ACE Load Balancing algorithm

Team,
I was reading Designing Content Switching Solutions last night. I came across a page that suggested Round Robin for HTTP connections, Least Conns for FTP connections, dst Hash for caching connections and so on.
Could someone please provide information or a link on which load balancing algorithm to use based on the application, is there some form of best practice for this?
Thank you,
John...

John,
there is no best practices.
It depends on your applications and needs.
For example, for caching, some people prefer to optimize the disk space, and other the response time.
So, if you do destination hash, you guarantee that all traffic for one site is always handled by the same cache.
Therefore you optimize the disk space since you will not find the same object on all caches.
BUT if one site attracts a lot of connections, the cache device that handles that site will be overloaded (for example youtube.com)
Leastconn is a good option in theory.
The device that has less connections should receive the next one.
The problem is if you have flapping links or servers crashing or if you do a lot of maintenance and add/remove servers frequently.
This confuses the algorithm and is the source of a lot of bugs.
My recommendation is to go with roundrobin unless you have identify that you really need another algorithm.
And you can always start with roundrobin and see what happens...
Gilles.

Similar Messages

  • Is it possible to use UCS Blade Servers in ACE Load Balancing

    Hi all ,
    Is it possible to use UCS Blade Servers in ACE Load Balancing ?? Please note that UCS Blade Servers are not connected directly to 6500 Switch where ACE Module installed .i am expecting a good suggestion from whether ACE or Switching Expert
    Thanks in advance
    Sanjeevi

    There is nothing that would prevent you from loadbalancing the applications that run on UCS servers.  ACE can loadbalance applications that are directly L2 attached (bridged or routed mode) or even servers that are multiple hops L3 hops away using one-armed mode with source nat.  The key to this is that the return traffic from the server needs to make it back to the ACE.

  • Ask the Expert: Configuration and Troubleshooting the Cisco Application Control Engine (ACE) load balancer

    With Ajay Kumar and Telmo Pereira 
    Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about configuration and troubleshooting the Cisco Application Control Engine (ACE) load balancer with Cisco expert Ajay Kumar and Telmo Pereira. The Cisco ACE Application Control Engine Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is a next-generation load-balancing and application-delivery solution. A member of the Cisco family of Data Center 3.0 solutions, the module: Helps ensure business continuity by increasing application availability Improves business productivity by accelerating application and server performance Reduces data center power, space, and cooling needs through a virtualized architecture Helps lower operational costs associated with application provisioning and scaling
    Ajay Kumar  is a customer support engineer in the Cisco Technical Assistance Center in Brussels, covering content delivery network technologies including Cisco Application Control Engine, Cisco Wide Area Application Services, Cisco Content Switching Module, Cisco Content Services Switches, and others. He has been with Cisco for more than four years, working with major customers to help resolve their issues related to content products. He holds DCASI and VCP certifications. 
    Telmo Pereira is a customer support engineer in the Cisco Technical Assistance Center in Brussels, where he covers all Cisco content delivery network technologies including Cisco Application Control Engine (ACE), Cisco Wide Area Application Services (WAAS), and Digital Media Suite. He has worked with multiple customers around the globe, helping them solve interesting and often highly complex issues. Pereira has worked in the networking field for more than 7 years. He holds a computer science degree as well as multiple certifications including CCNP, DCASI, DCUCI, and VCP
    Remember to use the rating system to let Ajay know if you have received an adequate response.
    Ajay and Telmo might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community discussion forum Application Networking shortly after the event.
    This event lasts through July 26, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

    Hello Krzysztof,
    Another set of good/interesting questions posted. Thanks! 
    I will try to clarify your doubts.
    In the output below both resources (proxy-connections and ssl-connections rate) are configured with a min percentage of resources (column Min), while 'Max' is set to equal to the min.
    ACE/Context# show resource usage
                                                         Allocation
            Resource         Current       Peak        Min        Max       Denied
    -- outputs omitted for brevity --
      proxy-connections             0      16358      16358      16358      17872
      ssl-connections rate          0        626        626        626      23204
    Most columns are self explanatory, 'Current' is current usage, 'Peak' is the maximum value reached, and the most important counter to monitor 'Denied' represents the amount of packets denied/dropped due to exceeding the configured limits.
    On the resources themselves, Proxy-connections is simply the amount of proxied connections, in other words all connections handled at layer 7 (SSL connections are proxied, as are any connections with layer 7 load balance policies, or inspection).
    So in this particular case for the proxy-connections we see that Peak is equal to the Max allocated, and as we have denies we can conclude that you have surpassed the limits for this resource. We see there were 17872 connections dropped due to that.
    ssl-connections rate should be read in the same manner, however all values for this resource are in bytes/s, except for Denied counter, that is simply the amount of packets that were dropped due to exceeding this resource. 
    For your particular tests you have allocated a min percentage and set max equal to min, this way you make sure that this context will not use any other additional resources.
    If you had set the max to unlimited during resource allocation, ACE would be allowed to use additional resources on top of those guaranteed, if those resources were available.
    This might sound a great idea, but resource planning on ACE should be done carefully to avoid any sort of oversubscription, specially if you have business critical contexts.
    We have a good reference for ACE resource planning that contains also description of all resources (this will help to understand the output better):
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/virtualization/guide/config.html#wp1008224
    1) When a resource is utilized to its maximum limit, the ACE denies additional requests made by any context for that resource. In other words, the action is to Drop. ACE  should in theory silently drop (No RST is sent back to the client). So unless we changed something on the code, this is what you should see.
    To give more context, seeing resets with SSL connections is not necessarily synonym of drops. As it is usual to see them during normal transactions.
    For instance Microsoft servers are usually ungracefully terminating SSL connections with RESET. Also when there is renegotiation during an SSL transaction you may see RESETS, but this will pass unnoticed for end users. 
    2)  ACE will simply drop/ignore new connections when we reach the maximum amount of proxied connections for that context. Exisiting connections will continue there.
    As ACE doesn't respond back, client would simply retransmit, and if he is lucky maybe in the next attempt he will be able to establish the connection.
    To overcome the denies, you will definitely have to increase the resource allocation. This of course, assuming you are not reaching any physical limit of the box.
    As mentioned setting max as unlimited might work for you, assuming there are a lot of unused resources on the box.
    3)  If a new connection comes in with a sticky value, that matches the sticky entry of a real server, which is already in MAXCONNS state, then both the ACE module/appliance should reject the connection and that sticky entry would be removed.
    The client would at that point reestablish a new connection and ACE would associate a new sticky entry with the flow for a new RSERVER after the loadbalancing decision.
    I hope this makes things clearer! Uff...
    Regards,
    Telmo

  • ESXi 4.1 NIC Teaming's Load-Balancing Algorithm,Nexus 7000 and UCS

    Hi, Cisco Gurus:
    Please help me in answering the following questions (UCSM 1.4(xx), 2 UCS 6140XP, 2 Nexus 7000, M81KR in B200-M2, No Nexus 1000V, using VMware Distributed Switch:
    Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000?
    Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned?
    Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct?
    Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES?
    I would really appreciate if someone can help me clear these lingering doubts of mine.
    God Bless.
    SiM

    Sim,
    Here are my thoughts without a 1000v in place,
    Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000?   //Yes, for vPC to UCS the best practice is to bowtie uplink to (2) 7K or 5Ks.
    Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned? //The port channel will be configured on both the UCSM and the 7K. The pro of a port channel would be both bandwidth and redundancy. vPC would be prefered.
    Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct? //Without the 1000v, I always tend to leave to dvSwitch load balence behavior at the default of "route by portID". 
    Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES? UCS can perform L2 but Northbound should be performing L3.
    Cheers,
    David Jarzynka

  • ACE load balancing and testing using soapUI

    Hey, I am trying to crowd source a solution for this problem.
    A client is testing using soapUI to an application that is being load balanced via ACE. There are two webservers behind the VIP servicing the client request. When client tests, requests are timing out per the soapUI log. A packet capture was taken and it clearly shows that ACE is not forwarding the HTTP data back to the client. When client tests by bypassing the ACE load balancer, it works fine. But, there are other clients from other applications that are making successful connection to the load balanced application via the VIP.
    Question, is there any thing unique with making HTTP/XML based requests using soapUI? LB configuration is shown below:
    class-map match-all EAI_PWS_9083
      2 match virtual-address 10.5.68.29 tcp eq 9083
    serverfarm host EAI_PWS_9083
      description WebSphere Porduction
      failaction purge
      probe tcp9083
      rserver ESSWSPAPP01 9083
        inservice
      rserver ESSWSPAPP02 9083
        inservice
    policy-map type loadbalance first-match L7_POLICY_EAI_PWS_9083
      class class-default
        serverfarm EAI_PWS_9083
    policy-map multi-match L4SLBPOLICY
    class EAI_PWS_9083
        loadbalance vip inservice
        loadbalance policy L7_POLICY_EAI_PWS_9083
        loadbalance vip icmp-reply active
        appl-parameter http advanced-options CASE_PARAM
    parameter-map type http CASE_PARAM
      case-insensitive

    Hi,
    Your configuration looks fine. I am not familiar with soapUI but if it is like a normal TCP connection followed by HTTP requests, i don't see why this shouldn't work.
    Do you know if there is a difference while using soapUI and normal request using browser?
    Regards,
    Kanwal

  • Need help with ACE Load Balancing Base on URL pattern

    This is the first time for me trying to configure something like this on the ACE load balancer.  I need help configuring a load balancing policy base on URL pattern.  URL https://ineedhelp.com base on /willuhelpme and /imlost
    Key: ineedhelp_key
    cert:  ineedhelp_cert
    serverfarmA
    serverA 10.1.1.1 443
    serverfarmB
    serverB 10.1.1.2 443
    ineedhelp.com/willuhelpme-------serverfarmA
    ineedhelp.ocm/imlost---------------serverfarmB

    This is the first time for me trying to configure something like this on the ACE load balancer.  I need help configuring a load balancing policy base on URL pattern.  URL https://ineedhelp.com base on /willuhelpme and /imlost
    Key: ineedhelp_key
    cert:  ineedhelp_cert
    serverfarmA
    serverA 10.1.1.1 443
    serverfarmB
    serverB 10.1.1.2 443
    ineedhelp.com/willuhelpme-------serverfarmA
    ineedhelp.ocm/imlost---------------serverfarmB

  • Ace load balancing, inservice/no inservice serverfarms

    I've started working with an ACE load balancer and came across  something that just didn't add up to me. I can pull and put servers in  and out of rotation without a problem however when working with a  serverfarm or a group of servers I have to pull each one individually  and can't find a way to remove say the entire serverfarm via one  command. Does anyone know of a way to put a serverfarm 'inservice' or  set it to 'no inservice' that would make it easier for large groups of  servers needing to be adjusted.
    Sorry if this isn't the write forum for this kind of question. Please feel free to move it if needed.

    Hello Chris,
      There is no toggle to set every rserver under a serverfarm out of service.  You can only take a single rserver out of service at a global level, or under a serverfarm inividually.
      One thing to think about  - bringing down all of the servers would be the same as removing the serverfarm from under the policy map type loadbalance since it would effectively bring the vip down.
    Regards,
    Chris Higgins

  • Hyper-V NIC Team Load Balancing Algorithm: TranportPorts vs Hyper-VPorts

    Hi, 
    I'm going to need to configure a NIC team for the LAN traffic for a Hyper-V 2012 R2 environment. What is the recommended load balancing algorithm? 
    Some background:
    - The NIC team will deal with LAN traffic (NOT iSCSI storage traffic)
    - I'll set up a converged network. So there'll be a virtual switch on top of this team, which will have vNICs configured for each cluster, live migration and management
    - I'll implement QOS at the virtual switch level (using option -DefaultFlowMinimumBandwidthWeight) and at the vNIC level (using option -MinimumBandwidthWeight)
    - The CSV is set up on an Equallogics cluster. I know that this team is for the LAN so it has nothing to do with the SAN, but this reference will become clear in the next paragraph. 
    Here's where it gets a little confusing. I've checked some of the Equallogics documentation to ensure this environment complies with their requirements as far as storage networking is concerned. However, as part of their presentation the Dell publication
    TR1098-4, recommends creating the LAN NIC team with the TrasportPorts Load Balancing Algorithm. However, in some of the Microsoft resources (i.e. http://technet.microsoft.com/en-us/library/dn550728.aspx), the recommended load balancing algorithm is HyperVPorts.
    Just to add to the confusion, in this Microsoft TechEd presentation, http://www.youtube.com/watch?v=ed7HThAvp7o, the recommendation (at around minute 8:06) is to use dynamic ports algorithm mode. So obviously there are many ways to do this, but which one is
    correct? I spoke with Equallogics support and the rep said that their documentation recommends TransportPorts LB algorithm because that's what they've tested and works. I'm wondering what the response from a Hyper-V expert would be to this question. Anyway,
    any input on this last point would be appreciated.

    Gleb,
    >>See Windows Server 2012 R2 NIC Teaming (LBFO) Deployment and Management  for more
    info
    Thanks for this reference. It seems that I have an older version of this document where there's absolutely
    no mention of the dynamic LBA. Hence my confusion when in the Microsoft TechEd presentation the
    recommendation was to use Dynamic. I almost implemented this environment with switch dependent and Address Hash Distribution because, based on the older version of the document, this combination offered: 
    a) Native teaming for maximum performance and switch diversity is not required; or
    b) Teaming under the Hyper-V switch when an individual VM needs to be able to transmit at rates in excess of what one team member can deliver
    The new version of the document recommends Dynamic over the other two LBA. The analogy that the document
    makes of TCP flows with human speech was really helpful for me to understand what this algorithm is doing. For those who will never read the document, I'm referring to this: 
    "The outbound loads in this mode are dynamically balanced based on the concept of
    flowlets.  Just as human speech has natural breaks at the ends of words and sentences, TCP flows (TCP communication streams) also have naturally
    occurring breaks.  The portion of a TCP flow between two such breaks is referred to as a flowlet.  When the dynamic mode algorithm detects that a flowlet boundary has been encountered, i.e., a break of sufficient length has occurred in the TCP flow,
    the algorithm will opportunistically rebalance the flow to another team member if apropriate.  The algorithm may also periodically rebalance flows that do not contain any flowlets if circumstances require it.    As a result the affinity
    between TCP flow and team member can change at any time as the dynamic balancing algorithm works to balance the workload of the team members. "
    Anyway, this post made my week. You sir are deserving of a beer!

  • Load balancing algorithm for groups in RZ12

    Hello,
    I would like to know the load balancing algorithm for groups defined in RZ12.
    I know that log on groups for external connections are administered via SMLG and table RZLLICLASS.
    I also know that RFC resources can be managed for RFC logon groups via RZ12.
    Kind regards,
    Peter
    <removed_by_moderator>
    Point awarding is at your discretion, but read and follow the "Rules of Engagement"
    Edited by: Juan Reyes on Dec 3, 2010 10:21 AM

    Hello!
    Found this post while searching information about RFC and Logon Groups...
    I have some mess in my head with SMLG functionality and RZ12. As I know SMLG we can use to distribute users to application server instances, it gives us good achievement in performance. With RZ12 we can distribute RFC connection of particular job for parallel execution on predefined application server. With SMQS and SMQR transaction we can set "Name of AS Group" to route RFC-execution on certain server or servers. But I have troubles with understanding. Imagine, we set up group 1 with 2 servers (name it RFC_GR1), and group 2 with another 2 servers (name it RFC_GR2). How could qRFC scheduler decide on which RFC server group (RFC_GR1 or RFC_GR2) distribute RFC-execution? How to interact "Name of AS Group" with RFC groups if we can set only one group?   How could we distribute RFC-execution depending on our logon groups (smlg)? We would like to distribute RFC depending on SAP logon groups. Is it possible? Or do I compare apple and orange?
    Regards,
    Artem Ivashkin

  • Port Channel Load-Balancing Algorithm (North Bound)

    I'm trying to figure out what the load balancing algorithm for the 6100 and 6200 FIs for the Northbound connections. I can't find any documentation on how to change it.
    The Nexus 7000s use an 8-bit hash, making it very easy to do something other than 2, 4, or 8 link port channel and get even (at least algorithmically) distribution.
    Catalyst switches (not sure about Sup2T though) would use a 1, 2, or 3-bit index, which would skew traffic algorthmically if you used a non-power of 2.
    Looking at the 5K documentation, it seems to use the Catalyst style (though haven't been able to confirm). My guess is that whatever is used for the 5Ks is used for the 6100/6200.
    Design wise, this would mean you would want to use powers of 2 for your NB uplinks.

    Hello Tony,
    On UCS FI, it uses " sr-cdest-ip " as the load balancing algorithm and uses 8 parameters for hashing
    6248-01-B(nxos)# sh port-channel load-balance
    Port Channel Load-Balancing Configuration:
    System: source-dest-ip
    Port Channel Load-Balancing Addresses Used Per-Protocol:
    Non-IP: source-dest-mac
    IP: source-dest-ip source-dest-mac
    6248-01-B(nxos)# show platform fwm info pc port-channel 1
    dump pc info: if_index 369098752 dump_all 0 verbose 1
    Po1: state 0x0  #pifs 1  fwimpd ctx 0x9666c1c
    Po1: hash params - l2_da 1 l2_sa 1 l3_da 1 l3_sa 1
    Po1: hash params - l4_da 1 l4_sa 1 xor_sa_da 1 hash_elect 1
    I could not find an option to change these values.
    Padma

  • ACE - Load Balance SMB?

    Can the ACE load balance SMB?
    Server 1 DNS is msserver1
    Server 2 DNS is msserver2
    VIP DNS is msserver
    Can the ACE replace the server name (or IP address) in a tree connect query with the actual real server name that is chosen for the request?                  

    Hi , If I understood you correctly and you're looking for intelligent way to loadbalance NetBios/Samba - I'm afraid there is no such functionality on ACE, we can only do simple L4 loadbalancing for such sessions and can't change anything.

  • SG300-28: LAG Load Balance Algorithm

    The SG300-28 LAG Load Balance Algorithm options are:
    MAC Address
    IP/MAC Address
    This switch is connected to two ESXi hosts running version 5.5 each with quad port 1 gbit nic.
    These ESXI hosts supports > 20 algorithms.
    Is there in a upcoming firmware for the SG300-28 supporting more algorithms?

    The SG300-28 LAG Load Balance Algorithm options are:
    MAC Address
    IP/MAC Address
    This switch is connected to two ESXi hosts running version 5.5 each with quad port 1 gbit nic.
    These ESXI hosts supports > 20 algorithms.
    Is there in a upcoming firmware for the SG300-28 supporting more algorithms?

  • Load balancing algorithms

    hello
    can any one give URL about load balancing algorithms in 11500 series?
    sincerally

    Hi,
    Here is a link.
    http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_730/contlbgd/contrule.htm#1038118
    Hope this helps,
    Regards,
    Sagar

  • ACE load balancing servers on different subnets...

    Hello,
    I have the following issue.... need to load balance traffic between two servers already working in two different subnets (vlans), at this point is highly desirable to avoid changing IP addresses. Is it possible to accomplish this goal using ACE? routed or bridged mode? is it strictly necessary to have all servers belonging to a serverfarm in the same subnet?
    Thanks in advanced for your support.

    Hi,
    You can do this, but you have to use client-NAT (Source-NAT) to force the return traffic to pass back through the ACE. You also then need static routes in the ACE context to point at each server. PBR is an alternative approach but I have not implemented that in a live network. The important thing is that the ACE sees both sides of the conversation.
    The following extract from a configuration shows the basic principle:
    rserver host master
    ip address 10.199.95.2
    inservice
    rserver host slave
    ip address 10.199.38.68
    inservice
    serverfarm host FARM-web2-Master
    description Serverfarm Master
    probe PROBE-web2
    rserver master
    inservice
    serverfarm host FARM-web2-Slave
    description Serverfarm Slave
    probe PROBE-web2
    rserver slave
    inservice
    class-map match-any L4VIPCLASS
    2 match virtual-address 10.199.80.12 tcp eq www
    3 match virtual-address 10.199.80.12 tcp eq https
    policy-map type management first-match REMOTE-MGMT-ALLOW-POLICY
    class REMOTE-ACCESS
    permit
    policy-map type loadbalance first-match LB-POLICY
    class class-default
    serverfarm FARM-web2-Master backup FARM-web2-Slave
    policy-map multi-match L4POLICY
    class L4VIPCLASS
    loadbalance vip inservice
    loadbalance policy LB-POLICY
    loadbalance vip icmp-reply active
    loadbalance vip advertise
    nat dynamic 1 vlan 384
    service-policy input L4POLICY
    interface vlan 383
    description ACE-web2-Clientside
    ip address 10.199.80.13 255.255.255.248
    alias 10.199.80.12 255.255.255.248
    peer ip address 10.199.80.14 255.255.255.248
    access-group input ACL-IN
    access-group output PERMIT-ALL
    no shutdown
    interface vlan 384
    description ACE-web2-Serverside
    ip address 10.199.80.18 255.255.255.240
    alias 10.199.80.17 255.255.255.240
    peer ip address 10.199.80.19 255.255.255.240
    access-group input PERMIT-ALL
    access-group output PERMIT-ALL
    nat-pool 1 10.199.80.20 10.199.80.20 netmask 255.255.255.240 pat
    no shutdown
    ip route 0.0.0.0 0.0.0.0 10.199.80.9
    ip route 10.199.95.2 255.255.255.255 10.199.80.21
    ip route 10.199.38.68 255.255.255.255 10.199.80.21
    HTH
    Cathy

  • ACE Load Balancing Problem

    Hi,
    I have ACE 4701 with c4710ace-mz.A3_2_2.bin image. In the current setup ACE is located in the center of network where all the WAN, Intenret and LAN is connected and ACE has default towards Internet and All other segment has default route towards ACE appliance. ACe is only redirecting the port 80 traffic to my Proxy server and bypass my lan subnet on port 80.
    Internet
    i
    i
    i
    i
    i
    ACE--------------------------------WAN
    i
    i
    i
    i
    LAN
    I want to use ACE for the load balancing of two servers. Today I did the load balancing configuration but as soon as I applied the policy map on the interface vlan 200 and 300, my complete network reachability went down. When I remove the policy my network came back to normal.
    192.168.200.66  FAX Server-1
    192.1168.200.67 FAX Server-2
    192.168.200.65   Virtual IP address
    Attached is the configuration that I did on ACE for the load balancing and below is the current configuration of the ACE appliance.
    access-list acl-in remark ACCESS LIST FOR ACE-INSIDE
    access-list acl-in line 1 extended permit ip any any
    access-list acl-out remark ACCESS LIST FOR ACE-OUTSIDE
    access-list acl-out line 1 extended permit ip any any
    access-list acl-proxy remark ACCESS LIST FOR PROXY SEGMENT
    access-list acl-proxy line 1 extended permit ip any any
    access-list acl-wan remark ACCESS LIST FOR WAN SEGMENT
    access-list acl-wan line 1 extended permit ip any any
    probe tcp PROBE_5050
    port 5050
    interval 15
    passdetect interval 60
    open 1
    probe tcp PROBE_5101
    port 5101
    interval 15
    passdetect interval 60
    open 1
    probe tcp PROBE_TCP
    port 80
    interval 15
    passdetect interval 60
    open 1
    parameter-map type http PARAMAP_CASE
    case-insensitive
    no persistence-rebalance
    rserver host RS_BCPR01
    ip address 192.168.0.103
    inservice
    rserver host RS_BCPR02
    ip address 192.168.0.104
    inservice
    rserver host RT_fax1
    description Right Fax Server-1
    ip address 192.168.200.66
    rserver host RT_fax2
    description Right Fax Server-2
    ip address 192.168.200.67
    serverfarm host SF_BCPR
    transparent
    probe PROBE_5050
    probe PROBE_5101
    probe PROBE_TCP
    rserver RS_BCPR01
    inservice
    rserver RS_BCPR02
    inservice
    serverfarm host SF_RT_fax
    rserver RT_fax1
    rserver RT_fax2
    sticky ip-netmask 255.255.255.255 address source STICKY-SOURCE
    replicate sticky
    serverfarm SF_BCPR
    sticky ip-netmask 255.255.255.255 address source FAX-STICKY
    replicate sticky
    serverfarm SF_RT_fax
    class-map type management match-any CM_ALL
    2 match protocol snmp any
    3 match protocol http any
    4 match protocol https any
    5 match protocol icmp any
    6 match protocol telnet any
    class-map match-any CM_BYPASS_FOR_LAN
    3 match virtual-address 100.1.1.0 255.255.255.0 tcp eq www
    8 match virtual-address 10.0.0.0 255.0.0.0 tcp eq www
    9 match virtual-address 172.16.0.0 255.255.0.0 tcp eq www
    10 match virtual-address 192.168.0.0 255.255.0.0 tcp eq www
    class-map match-any CM_BYPASS_SUBNET
    9 match virtual-address 100.0.0.0 255.0.0.0 tcp eq www
    13 match virtual-address 10.0.0.0 255.0.0.0 tcp eq www
    14 match virtual-address 172.16.0.0 255.255.0.0 tcp eq www
    15 match virtual-address 192.168.0.0 255.255.0.0 tcp eq www
    class-map match-any CM_IM
    2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq 5050
    3 match virtual-address 0.0.0.0 0.0.0.0 tcp eq 1080
    4 match virtual-address 0.0.0.0 0.0.0.0 tcp eq 5101
    class-map match-all CM_SF_BCPR
    255 match virtual-address 0.0.0.0 0.0.0.0 tcp eq www
    class-map match-any RT_FAX
    2 match virtual-address 192.168.200.65 0.0.0.0 any
    policy-map type management first-match PM_ALL
    class CM_ALL
    permit
    policy-map type loadbalance http first-match PM_L7_BYPASS_FOR_LAN_HTTP
    class class-default
    forward
    policy-map type loadbalance http first-match PM_L7_BYPASS_HTTP
    class class-default
    forward
    policy-map type loadbalance first-match PM_LB_RT_FAX
    class class-default
    sticky-serverfarm FAX-STICKY
    policy-map type loadbalance http first-match PM_LB_SF_BCPROXY
    class class-default
    sticky-serverfarm STICKY-SOURCE
    policy-map multi-match PM_BYPASS_FOR_LAN_HTTP
    class CM_BYPASS_FOR_LAN
    loadbalance vip inservice
    loadbalance policy PM_L7_BYPASS_FOR_LAN_HTTP
    policy-map multi-match PM_BYPASS_HTTP
    class CM_BYPASS_SUBNET
    loadbalance vip inservice
    loadbalance policy PM_L7_BYPASS_HTTP
    policy-map multi-match PM_MAIN_BCPROXY
    class CM_SF_BCPR
    loadbalance vip inservice
    loadbalance policy PM_LB_SF_BCPROXY
    loadbalance vip icmp-reply active
    appl-parameter http advanced-options PARAMAP_CASE
    class CM_IM
    loadbalance vip inservice
    loadbalance policy PM_LB_SF_BCPROXY
    policy-map multi-match PM_RT_FAX
    class RT_FAX
    loadbalance vip inservice
    loadbalance policy PM_LB_RT_FAX
    service-policy input PM_ALL
    interface vlan 100
    description FW-INSIDE CONTEXT RACK1
    ip address 192.168.0.5 255.255.255.224
    alias 192.168.0.11 255.255.255.224
    peer ip address 192.168.0.6 255.255.255.224
    mac-address autogenerate
    no icmp-guard
    access-group input acl-out
    no shutdown
    interface vlan 200
    description WAN-VLAN CONTEXT RACK1
    ip address 192.168.0.33 255.255.255.224
    alias 192.168.0.43 255.255.255.224
    peer ip address 192.168.0.34 255.255.255.224
    mac-address autogenerate
    access-group input acl-wan
    service-policy input PM_BYPASS_HTTP
    service-policy input PM_MAIN_BCPROXY
    no shutdown
    interface vlan 300
    description ACE-INSIDE CONTEXT RACK1
    ip address 192.168.0.65 255.255.255.224
    alias 192.168.0.73 255.255.255.224
    peer ip address 192.168.0.66 255.255.255.224
    mac-address autogenerate
    access-group input acl-in
    service-policy input PM_BYPASS_FOR_LAN_HTTP
    service-policy input PM_BYPASS_HTTP
    service-policy input PM_MAIN_BCPROXY
    no shutdown
    interface vlan 301
    description BC-VLAN CONTEXT RACK1
    ip address 192.168.0.97 255.255.255.224
    alias 192.168.0.107 255.255.255.224
    peer ip address 192.168.0.98 255.255.255.224
    mac-address autogenerate
    access-group input acl-proxy
    no shutdown
    ft track interface TRACKING_FOR_FT_VLAN
    track-interface vlan 300
    peer track-interface vlan 300
    priority 255
    peer priority 255
    ip route 0.0.0.0 0.0.0.0 192.168.0.1
    Please help me out what i am missing. Is there any limitation on policy map or my bypass subnet list is creating problem. 

    I did these changes this time nothing disconnected but I am not able to do the Remote desktop on the virtual IP address. Real IP has Remote desktop enabled even VIP is not ping able for me.
    rserver host RT_fax1
      description Right Fax Server-1
      ip address 192.168.200.66
      inservice
    rserver host RT_fax2
      description Right Fax Server-2
      ip address 192.168.200.67
      inservice
    serverfarm host SF_RT_fax
      rserver RT_fax1
        inservice
      rserver RT_fax2
        inservice
    policy-map type loadbalance rdp first-match PM_LB_RT_FAX
      class class-default
        serverfarm SF_RT_fax
    policy-map multi-match PM_RT_FAX
      class RT_FAX
        loadbalance vip inservice
        loadbalance policy PM_LB_RT_FAX
        loadbalance vip icmp-reply active
    interface vlan 200
      description WAN-VLAN CONTEXT RACK1
      ip address 192.168.0.33 255.255.255.224
      alias 192.168.0.43 255.255.255.224
      peer ip address 192.168.0.34 255.255.255.224
      mac-address autogenerate
      access-group input acl-wan
      service-policy input PM_BYPASS_HTTP
      service-policy input PM_MAIN_BCPROXY
      service-policy input PM_RT_FAX
      no shutdown
    interface vlan 300
      description ACE-INSIDE CONTEXT RACK1
      ip address 192.168.0.65 255.255.255.224
      alias 192.168.0.73 255.255.255.224
      peer ip address 192.168.0.66 255.255.255.224
      mac-address autogenerate
      access-group input acl-in
      service-policy input PM_BYPASS_FOR_LAN_HTTP
      service-policy input PM_BYPASS_HTTP
      service-policy input PM_MAIN_BCPROXY
      service-policy input PM_RT_FAX
      no shutdown
    But nothing is working for me. Please help me out. This time i didnt configure the sticky. But in real I will go with sticky and complete IP protocol will be use a VIP. Please help me out.

Maybe you are looking for

  • What happens if I interrupt a 7 Pass Secure Erase?

    I am 24 hours into a 7 Pass Erase on a 1TB external drive. The status says 5 of 7 with 13 hours remaining. What happens if I stop the process and select skip? Will I get the benefit of the 5 passes or will the disk revert back to its original state?

  • Reducing the length of my movie

    I finally discovered why i couldnt upload it onto yOu tube despite the fact I THOUGHT i had trimmed the length from an hour to about 5 mins(in fact two clips left on the clips viewer).I moved all the others back onto the clips pane ,i clicked *save a

  • Omnipass fingerprin​t reader not working

    I purchased a Lenovo 3000 N100 a few weeks ago, and the Omnipass fingerprint reader program worked great at first.  Then this morning, it no longer let me log in.  I have Omnipass set up so I can use my fingerprint to log into websites (email, etc). 

  • LSO - How to create classroom training records in the past using LSO trans

    Hello, we are managing classroom training outside SAP but we want to maintain retrospectively the information in LSO in order for employees to see in the Portal as Completed Training. When using the LSO transaction (e.g. LSO_PV08) to book the partici

  • ATI 5770 disables bluetooth in Mac4,1

    I replaced the GT120 in my Mac4,1 with an Apple ATI 5770. Everything works great accept now bluetooth is not available. Bluetooth Symbol has a zigzag line through it. Pram reset permission repair failed. When I switch back to the GT120, bluetooth is