ACE 4710 Loadbalancer Weblogic Issues

Similar Messages

• Facing Issue in ACE 4710 ..Secondary ACE showing as FSM_FT_STATE_STANDBY_COLD ...

  Hi All ,
   I am facing problem with my ACE 4710 in active-standby environment . When I check Show ft group detail on my Active ACE , it shows peer state as
  FSM_FT_STATE_STANDBY_COLD for Admin context . Below is the output :
  Primary_ACE/Admin#sh ft group detail
  FT Group                     : 1
  No. of Contexts              : 1
  Context Name                 : Admin
  Context Id                   : 0
  Configured Status            : in-service
  Maintenance mode             : MAINT_MODE_OFF
  My State                     : FSM_FT_STATE_ACTIVE
  My Config Priority           : 120
  My Net Priority              : 120
  My Preempt                   : Enabled
  Peer State                   : FSM_FT_STATE_STANDBY_COLD
  Peer Config Priority         : 100
  Peer Net Priority            : 100
  Peer Preempt                 : Enabled
  Peer Id                      : 1
  Last State Change time       : Tue Jan  1 05:32:55 2002
  Running cfg sync enabled     : Enabled
  Running cfg sync status      : Peer in Cold State. Error on Standby device when
  applying configuration file replicated from active
  Startup cfg sync enabled     : Enabled
  Startup cfg sync status      : Peer in Cold State. Startup configuration sync ha
  [7m--More--[m
  s completed
  Bulk sync done for ARP: 0
  Bulk sync done for LB: 0
  Bulk sync done for ICM: 0
  FT Group                     : 2
  No. of Contexts              : 1
  Context Name                 : APP_Context
  Context Id                   : 1
  Configured Status            : in-service
  Maintenance mode             : MAINT_MODE_OFF
  My State                     : FSM_FT_STATE_ACTIVE
  My Config Priority           : 120
  My Net Priority              : 120
  My Preempt                   : Enabled
  Peer State                   : FSM_FT_STATE_STANDBY_HOT
  Peer Config Priority         : 100
  Peer Net Priority            : 100
  Peer Preempt                 : Enabled
  Peer Id                      : 1
  Last State Change time       : Tue Jan  1 05:32:56 2002
  Running cfg sync enabled     : Enabled
  [7m--More--[m
  Running cfg sync status      : Running configuration sync has completed
  Startup cfg sync enabled     : Enabled
  Startup cfg sync status      : Startup configuration sync has completed
  Bulk sync done for ARP: 0
  Bulk sync done for LB: 0
  Bulk sync done for ICM: 0
  Also when I give show ft config-errors on my secondary ACE it gives the following result .
  Secondary_ACE/Admin#sh ft config-error
  Mon Jun 10 00:04:11 IST 2002
  `no 3 match virtual-address 10.40.3.15 tcp eq https`
  Error: LB action requires match vip command
  `no 3 match virtual-address 10.40.3.15 tcp eq 8082`
  Error: LB action requires match vip command
  `no 3 match virtual-address 10.40.3.21 tcp eq www`
  Error: LB action requires match vip command
  `no 3 match virtual-address 10.40.3.21 tcp eq https`
  Error: LB action requires match vip command
  `2 match virtual-address 10.40.3.21 tcp eq https`
  Error: This configuration already exists
  `2 match virtual-address 10.40.3.21 tcp eq www`
  Error: This configuration already exists
  `2 match virtual-address 10.40.3.15 tcp eq 8082`
  Error: This configuration already exists
  `2 match virtual-address 10.40.3.15 tcp eq https`
  Error: This configuration already exists
  Error(s) while applying config.
   I am attaching the running configuration of both the ACE's . Kindly help me in resolving the issue .
  Also I noticed one thing . There is configuration difference in Primary and Secondary ACE . I guess this is causing the issue .
  Need help to fix this asap .
   Following configuration is missing on the secondary ACE .
  ======================================================================
  class-map match-all WEB_FARM_VIP-80
    3 match virtual-address 10.40.3.15 tcp eq www
  policy-map type loadbalance first-match WEB_FARM_VIP-80-l7slb
    class class-default
      serverfarm HTTP-2-HTTPS
    class WEB_FARM_VIP-80
      loadbalance vip inservice
      loadbalance policy WEB_FARM_VIP-80-l7slb
  Thanks ,
  Tushar

  Dear all,
  Pls help me out in this regard, I dont have much idea about ACE.
  Regards,
  Sashi

• SIP load balancing issue with ACE 4710

  SIP Load balancing Issue with ACE 4710
  I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
  rserver host CIN-VOX-31
    ip address 172.20.130.31
    inservice
  rserver host CIN-VOX-32
    ip address 172.20.130.32
    inservice
  serverfarm host CIN-VOX
    probe SIP-5060
    rserver CIN-VOX-31
      inservice
    rserver CIN-VOX-32
      inservice
  sticky sip-header Call-ID VOX_SIP_GROUP
    timeout 1
    timeout activeconns
    replicate sticky
    serverfarm CIN-VOX
  class-map match-all CIN_VOX_L4_CLASS
    2 match virtual-address 172.22.12.30 any
  class-map match-all CIN_VOX_SIP_L4_CLASS
    2 match virtual-address 172.22.12.30 udp eq sip
  policy-map type loadbalance sip first-match CIN_VOX_LB_SIP_POLICY
    class class-default
      sticky-serverfarm VOX_SIP_GROUP
  policy-map multi-match GLOBAL_DMZ_POLICY
     class CIN_VOX_SIP_L4_CLASS
      loadbalance vip inservice
      loadbalance policy CIN_VOX_LB_SIP_POLICY
      loadbalance vip icmp-reply
    class CIN_VOX_L4_CLASS
      loadbalance vip inservice
      loadbalance policy CIN_VOX_LB_SIP_POLICY
      loadbalance vip icmp-reply
  interface vlan 20
    description VIP_DMZ_VLAN
    ip address 172.22.12.4 255.255.255.192
    alias 172.22.12.3 255.255.255.192
    peer ip address 172.22.12.5 255.255.255.192
    access-group input PERMIT-ANY-LB
    service-policy input GLOBAL_DMZ_POLICY
  could you please help me on this...
  thanks
  Rakesh Patel

  I mean there should be one more statement-
  class-map type sip loadbalance match-any CIN_VOX_LB_SIP_POLICY 
  match sip header Call_ID header-value sip:
  and that will be called under-
  policy-map multi-match GLOBAL_DMZ_POLICY
     class CIN_VOX_SIP_L4_CLASS
      loadbalance vip inservice
      loadbalance policy CIN_VOX_LB_SIP_POLICY
      loadbalance vip icmp-reply
  is that missing in your config ?

• ACE 4710 HTTP Probes

  Using the ACE 4710 for loadbalancing a Sharepoint site.
  We currently have a HTTP probe setup to check the port 80 status of the rserver.
  Is there anyway to get the HTTP probe to check a DNS entry for each of the application sites? For instance http://info vs http://site are two different web sites running on the same IP. One site could have a problem but the actual port 80 for the IP may be still alive.
  Thanks for any information.

  Has anyone figure this out?  I am tring to get healthchecks/probes setup in this same fashion.  I have 2 servers with 1 IP but have many sites.  I want to probe each side and ensure I get a 200 code.  I also have to provide credentials to the site.  It seems that if i open IE I can log in just fine to the site with the credentials.  However there is an active x control box that is wanting to be installed.  When I set this up on my ACE it seems I am getting a http 401 unauthorized error.  I have done a wireshark capture while I was browsing and I see the 401 however it also reports a 200 code after that.  Do you think this is a problem because of the active x control wanting to be downloaded?  Or is this an issue with the first http code that is recieved by the probe, that being the 401 and then the 200? Below is my config (cleaned of course).
  probe http HTTP-80-OUR.DOMAIN.COM
    interval 15
    passdetect interval 60
    credentials
    request method get url http://our.domain.com/default.aspx
    expect status 200 200
    header Host header-value "our.domain.com"
    open 1
  rserver host SERVER-A
    ip address X.X.X.47
    inservice
  rserver host SERVER-B
    ip address X.X.X.48
    inservice
  serverfarm host FARM-AB
    predictor leastconns
    probe HTTP-80-OUR.DOMAIN.COM
    rserver SERVER-A
      inservice
    rserver SERVER-B
      inservice
  ACE4710# show probe HTTP-80-OUR.DOMAIN.COM detail
  probe       : HTTP-80-OUR.DOMAIN.COM
  type        : HTTP
  state       : ACTIVE
  description :
     port      : 80      address     : 0.0.0.0         addr type  : -
     interval  : 15      pass intvl  : 60              pass count : 3
     fail count: 3       recv timeout: 10
     http method      : GET
     http url         : http://our.domain.com
     conn termination : GRACEFUL
     expect offset    : 0         , open timeout     : 1
     expect regex     : -
     send data        : -
                  ------------------ probe results ------------------
     associations ip-address      port  porttype probes   failed   passed   health
     ------------ ---------------+-----+--------+--------+--------+--------+------
     serverfarm  : OUR.DOMAIN.COM-10.25.4.12-L3-FARM
       real      : SERVER-A[0]
                  X.X.X.47      80    DEFAULT  414      406      8        FAILED
     Socket state        : CLOSED
     No. Passed states   : 1         No. Failed states : 2
     No. Probes skipped  : 0         Last status code  : 401
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err : Received invalid status code
     Last probe time     : Wed Jun  2 17:44:18 2010
     Last fail time      : Wed Jun  2 13:37:04 2010
     Last active time    : Wed Jun  2 13:34:19 2010
       real      : SERVER-B[0]
                  X.X.X.48      80    DEFAULT  414      406      8        FAILED
     Socket state        : CLOSED
     No. Passed states   : 1         No. Failed states : 2
     No. Probes skipped  : 0         Last status code  : 401
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err : Received invalid status code
     Last probe time     : Wed Jun  2 17:44:20 2010
     Last fail time      : Wed Jun  2 13:37:06 2010
     Last active time    : Wed Jun  2 13:34:21 2010

• ACE 4710 - can I dynamically sticky all traffic to 1 server based on URL?

  Hello all, I'm new to the ACE 4710 and need to know some details about stickyness.
  As background, we are a small company with a SaaS product and a pair of webservers.
  I have set up the loadbalancing default L7 Load-balancing rule to sticky based on a Cookie based Stickey Group.
  That seems to be working and session traffic is sticking to a server during the user's session.
  Based on a request from our outsourced developer they would like the Loadbalancer to not only sticky the users sessions, but also sticky a url to a server.
  I would like this to happen dynamically as each of our clients will have their own url based on our standard domain like clientname.fixeddomain.com and I don't want to have to come back to the loadbalancer every time we add a client.
  As I said, I'm new to these devices but understand the concepts, and am in the position of having to make it work little to no tranining on this hardware and no budget at this point to pay someone else for configuration and setup.
  I just need to know at this point if I can stick all requests for a specific URL to a server to avoid caching issue while those sessions are active and have new connections to other client urls balanced among the webservers.
  Hopefully this request makes sense.
  Thanks,
  Mark Steeves.

  Daniel,
  Thanks for the reply, but I cannot reach the URL you included.  It gives me a 403.
  Therfore without reading the article, I wanted to ask if the proper setup would be:
  1. Default L7 load-balancing action: Primary action: Sticky: Stickey Group using
  Type = HTTP Header: Header name = Host
  2. Server Farm: Predictor: Least Connections or Round Robin to distribute the load between the 2 web servers.
  Using this setting in testing, it looks like all the traffic keeps going to 1 server only.  Granted there is not much traffic t the servers, but I have 2 different url being tested. url1.ourdomain.com & url2.ourdomain.com
  If you have another link for the above document, please let me know.
  Thanks,
  Mark Steeves.

• ACE 4710: Possible to allow a user to clear counters but nothing else?

  Hello all,
  Using an ACE 4710 we have a user setup with the Network-Monitor role which allows the user to view config, interface status, etc.  We would also like to allow this user to clear the interface error counters as well, but nothing else.  Is this possible?
  Thanks!

  Hello Brandon-
  Network-Monitor only lets you browse outputs, it is a not a role that allows a user to make any changes including clearing stats.  You can create custom roles and domains to get closer to what you want, but you cannot zero in on a single command like that.
  i.e.
  ACE# conif t
  ACE(config)# role MyRole
  ACE(config-role)# rule 1 permit modify feature ?
    AAA             AAA related commands
    access-list     ACL related commands
    connection      TCP/UDP related commands
    fault-tolerant  Fault tolerance related commands
    inspect         Appln inspection related commands
    interface       Interface related commands
    loadbalance     Loadbalancing policy and class commands
    pki             PKI related commands
    probe           Health probe related commands
    rserver         Real server related commands
    serverfarm      Serverfarm related commands
    ssl             SSL related commands
    sticky          Sticky related commands
    vip             Virtual server related commands
  You can create a permit or deny rule, within that, create/debug/modify/monitor each feature seperately.
  Domains allow you to create containers for objects.  You can place specific rservers, serverfarms, etc. into it - then apply it to a role so that the user assigned to it can only touch those objects.
  Regards,
  Chris Higgins

• ACE 4710 Connectivity help?

  I'm using an ACE 4710 in a new datacenter, with the following setup:
  2/4 physical ethernet interfaces port channeled into port-channel 1
  2/4 physical ethernet interfaces port channeled into port-channel 2
  I have the following vlans defined:
  1001 - admin     - interface ip: 10.53.136.70
  400 - client side - interface ip: 10.53.136.100
  500 - server side - interface ip: 192.168.128.1
  999 - fault tolerance - interface ip: 192.168.11.2
  My problem is I am trying to nat ssh and web server traffic from the client side, to the server side, but it's never getting to the server.  For example, if I ssh to 10.53.136.102, it times out.  (10.53.136.102 should get nat'd to 192.168.128.2)
  Also, I can connect to the ACE 4710 via telnet using 10.53.136.70, but cannot connect to 10.53.136.100.
  I'm thinking there is either something wrong with the port-channels, or the access lists.  On the other hand there could be something wrong with the nat'ing, but I had it working before switching over to the port-channels.
  Any thoughts?
  Thanks,
  Brent

  I've attached the two contexts which we are using.  The admin context is new_lb_config.txt and the second context where the loadbalancing occurs is in the new_lb_config_VC_WBPX.txt file.
  From the load balancer, I am able to ping the real server ips in the 192.168. ip range.  The 4710 recognizes that they are in service.
  I believe the ACL for the VLAN 400 is set to permit all traffic, but I don't know if the service policies are preventing something from happening.
  Right now, I have disconnected the two 4710s and I am only working on one of them to see if I can get the basic connectivity going.  Once I accomplish that, I will work on high availability.  I'll have to check whether it thinks it is in passive mode...not entirely sure how to do that, but I will check it out.
  Thanks,
  Brent

• ACE 4710 - Internet Explorer cannot display the webpage randomly

  We have a ACE 4710 with a basic config, (see below).
  When clicking on a tab from a window within Interent explorer we occasionally get an issue with it returning: "Internet Explorer cannot display the webpage" The details show "Access is denied" accessing a particular line of a javascript file.
  We have put one web server out of service in the farm to make sure that this isn't a result of stickyness not quite working.
  We have tested extensively by going directly to the web server directly without the load balancer and cannot reproduce the problem but we can produce the issue within a few minutes when going to the load balanced address.
  Thanks in advance for any advice.
  HOST-1/Admin# show run
  Generating configuration....
  logging enable
  logging fastpath
  logging standby
  logging timestamp
  logging trap 6
  logging history 6
  resource-class SLB_ResourceClass_T_R
    limit-resource all minimum 10.00 maximum unlimited
  resource-class sticky
    limit-resource all minimum 10.00 maximum unlimited
  boot system image:c4710ace-t1k9-mz.A5_1_2.bin
  peer hostname HOST-2
  hostname HOST-1
  interface gigabitEthernet 1/1
    switchport access vlan 1000
    no shutdown
  interface gigabitEthernet 1/2
    shutdown
  interface gigabitEthernet 1/3
    description LB003
    switchport access vlan 1
    shutdown
  interface gigabitEthernet 1/4
    description LB004
    switchport access vlan 2
    shutdown
  interface port-channel 1
    port-channel load-balance src-dst-port
    no shutdown
  clock timezone standard GMT
  switch-mode
  context Admin
    description SUTLB01
    member SLB_ResourceClass_T_R
  access-list ALL line 8 extended permit ip any any
  access-list ALL line 16 extended permit icmp any any
  access-list everyone line 8 extended permit ip any any
  access-list everyone line 16 extended permit icmp any any
  probe tcp probe_tcp_80
    port 80
  rserver host Server_S_W301
    description Server_S_W301
    ip address x.x.32.152
    inservice
  rserver host Server_S_W302
    description Server_S_W302
    ip address x.x.32.154
    inservice
  serverfarm host sfarm_T_R
    description sfarm_T_R
    predictor leastconns
    probe probe_tcp_80
    rserver Server_S_W301 80
    rserver Server_S_W302 80
      inservice
  sticky http-cookie Cookie1 T_R_sticky_cookie
    cookie insert browser-expire
    timeout 3600
    serverfarm sfarm_T_R
  class-map match-any T_R_L4Class
    2 match virtual-address x.x.33.150 tcp eq www
  class-map type management match-any remote_access
    2 match protocol xml-https any
    3 match protocol icmp any
    4 match protocol telnet any
    5 match protocol ssh any
    6 match protocol http any
    7 match protocol https any
    8 match protocol snmp any
  policy-map type management first-match remote_mgmt_allow_policy
    class remote_access
      permit
  policy-map type loadbalance first-match T_R_L7policy
    class class-default
      sticky-serverfarm T_R_sticky_cookie
  policy-map multi-match T_R_L4Policy
    class T_R_L4Class
      loadbalance vip inservice
      loadbalance policy T_R_L7policy
      loadbalance vip icmp-reply active
      nat dynamic 2 vlan 1000
  interface vlan 1000
    ip address x.x.33.148 255.255.254.0
    access-group input ALL
    nat-pool 2 x.x.33.151 x.x.33.151 netmask 255.255.254.0 pat
    service-policy input remote_mgmt_allow_policy
    service-policy input T_R_L4Policy
    no shutdown
  ip route 0.0.0.0 0.0.0.0 x.x.32.1
  ssh key rsa 1024 force

  +------------------------------------------+
  +-------------- HTTP statistics -----------+
  +------------------------------------------+
  LB parse result msgs sent : 421347     , TCP data msgs sent       : 2099597
  Inspect parse result msgs : 0          , SSL data msgs sent       : 0
                        sent
  TCP fin msgs sent         : 6169       , TCP rst msgs sent:       : 769
  Bounced fin msgs sent     : 5          , Bounced rst msgs sent:   : 1
  SSL fin msgs sent         : 0          , SSL rst msgs sent:       : 0
  Drain msgs sent           : 337811     , Particles read           : 5040829
  Reuse msgs sent           : 0          , HTTP requests            : 342499
  Reproxied requests        : 183422     , Headers removed          : 37475
  Headers inserted          : 342124     , HTTP redirects           : 0
  HTTP chunks               : 224859     , Pipelined requests       : 71466
  HTTP unproxy conns        : 267246     , Pipeline flushes         : 0
  Whitespace appends        : 0          , Second pass parsing      : 0
  Response entries recycled : 71302      , Analysis errors          : 0
  Header insert errors      : 22         , Max parselen errors      : 215
  Static parse errors       : 99         , Resource errors          : 0
  Invalid path errors       : 0          , Bad HTTP version errors  : 0
  Headers rewritten         : 0          , Header rewrite errors    : 0
  SSL headers inserted      : 0          , SSL header insert errors : 0
  SSL spoof headers deleted : 0         , Unproxy msgs sent         : 267246
  HTTP passthrough stat     : 0
  NOTE - We did turn on caching at one point to try and resolve the issue but it has since been turned off

• Configuring ACE 4710 for Load Balancing Speech servers

  Hello, I'm configuring ACE 4710's for the first time and I want to load balance my Nuance speech servers on port 554. Here's my configuration on ACE01:
  hostname ace471001
  interface gigabitEthernet 1/1
    switchport access vlan 1000
    no shutdown
  interface gigabitEthernet 1/2
    shutdown
  interface gigabitEthernet 1/3
    shutdown
  interface gigabitEthernet 1/4
    shutdown
  access-list ALL line 8 extended permit ip any any
  rserver host nss01
  class-map type management match-any remote_access
    2 match protocol xml-https any
    3 match protocol icmp any
    4 match protocol telnet any
    5 match protocol ssh any
    6 match protocol http any
    7 match protocol https any
    8 match protocol snmp any
  policy-map type management first-match remote_mgmt_allow_policy
    class remote_access
      permit
  interface vlan 1000
    ip address 10.20.17.21 255.255.248.0
    access-group input ALL
    service-policy input remote_mgmt_allow_policy
    no shutdown
  How would I configure my speech server to isten on 554?
  Thanks in advance

  Hello Reginald
  Currently you have only basic network configuration, there is no loadbalancing config
  I'm not sure what exactly you're asking about , but basically you need to have
  - real servers configured on ACE (
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp999495)
  - serverfarm configured on ACE (
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp1014522)
  - L7 policy map (
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1171109 ,
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1027248 )
  - L4 policy map , class-map (
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1027819)
  And then apply it on necessary interface.
  This is a general configuration, in your specific case you may need to configure some additinal features (e.g. I think you will need to have stickiness enabled
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/sticky.html but it depends on your application)
  links are for old config guids , but basic is pretty much the same for all versions.
  Please check them and try to narrow down your question a bit.

• ACE 4710 Appliance: init: failed to initialize modlock_init(): No such file or directo

  Hi,
  I have ACE 4710 Appliance, but it is failed and giving following error while login at console.....
  I am suspecting hardware issue..most probably with harddrive.... Please let me know if it can be recoverable of only replacement is the solution..
  switch login: init: failed to initialize modlock_init(): No such file or directo                                                                             ry
  eth2: ERROR while getting interface flags: No such device
  perform_sysmgr_offline: unable to move MTS to MTS_STATE_OFFLINE: Invalid argumen                                                                             t (error-id 0x801E0016).
  init: failed to initialize modlock_init(): No such file or directory
  eth2: ERROR while getting interface flags: No such device
  perform_sysmgr_offline: unable to move MTS to MTS_STATE_OFFLINE: Invalid argumen                                                                             t (error-id 0x801E0016).
  init: failed to initialize modlock_init(): No such file or directory
  eth2: ERROR while getting interface flags: No such device
  perform_sysmgr_offline: unable to move MTS to MTS_STATE_OFFLINE: Invalid argumen                                                                             t (error-id 0x801E0016).
  /isan/sbin/sysmgr: symbol lookup error: /isan/lib/libutils.so: undefined symbol:                                                                              tftp_callback_fn
  Regards
  Nadeem

  Hi,
  I RMAed the appliace, i think it was hardware failure which casue this issue.
  If some one face this issue please let me know...Thanks!
  Regards
  Nad

• ACE 4710 upgrading software problem

  I logged into ACE 4710 to upgrade the image to c4710ace-mz.A1_8_0.bin. I logged in with Admin status and I got the following message, "
  ACE4710/Admin# delete image:c4710ace-mz.3.0.0_A1_7a.bin
  delete: cannot remove 'c4710ace-mz.3.0.0_A1_7a.bin': Permission denied"
  Is this a bug? Is there a workaround? Thank you.

  I am getting the same message again when i tried to delete an image and put a new image on.
  ACE4710/Admin# dir image:
  180784189 May 20 07:52:18 2008 c4710ace-mz.A1_8_0.bin
  176933319 May 6 07:10:04 2008 c4710ace-mz.A1_7b.bin
  Usage for image: filesystem
  714985472 bytes total used
  167362560 bytes free
  882348032 bytes total
  ACE4710/Admin# delete image:4710ace-mz.A1_7b.bin
  delete: cannot remove '4710ace-mz.A1_7b.bin': No such file or directory
  How can this issue be resolved?

• Upgrade steps for ACE 4710

  Hi Everyone
  We will be upgrading our ACE 4710s from A3(2.2) to A4(1.0). We have a pair in high availability mode. Has anyone here got any tips on how we can get a smooth upgrade without downtime? Is this even possible?
  Thanks
  A

  Of course it is possible to upgrade with no downtime!
  However it is always recommended to schedule the upgrade in a maintenance window to minimize the impact in case of any issues.
  You can normally find the documented procedure here for the upgrade:
  http://cco/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/admin/guide/upgrade.html#wp1012243
  I find in fact the best would be the following:
  1. Upgrade the stand by module first.
  2. Once reloaded, switchover to the standby and verify all services working correctly.
  3.Upgrade the new stand by module.
  4. Eventually switch over again to restore the active box as per the original configuration.
  By doing this, if for some reason the first switchover at point 2. would not work, you can switch back to a safe scenario which you are sure to work.
  Cheers,
  Domenico.

• ACE 4710

  i need the best practice of ACE 4710 for loadbalance webserver , application  server and database server

  i need the best practice of ACE 4710 for loadbalance webserver , application  server and database server
  Hi,
  Check out the belowlink for configuration of ACE 4710 for loadbalancing servers
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/device_manager/guide/UG_lb.html#wp1044682
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/device_manager/guide/UG_lb.html#wp1044806
  Hope to help !!
  If helpful do rate the post
  Ganesh.H

• Add two servers with ACE 4710

  Dear All,
  We have two servers (sharepoint ) and need to add it in ACE 4710 to works as internal no need WAN , how to add it ?
  Thanks a lot in Advance

  Hi,
  Here's the example:
  Let's say you have two servers
  rserver host SERVER_01
    ip address 192.168.1.11
    inservice
  rserver host SERVER_02
    ip address 192.168.1.12
    inservice
  rserver host SERVER_03
    ip address 192.168.1.13
    inservice
  You add them in serverfarm
  serverfarm host REAL_SERVERS
    rserver SERVER_01
      inservice
    rserver SERVER_02
      inservice
    rserver SERVER_03
      inservice
  After that you configure the VIP and condition. Here any means any protocol and port
  class-map match-all VIP-30
    2 match virtual-address 172.16.51.30 any
  YOu define the L7 policy map
  policy-map type loadbalance first-match SLB_LOGIC
    class class-default
      serverfarm REAL_SERVERS--------->Serverfarm to which traffic would be loadbalanced.
  policy-map multi-match CLIENT_VIPS---->L3 policy map.
    class VIP-30
      loadbalance vip inservice
      loadbalance policy SLB_LOGIC
      nat dynamic 1 vlan 451----------------->You need to apply the NAT when your client is in same subnet as server so that return traffic comes back to ACE and not to client directly.
  interface vlan 251
    description Client vlan
    ip address 172.16.51.11 255.255.255.0
    access-group input ANYONE
    service-policy input REMOTE_MGT
    service-policy input CLIENT_VIPS
    no shutdown
  interface vlan 451
    description Servers vlan
    ip address 192.168.1.1 255.255.255.0
    nat-pool 1 192.168.1.100 192.168.1.110 netmask 255.255.255.0 pat---->Nat pool defined. It should always be on server side vlan.
    no shutdown
  ip route 0.0.0.0 0.0.0.0 172.16.51.1
  Regards,
  Kanwal
  Note: Please mark answers if they are helpful.

• Ace 4710 active/standby SNMP config

  We have 2 x Ace 4710 deployed in Active/Standby config. Since the configuration mode is disabled on the Standby unit, how can we configure the SNMP settings (such as location etc.) on the standby unit different from the active unit?
  The 2 devices are in physically separated data centers so the SNMP location settings need to be set differently on both units. The standby unit does not allow any configuration.

  Comments inline:
  Since this is the admin context,  we would better not do this. As i understand correctly, this will turn  off the config sync on the 2 units and we may end up with some issues.
  KM - Correct, you need to manually manage the configurations of both devices. 
  Also,  if at a later stage, we sync the configs again in the admin context, it  will overwrite the different config on the standby unit with that from  the active unit?
  KM - Correct, the device with the lower priority will be overwritten when config-sync is re-enabled.  This is one of the reasons you need to be careful in the Admin context.  For example: Ff the lower priority device has contexts defined that the primary does not, they would be removed when you re-enablethis command.
  Since  my requirement is just the SNMP location config, I do not think i  should go for this; rather i can have some descriptive location setting  identifying the 2 units in cluster mode...
  KM - This would be more ideal than disabling config sync.  You could also put both locations like this:
  snmp-server location "San Jose, CA & Seattle, WA"
  Regards
  Kris