Ace: different serverfarm reachable?

I configured 2 serverfarms in the same context. I would like to know if one server in a serverfarm can reach a server in another serverfarm using its VIP?
Per exemple: on server1 in serverfarm1, I do the following command in IE: http://test.dg.net. where test.dg.net is the VIP pointing to serverfarm2. For your information, users can reach http://test.dg.net from anywhere into the network, but from server1, it's unsuccessful.
thanks in advance,
Serge

If you put your service-policy on the server-interface, then you will be able to access the VIP, but you will have a direct-server-return then, if both servers are in the same subnet. So you will need SNAT too.

Similar Messages

ACE timeout for different Serverfarms

I have a Business unit that publishes an application that is externally available. We Reverse Proxy the VIP to allow the connection externally. They would like to impose different application timeouts for internal users (1 hour) and external users (30 Minutes) . The application can not differentiate between an external or internal source so our option is either seperate serverfarms with seperate real servers with different configuration files.
My question is, is there any other way to do this within the ACE so that we don't have to spin up seperate Servers with different configuration files.
I would also like to maintain one VIP address if possible.

You can maintain 1 VIP but you'll have to use header rewrite and work with dev. team of your application.
It's related to the session state tracked by a cookie the application sends (either as a Set-Cookie or a token embedded in URLs)
Make two different serverfarms (with the same set of real servers).
Make a class-map matching the IP addresses of internal users (RFC 1918 ?)
For this class-map, add a field in each HTTP request coming in
"X-Internal:YES"
apply this on each request with the option
header-rewrite per-request
The application team just has to parse each header for the pattern you've just added and then changing the timeout value to the one they want.
For the class-default (external users) you can add "X-Internal:NO", it's cleaner but not strictly necessary.

ACE 4710 - serverfarm predictor

Hi, I have a pair of ACE 4710 running in failover bundle and I have a number of server farms configured on them. For one of the server farm I'd like to use a different predictor than round robin. I have two real servers members of the server farm. Usually I do select predictor round robin and put both real servers in service. In this situation I need to have only one server as active and the 2nd one to be in standby and take over when the first one is down. I have tried to put the 2nd server in standby and when I shut down the primary the 2nd one won't become active. I do have a health probe to check for the status of the server so I thought this would be enough to detect the status of the server. So my question is , how can I configure the ACE to have one server as active and the second as a backup and this second one to take traffic only when the primary is down. Thank you, Florin.

Hi,
There are a couple of ways of achieving your objective.
The first method works for the simple case of two servers:
serverfarm host FARM-Redacted
probe PROBE-Redacted
rserver am03
    backup-rserver am04
    inservice
rserver am04
    inservice standby
or you could use two serverfarms:
serverfarm host FARM-Redacted-Pri
description Redacted Serverfarm Primary
probe PROBE-Redacted
rserver am03
    inservice
serverfarm host FARM-Redacted-Sec
description Redacted Serverfarm Secondary
probe PROBE-Redacted
rserver am04
    inservice
policy-map type loadbalance first-match LB-POLICY-443
class class-default
    serverfarm FARM-Redacted-Pri backup FARM-Redacted-Sec
HTH
Cathy

ACE: Different Sticky rules for different URLs

Is there a way to apply different sticky rules (or no sticky at all) depending on the URL for a given site under ACE?
The reason I want to do this is because I have an extremely common URL that chews up sticky resources when it doesn't matter if the URL is sticky. We have several thousand PC's that have a web based screen saver on them that just pull random pages to be displayed on the users' screen when the screen saver kicks in. These pages do not need to be sticky but other pages on the same farm need sticky. Is this possible?
Casey

Create a more specific Layer 7 class map and instead of calling sticky serverfarm use serverfarm.
for example
sticky http-cookie COOKIE STATIC
cookie insert browser-expire
timeout 5
serverfarm WEBFARM
serverfarm host WEBFARM
rserver SV1 80
inservice
rserver SV2 80
inservice
class-map match-any APP1-VIP
2 match virtual-address 10.86.178.160 tcp eq http
class-map type http loadbalance match-all Condition1
2 match http url .*
3 match http header Host header-value 172.16.31.*
4 match http header User-Agent header-value .*MSIE.*
class-map type http loadbalance match-all Condition2
2 match http url .*
policy-map type loadbalance first-match L7_COOKIE_STATIC
class Condition2
sticky-serverfarm STATIC
class Condition1
serverfarm WEBFARM
policy-map multi-match CLIENT_VIPS
class APP1-VIP
loadbalance vip inservice
loadbalance policy L7_COOKIE_STATIC
loadbalance vip icmp-reply active
loadbalance vip advertise active
Syed

ACE show serverfarm - failure counter does not incremented on Probe-Failure event

Hi,
Despite of probe-failure the failure counter is not incremented. Is there any correlation between the configured probe and the failure counter?
(Custom script probe is used for this serverfarm)
# sh serverfarm xxxxxSt
serverfarm     : xxxxxSt, type: HOST
total rservers : 2
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: xxxxx6
       10.222.0.90:8000      8      OPERATIONAL 13         157        0
   rserver: xxxxx7
       10.222.0.92:8000      8      PROBE-FAILED 0          0          0
Thanks,
Attila

Hi Attila,
The Connection Failure counter under show serverfarm is for Loadbalanced Connections which are failing.
If Probes are failing, this counter will not increment.
The Connection failure counter can increment for various reasons some of them are,
- Server not responding to the SYN packet sent by ACE for Loadbalanced connection
- Server sending Reset to the SYN packet sent by ACE for Loadbalanced connection
To check on stats for Probe, you can run "show probe detail" command.
Hope this helps,
Best Regards,
Rahul

ACE: sticky serverfarm

Dear all,
I do have a question about the configuration option of a sticky serverfarm. There is an option to timeout active conns. Originally my thinking was that this option changes the sticky behaviour to a session timeout instead an idle timeout. While testing this seems to be not correct
sticky http-cookie myCookie myStickyServerfarm
timeout 10
timeout activeconns
replicate sticky
serverfarm myServerfarm backup mySorryfarm
The manual explains it like this:
Configuring a Cookie Sticky Timeout
The sticky timeout specifies the period of time that the ACE keeps the HTTP cookie sticky information for a client connection in the sticky table after the latest client connection terminates. The ACE resets the sticky timer for a specific sticky-table entry each time that the module opens a new connection that matches that entry.
This brings me to the question, what is this option used for. The only diffrence I can see is, that there is a http connection which is open for longer than the timeout value (here 10min) will be kicked out and in the meantime this sticky-entry isn't used (otherwise the idle time would be reset).
Are there any other explanations what this feature can do?
best regards
Oliver

Hi Oliver,
I'm afraid the official documentation is not very clear on this section.
The sticky timeout doesn't count since the moment that the last connection is closed, but since it's established. However, by default it will not remove the sticky entry as long as there are connections still active. This is what can be tuned with the "timeout activeconns".
When the "timeout activeconns" option is present, the ACE will remove the sticky entry as soon as the timer is reached, regardless of whether there are active connections or not.
I hope this answers your question, but if you want some further clarification, let me know.
Regards
Daniel

Src/ Dst being LB'd by same ACE...reachability issue

Hi,
Source: 2 Proxy servers
Destination: 2 Application Servers
Cannot ping each others VIP.
Can ping the real servers.
Is there some issue about the same ACE, LB'ing Src & Dest VIPs.
Response will be appreciated.
ACE mod A2(1.2)

Source is Proxy Server
Destination is an Application Server
2 different Vlans.
Default Gateway is the Router.
Router sends it to a FW.
(FW's are LB'd by the ACE as well)
PBR is used.
SYN follows the traffic path described above. (rserver-->VIP(Proxy)-->Router-->FW-->down towards the App VIP)
SYN-ACK (rserver-->VIP (App)-->Router-->VIP (Proxy)
SYN-ACK does not go thru the FW....but directly to the other VIP.
Thanks.

ACE - sticky serverfarm and sorry servers

Primary serverfarm with stickiness (cookie insert) goes down. Backup serverfarm kicks in with sorry servers. Primary serverfarm comes back up and returning connections still get serviced by the backup farm. The reason for this is explained in the load balancing guide.
[quote]
If you want to configure a sorry server farm and you want existing connections to revert to the primary server farm after it comes back up, do not use stickiness.
[/quote]
Source: http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_chapter09186a0080686ebf.html#wp1060156
The big questions is. How can i offer a serverfarm with stickiness and a sorry serverfarm without stickiness?
Roble

Hi Syed,
unfortunately that's the theory. If you have cookie inserts the clients are still stuck to the sorry servers once they have hit the sorry servers.
And my sticky group looks exactly like your first example. The documentation is kind off confusing. My interpretation of the quoted text was if your primary serverfarm is sticky your backup server farm will also be sticky no matter what you configure. That is actually why i asked.
If i use dynamic cookies from the application the clients hop from one rserver to another every 2nd or 3rd connection. The behavior of the stickiness and sorry servers then works like i want it but the stickiness itself is not consistent.
1.5a still had this behavior and i think this might be a bug.
Roble

ACE 4710 Redirect to Different Server Farm based on URL

I have a weblogic 11 serverfarm where i want to redirect to a different serverfarm based on the URL. I am able to do it and it appears to be working however I am having issues with the cookies. I seem to be getting logged out of our App when switching between the serverfarms. Is there any way to fix this issue? My configuration is below.
Thanks!
-Andy
Generating configuration....
crypto chaingroup WWW-PROD-CHAINGROUP
cert AddTrustExternalCARoot.crt
cert COMODOHigh-AssuranceSecureServerCA.crt
access-list allow line 8 extended permit ip any any
probe http HTTP_PROBE
port 7001
interval 10
passdetect interval 5
request method get url /login.jsp
expect status 200 299
connection term forced
probe icmp PROBE_SERVICE_ICMP
interval 5
passdetect interval 5
receive 5
probe tcp TCP7001_PROBE
port 7005
interval 5
passdetect interval 5
receive 3
connection term forced
open 2
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h%p 301
inservice
rserver host WLS11Host1
ip address 192.168.211.250
inservice
rserver host WLS11Host2
ip address 192.168.211.14
inservice
serverfarm redirect REDIRECT-SERVERFARM
rserver REDIRECT-TO-HTTPS
inservice
serverfarm host SPEND-FARM
probe HTTP_PROBE
rserver WLS11Host1 7001
inservice
serverfarm host WLS11FARM
probe HTTP_PROBE
rserver WLS11Host2 7001
inservice
parameter-map type http HTTP-PARM
persistence-rebalance
set secondary-cookie-start none
parameter-map type http PARSE
persistence-rebalance
set header-maxparse-length 8192
length-exceed continue
parameter-map type ssl SSL_MAP
cipher RSA_WITH_RC4_128_MD5
cipher RSA_WITH_RC4_128_SHA
cipher RSA_WITH_3DES_EDE_CBC_SHA
cipher RSA_WITH_AES_128_CBC_SHA
cipher RSA_WITH_AES_256_CBC_SHA
sticky http-cookie ACE_COOKIE-7001 7001_STICKY
cookie insert browser-expire
serverfarm WLS11FARM
replicate sticky
sticky http-cookie ACE-COOKIE-SPEND SPEND_STICKY
cookie insert browser-expire
serverfarm SPEND-FARM
replicate sticky
ssl-proxy service WWW-PROD-SSLPROXY
key client_ssl.pem
cert pastar.crt
chaingroup WWW-PROD-CHAINGROUP
ssl advanced-options SSL_MAP
class-map type http loadbalance match-any HTTP-MARKETING
2 match http url /index.html
class-map type http loadbalance match-any HTTPS-SPEND
2 match http url /spend/.*
class-map type http loadbalance match-any L5
2 match http url /.*
class-map match-all WLS-7001-CLASS
2 match virtual-address 192.168.215.28 tcp eq www
class-map match-all WLS11-HTTPS-CLASS
2 match virtual-address 192.168.215.28 tcp eq https
policy-map type loadbalance first-match HTTPS
class HTTPS-SPEND
sticky-serverfarm SPEND_STICKY
insert-http x-forward header-value "%is"
class L5
sticky-serverfarm 7001_STICKY
insert-http x-forward header-value "%is"
policy-map type loadbalance first-match WLS11-7001-Policy
class HTTP-MARKETING
sticky-serverfarm 7001_STICKY
insert-http x-forward header-value "%is"
class HTTPS-SPEND
serverfarm REDIRECT-SERVERFARM
class L5
serverfarm REDIRECT-SERVERFARM
policy-map multi-match WLS11-SLB
class WLS-7001-CLASS
loadbalance vip inservice
loadbalance policy WLS11-7001-Policy
loadbalance vip icmp-reply active
nat dynamic 1 vlan 1000
appl-parameter http advanced-options HTTP-PARM
class WLS11-HTTPS-CLASS
loadbalance vip inservice
loadbalance policy HTTPS
loadbalance vip icmp-reply active
nat dynamic 1 vlan 1000
appl-parameter http advanced-options PARSE
ssl-proxy server WWW-PROD-SSLPROXY
interface vlan 1000
ip address 192.168.215.27 255.255.255.0
access-group input allow
nat-pool 1 192.168.215.28 192.168.215.28 netmask 255.255.255.255 pat
service-policy input WLS11-SLB
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.215.1
snmp-server community poweradvocaterw group Network-Monitor

Hi,
So when you come with " http url /index.html", you go to "sticky-serverfarm 7001_STICKY" and ACE must be inserting sticky "ACE_COOKIE-7001". Now when you get redirected because you match "HTTPS-Spend", ACE will loadbalance the request which will now come on HTTPS and insert sticky " ACE-COOKIE-SPEND". That's why i guess you see two sticky entries. Now i guess ACE will keep the connection to servers in "sticky-serverfarm SPEND_STICKY" or you see that ACE is not doing the same or you expected the ACE to send the requested to "sticky-serverfarm 7001_STICKY" even though it matches the HTTPS-Spend class-map condition?
Regards,
Kanwal

Per-ServerFarm SNAT on ACE Module.

Dear all,
I hace an ACE Module configured in Multiple Routed Contexts.
My cust wants to configure some NAT Feature that prevents the real server IP Address appear outside the ACE. They want that the only IP address outside the ACE will be the Virtual IP Adress (VIP) that represents the serverfarm.
Also, the cust wants that different serverfarms comunicate each other within the same VLAN.
I was reading and the option that acomplish both tasks is Dynamic (PAT) Per-ServerFarm SNAT using the VIP address.
Is this correct?
The software version is A2(3,5).
Thanks a lot!
David

Hi David
Could you please calrify and maybe separate tasks you have ?
As I understand you have such tasks for now :
1) Don't show rserver IPs anywere outside ACE
2) Servers in the same VLAN should be able to communicate with serverfarm which is located in the same VLAN via VIP
First task is a little bit unclear. I mean - actually you have VIP outiside of ACE and all outiside clients communicate to serverfarm via VIP and don't need to know rserers IPs (e.g. they can even be private and VIP is public, if we're talking about Internet)
Or do you mean that rservers need to communicate with outside world through ACE but you want to NAT these flows too ?
2) Yes, it's possible. For such configuration you need to create a service policy, with the same VIP and configuration as you have for outside interface and put it on inside interface. The only one key difference is that you need to add NAT statement , because return traffic should go to ACE and as rservers and clients in this case are in the same VLAN, you need to use NAT.
E.g.
policy-map multi-match VIP_IN
class MY-CLASS
loadb vip ins
loadb policy MY-L7Policy
nat 1 dynamic vlan X << - inside interface
and then on inside interface
inter vlan X
nat-pool 1Y.Y.Y.Y netmask 255.255.255.255 pat
In this case it will work in this way : say you have servers in vlan 10. Servers #1 and #2 are rservers in your serverfarms and server #3 wants to connect to serverfarm through VIP. Let's say that vlan 10 has subnet 10.0.0.0/24 and VIP for this serverfarm is 8.8.8.8. When you confiure like I wrote above this will happen :
Server #3 connects to 8.8.8.8, traffic goes to ACE as a gateway, as you have a policy map on inside interface which catches traffic to 8.8.8.8 , ACE will catch it an proceed it. You have a SNAT statement there, so ACE will perform standard loadblanacing and replace source IP with NAT IP (say 10.0.0.100) , thus when server #1 which gets this loadbalanced traffic receives it , it will send return traffic to 10.0.0.100 , thus to ACE.

ACE module - should 'sh serverfarm' and the SNMP OID 'slbVServerNumberOfConnections' show the same value?

I've recently begun to notice that the current connections value displayed by the ACE when using the 'sh serverfarm' command isn't matching up with the value returned by a custom MIB poller I'm using to return the value of the associated 'slbVServerNumberOfConnections' OID when I had assumed that they represented the same thing?
As an example at the moment the ACE is showing 400 current connections for a particular serverfarm but my customer poller is returning 250?
I'd noticed this behaviour whilst the ACE was running software version A2(1.6a) and had hoped that an upgrade to A2(2.3) might fix it but it hasn't - assuming it's a bug as opposed to just my misunderstanding of what value 'slbVServerNumberOfConnections' is actually returning?
Can anyone explain what I'm seeing or am I polling the wrong OID?
Thanks in advance
regards
Matthew

What about the 'show conn' ? do you see 400 or 250 concurrent connections ?
What about 'sho service-policy'
The OID refers to the VIP not the serverfarm.
Also the show serverfarm is known to display incorrect information
CSCtc94844: ACE: show serverfarm current connection counter incorrect
The fix will be in A2(2.4)
Gilles.

ACE sending malformed requests?

Hi,
Our ACE has several contexts, and in one of them we are seeing a single probe fail at random times, to a single particular rserver.
The logs of the ACE and the affected rserver at the same time are:
ACE logs:
%ACE-3-251010 Health probe failed for server 10.254.20.52 on port 80, received invalid status code
%ACE-3-251010 Health probe failed for server 10.254.20.52 on port 80, received invalid status code
%ACE-3-251010 Health probe failed for server 10.254.20.52 on port 80, server reply timeout
%ACE-3-251010 Health probe failed for server 10.254.20.52 on port 80, server reply timeout
rserver log:
[Mon Oct 13 18:02:12 2008] [error] [client 10.254.20.11] Client sent malformed Host header
[Mon Oct 13 19:35:37 2008] [error] [client 10.254.20.11] Client sent malformed Host header
[Mon Oct 13 20:32:30 2008] [error] [client 10.254.20.11] request failed: error reading the headers
[Mon Oct 13 21:36:22 2008] [error] [client 10.254.20.11] request failed: error reading the headers
The strange thing is that it is always the same target rserver that reports this error. Naturally, I've asked the server admins to look at this rserver, but they've seen the 'client request' errors in their logs and are suggesting the ACE is at fault.
This rserver also hosts other IP addresses that are used in the same context in different serverfarms - and it behaves as normal without error....it is just this single destination IP that seems to have a problem. Other IPs in the same serverfarm are ok.
Are there any more in-depth checks that I can do at the ACE level to verify that all is OK with the ACE?
The probe is setup like:
probe http 80-checker
interval 10
passdetect interval 3
request method get url /ping
expect status 200 200
Thanks
Cameron

I would like you to run sniffer on the Rserver and look into the HTTP Header of Probe request from ACE.
Check if the parameters expected by the RServer are in line with the http request used by ACE probe.
For example if RServer is expecting "www.xyz.com" as HOST then is ACE really using
"HOST:www.xyz.com" in the HTTP request header.
Thanks
Syed Iftekhar Ahmed

ACE sorry server and sticky

I have configured 3 different serverfarms with including realservers
2 of them are with websites, the other 1 is with webservices
I also have configured a sorry server farm and the including rserver.
On the sorry rserver i have configured 2 maintenance websites, listening to an unique hostheader.
So for serverfarm A & B i have configured a seperate maintenance website.
Now when i take rservers from serverfarm A or B down, the sorry server will get active for the needed farm.
However i can only reach 1 maintenance website. And even so, an url used to reach farm A gets on maintenance site from B
This is strange behaviour, doesnt a sorryserver just accept requests with the requested hostheader by the client ?
Also, when i put the rservers from A and B back into service i have to do a "clear stick database all" otherwise the sorryserver will remain active.
What is wrong here ?
probe http EHIC-http
description Test op WWW functionaliteit
interval 10
passdetect interval 30
request method get url http://acc.site-B.nl/web/
expect status 200 200
header Host header-value "acc.site-B.nl"
expect regex 1.8.0.2
probe http WWW-http
description Test op WWW functionaliteit
interval 10
passdetect interval 30
request method get url http://acc.site-A.nl/web/default.aspx
expect status 200 200
header Host header-value "acc.site-A.nl"
expect regex v1.9.2.327
serverfarm host EHIC-FARM
failaction purge
predictor leastconns slowstart 30
probe EHIC-http
rserver ehic_server01.site-B.nl
inservice
serverfarm host SORRY-FARM
failaction purge
predictor leastconns
rserver sorrypage.site-C.nl
inservice
serverfarm host WBS-FARM
failaction purge
predictor leastconns slowstart 30
probe ICMP-PROBE
rserver acc-wbs01v.site-D
inservice
rserver wbs_01.site-D
inservice
rserver wbs_02.site-D
inservice
serverfarm host WWW-FARM
failaction purge
predictor leastconns slowstart 30
probe WWW-http
rserver acc-www01v.site-A
inservice
rserver acc_server01.site-A
inservice
rserver acc_server02.site-A
inservice
sticky ip-netmask 255.255.255.255 address source EHIC-FARM-STICKY
serverfarm EHIC-FARM backup SORRY-FARM
sticky ip-netmask 255.255.255.255 address source WWW-FARM-STICKY
serverfarm WWW-FARM backup SORRY-FARM
class-map match-any EHIC-VIP
2 match virtual-address 172.30.9.4 tcp eq https
3 match virtual-address 172.30.9.4 tcp eq www
class-map match-any WBS-VIP
6 match virtual-address 172.30.5.4 tcp eq www
7 match virtual-address 172.30.5.4 tcp eq https
class-map match-any WWW-VIP
2 match virtual-address 172.30.6.4 tcp eq www
3 match virtual-address 172.30.6.4 tcp eq https
policy-map type loadbalance first-match EHIC-FARM-STICKY-BALANCE
class class-default
sticky-serverfarm EHIC-FARM-STICKY
policy-map type loadbalance first-match WBS-FARM-BALANCE
class class-default
serverfarm WBS-FARM
policy-map type loadbalance first-match WWW-FARM-STICKY-BALANCE
class class-default
sticky-serverfarm WWW-FARM-STICKY
policy-map multi-match LOADBALANCING-EHIC
class EHIC-VIP
loadbalance vip inservice
loadbalance policy EHIC-FARM-STICKY-BALANCE
loadbalance vip icmp-reply active
appl-parameter http advanced-options EHIC-PARAMETERS
policy-map multi-match LOADBALANCING-WBS
class WBS-VIP
loadbalance vip inservice
loadbalance policy WBS-FARM-BALANCE
loadbalance vip icmp-reply active
appl-parameter http advanced-options WBS-PARAMETERS
policy-map multi-match LOADBALANCING-WWW
class WWW-VIP
loadbalance vip inservice
loadbalance policy WWW-FARM-STICKY-BALANCE
loadbalance vip icmp-reply active
appl-parameter http advanced-options WWW-PARAMETERS
Regards,
Sebastian

Hi Gilles,
Here is our full config, i only changed some domain names.
I'll try to describe the problem again ;
We have published a website by vip 172.30.6.4
We have another website published by vip 172.30.9.4
These websites are hosted by realservers configured in 2 serverfarms and can be reached from the internet (secured by an ASA)
For both of these farms i have configured a sorryserver. This sorry server should serve a webpage containing a maintenance message whenever a farm should get down.
The sorry server is configured with 2 websites, each listening to the specific hostheader. This hostheader is the same as configured on the rservers for the specific farm 172.30.6.4 or 172.30.9.4.
So what i am trying to accomplish is that i only need 1 sorryserver to server 2 sorry webpages, ofcourse listening to a hostheader to get 2 different sorrypages to be returned.
Now when i take all realservers for both serverfarms down, except for the sorryserver, i can only reach 1 sorrypage.
For example, site A and B are down, when i try to reach site A i get to the sorrypage of site A. But when i try to reach site B i too get served the sorrypage of site A.
And also when i "inservice" all rservers again i have to do a "clear sticky database", otherwise the sorryserver will remain active.
Now i have upgraded to the last version of the ACE ios, but i still have to test if the same problem persists so i will give feedback on this later.
Regards,
Sebastian

ACE 4710 how to direct traffic by source ip

I would like to know in the simplest terms how to use the source ip of the request to direct traffic to 2 different server farms.
One ip address source range to one server farm and all other ip address sources to another server farm.

Good morning,
It is possible to match the source IP of the client as a parameter for L7 class-map. See the link below for more details
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/classlb.html#wp1117372
For your setup, you could just create two different class-maps (one for each source range) mapped to two different serverfarms.
I hope this helps
Daniel

ACE health monitoring queries

Hi,
I need some detailed information regarding ACE health monitoring. According to the documentation, ACE support 4096 Unique probe configurations.
My questions are as follows:
1) Are these uniques configs means uniques instances or unique probes. For ex: If I have created 2 probes(say http and icmp probe) and have applied each of it to 5 rservers, does that mean I have 2 unique configs or 10.
2) How did this number(4096) came in. What is the logic behind it. Is it based on the memory allocated by ACE to health monitoring. Please provide a detailed answer to this question.
Any inputs will be highly valuable for me.
Thanks,
Nitesh

There are three different types of probe limits in ACE
1.Probe definitions (4K)
These are the actual number of probe objects that you can define.
You can define maximum of 4K unique probes.
2.probe Instances (16K)
Each time that you use the same probe again in a different serverfarm/Real
the ACE counts it as another probe instance. You can allocate a maximum of 16k probe instances.
3.Simultaneous Probe Sockets (2500)
With ACE 2.x code Probes can open 2500 simultaneous connections from the control
plane. In Older ACE module codes and on ACE appliance this limit i 1000.
Reason for these probe definitions & Probe instances are the Control plane capacity.
These limitations exist to make sure that Probes do'nt starve the other process
Hope this helps
Syed Iftekhar Ahmed

Ace: different serverfarm reachable?

Similar Messages

Maybe you are looking for