ACE 4710: No image in GRUB loader
I have an ACE 4710 appliance that has only a Linux kernel in its GRUB loader, no ACE image. Is anyone aware of how I could copy the image to the ACE via TFTP, USB drive, etc.?
Hi Joe,
Take a look at this link. It will show you how to copy and image to the ACE using the ACE-APPLIANCE-RECOVERY-IMAGE.bin. If it can't find this, then you may need to RMA the device.
Reformatting the Flash Memory
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_2_x/configuration/admin/guide/managesw.html#wp1069378
Hope this helps,
Sean
Similar Messages
-
Ace 4710 - same context routed and load-sharing
Hi All
Can an ACE 4710 have , in the same context - servers which are
a. just being routed to
b. a set of load-shared servers
I have been told you may not be able to do this on this version
Does anyone know if this is correct
Thanks
SteveHi Boris
I have been on the ACE course and before we install the 4700 box i have been
asked to set up a test setup.
This would involve have a context which would have one ip address range and
a few pcs (pretending to be servers ) and one which would be just routed.
A colleague of mine seemed to think that something had been said on the course
to the effect that if the ACE was deployed in line the you couldnt have some
of your servers in load-sharing and some just routed on the same subnet and
in the same context.
Steve -
ACE 4710 multiple services running on load balanced Servers
Our Exchange 2010 hub servers run multiple services/ports: smtp, www, pop3,135, 143, https, 993, 995, 6001,6002,6003,60200,60201,8400, and 8402
what is the best way of balancing these servers so that if only one of the services failed on a server, it would switch only the failed service to remaining servers.
At present I only use an smtp probe, so as log as that sevrice is running the server is marked good. It seems to me the setup could get quite complicated so any responses welcome.Jorge,
Please see config below
logging enable
logging buffered 5
logging monitor 5
access-list ALL line 10 extended permit ip any any
access-list ALL line 18 extended permit icmp any any
ip domain-name simplot.com.au
ip name-server 172.16.7.210
ip name-server 172.16.5.228
probe icmp icmp
interval 7
faildetect 2
passdetect interval 30
passdetect count 2
receive 5
probe tcp tcp25
port 25
interval 20
passdetect interval 60
passdetect count 2
open 1
rserver host chihub73
description hub73
ip address 172.16.6.196
inservice
rserver host chihub74
description hub74
ip address 172.16.6.197
inservice
serverfarm host Exchange
description DSI servers
failaction purge
probe tcp25
fail-on-all
rserver chihub73
inservice
rserver chihub74
inservice
sticky ip-netmask 255.255.255.255 address source Sticky
serverfarm Exchange
class-map type management match-any EXCH
201 match protocol snmp any
202 match protocol https any
203 match protocol telnet any
204 match protocol icmp any
class-map match-any EXCH_vip
2 match virtual-address 172.16.93.2 tcp eq smtp
3 match virtual-address 172.16.93.2 tcp eq www
4 match virtual-address 172.16.93.2 tcp eq pop3
5 match virtual-address 172.16.93.2 tcp eq 135
6 match virtual-address 172.16.93.2 tcp eq 143
7 match virtual-address 172.16.93.2 tcp eq https
8 match virtual-address 172.16.93.2 tcp eq 993
9 match virtual-address 172.16.93.2 tcp eq 995
10 match virtual-address 172.16.93.2 tcp eq 6001
11 match virtual-address 172.16.93.2 tcp eq 6002
12 match virtual-address 172.16.93.2 tcp eq 6003
13 match virtual-address 172.16.93.2 tcp eq 60200
14 match virtual-address 172.16.93.2 tcp eq 60201
15 match virtual-address 172.16.93.2 tcp eq 8400
16 match virtual-address 172.16.93.2 tcp eq 8402
policy-map type management first-match EXCHANGE
class EXCH
permit
policy-map type loadbalance first-match ldap-slb
class class-default
sticky-serverfarm Sticky
policy-map multi-match multi-vips
class EXCH_vip
loadbalance vip inservice
loadbalance policy ldap-slb
loadbalance vip icmp-reply
nat dynamic 6 vlan 93
interface vlan 93
description client server vlan
ip address 172.16.93.4 255.255.255.0
peer ip address 172.16.93.1 255.255.255.0
access-group input ALL
nat-pool 6 172.16.93.8 172.16.93.20 netmask 255.255.255.0 pat
service-policy input EXCHANGE
service-policy input multi-vips
no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.93.254
snmp-server contact "Comms team"
snmp-server location "Chifley park CR"
snmp-server community OVSimplot group Network-Monitor
snmp-server trap-source vlan 93 -
Hi. I'm working on the Cisco ACE 4710 to be able to load balance web Traffic between several web servers. but despite following the steps mentioned on the Cisco configuration guide (specially this link and related docs: http://docwiki.cisco.com/wiki/Cisco_ACE_4700_Series_Appliance_Quick_Start_Guide,_Release_A3(1.0)_--_Creating_a_Virtual_Context) we did not managed to make it. we tested both the "bridged scenario" and "routed scenario" but none of them is working. specifically "configuring Nat" in the above link is very confusing and is not clear; because it's not the same as Cisco IOS, which we used to implement it that way.
Routed Scenario:
==========================================
probe http Http_Probe
description Server Healty Check
port 80
request method head url /index.htm
probe icmp ICMP_Check
interval 10
passdetect interval 5
rserver host NetCad_Server_1
ip address 172.16.1.100
probe ICMP_Check
inservice
rserver host NetCad_Server_2
ip address 172.16.1.101
probe ICMP_Check
inservice
rserver host NetCad_Server_3
ip address 172.16.1.102
probe ICMP_Check
inservice
serverfarm host NetCad_Servers
probe Http_Probe
rserver NetCad_Server_1 80
inservice
rserver NetCad_Server_2 80
inservice
rserver NetCad_Server_3 80
inservice
sticky http-cookie Cookie1 1
serverfarm NetCad_Servers
class-map match-all VS_NetCad
2 match virtual-address 192.168.13.162 255.255.252.0 tcp any
policy-map type management first-match mgmt-pm
class class-default
permit
policy-map type loadbalance first-match VS_NetCad-l7slb
class class-default
serverfarm NetCad_Servers
policy-map multi-match int40
class VS_NetCad
loadbalance vip inservice
loadbalance policy VS_NetCad-l7slb
loadbalance vip icmp-reply
interface vlan 40
description Client Side
ip address 192.168.13.161 255.255.252.0
ip options allow
no normalization
no icmp-guard
access-group input Permit_ALL
service-policy input mgmt-pm
service-policy input int40
no shutdown
interface vlan 41
description Server Side
ip address 172.16.1.1 255.255.255.0
ip options allow
no normalization
no icmp-guard
access-group input Permit_ALL
nat-pool 1 172.16.1.110 172.16.1.110 netmask 255.255.255.255 pat
service-policy input mgmt-pm
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.12.1
==========================================Hi,
Let me explain you.
Assuming client IP as 1.1.1.1, VIP as 2.2.2.2 and Real Server as 3.3.3.3
Consider the simple situation where client needs to access an application hosted on 3.3.3.3. Client sends a request which comes to VIP.
src 1.1.1.1----->dst------->2.2.2.2. ACE after matching conditions and taking LB decision decides to send it to 3.3.3.3 real server. Performs destination NAT and forwards the client request to 3.3.3.3. So the above packet L3 header will now look like:
src 1.1.1.1 dst 3.3.3.3. When reply comes from server, ACE will change src 3.3.3.3 back to 2.2.2.2 and forwards the request to client 1.1.1.1. SIMPLE LB.
Now comes a situation where let's say you want to hide the client IP from server or let's say server's default GW is not ACE or client and server are in same subnet but need to communicate through VIP on ACE etc.
Src 1.1.1.1 dst 2.2.2.2
After LB ace decides to send it to 3.3.3.3 but also policy multi match has nat rule (nat dynamic 1 vlan x). But packet would be forwarded from server vlan where you have NAT pool defined. So let's say pool IP is 3.3.3.4. So ACE will perform both destination as well as src NAT here before forwarding the packet to server and packet L3 header will look like:
src 3.3.3.4 ----->dst 3.3.3.3
Now when 3.3.3.3 has to send packet back, ACE will answer ARP for 3.3.3.3 and hence packet will come back to ACE which will again change the L3 header IP's and send it out the client VLAN towards client.
So NAT is always applied to server side vlan and that's why pool is chosen from server side subnet.
Let me know if you have any questions.
Regards,
Kanwal -
Configuring ACE 4710 for Load Balancing Speech servers
Hello, I'm configuring ACE 4710's for the first time and I want to load balance my Nuance speech servers on port 554. Here's my configuration on ACE01:
hostname ace471001
interface gigabitEthernet 1/1
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
shutdown
interface gigabitEthernet 1/3
shutdown
interface gigabitEthernet 1/4
shutdown
access-list ALL line 8 extended permit ip any any
rserver host nss01
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
interface vlan 1000
ip address 10.20.17.21 255.255.248.0
access-group input ALL
service-policy input remote_mgmt_allow_policy
no shutdown
How would I configure my speech server to isten on 554?
Thanks in advanceHello Reginald
Currently you have only basic network configuration, there is no loadbalancing config
I'm not sure what exactly you're asking about , but basically you need to have
- real servers configured on ACE (
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp999495)
- serverfarm configured on ACE (
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp1014522)
- L7 policy map (
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1171109 ,
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1027248 )
- L4 policy map , class-map (
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1027819)
And then apply it on necessary interface.
This is a general configuration, in your specific case you may need to configure some additinal features (e.g. I think you will need to have stickiness enabled
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/sticky.html but it depends on your application)
links are for old config guids , but basic is pretty much the same for all versions.
Please check them and try to narrow down your question a bit. -
SIP load balancing issue with ACE 4710
SIP Load balancing Issue with ACE 4710
I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
rserver host CIN-VOX-31
ip address 172.20.130.31
inservice
rserver host CIN-VOX-32
ip address 172.20.130.32
inservice
serverfarm host CIN-VOX
probe SIP-5060
rserver CIN-VOX-31
inservice
rserver CIN-VOX-32
inservice
sticky sip-header Call-ID VOX_SIP_GROUP
timeout 1
timeout activeconns
replicate sticky
serverfarm CIN-VOX
class-map match-all CIN_VOX_L4_CLASS
2 match virtual-address 172.22.12.30 any
class-map match-all CIN_VOX_SIP_L4_CLASS
2 match virtual-address 172.22.12.30 udp eq sip
policy-map type loadbalance sip first-match CIN_VOX_LB_SIP_POLICY
class class-default
sticky-serverfarm VOX_SIP_GROUP
policy-map multi-match GLOBAL_DMZ_POLICY
class CIN_VOX_SIP_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
class CIN_VOX_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
interface vlan 20
description VIP_DMZ_VLAN
ip address 172.22.12.4 255.255.255.192
alias 172.22.12.3 255.255.255.192
peer ip address 172.22.12.5 255.255.255.192
access-group input PERMIT-ANY-LB
service-policy input GLOBAL_DMZ_POLICY
could you please help me on this...
thanks
Rakesh PatelI mean there should be one more statement-
class-map type sip loadbalance match-any CIN_VOX_LB_SIP_POLICY
match sip header Call_ID header-value sip:
and that will be called under-
policy-map multi-match GLOBAL_DMZ_POLICY
class CIN_VOX_SIP_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
is that missing in your config ? -
Setting up additional load balancing on ACE 4710
I recently deployed ACE 4710 to load balance traffic to a group of web servers. I would like to add additional server farm(s) with different applications on them to ACE 4710 for load balancing the traffic. How can I best achieve this goal? I currently use 3 interfaces out of 4 interfaces (Server Side interface, Client side interface, and Failover interface). Do I need to use my last interface to set up for the new VIP address for a new server farm? Is virtualized service a possible solution? Thank you in advance.
You can configure trunking so that multiple vlans can exist.
Also note that the vip ip address does not have to belong to a subnet.
You could configure a static route on the upstream router pointing the traffic for the new vip to the interface ip address.
Gilles. -
TCP SYNSEEN with load balancing Cisco ACE 4710
I have a Cisco ACE 4710 load balancing the traffic to two proxy servers, the configuration is the same since December 2012, but yesterday it stated to show SYNSEEN in the show conn command, and the hosts cannot browse. I think that means that the three-way-handshake is not complete.
If I bypass the ACE the hosts can browse without problems.
I have tested with another ACE appliance and the same configuration but the behaviour is the same.
I need help as soon as possible,
thanks,
I've attached the Show conn, show conn detail and show run.Hi Cesar,
Thank you for your answer,
The issue was solved,
We were running an A3 software version, it seems to have a Bug so it doesn't show the NAT commands in the "show run", so when we made the configuration backup we didn't noticed it.
The ACE reloaded because an electrical failure so it losted the NAT config.
We just upgraded to an A4 version and also added a NAT/PAT to enable the communication between the Clients and the Proxy.
Regards, -
ACE 4710 HTTPS load balance configuration
Have two ACE 4710 in HA setup. We would like to setup HTTPS loadbalance(actually just a primary and standby configuration in the serverfarm). Initially this would be for Exchange OWA connections but may expand to more HTTPS connections later.
I know there are several ways to do SSL with the ACE( client, server, end-to-end). I am just wanting to know the easiest way to deploy this? Is a certificate always needed on the ACE for each connection? In HA mode would a certificate be needed for both or does it replicate in some way to the other ACE?
Any configuration examples would be helpful.
Thanks.IF you terminate SSL on the ACE you need certificates and key on ace in the context in which you are doing the termination. The certs and keys need to be installed on the active and standby (manually unless using anm to manage).
when speaking of SSL
SSL termination refers to ace terminating SSL and sending to server as clear text
end to end - ACE terminates SSL (to look into payload to make a loadbalance decision or sticky decision) and then re-encrypts to the server, so to the client ACE is an ssl server and to the server the ace is an ssl client.
You can find some config examples at
http://docwiki.cisco.com/wiki/Category:Data_Center_Application_Services_Configuration_Examples -
ACE 4710 and load balancing with sticky cookie
Configuring load balancing with SSL termination and stickiness for a couple of citrix xenapp servers. I'm doing a source-NAT as the ACE resides in the DMZ and these particular servers reside on the inside arm of the firewall. The ACE is in bridged mode to load balance web servers that reside in the DMZ. Everything seems to work just fine, but the cookie stickiness does not seem to be working.
Hi David,
As you may know, using Wireshark to look at an HTTPS capture is only useful if you've installed the server SSL key.This is why I find it easier to use something like LiveHTTPHeaders or HTTPWatch.
When using cookie-insert, the ACE will not create any dynamic cookie entries. It will simply create one static entry for each rserver with a cookie value, such as R3911631338, and any client that gets load balanced to that rserver will receive a cookie with that value. So what you see there is what is expected.
You are correct in that when using location cookies that the server supplies, the ACE will create a dynamic entry when it sees the server response with the cookie. The cookie is included in the server's response, and the ACE will look for the value as configured. The cookie will also be sent to the client. If the cookie is not in the server's first response, you will need enable persistence-rebalance so that it will look in subsequent server responses. If the browser opens new connections with that cookie, then the ACE will stick to the same server.
My suggestion would be to get sticky working with cookie-insert first. Then if that meets your needs, go with that permanently. If you need to use server cookies, then once cookie insert is working, migrate your sticky to cookie location.
Sean -
Hi,
We have to ACE 4710 device in our network and we have facing device hung issue in our Primary ACE. We are not able to get management access or direct console access to the device when the issue is happened and also we are not able to reach the vlan interface IP or/VIP. Please find the below output we got through monitor that we are connected to the ACE.
Booting localboot(c4710ace-t1k9-mz.A5_1_2.bin)
kernel=(hd0,1)/c4710ace-t1k9-mz.A5_1_2.bin ro root=LABEL=/ auto console=ttyS0,9
600n8 quiet bigphysarea=32768
[Linux-bzImage,setup=0x1400,size=0xe75a16c]
Uncompressing linux Ok, booting the kernal.
Issue is resolved after we manually rebooted the ACE. We have collected the sh tech after the reboot.
Software version : A5 1.2
Kindly suggest what may cause this issue.
Thanks in Adavance.
Regards,
RanjithHi,
We have collected the console logs while we done the reboot. Please find the below output.
------------------------------------------------ Boot log -----------------------------------------------------------------------------
ÐS ÀS AMIBIOS(C)2005 American Megatrends, Inc. BIOS Date: 08/25/09 09:37:25 Ver: 08.00.11 CPU : Intel(R) Pentium(R) 4 CPU 3.40GHz Speed : 3.40 GHz Broadcom NetXtreme Ethernet Boot Agent v8.1.53 Copyright (C) 2000-2005 Broadcom Corporation All rights reserved. Press Ctrl-S to Enter Configuration Menu ... Broadcom NetXtreme Ethernet Boot Agent v8.1.53 AMIBIOS(C)2005 American Megatrends, Inc. BIOS Date: 08/25/09 09:37:25 Ver: 08.00.11 CPU : Intel(R) Pentium(R) 4 CPU 3.40GHz Speed : 3.40 GHz Press F2 to run Setup Press F12 for BBS POPUP DDR2 Frequency:667 MHz, ECC Support in Dual-Channel Interleaved Mode Initializing USB Controllers .. Done. 6144MB OK USB Device(s): 1 Keyboard Auto-Detecting Pri Slave...IDE Hard Disk Pri Slave : 1GB CompactFlash Card CF B612J GRUB Loading stage2........ GNU GRUB version 0.95.1 (639K lower / 3144640K upper memory) *************************************************************************** * localboot(ACE_APPLIANCE_RECOVERY_IMAGE.bin) * * localboot(c4710ace-t1k9-mz.A5_1_2.bin) * * localboot(c4710ace-t1k9-mz.A4_2_0.bin) * * * * * * * * * * * * * * * * * * * *************************************************************************** Use the * and * keys to select which entry is highlighted. Press enter to boot the selected OS, 'e' to edit the commands before booting, or 'c' for a command-line. The highlighted entry will be booted automatically in 1 seconds. kernel=(hd0,1)/c4710ace-t1k9-mz.A5_1_2.bin ro root=LABEL=/ auto console=ttyS0,9 600n8 quiet bigphysarea=32768 [Linux-bzImage, setup=0x1400, size=0xe75a16c] INIT: version 2.85 booting
b4 lspci
1 Cavium device(s) found.
Bringing up NP 0
Downloading U-Boot to NP card 0
Downloading DP image to NP card 0
Starting DP image on NP card on all cores
DP image started on NP card
Setting up dynamic memory size
Initializing Shared Memory
INIT: Entering runlevel: 3
Testing PCI path for Octeon(0)....
This may take some time, Please wait ....
PCI test loop , count 0
PCI path is ready
Starting services...
Waiting for 3 seconds to enter setup mode...
Certificate & key are up to date
Installing MySQL
groupadd: group nobody exists
useradd: user nobody exists
MySQL Installed
Installing JRE
JRE Installed
Starting sysmgr processes.. Please wait...Done!!!
IDC4-INTR-ACE-01 login: admin
Password:
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2012 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
We have not found any error related to flash while booting ACE.
Regards,
Ranjith -
ACE 4710 - Internet Explorer cannot display the webpage randomly
We have a ACE 4710 with a basic config, (see below).
When clicking on a tab from a window within Interent explorer we occasionally get an issue with it returning: "Internet Explorer cannot display the webpage" The details show "Access is denied" accessing a particular line of a javascript file.
We have put one web server out of service in the farm to make sure that this isn't a result of stickyness not quite working.
We have tested extensively by going directly to the web server directly without the load balancer and cannot reproduce the problem but we can produce the issue within a few minutes when going to the load balanced address.
Thanks in advance for any advice.
HOST-1/Admin# show run
Generating configuration....
logging enable
logging fastpath
logging standby
logging timestamp
logging trap 6
logging history 6
resource-class SLB_ResourceClass_T_R
limit-resource all minimum 10.00 maximum unlimited
resource-class sticky
limit-resource all minimum 10.00 maximum unlimited
boot system image:c4710ace-t1k9-mz.A5_1_2.bin
peer hostname HOST-2
hostname HOST-1
interface gigabitEthernet 1/1
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
shutdown
interface gigabitEthernet 1/3
description LB003
switchport access vlan 1
shutdown
interface gigabitEthernet 1/4
description LB004
switchport access vlan 2
shutdown
interface port-channel 1
port-channel load-balance src-dst-port
no shutdown
clock timezone standard GMT
switch-mode
context Admin
description SUTLB01
member SLB_ResourceClass_T_R
access-list ALL line 8 extended permit ip any any
access-list ALL line 16 extended permit icmp any any
access-list everyone line 8 extended permit ip any any
access-list everyone line 16 extended permit icmp any any
probe tcp probe_tcp_80
port 80
rserver host Server_S_W301
description Server_S_W301
ip address x.x.32.152
inservice
rserver host Server_S_W302
description Server_S_W302
ip address x.x.32.154
inservice
serverfarm host sfarm_T_R
description sfarm_T_R
predictor leastconns
probe probe_tcp_80
rserver Server_S_W301 80
rserver Server_S_W302 80
inservice
sticky http-cookie Cookie1 T_R_sticky_cookie
cookie insert browser-expire
timeout 3600
serverfarm sfarm_T_R
class-map match-any T_R_L4Class
2 match virtual-address x.x.33.150 tcp eq www
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match T_R_L7policy
class class-default
sticky-serverfarm T_R_sticky_cookie
policy-map multi-match T_R_L4Policy
class T_R_L4Class
loadbalance vip inservice
loadbalance policy T_R_L7policy
loadbalance vip icmp-reply active
nat dynamic 2 vlan 1000
interface vlan 1000
ip address x.x.33.148 255.255.254.0
access-group input ALL
nat-pool 2 x.x.33.151 x.x.33.151 netmask 255.255.254.0 pat
service-policy input remote_mgmt_allow_policy
service-policy input T_R_L4Policy
no shutdown
ip route 0.0.0.0 0.0.0.0 x.x.32.1
ssh key rsa 1024 force+------------------------------------------+
+-------------- HTTP statistics -----------+
+------------------------------------------+
LB parse result msgs sent : 421347 , TCP data msgs sent : 2099597
Inspect parse result msgs : 0 , SSL data msgs sent : 0
sent
TCP fin msgs sent : 6169 , TCP rst msgs sent: : 769
Bounced fin msgs sent : 5 , Bounced rst msgs sent: : 1
SSL fin msgs sent : 0 , SSL rst msgs sent: : 0
Drain msgs sent : 337811 , Particles read : 5040829
Reuse msgs sent : 0 , HTTP requests : 342499
Reproxied requests : 183422 , Headers removed : 37475
Headers inserted : 342124 , HTTP redirects : 0
HTTP chunks : 224859 , Pipelined requests : 71466
HTTP unproxy conns : 267246 , Pipeline flushes : 0
Whitespace appends : 0 , Second pass parsing : 0
Response entries recycled : 71302 , Analysis errors : 0
Header insert errors : 22 , Max parselen errors : 215
Static parse errors : 99 , Resource errors : 0
Invalid path errors : 0 , Bad HTTP version errors : 0
Headers rewritten : 0 , Header rewrite errors : 0
SSL headers inserted : 0 , SSL header insert errors : 0
SSL spoof headers deleted : 0 , Unproxy msgs sent : 267246
HTTP passthrough stat : 0
NOTE - We did turn on caching at one point to try and resolve the issue but it has since been turned off -
Hello, I need some assistance in upgrading a 4710. This is a brand new ACE out of the box and I have tried to upgrade a couple of times but get the same error... Here are the details:
switch/Admin# copy ftp://10.0.0.1/c4710ace-t1k9-mz.A5_2_2.bin image:
Enter the destination filename[]? [c4710ace-t1k9-mz.A5_2_2.bin]
File already exists, do you want to overwrite?[y/n]: [y] y
Enter username[]? ace
Enter the file transfer mode[bin/ascii]: [bin]
Enable Passive mode[Yes/No]: [Yes]
Password:
Passive mode on.EXT3-fs error (device hdb2): ext3_new_block:
Hash mark prinAllocating block in system zone - block = 163843ting on (1024 by
Aborting journal on device hdb2.
ext3_abort called.
EXT3-fs error (device hdb2): ext3_journal_start_sb: Detected aborted journal
Remoulocal: /mnt/cf/cn4710ace-t1k9-mz.tA5_2_2.bin: Readi-only file systenm
g filesystem read-only
switch/Admin# al has aborted in __ext3_journal_get_write_access<2>EXT3-fs error (device hdb2) in ext3_reserve_inode_write: Journal has aborted
ext3_abort called.
EXT3-fs error (device hdb2): ext3_journal_start_sb: Detected aborted journal
Remounting filesystem read-only
EXT3-fs error (device hdb2) in ext3_ordered_commit_write: Journal has aborted
Buffer I/O error on device loop3, logical block 1238
Buffer I/O error on device loop3, logical block 745
Aborting journal on device loop3.
journal commit I/O error
ext3_abort called.
EXT3-fs error (device loop3): ext3_journal_start_sb: Detected aborted journal
Remounting filesystem read-only
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
And it keeps going on with this message.
I also tried tftp and I get the same thing:
switch/Admin#
switch/Admin# show ver
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2012 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: Version 0.95.1
system: Version A5(1.2) [build 3.0(0)A5(1.2) adbuild_19:38:58-2012/01/17_/a
uto/adbure_nightly4/renumber/rel_a5_1_2_throttle/REL_3_0_0_A5_1_2]
system image file: (hd0,1)/c4710ace-t1k9-mz.A5_1_2.bin
Device Manager version 5.1 (0) 20111215:1009
installed license: no feature license is installed
Hardware
cpu info:
Motherboard:
number of cpu(s): 2
Daughtercard:
number of cpu(s): 16
memory info:
total: 6225528 kB, free: 4270140 kB
shared: 0 kB, buffers: 10864 kB, cached 0 kB
cf info:
filesystem: /dev/hdb2
total: 861668 kB, used: 621592 kB, available: 196304 kB
last boot reason: Unknown
configuration register: 0x1
switch kernel uptime is 0 days 15 hours 1 minute(s) 1 second(s)
switch/Admin#
switch/Admin#
switch/Admin# copy tftp: image:
Enter source filename[]? c4710ace-t1k9-mz.A5_2_2.bin
Enter the destination filename[]? [c4710ace-t1k9-mz.A5_2_2.bin]
File already exists, do you want to overwrite?[y/n]: [y] y
Address of remote host[]? 10.0.0.1
Trying to connecEXT3-fs error (device hdb2): ext3_free_blocks_sb: t to tftp serverbit already cleared for block 6144......
Aborting journal on device hdb2.
ext3_abort called.
EXT3-fs error (device hdb2): ext3_journal_start_sb: <2>EXT3-fs error
TFTP get oper(ation failed:Readd-only file systeem
vice hdb2): ext3_free_blocks_sb: bit already cleared for block 6145
switch/Admin# ready cleared for block 6146cks_sb: bit al
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6147
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6148
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6149
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6150
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6151
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6152
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6153
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6154
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6155
ext3_reserve_inode_write: aborting transaction: Journal has aborted in __ext3_journal_get_write_access<2>EXT3-fs error (device hdb2) in ext3_reserve_inode_write: Journal has aborted
EXT3-fs error (device hdb2) in ext3_truncate: Journal has aborted
ext3_reserve_inode_write: aborting transaction: Journal has aborted in __ext3_journal_get_write_access<2>EXT3-fs error (device hdb2) in ext3_reserve_inode_write: Journal has aborted
EXT3-fs error (device hdb2) in ext3_orphan_del: Journal has aborted
ext3_reserve_inode_write: aborting transaction: Journal has aborted in __ext3_journal_get_write_access<2>EXT3-fs error (device hdb2) in ext3_reserve_inode_write: Journal has aborted
EXT3-fs error (device hdb2) in ext3_delete_inode: Journal has aborted
ext3_abort called.
EXT3-fs error (device hdb2): ext3_journal_start_sb: Detected aborted journal
Remounting filesystem read-only
Buffer I/O error on device loop3, logical block 1238
Buffer I/O error on device loop3, logical block 749
Aborting journal on device loop3.
journal commit I/O error
ext3_abort called.
EXT3-fs error (device loop3): ext3_journal_start_sb: Detected aborted journal
Remounting filesystem read-only
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
What am I doing wrong... Any help is much appreciated.
Please rate useful posts and remember to mark any solved questions as answered. Thank you.Hi Bilal,
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/administration/guide/managesw.pdf
read section
Reformatting the ACE Appliance Flash Memory
After you reformat the Flash memory, perform the following actions:
• Reinstall the ACE appliance software image by using the copy image: command (see the Release
Note, Cisco ACE 4700 Series Application Control Engine Appliance).
• Reinstall the ACE appliance license by using the license install command (see Chapter 4, Managing
ACE Software Licenses).
• Import the startup and running-configuration files into the associated context by using the copy
command (see the “Copying Configuration Files from a Remote Server” section).
• Import SSL certificate files and key pair files into the associated context using by the crypto import
command (see the SSL Guide, Cisco ACE Application Control Engine)
Hope that helps.
regards
Ajay Kumar -
ACE-4710 : Device Manager on Primary ACE cannot authenticate
Hi,
In a cluster of redundant ACE-4710, version A5(1.2), the graphical Device Manager on the primary ACE cannot authenticate users. An error message is displayed :
The strange thing is that the standby ACE Device Manager work correctly. Moreover, both ACE are perfectly synchronized :
CH01AC03/P-115-A# sh ft group summary
FT Group : 14
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 200
My Net Priority : 200
My Preempt : Enabled
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Config Priority : 150
Peer Net Priority : 150
Peer Preempt : Enabled
Peer Id : 1
No. of Contexts : 1
Here is the details on the ACE and DM version :
CH01AC03/P-115-A# sh ver
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2012 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: Version 0.95.1
system: Version A5(1.2) [build 3.0(0)A5(1.2) adbuild_19:38:58-2012/01/17_/auto/adbure_nightly4/renumber/rel_a5_1_2_throttle/REL_3_0_0_A5_1_2]
system image file: (hd0,1)/c4710ace-t1k9-mz.A5_1_2.bin
Device Manager version 5.1 (0) 20111215:1009
What coud be the problem ?
Thank you
YvesHello Yves,
Try with the command "dm reload" in the Admin Context
Cesar R
ANS Team -
Need help to Configure Cisco ACE 4710 Cluster Deployment
Dear Experts,
I'm newbie for Cisco ACE 4710, and still I'm in learning stage. Meanwhile I got chance at my work place to deploy a Cisco ACE 4710 cluster which should load balance the traffic between two Application Servers based on HTTP and HTTPS traffic. So I was looking for good deployment guide in Cisco SBA knowledge base then finall found this guide.
http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_DC_AdvancedServer-LoadBalancingDeploymentGuide-Feb2013.pdf
This guide totally fine with my required deployment model. I have same deployment environment as this guide contains with ACE cluster that connects to two Cisco 3750X (Stack) switches. But I have some confusion places in this guide
This guide follow the "One-armed mode" as a deployment method. But when I go through it further I have noticed that they have configured server VLAN as a 10.4.49.0/24 (all servers reside in it) and Client side VIP also in same VLAN which is 10.4.49.100/24 (even NAT pool also).
My confusion is, as I have learned about Cisco ACE 4710 one-armed mode deployment method, it should has two VLAN segments, one for Client side which client request come and hit the VIP and then second one for Server side. which means besically two VLANs. So please be kind enough to go through above document then tell me where is wrong, what shoud I need to do for the best. Please this is an urgent, so need your help quickly.
Thanks....!
-Amal-Dear Kanwal,
I need quick help for you. Following are the Application LB requirements which I received from my clinet side.
Following detail required for configuring Oracle EBS Apps tier on HA:
LBR IP and Name required to configure EBS APPS Tier (i.e, ap1ebs & ap2ebs nodes)
Suggested IP and Name for LBR:
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm detail for LBR Setup
Following detail will be use for configuring the LBR:
LBR IP and Name :
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm Detail for LBR setup:
Server 1 (EBS App1 Node, ap1ebs):
IP : 172.25.45.19
Server Name: ap1ebs.xxxx.lk [ap1ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Server 2 (EBS App2 Node, ap2ebs):
IP : 172.25.45.20
Server Name: ap2ebs.xxxx.lk [ap2ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Since my client needs to access URL ebiz.xxxx.lk which should be resolved by IP 172.25.45.21 (virtual IP) via http (80) before they deploy the app on the two servers I just ran web service on both servers (Linux) and was trying to access http://172.25.45.21 it was working fine and gave me index.html page. Now after my client has deployed the application then when he tries to access the page http://172.25.45.21 he cannot see his main login page. But still my testing web servers are there on both servers when I type http://172.25.45.21 it will get index.html page, but not my client web login page. What can I do for this ?
Following are my latest config :
probe http Get-Method
description Check to url access /OA_HTML/OAInfo.jsp
interval 10
faildetect 2
passdetect interval 30
request method get url /OA_HTML/OAInfo.jsp
expect status 200 200
probe udp http-8000-iRDMI
description IRDMI (HTTP - 8000)
port 8000
probe http http-probe
description HTTP Probes
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
request method get url /index.html
expect status 200 200
probe https https-probe
description HTTPS traffic
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
ssl version all
request method get url /index.html
probe icmp icmp-probe
description ICMP PROBE FOR TO CHECK ICMP SERVICE
rserver host ebsapp1
description ebsapp1.xxxx.lk
ip address 172.25.45.19
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
rserver host ebsapp2
description ebsapp2.xxxx.lk
ip address 172.25.45.20
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
serverfarm host ebsppsvrfarm
description ebsapp server farm
failaction purge
predictor response app-req-to-resp samples 4
probe http-probe
probe icmp-probe
inband-health check log 5 reset 500
retcode 404 404 check log 1 reset 3
rserver ebsapp1 80
conn-limit max 4000000 min 4000000
probe icmp-probe
inservice
rserver ebsapp2 80
conn-limit max 4000000 min 4000000
probe icmp-probe
inservice
sticky http-cookie jsessionid HTTP-COOKIE
cookie insert browser-expire
replicate sticky
serverfarm ebsppsvrfarm
class-map type http loadbalance match-any default-compression-exclusion-mime-type
description DM generated classmap for default LB compression exclusion mime types.
2 match http url .*gif
3 match http url .*css
4 match http url .*js
5 match http url .*class
6 match http url .*jar
7 match http url .*cab
8 match http url .*txt
9 match http url .*ps
10 match http url .*vbs
11 match http url .*xsl
12 match http url .*xml
13 match http url .*pdf
14 match http url .*swf
15 match http url .*jpg
16 match http url .*jpeg
17 match http url .*jpe
18 match http url .*png
class-map match-all ebsapp-vip
2 match virtual-address 172.25.45.21 tcp eq www
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match ebsapp-vip-l7slb
class default-compression-exclusion-mime-type
serverfarm ebsppsvrfarm
class class-default
compress default-method deflate
sticky-serverfarm HTTP-COOKIE
policy-map multi-match int455
class ebsapp-vip
loadbalance vip inservice
loadbalance policy ebsapp-vip-l7slb
loadbalance vip icmp-reply active
nat dynamic 1 vlan 455
interface vlan 455
ip address 172.25.45.36 255.255.255.0
peer ip address 172.25.45.35 255.255.255.0
access-group input ALL
nat-pool 1 172.25.45.22 172.25.45.22 netmask 255.255.255.0 pat
service-policy input remote_mgmt_allow_policy
service-policy input int455
no shutdown
ft interface vlan 999
ip address 10.1.1.1 255.255.255.0
peer ip address 10.1.1.2 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 999
ft group 1
peer 1
no preempt
priority 110
associate-context Admin
inservice
ip route 0.0.0.0 0.0.0.0 172.25.45.1
Hope you will reply me soon
Thanks....!
-Amal-
Maybe you are looking for
-
Hard drive not recognized Power Mac G4 867mhz Quicksilver
I am using OS X 10.3 Panther to install. When I get to the "choose a location" prompt, there is no hard drive showing to select. I put a 120gb Seagate PATA HD in the unit. Maybe it just isn't Mac compatible? The original HD is long gone. Tha
-
On this iphone activated limit the number of free accounts that do?
on this iphone activated limit the number of free accounts that do?
-
Ipod clicker wheel will not work!!
My ipod i had for about a 9 months worked fine until the other day the wheel is not working ive tried the menu and center to restart it never worked wheel still is broken!!!please help!!!
-
Try updating my ipad 2, pop up with error 1602 and now my ipad is stuck with the itune and USB icon on the screen. I tried to restart it, but screen still comes up the same.
-
Can't re-install iTunes on replaced HD
I am having a great deal of trouble re-installing iTunes to my laptop after a hard disk replacement. I have downloaded and installed Version 10.6.3.25x64 five times now and each time I encounter the same messages as follows: "iTunes installer complet