ACE Probe regex and escaping Parenthesis

I'm trying to setup a ACE probe that expects a return of
(server.domain.com) EXISTS=TRUE,AVAILABLE=TRUE,ACTIVE=TRUE
But it doesn't appear that I can use Parenthesis inside a regex. I've tried escaping as well.
expect \(server\.domain\.com\) EXISTS=TRUE,AVAILABLE=TRUE,ACTIVE=TRUE
% invalid command detected at '^' marker. Pointing at the (
But this doesn't work either. Any ideas?

Hi,
Hi,
If it has taken it, it should match the response from server. Is it still not matching?
If you look at the regex builder below, the regex matches the response which is expected from the server. So ACE should be able to match it.
Also, you can try and put \ before dots but not sure. In my opinion it should work fine with what we have put in already. If it doesn't we will have to use hit and trial. Let me know if you need this regex builder. You can download it from google though. In any case i just attached it.

Similar Messages

ACE : PROBE-FAILED and Syslog messages

Hi,
When a real server is in PROBE-FAILED status, I observe a syslog message at each trial of the proble. This fills our syslog server. Is there a mean to configure the ACE in such a way that a syslog message would be generated only when a transition occurs in the probe status ?
Thank you for any hints,
Yves

Hello,
You can utilize "logging trap " command and
"logging message level " command
in order to achive what you are seeking.
The "logging trap " command limits the logging messages sent to a syslog server based on severity.
If it is set to "5 - notification", all messages that have security level of 5 or lower number are sent to the syslog server.
You can disable the display of a specific syslog
message or change the severity level of a specific system log message using
"logging message level " command.
Not sure what kind of probe you are using but If it is ICMP probe and
the reason of probe failure is arp, it generates a message for every try
as below with severity level of 3, by default.
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->
class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0
%ACE-4-442007: VIP in class: 'VIP' changed state from OUTOFSERVICE to INSERVICE
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->
class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0
%ACE-4-442004: Health probe ICMP detected rserver r1 (interface vlan31) changed state to UP
%ACE-4-442001: Health probe ICMP detected r1 (interface vlan31) in serverfarm SF changed state to UP
If your "logging trap " is set to "5 - notification" and you do not want
the message "%ACE-3-251009:xxx" to be sent to syslog server,
you can change its security level like below.
switch/Admin(config)# logging message 251009 level 6
switch/Admin(config)# do show logging message 251009
Message logging:
message 251009: current-level 6 default-level 3 (enabled)
You can check the message id that is filling the syslog server
and change its security level to higher number than "logging trap ".
Regards,
Kimihito.

ACE Probe Config for Blue Coat Proxy TCP Port 74 NETRJS-4

We are running 4710's with A5(2.2). We use Blue Coat proxies for our internet connections, specifcally TCP port 74. So when we open up a browser connection to www.cisco.com, the HTTP GET is actually encapsulated in TCP port 74 netrjs-4. We want to load-balance these proxies with ACE and I'm trying to setup health probes, but the only ones that work are the tcp probes PROXY_BCC_PROBE and PROXY_PROBE. I'd like to have health probes that hit external websites, but I'm confused whether the "ip address" Probe sub command is all I need, and netrjs is simple encapsulation of the HTTP request (which is what it looks like on a sniffer). Does anyone have Blue Coat proxies/ACE working? If so, how are your probes configured?
Thanks,
probe tcp PROXY_BCC_PROBE
port 8084
interval 3
passdetect interval 3
probe http PROXY_HTTP1_PROBE
ip address 198.133.219.25
port 74
interval 3
passdetect interval 3
request method head url /index.html
expect status 200 299
probe http PROXY_HTTP2_PROBE
ip address 198.133.219.25
port 74
interval 3
request method get url /
expect status 200 299
probe tcp PROXY_PROBE
port 74
interval 3
passdetect interval 3

Hi,
I have seen this working for one of the customer.
probe http HTTPGET
description Tests that www.gmail.com returns 302 redirect
interval 10
request method get url http://www.gmail.com
expect status 302 302
If I modify your probe :
probe http PROXY_HTTP1_PROBE
ip address 198.133.219.25
port 74
interval 3
passdetect interval 3
request method get url
http://www.gmail.com
expect status 302 302
Give it a try and see if that helps.
regards,
Ajay Kumar

ACE: probe timers

Hi,
I've general question about ACE probe timers. I've following probe setup:
probe https probe:1061
port 1061
interval 34
passdetect interval 17
open 1
ACE# sh probe probe:1061detail
probe       : probe:1061
type        : HTTPS
state       : ACTIVE
description :
   port      : 1061   address     : 0.0.0.0         addr type : -
   interval : 34      pass intvl : 17              pass count : 3
   fail count: 3       recv timeout: 10
===
for above probe: when ACE will declare the server as down? will it declare it down after (17*3+34) 85 seconds or it will declare it down after 115 seconds (added recv timeout=secs 3 times = 30 seconds).
please help.
========
we did a test and bought down the server manually. ACE declared the server down after 91 seconds (from the time when server was brought down).

Hi Gavin, Krishna,
The explanation for all these parameters can be found in the health monitoring section of the configuration guide (
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/probe.html#wp1031040)
Below are the definitions quoted from the guide:
Interval:
The time interval between probes is the frequency that the ACE sends probes to a server marked as passed. You can change the time interval between probes by using the interval command
Faildetect:
Before the ACE marks a server as failed, it must detect that probes have failed a consecutive number of times. By default, when three consecutive probes have failed, the ACE marks the server as failed. You can configure this number of failed probes by using the faildetect command
Passdetect interval/count:
To configure the time interval after which the ACE sends a probe to a failed server and the number of consecutive successful probes required to mark the server as passed, use the passdetect command.
So, to summarize, taking Gavin's configuration as example. A server failure would be detected in a time between 78 seconds (2x34 +10) and 112 (3x34 +10). Once it's down, it will become operational between 34 (2x17) and 51 (3x17) seconds after it comes back up.
I hope this helps
Daniel

Sometimes when i get out of the full screen option for a microsoft word document i lose my main toolbar (the toolbar with the minimize and escape buttons, etc. etc.)

Sometimes when i get out of the full screen option for a microsoft word document i lose my main toolbar (the toolbar with the minimize and escape buttons, etc. etc.)??

MacBook Pro
https://discussions.apple.com/community/notebooks/macbook_pro
https://discussions.apple.com/community/mac_os?view=discussions
http://www.apple.com/support/macbookpro

What keys can duplicate the "option", "command", and "escape" keys

Am having to use an
ONN external keyboard and would like to know what keys can duplicate the "Option", "Command" and "Escape" functions.... Thank you

krisserz,
Actually, yes, a lot of things are similar on MACs, but for example, on this page: http://www.bugge.com/Family-and-friends/Illy/illy.html it says to find the folder Adobe Illustrator [X] Settings and there is none on my computer.
The Move the folder hint says:
Up to version 10, the name of the folder is Adobe Illustrator [X],
From version CS on, the name of the folder is Adobe Illustrator [X] Settings.
[X] is the version number; up to 10, it is just a number, and above that the Creative Suite version number, CS, CS2, CS3, CS4, and so on, is used (the corresponding standalone versions still have simple numbers, CS is called 11, CS2 is called 12, CS3 is called 13, and CS4 is called 14, but the version numbers with CS are used in the folder name).
So in your case it would be Adobe Illustrator CS3 Settings.
It may be worth going through all the Other options and try whichever may be relevant (Entorurage is mentioned under 7, along with quite a few others).
One of the less nice options is to reinstall, in which case the Clean Script should be used. http://www.adobe.com/support/contact/cs3clean.html

HT1338 on my macbook my one button delete botton sound buttons and escape doesnt work i updated everything and it still doesnt work what do i do

on my macbook my one button delete botton sound buttons and escape doesnt work i updated everything and it still doesnt work what do i do

Unless somebody else has a micracle workaround I don't know. Probably get the phone in for repair since it has been living on borrowed time so far and now you absolutely must have a working button.

ACE logging - rserver and probes

on CSS I get an info if a server fails the keepalive and get in state "down, up or suspended". This is logged in the traplog file on the CSS.
Is there any possibility on an ACE to have logs for rserver state changes like "PROBE-FAILED, OPERATIONAL and OUT-OF-SERVICE"
thx in advance

Hi Gilles,
1. looks fine, but I miss the rserver Name in the log. it only appears the ip address of the server.
So it looks like that the "ip address log" is implemented :-(
b-sllb2001-09/db_bku-nK2# show rserver sthon
rserver : sthon, type: HOST
state : PROBE-FAILED
----------connections-----------
real weight state current total
---+---------------------+------+------------+----------+--------------------
serverfarm: test.db.de
172.24.100.98:0 8 PROBE-FAILED 0 0
b-sllb2001-09/db_bku-nK2# show logging | i ACE-3
Jun 25 2008 09:20:14 : %ACE-3-251011: ICMP health probe failed for server 172.24.100.98, server reply timeout
Jun 25 2008 09:20:23 : %ACE-3-251011: ICMP health probe failed for server 172.24.100.98, server reply timeout
Jun 25 2008 09:20:54 : %ACE-3-251011: ICMP health probe failed for server 172.24.100.98, server reply timeout
Jun 25 2008 09:21:54 : %ACE-3-251011: ICMP health probe failed for server 172.24.100.98, server reply timeout
2. I can find nothing in the log when the probe gets "operational" or "out-of-service state".
Is thos correct ?
b-sllb2001-09/db_bku-nK2# show rserver sthon
rserver : sthon, type: HOST
state : OPERATIONAL
----------connections-----------
real weight state current total
---+---------------------+------+------------+----------+--------------------
serverfarm: test.db.de
172.24.100.98:0 8 OPERATIONAL 0 0

SMTP and IMAP ACE Probe configuration Example

Hi,
Could someone share he SMTPS and IMAPS probe setting configuration in CISCO ACE 4710 for my reference.
I have two server 10.1.1.58 and 10.1.1.59 which supposed to be load balaced for the service 993 and 465.
Regards
BR

Hello There,
The ACE has built-in scripted probes in order to check connectivity beyond layer 4 with these kinds of mail servers but only for the unencrypted versions SMTP/IMAP.
In your case since you're working with these protocols over SSL/TLS, you'll need to configure regular TCP probes for each serverfarm so reachability will be test'd based on TCP port.
probe tcp IMAPS-993
port 993
interval 5
faildetect 2
passdetect interval 3
passdetect count 1
open 1
probe tcp SMTPS-464
port 465
interval 5
faildetect 2
passdetect interval 3
passdetect count 1
open 1
HTH
Pablo

ACE sorry server and sticky

I have configured 3 different serverfarms with including realservers
2 of them are with websites, the other 1 is with webservices
I also have configured a sorry server farm and the including rserver.
On the sorry rserver i have configured 2 maintenance websites, listening to an unique hostheader.
So for serverfarm A & B i have configured a seperate maintenance website.
Now when i take rservers from serverfarm A or B down, the sorry server will get active for the needed farm.
However i can only reach 1 maintenance website. And even so, an url used to reach farm A gets on maintenance site from B
This is strange behaviour, doesnt a sorryserver just accept requests with the requested hostheader by the client ?
Also, when i put the rservers from A and B back into service i have to do a "clear stick database all" otherwise the sorryserver will remain active.
What is wrong here ?
probe http EHIC-http
description Test op WWW functionaliteit
interval 10
passdetect interval 30
request method get url http://acc.site-B.nl/web/
expect status 200 200
header Host header-value "acc.site-B.nl"
expect regex 1.8.0.2
probe http WWW-http
description Test op WWW functionaliteit
interval 10
passdetect interval 30
request method get url http://acc.site-A.nl/web/default.aspx
expect status 200 200
header Host header-value "acc.site-A.nl"
expect regex v1.9.2.327
serverfarm host EHIC-FARM
failaction purge
predictor leastconns slowstart 30
probe EHIC-http
rserver ehic_server01.site-B.nl
inservice
serverfarm host SORRY-FARM
failaction purge
predictor leastconns
rserver sorrypage.site-C.nl
inservice
serverfarm host WBS-FARM
failaction purge
predictor leastconns slowstart 30
probe ICMP-PROBE
rserver acc-wbs01v.site-D
inservice
rserver wbs_01.site-D
inservice
rserver wbs_02.site-D
inservice
serverfarm host WWW-FARM
failaction purge
predictor leastconns slowstart 30
probe WWW-http
rserver acc-www01v.site-A
inservice
rserver acc_server01.site-A
inservice
rserver acc_server02.site-A
inservice
sticky ip-netmask 255.255.255.255 address source EHIC-FARM-STICKY
serverfarm EHIC-FARM backup SORRY-FARM
sticky ip-netmask 255.255.255.255 address source WWW-FARM-STICKY
serverfarm WWW-FARM backup SORRY-FARM
class-map match-any EHIC-VIP
2 match virtual-address 172.30.9.4 tcp eq https
3 match virtual-address 172.30.9.4 tcp eq www
class-map match-any WBS-VIP
6 match virtual-address 172.30.5.4 tcp eq www
7 match virtual-address 172.30.5.4 tcp eq https
class-map match-any WWW-VIP
2 match virtual-address 172.30.6.4 tcp eq www
3 match virtual-address 172.30.6.4 tcp eq https
policy-map type loadbalance first-match EHIC-FARM-STICKY-BALANCE
class class-default
sticky-serverfarm EHIC-FARM-STICKY
policy-map type loadbalance first-match WBS-FARM-BALANCE
class class-default
serverfarm WBS-FARM
policy-map type loadbalance first-match WWW-FARM-STICKY-BALANCE
class class-default
sticky-serverfarm WWW-FARM-STICKY
policy-map multi-match LOADBALANCING-EHIC
class EHIC-VIP
loadbalance vip inservice
loadbalance policy EHIC-FARM-STICKY-BALANCE
loadbalance vip icmp-reply active
appl-parameter http advanced-options EHIC-PARAMETERS
policy-map multi-match LOADBALANCING-WBS
class WBS-VIP
loadbalance vip inservice
loadbalance policy WBS-FARM-BALANCE
loadbalance vip icmp-reply active
appl-parameter http advanced-options WBS-PARAMETERS
policy-map multi-match LOADBALANCING-WWW
class WWW-VIP
loadbalance vip inservice
loadbalance policy WWW-FARM-STICKY-BALANCE
loadbalance vip icmp-reply active
appl-parameter http advanced-options WWW-PARAMETERS
Regards,
Sebastian

Hi Gilles,
Here is our full config, i only changed some domain names.
I'll try to describe the problem again ;
We have published a website by vip 172.30.6.4
We have another website published by vip 172.30.9.4
These websites are hosted by realservers configured in 2 serverfarms and can be reached from the internet (secured by an ASA)
For both of these farms i have configured a sorryserver. This sorry server should serve a webpage containing a maintenance message whenever a farm should get down.
The sorry server is configured with 2 websites, each listening to the specific hostheader. This hostheader is the same as configured on the rservers for the specific farm 172.30.6.4 or 172.30.9.4.
So what i am trying to accomplish is that i only need 1 sorryserver to server 2 sorry webpages, ofcourse listening to a hostheader to get 2 different sorrypages to be returned.
Now when i take all realservers for both serverfarms down, except for the sorryserver, i can only reach 1 sorrypage.
For example, site A and B are down, when i try to reach site A i get to the sorrypage of site A. But when i try to reach site B i too get served the sorrypage of site A.
And also when i "inservice" all rservers again i have to do a "clear sticky database", otherwise the sorryserver will remain active.
Now i have upgraded to the last version of the ACE ios, but i still have to test if the same problem persists so i will give feedback on this later.
Regards,
Sebastian

ACE: probe failing

Hi,
I've following probe configured:
probe http probe1.test.com:10114
port 10114
interval 34
faildetect 17
passdetect interval 60
expect status 200 200
header Host header-value "hcmfincrp1.test.com"
open 1
and it is applied to serverfarm. but health check is failing. I see following when I do "sh probe probe1.test.com:10114 detail":
sh probe probe1.test.com:10114 deta
probe       : probe1.test.com:10114
type        : HTTP
state       : ACTIVE
description :
   port      : 10114   address     : 0.0.0.0         addr type : -
   interval : 34      pass intvl : 60              pass count : 3
   fail count: 17      recv timeout: 10
   http method      : GET
   http url         : /
   conn termination : GRACEFUL
   expect offset    : 0         , open timeout     : 1
   expect regex     : -
   send data        : -
                ------------------ probe results ------------------
   associations ip-address      port porttype probes   failed   passed   health
   ------------ ---------------+-----+--------+--------+--------+--------+------
   serverfarm : probe1.test.com:443
     real      : server1.test.com[10114]
                192.168.1.110114 PROBE    41531    19556    21975    FAILED
   Socket state        : CLOSED
   No. Passed states   : 5         No. Failed states : 6
   No. Probes skipped : 0         Last status code : 0
   No. Out of Sockets : 0         No. Internal error: 0
   Last disconnect err : Unrecognized or invalid response
   Last probe time     : Wed Oct 12 17:43:30 2011
   Last fail time      : Tue Oct 11 02:33:52 2011
   Last active time    : Sun Oct 9 20:24:02 2011
May i know why health check is failing? why am I seeing msg "Last disconnect err : Unrecognized or invalid response" ?

Hi ,
This error means, that the ace is not receiving a 200 ok response from the server, this happens when server is not responding it or it is receiving that do not have a host header having value hcmfincrp1.test.com , which you have definied, or the page has got modified. Please check if your http server is working fine.
Regards
Abijith

ACE Probe with special Caracters

I need to probe a URL that contains the caracter "?".
I am working with the ACE and would like to know how can I put the URL within the probe format.
Thanks

Hi,
It's one of the 2 solutions below, don't know which one :-)
you can use brackets [ ] or a slash in front of you question mark.
fe:
request method get url /search[?]number=10
If this doens't work, try to use the escape sequence like in IOS:
escape sequence is CRTL-V
so if you want to type it in a probe:
request method get url /search(type CTRL-V)?number=10
HTH,
Dario

Regex and implementing FilenameFilter problem

Hello,
So what I'm trying to do is to create a program that takes a certain set of files, pulls the first line of each file and uses it to name the file. Right now, I'm at the point of getting a listing of files based on a patterns. So when I run the program on the command line (of a windows machine), it spit out the files that I'm looking for. Something like:
java FileRenamer *.txt
Above should produce a listing of only files that have .txt on them (I want to have the capability to choose *.txt or whatever other combination of pattern match).
To do the above, I want to use a FileNameFilter interface to figure out what files match. The problem that I'm running into is that when I run a unit test against the getFilesListBasedOnPattern method, I get:
java.util.regex.PatternSyntaxException: Dangling meta character '*' near index 0
*.txt
The problem is that the *.txt has a regex character (the *) and I'm not sure how make it behave like the wildcard in the dos command line where *.txt means everything that has .txt at the end.
The code listing is below. Does anyone have any suggestions on how to best approach this?
mapsmaps
=======> Code below <=======
// unit test snippet that causes blow out:
FileRenamer fr = new FileRenamer();
String [] strArrFilesBasePattern = fr.getFilesListBasedOnPattern(dirTestFiles,"*.txt");
====
//main program
package com.foo.filerenamer;
import java.io.File;
import java.io.FilenameFilter;
import java.util.Vector;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
* TODO Use regexp to filter out input to *.txt type of thing or nothing else
public class FileRenamer
    // Vallid file patterns are *.*, ?
    public static final String strVALIDINPUTCHARS = "[_.a-zA-Z0-9\\s\\*\\?-]+";
    private static Pattern regexPattern = Pattern.compile(strVALIDINPUTCHARS);
    private static Matcher regexMatcher;
     * @param args
     * @throws InterruptedException
    public static void main(String[] args) throws InterruptedException
        int intMillis = 0;
        if (args.length > 0)
            try
                intMillis = Integer.parseInt(args[0]);
                System.out.println("Sleep set to " + intMillis + " seconds");
            catch (NumberFormatException e)
                intMillis = 5000;
                System.out.println("Sleep set to default of " + intMillis + " since first parameter was non-int");
            for (int i=0;i<args.length;i++)
                System.out.println("hello there - args["+i+"] = "+ args);
Thread.sleep(intMillis);
// TODO Auto-generated method stub
public boolean checkArgs(String [] p_strAr)
boolean bRet = false;
if (p_strAr.length != 1)
return false;
else
regexMatcher = regexPattern.matcher(p_strAr[0]);
bRet = regexMatcher.matches();
return bRet;
public String[] getFilesListBasedOnPattern(File p_dirFilesLoc, String p_strValidPattern)
String[] strArrFilteredFileNames = p_dirFilesLoc.list(new RegExpFileFilter(p_strValidPattern));
return strArrFilteredFileNames;
class RegExpFileFilter implements FilenameFilter
private String m_strPattern = null;
private Pattern m_regexPattern;
public RegExpFileFilter(String p_strPattern)
m_strPattern = p_strPattern;
m_regexPattern = Pattern.compile(m_strPattern);
public boolean accept(File m_directory, String m_filename)
if (m_regexPattern.matcher(m_filename).matches())
return true;
return false;

I am doing something similar but have a problem with Java automatically converting wildcards in path-arguments to the first match (!).
It seems the JVM is applying some intelligence here and checks if a path is passed to main() and if so, it automatically resolves wildcards (also quotes are escaped/resolved), which is pretty annoying and not what I want, since I do never see the original parameters this way:(
Is there a way to get the original parameters without the JVM intervening / "helping"?
Any help would be appreciated, as I want my utility to act just like any other shell-program...

ACE load balancing and testing using soapUI

Hey, I am trying to crowd source a solution for this problem.
A client is testing using soapUI to an application that is being load balanced via ACE. There are two webservers behind the VIP servicing the client request. When client tests, requests are timing out per the soapUI log. A packet capture was taken and it clearly shows that ACE is not forwarding the HTTP data back to the client. When client tests by bypassing the ACE load balancer, it works fine. But, there are other clients from other applications that are making successful connection to the load balanced application via the VIP.
Question, is there any thing unique with making HTTP/XML based requests using soapUI? LB configuration is shown below:
class-map match-all EAI_PWS_9083
2 match virtual-address 10.5.68.29 tcp eq 9083
serverfarm host EAI_PWS_9083
description WebSphere Porduction
failaction purge
probe tcp9083
rserver ESSWSPAPP01 9083
    inservice
rserver ESSWSPAPP02 9083
    inservice
policy-map type loadbalance first-match L7_POLICY_EAI_PWS_9083
class class-default
    serverfarm EAI_PWS_9083
policy-map multi-match L4SLBPOLICY
class EAI_PWS_9083
    loadbalance vip inservice
    loadbalance policy L7_POLICY_EAI_PWS_9083
    loadbalance vip icmp-reply active
    appl-parameter http advanced-options CASE_PARAM
parameter-map type http CASE_PARAM
case-insensitive

Hi,
Your configuration looks fine. I am not familiar with soapUI but if it is like a normal TCP connection followed by HTTP requests, i don't see why this shouldn't work.
Do you know if there is a difference while using soapUI and normal request using browser?
Regards,
Kanwal

ACE - Balance HTTP and sticky only SSL/TLS

Hi there,
I have a situation that I am trying to solve. We have lot of services trough ACE, but now I have to modify one of them, PROXY servers.
I have six (6) servers working with Sticky, but with a MASK 255.255.255.0, which produce an unbalanced situation some times, and that affect some servers on depending of how many users connected to that server. We have between 40K and 50K conns in that serverfarm, but in Sticky terms we have arround 700 /24 subnets.
I want to modify the configuration, specificaly the MASK to 255.255.255.255, which is going to increase a lot Sticky resources. But thinking in optimize Sticky resources, I want to know if there is a way to select only e-commerce, Home Banking or other kind of SSL/TSL traffic (always using port 80 trough proxy servers), so I could use Sticky only for connections that need it, and leave other HTTP traffic without this feature.
I´m sorry, may be I'm doing a silly question, but don´t have the experience to make this configuration, and I will apreciate your help.
Here is the actual configuration:
probe tcp HTTP
description Keepalive web servers
interval 20
passdetect interval 30
rserver host Server1
ip address 10.1.1.1
inservice
rserver host Server2
ip address 10.1.1.2
inservice
rserver host Server3
ip address 10.1.1.3
inservice
rserver host Server4
ip address 10.1.1.4
inservice
rserver host Server5
ip address 10.1.1.5
inservice
rserver host Server6
ip address 10.1.1.6
inservice
serverfarm host PRX
failaction purge
predictor leastconns
probe HTTP
rserver Server1
inservice
rserver Server2
inservice
rserver Server3
inservice
rserver Server4
inservice
rserver Server5
inservice
rserver Server6
inservice
sticky ip-netmask 255.255.255.0 address source sticky-PRX
timeout 60
serverfarm PRX
class-map match-any VIP-PRX
2 match virtual-address 10.10.10.101 tcp eq www
policy-map type loadbalance first-match POLICY-L7-PRX
class class-default
sticky-serverfarm sticky-PRX
policy-map multi-match PRX-Balance
class VIP-PRX
loadbalance vip inservice
loadbalance policy POLICY-L7-PRX
loadbalance vip icmp-reply
interface vlan 100
ip address 10.10.10.11 255.255.255.0
alias 10.10.10.10 255.255.255.0
peer ip address 10.10.10.12 255.255.255.0
no normalization
access-group output SOLO-SLB
service-policy input PRX-Balance
Thanks
Alexis

You might want to check out this new product called ITD.
Simple and faster solution:
ITD provides :
ASIC based multi-terabit/s L3/L4 load-balancing at line-rate
No service module or external L3/L4 load-balancer needed. Every N7k port can be used as load-balancer.
Redirect line-rate traffic to any devices, for example web cache engines, Web Accelerator Engines (WAE), video-caches, etc.
Capability to create clusters of devices, for example, Firewalls, Intrusion Prevention System (IPS), or Web Application Firewall (WAF), Hadoop cluster
IP-stickiness
Resilient (like resilient ECMP)
VIP based L4 load-balancing
NAT (available for EFT/PoC). Allows non-DSR deployments.
Weighted load-balancing
Load-balances to large number of devices/servers
ACL along with redirection and load balancing simultaneously.
Bi-directional flow-coherency. Traffic from A-->B and B-->A goes to same node.
Order of magnitude OPEX savings : reduction in configuration, and ease of deployment
Order of magnitude CAPEX savings : Wiring, Power, Rackspace and Cost savings
The servers/appliances don’t have to be directly connected to N7k
Monitoring the health of servers/appliances.
N + M redundancy.
Automatic failure handling of servers/appliances.
VRF support, vPC support, VDC support
Supported on both Nexus 7000 and Nexus 7700 series.
Supports both IPv4 and IPv6
N5k / N6k support : coming soon
Blog
At a glance
ITD config guide
Email Query or feedback:[email protected]

ACE Probe regex and escaping Parenthesis

Similar Messages

Maybe you are looking for