Thanks for your helpHi,
To gracefully shutdown use the "no inservice" on the rserver within the serverfarm rather than on the rserver definition.
HTH
Cathy -
ACE 4710: Find out the response time of a real server
Hi to everyone,
I have a couple of ACE 4710 and I need to find out what is the response time of a real server.
Is there a way for this?
Thank you for any answer!
giorgio romanoHi,
Kindly add the following line in your serverfarm configuration:
predictor response syn-to-synack
Suppose your serverfarm looks like this:
serverfarm host AAA_FARM
predictor response syn-to-synack
probe HTTP_PROBE
probe TCP9001_PROBE
rserver SC106
inservice
rserver SC107
inservice
rserver SC108
inservice
rserver SC109
inservice
rserver SC110
inservice
rserver SC111
inservice
rserver SC112
inservice
rserver SC113
inservice
rserver SC114
inservice
rserver SC120
inservice
rserver SC131
inservice
And then use the following command to see the average response time from your rserver as follows:
ACE1/prod# show serverfarm AAA_FARM detail
serverfarm : AAA_FARM, type: HOST
total rservers : 11
active rservers: 11
description : ServerFarm AAA
state : ACTIVE
predictor : RESPONSE
method : syn-to-synack
samples : 8
failaction : -
back-inservice : 0
partial-threshold : 0
num times failover : 0
num times back inservice : 0
total conn-dropcount : 0
Probe(s) :
HTTP_PROBE, type = HTTP
TCP9001_PROBE, type = TCP
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: SC106
x.x.x.x.:0 8 OPERATIONAL 2 1125 0
max-conns : 4000000 , out-of-rotation count : 0
min-conns : 4000000
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
load value : 0
average response time (usecs) : 81 ----> thats what you might be looking for
From other day :
rserver: SC114
x.x.x.x:0 8 OPERATIONAL 70 10903 2
max-conns : 4000000 , out-of-rotation count : 0
min-conns : 4000000
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
load value : 0
average response time (usecs) : 1334 ----> thats what you might be looking for
For Serverfarm BBB_FARM
serverfarm : BBB_FARM, type: HOST
total rservers : 1
active rservers: 1
description : ServerFarm BBB
state : ACTIVE
predictor : RESPONSE
method : syn-to-synack
samples : 8
failaction : -
back-inservice : 0
partial-threshold : 0
num times failover : 1
num times back inservice : 1
total conn-dropcount : 0
Probe(s) :
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: SC208
x.x.x.x:0 8 OPERATIONAL 0 0 0
max-conns : 4000000 , out-of-rotation count : 0
min-conns : 4000000
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
load value : 0
average response time (usecs) : 0 ----> thats what you might be looking for
Use more detials for response predictor:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp1068831
Configuring the Application Response Predictor
To instruct the ACE to select the server with the lowest average response time for the specified response-time measurement based on the current connection count and server weight (if configured), use the predictor response command in server farm host or redirect configuration mode. This predictor is considered adaptive because the ACE continuously provides feedback to the load-balancing algorithm based on the behavior of the real server.
To select the appropriate server, the ACE measures the absolute response time for each server in the server farm and averages the result over a specified number of samples (if configured). With the default weight connection option configured, the ACE also takes into account the server's average response time and current connection count. This calculation results in a connection distribution that is proportional to the average response time of the server.
The syntax of this command is as follows:
predictor response {app-req-to-resp | syn-to-close | syn-to-synack}[samples number]
The keywords and arguments are as follows:
•app-request-to-resp—Measures the response time from when the ACE sends an HTTP request to a server to the time that the ACE receives a response from the server for that request.
•syn-to-close—Measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives a CLOSE from the server.
•syn-to-synack—Measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives the SYN-ACK from the server.
•samples number—(Optional) Specifies the number of samples over which you want to average the results of the response time measurement. Enter an integer from 1 to 16 in powers of 2. Valid values are 1, 2, 4, 8, and 16. The default is 8.
For example, to configure the response predictor to load balance a request based on the response time from when the ACE sends an HTTP request to a server to when the ACE receives a response back from the server and average the results over four samples, enter:
host1/Admin(config)# serverfarm SFARM1
host1/Admin(config-sfarm-host)# predictor response app-req-to-resp
samples 4
To reset the predictor method to the default of round-robin, enter:
host1/Admin(config-sfarm-host)# no predictor
To configure an additional parameter to take into account the current connection count of the servers in a server farm, use the weight connection command in server farm host predictor configuration mode. By default, this command is enabled. The syntax of this command is as follows:
weight connection
For example, enter:
host1/Admin(config)# serverfarm SF1
host1/Admin(config-sfarm-host)# predictor response app-request-to-resp
samples 4
host1/Admin(config-sfarm-host-predictor)# weight connection
To remove the current connection count from the calculation of the average server response time, enter:
host1/Admin(config-sfarm-host-predictor)# no weight connection
You can use threshold milliseconds parameter which is optional Specifies the required minimum average response time for a server. If the server response time is greater than the specified threshold value, the ACE removes the server from the load-balancing decision process (takes the server out of service).
Enter an integer from 1 to 300000 milliseconds (5 minutes). The default is no threshold (servers are not taken out of service).
In case if you have measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives a CLOSE from the server use syn-to-close (already discussed previously)
If you have to measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives the SYN-ACK from the server use syn-to-synack (already discussed previously)
SAMPLES parameter is optional and specifies the number of samples that you want to average from the results of the response time measurement and response time is used to select the server with the lowest response time for the requested response-time measurement. If you do not specify a response-time measurement method, the ACE uses the HTTP app-req-to-response method.
Whenever a server's load reaches zero, by default, the ACE uses the autoadjust feature to assign a maximum load value of 16000 to that server to prevent it from being flooded with new incoming connections. The ACE periodically adjusts this load value based on feedback from the server's SNMP probe and other configured options.
Using the least-loaded predictor with the configured server weight and the current connection count option enabled, the ACE calculates the final load of a real server as follows:
final load = weighted load × static weight × current connection count
where:
•weighted load is the load reported by the SNMP probe
•static weight is the configured weight of the real server
•current connection count is the total number of active connections to the real server
The ACE recalculates the final load whenever the connection count changes, provided that the (config-sfarm-host-predictor) weight connection command is configured. If the (config-sfarm-host-predictor) weight connection command is not configured, the ACE updates the final load when the next load update arrives from the SNMP probe.
If two servers have the same lowest load (either zero or nonzero), the ACE load balances the connections between the two servers in a round-robin manner.
HTH
Plz rate if u find it useful.
Sachin -
Access Server through VIP (ACE 4710) but very slow
Re: Access Server through VIP (ACE 4710) but very slow
Hi Shiva
Kindly Help .....Accessing the server very slow.., Plz check my real configuration... this configuration is for application server and after this i have to configure more serverfarm for different server like webmail etc. in this ACE 4710. I have only one ACE 4710 .
ACE Version A4(2.0) = is there supports Probe with this version.??? without probe server will work but very slow. And plz guide Nat-pool is required
VIP :-- 172.16.15.8
LB/Admin# sh run
Generating configuration....
no ft auto-sync startup-config
logging enable
logging host 172.29.91.112 udp/514
resource-class RC1
limit-resource all minimum 10.00 maximum unlimited
boot system image:c4710ace-mz.A4_2_0.bin
hostname LB
interface gigabitEthernet 1/1
description Management
speed 1000M
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
description clientside
switchport access vlan 30
no shutdown
interface gigabitEthernet 1/3
description serverside
switchport access vlan 31
no shutdown
interface gigabitEthernet 1/4
no shutdown
context Admin
description Management
member RC1
access-list everyone line 8 extended permit ip any any
access-list everyone line 16 extended permit icmp any any
probe http probe1
description health check
interval 5
passdetect interval 10
request method head
expect status 200 200
open 1
rserver redirect https_redirect
description redirect traffic to https
webhost-redirection / 302
inservice
rserver redirect maintenance_page
description maintenance page displayed
webhost-redirection /sry.html 301
inservice
rserver host web1
ip address 192.168.10.3
inservice
rserver host web2
ip address 192.168.10.4
inservice
rserver host web3
ip address 192.168.10.5
inservice
serverfarm host http
rserver web1
inservice
rserver web2
inservice
rserver web3
inservice
serverfarm redirect https_redirect_farm
description Redirect traffic to https
serverfarm redirect maintenance_farm
description send user to maintenance page
parameter-map type connection paramap_http
description parameter connection tcp
exceed-mss allow
sticky ip-netmask 255.255.255.0 address source Sticky_http
timeout activeconns
serverfarm http
class-map match-all REMOTE-ACCESS
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
class-map match-all slb-vip
2 match virtual-address 172.16.15.8 tcp eq www
policy-map type management first-match remote_access
class class-default
permit
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match slb
class class-default
serverfarm http
policy-map type inspect http all-match slb-vip-http
class class-default
permit
policy-map multi-match client-vips
class slb-vip
loadbalance vip inservice
loadbalance policy slb
loadbalance vip icmp-reply active
inspect http policy slb-vip-http
connection advanced-options paramap_http
interface vlan 30
description "Client Side"
ip address 172.16.15.24 255.255.255.0
access-group input everyone
service-policy input client-vips
no shutdown
interface vlan 31
description "Server Side"
ip address 192.168.10.1 255.255.255.0
service-policy input remote_access
no shutdown
interface vlan 1000
description managment
ip address 172.29.91.110 255.255.255.0
service-policy input remote_mgmt_allow_policy
no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.15.1
snmp-server contact "PHQ"
snmp-server community phq group Network-Monitor
snmp-server trap-source vlan 1000
username admin password 5 $1$b2txbc5U$TA74D920oSdd2eOZ4hSFe/ role Admin domain
default-domain
username www password 5 $1$.GuWwQEK$r8Ub4OcE3l190d5GA4kvR. role Admin domain de
fault-domain
username prem password 5 $1$8C7eRKrI$it3UV4URZ26X4S/Bh6OEr0 role Admin domain d
efault-domain
ssh key rsa 1024 force
banner motd # "ro" #
Regards,
PremHi Shiva,
plz guide i'm new with ACE LB, also find my n/w design for connected ace to server. but server accessing very very slow, but when i connect through my old server software LB (with two interface)then accessing very fast. I just replace my old serverLB(with two interface) to ACE4710 and connect the same scenario then why not server accessing smoothly with VIP .Reply soon only I connect ACE's two interface with switch.....
Regards,
Prem -
Server-conn reuse stats on ACE 4710?
Hi,
Does anyone know if it's possible to get the server-conn reuse stats on an ACE 4710 appliance? I'd like to confirm that it's working and ideally see the number of resued connections.
Thanks,
JimScimitar1/Admin# show np 1 me-stats "-socm -v" | i [uU][sS][eE]
Reuse retrieve link update conn invalid 0 0
Reuse retrieve link update conn not on r 0 0
Reuse retrieve success but conn invalid: 0 0
Reuse retrieve miss: 0 0
Reuse conns retrieved: 0 0
Scimitar1/Admin#
The last 2 indicates if a new connection is needed (miss) or if we could retrieve an existing one.
Gilles. -
ACE 4710 - need help configuring backend server monitoring
Currently running an ACE 4710, which is handling all of our inbound SSL connections and then forwarding requests thru
to backend web servers. This all works fine.
My question is this..Right now we are not load balancing any of the backen web servers. But I now have a requirement that should
a web server crash or become unavailable I need to redirect that backend connection to another web server.
Scenario is more like I have 2 web servers both serving same content, but I want one server to take all the connections unless it fails, at that point
have all the connections forwarded to 2nd server.
Is there a way to setup the load balancing where the 1st server gets all the connections until a failure happens ?
Any help would be appreciated.
Cheers
DaveHi Dave,
You can use sorry-server or backup server feature. details can be found at
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp1000264 -
ACE 4710 - Monitoring Real Server Showing N/A
I recently installed a Cisco ACE 4710 version A4(2.0) into our test network. Load balancing across a number of web servers appears to be working ok and serving pages to users. However, when i tried to check the real time stats via device manager (Monitor> virtual contexts> context > Real servers) a number of fields specifically "current connections", "total conns", "failed conns" etc were showing N/A. Do I need to enable this somehow i.e. polling, if so how?
Hello Samson,
You may try to reboot the entire ACE 4710, probably during a maintenance window, some java process might have gotten stuck.
If the issue persists then open a TAC case since there are some software defects related to this behavior.
Jorge -
Ace 4710 active/standby SNMP config
We have 2 x Ace 4710 deployed in Active/Standby config. Since the configuration mode is disabled on the Standby unit, how can we configure the SNMP settings (such as location etc.) on the standby unit different from the active unit?
The 2 devices are in physically separated data centers so the SNMP location settings need to be set differently on both units. The standby unit does not allow any configuration.Comments inline:
Since this is the admin context, we would better not do this. As i understand correctly, this will turn off the config sync on the 2 units and we may end up with some issues.
KM - Correct, you need to manually manage the configurations of both devices.
Also, if at a later stage, we sync the configs again in the admin context, it will overwrite the different config on the standby unit with that from the active unit?
KM - Correct, the device with the lower priority will be overwritten when config-sync is re-enabled. This is one of the reasons you need to be careful in the Admin context. For example: Ff the lower priority device has contexts defined that the primary does not, they would be removed when you re-enablethis command.
Since my requirement is just the SNMP location config, I do not think i should go for this; rather i can have some descriptive location setting identifying the 2 units in cluster mode...
KM - This would be more ideal than disabling config sync. You could also put both locations like this:
snmp-server location "San Jose, CA & Seattle, WA"
Regards
Kris -
Hello,
I am running redundant ACE 4710 appliances running A3(2.7). I have five FT groups configured along with FT Tracking and when the vlans fail due to physical links being down, the contexts to do not failover. If one of the ACE boxes fail completely, failover works fine. I have included the FT config from one of the contexts below. I have a case open with TAC and the Engineer is suggesting the use of a query interface in additon to FT Tracking. We have had two incidents on separate contexts where we lost a physical interface on the primary ACE, one for the maintenance of the core switch, the other was a cable disconnect and we are unable to understand why the indivdual context didn't failover. Any ideas would be much appreciated. Let me know if more info/configs are needed.
Dave
ft interface vlan 900
ip address 10.10.10.1 255.255.255.0
peer ip address 10.10.10.2 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 20
ft-interface vlan 900
ft group 3
peer 1
no preempt
priority 210
peer priority 120
associate-context XYZ
inservice
FT Group : 3
No. of Contexts : 1
Context Name : XYZ
Context Id : 2
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 210
My Net Priority : 210
My Preempt : Disabled
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Config Priority : 120
Peer Net Priority : 120
Peer Preempt : Disabled
Peer Id : 1
Last State Change time : Wed Jan 11 13:14:16 2012
Running cfg sync enabled : Enabled
Running cfg sync status : Running configuration sync has completed
Startup cfg sync enabled : Enabled
Startup cfg sync status : Startup configuration sync has completed
Bulk sync done for ARP: 0
Bulk sync done for LB: 0
Bulk sync done for ICM: 0
show int
vlan424 is up, VLAN up on the physical port
Hardware type is VLAN
MAC address is 00:1e:68:1e:ba:b7
Virtual MAC address is 00:0b:fc:fe:1b:03
Mode : routed
IP address is 10.104.224.6 netmask is 255.255.255.0
FT status is active
Description:"New Server VIP and real"
MTU: 1500 bytes
Last cleared: never
Last Changed: Sun Mar 11 01:13:12 2012
No of transitions: 3
Alias IP address is 10.104.224.5 netmask is 255.255.255.0
Peer IP address is 10.104.224.7 Peer IP netmask is 255.255.255.0
Assigned on the physical port, up on the physical port
Previous State: Sun Mar 11 00:04:57 2012, VLAN not up on the physical port
Previous State: Sun Sep 18 10:21:15 2011, administratively up
3991888419 unicast packets input, 23734607976687 bytes
20246934 multicast, 174801 broadcast
0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops
1609345958 unicast packets output, 23690663385228 bytes
7 multicast, 55807 broadcast
0 output errors, 0 ignoredDave,
For tracking to work you need to have preempt enabled. Can you try enabling preempt under the ft group and test your tracking again? Another potential issue you may run into is if your tracking is not lowering the priority enough when it fails. The difference between the active and standby device is 100. If you are not decrementing the priority greater than this value even if priority is enabled it will not lower it enough to force the failover. If after enabling preempt on this group the tracking still does not work as expected send you whole config for us to look at.
Regarding the query interface; This is not a bad idea. It will help prevent an active active situation if there is a problem with the ft link between the two modules.
Thanks
Jim
Maybe you are looking for
-
Direct database request and session variable value
Hi, I have a problem by doing the following : idea is to have report with a list of all tables in user schema (which are not all in repository physical layer). By clicking on the name of any, should bring answer report which is done as direct databas
-
Hello All, can anybody help? The Problem We are running SharePoint 2013 and document sets that have an excel file and a PowerPoint presentation both in the document set folder and we have mapped this to a unc path \\SP.companyname.com\@SSL\DavWWWRoo
-
How do I permanantly apply audio noise reduction in FCP X
I have a clip shot on a blue screen set that had some noise in the background (constant hum from air conditioner). The Background Noise Reduction in FCP X, applied at 100%, does a truly amazing job. But there is one huge problem. It appears that FCP
-
Which R/3 function Module is used to extract material data?
Hi, Does someone know which FM is used in R/3 to extract the material data when the replication object 'MATERIAL' is executed? Thanks, Jeroen
-
LV file corrupt? I try to load, it asks to find the file I just tried to load
I have a LV file that when I go to open it, it brings up the prompt saying "please find the Vi named "xxxx.vi" " which is the file that I just tried to open. I select the file again and just stays in a loop and never actually opens the file. Both I