ACE real server rate liiting
Hi,
If the ACE is configured to rate limit the traffic to a given real server to a certain bandwidth, what happens to the traffic that exceeds the specified limit ? Does the ACE drop this traffic in all cases as the documentation says ? Or can we configure the ACE to bypass this traffic either without any load balancing or to a backup server ?
Thanks and regards
That sounds good, When there is excess traffic, all the new connections would be sent to the serverfarm representing the DG. Now when the traffic level of the cache due to the existing connections decrease below acceptable levels, the ACE will again bring it in to rotation.
Cool, One question though. What happens if there are two caching servers, and we want to implement the same to both the servers. I'm thinking the net effect would be similar. But would there be any caveats ?
Similar Messages
-
ACE 4710: Find out the response time of a real server
Hi to everyone,
I have a couple of ACE 4710 and I need to find out what is the response time of a real server.
Is there a way for this?
Thank you for any answer!
giorgio romanoHi,
Kindly add the following line in your serverfarm configuration:
predictor response syn-to-synack
Suppose your serverfarm looks like this:
serverfarm host AAA_FARM
predictor response syn-to-synack
probe HTTP_PROBE
probe TCP9001_PROBE
rserver SC106
inservice
rserver SC107
inservice
rserver SC108
inservice
rserver SC109
inservice
rserver SC110
inservice
rserver SC111
inservice
rserver SC112
inservice
rserver SC113
inservice
rserver SC114
inservice
rserver SC120
inservice
rserver SC131
inservice
And then use the following command to see the average response time from your rserver as follows:
ACE1/prod# show serverfarm AAA_FARM detail
serverfarm : AAA_FARM, type: HOST
total rservers : 11
active rservers: 11
description : ServerFarm AAA
state : ACTIVE
predictor : RESPONSE
method : syn-to-synack
samples : 8
failaction : -
back-inservice : 0
partial-threshold : 0
num times failover : 0
num times back inservice : 0
total conn-dropcount : 0
Probe(s) :
HTTP_PROBE, type = HTTP
TCP9001_PROBE, type = TCP
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: SC106
x.x.x.x.:0 8 OPERATIONAL 2 1125 0
max-conns : 4000000 , out-of-rotation count : 0
min-conns : 4000000
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
load value : 0
average response time (usecs) : 81 ----> thats what you might be looking for
From other day :
rserver: SC114
x.x.x.x:0 8 OPERATIONAL 70 10903 2
max-conns : 4000000 , out-of-rotation count : 0
min-conns : 4000000
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
load value : 0
average response time (usecs) : 1334 ----> thats what you might be looking for
For Serverfarm BBB_FARM
serverfarm : BBB_FARM, type: HOST
total rservers : 1
active rservers: 1
description : ServerFarm BBB
state : ACTIVE
predictor : RESPONSE
method : syn-to-synack
samples : 8
failaction : -
back-inservice : 0
partial-threshold : 0
num times failover : 1
num times back inservice : 1
total conn-dropcount : 0
Probe(s) :
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: SC208
x.x.x.x:0 8 OPERATIONAL 0 0 0
max-conns : 4000000 , out-of-rotation count : 0
min-conns : 4000000
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
load value : 0
average response time (usecs) : 0 ----> thats what you might be looking for
Use more detials for response predictor:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp1068831
Configuring the Application Response Predictor
To instruct the ACE to select the server with the lowest average response time for the specified response-time measurement based on the current connection count and server weight (if configured), use the predictor response command in server farm host or redirect configuration mode. This predictor is considered adaptive because the ACE continuously provides feedback to the load-balancing algorithm based on the behavior of the real server.
To select the appropriate server, the ACE measures the absolute response time for each server in the server farm and averages the result over a specified number of samples (if configured). With the default weight connection option configured, the ACE also takes into account the server's average response time and current connection count. This calculation results in a connection distribution that is proportional to the average response time of the server.
The syntax of this command is as follows:
predictor response {app-req-to-resp | syn-to-close | syn-to-synack}[samples number]
The keywords and arguments are as follows:
•app-request-to-resp—Measures the response time from when the ACE sends an HTTP request to a server to the time that the ACE receives a response from the server for that request.
•syn-to-close—Measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives a CLOSE from the server.
•syn-to-synack—Measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives the SYN-ACK from the server.
•samples number—(Optional) Specifies the number of samples over which you want to average the results of the response time measurement. Enter an integer from 1 to 16 in powers of 2. Valid values are 1, 2, 4, 8, and 16. The default is 8.
For example, to configure the response predictor to load balance a request based on the response time from when the ACE sends an HTTP request to a server to when the ACE receives a response back from the server and average the results over four samples, enter:
host1/Admin(config)# serverfarm SFARM1
host1/Admin(config-sfarm-host)# predictor response app-req-to-resp
samples 4
To reset the predictor method to the default of round-robin, enter:
host1/Admin(config-sfarm-host)# no predictor
To configure an additional parameter to take into account the current connection count of the servers in a server farm, use the weight connection command in server farm host predictor configuration mode. By default, this command is enabled. The syntax of this command is as follows:
weight connection
For example, enter:
host1/Admin(config)# serverfarm SF1
host1/Admin(config-sfarm-host)# predictor response app-request-to-resp
samples 4
host1/Admin(config-sfarm-host-predictor)# weight connection
To remove the current connection count from the calculation of the average server response time, enter:
host1/Admin(config-sfarm-host-predictor)# no weight connection
You can use threshold milliseconds parameter which is optional Specifies the required minimum average response time for a server. If the server response time is greater than the specified threshold value, the ACE removes the server from the load-balancing decision process (takes the server out of service).
Enter an integer from 1 to 300000 milliseconds (5 minutes). The default is no threshold (servers are not taken out of service).
In case if you have measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives a CLOSE from the server use syn-to-close (already discussed previously)
If you have to measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives the SYN-ACK from the server use syn-to-synack (already discussed previously)
SAMPLES parameter is optional and specifies the number of samples that you want to average from the results of the response time measurement and response time is used to select the server with the lowest response time for the requested response-time measurement. If you do not specify a response-time measurement method, the ACE uses the HTTP app-req-to-response method.
Whenever a server's load reaches zero, by default, the ACE uses the autoadjust feature to assign a maximum load value of 16000 to that server to prevent it from being flooded with new incoming connections. The ACE periodically adjusts this load value based on feedback from the server's SNMP probe and other configured options.
Using the least-loaded predictor with the configured server weight and the current connection count option enabled, the ACE calculates the final load of a real server as follows:
final load = weighted load × static weight × current connection count
where:
•weighted load is the load reported by the SNMP probe
•static weight is the configured weight of the real server
•current connection count is the total number of active connections to the real server
The ACE recalculates the final load whenever the connection count changes, provided that the (config-sfarm-host-predictor) weight connection command is configured. If the (config-sfarm-host-predictor) weight connection command is not configured, the ACE updates the final load when the next load update arrives from the SNMP probe.
If two servers have the same lowest load (either zero or nonzero), the ACE load balances the connections between the two servers in a round-robin manner.
HTH
Plz rate if u find it useful.
Sachin -
ACE- From one real server to another VIP
Hi,
I have a problem with ACE;
We have multiple serverfarms configured in the ACE module based on the application and different VIPs related to it. We are running the ACE in bridging mode. Now the requirement is from one serverfarm real server wants communicate to the VIP of the second serverfarm...Is this possible..???? Wil some NATing help in this situation. Below is the configuration.
======================
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
access-list LAN_Traffic remark For all IP Traffic
access-list LAN_Traffic line 10 extended permit ip any any
access-list LAN_Traffic line 20 extended permit icmp any any
probe http PORTAL_HTTP
passdetect interval 20
passdetect count 2
request method get url http://portal
expect status 0 600
probe http RMS_HTTP
request method get url /_wmcs
expect status 0 600
rserver host PORTAL1
ip address 172.22.11.241
inservice
rserver host PORTAL2
ip address 172.22.11.243
rserver host QGLRSPW1
inservice
rserver host RMS01
ip address 172.22.10.12
inservice
rserver host RMS02
ip address 172.22.10.8
inservice
serverfarm host PORTAL
failaction purge
probe PORTAL_HTTP
rserver PORTAL1
inservice
rserver PORTAL2
inservice
serverfarm host RMS
failaction purge
probe RMS_HTTP
rserver RMS01
inservice
rserver RMS02
inservice
class-map match-any PORTAL
2 match virtual-address 172.22.10.166 tcp any
class-map match-any RMS
2 match virtual-address 172.22.10.52 tcp eq www
3 match virtual-address 172.22.10.52 tcp eq https
policy-map type loadbalance first-match RMS-POLICY
class class-default
serverfarm RMS
policy-map type loadbalance first-match PORTAL-POLICY
class class-default
serverfarm PORTAL
policy-map multi-match SFARM-LB-POLICY
class RMS
loadbalance vip inservice
loadbalance policy RMS-POLICY
loadbalance vip icmp-reply active
class PORTAL
loadbalance vip inservice
loadbalance policy PORTAL-POLICY
loadbalance vip icmp-reply active
interface vlan 800
description ACE Client Interface
bridge-group 1
mac-sticky enable
service-policy input SFARM-LB-POLICY
no shutdown
interface vlan 898
description ACE Server Interface
bridge-group 1
mac-sticky enable
no shutdown
interface bvi 1
ip address 172.22.11.151 255.255.252.0
alias 172.22.11.153 255.255.252.0
peer ip address 172.22.11.152 255.255.252.0
description Bridge Group for 800 and 898 Interfaces
no shutdown
ip route 0.0.0.0 0.0.0.0 172.22.8.17
===================================
Pleae help..Thanks in advanceHello!
Well yes it would work. BUT...you have to change your config a bit. First you need to apply your accesslist to both interfaces, or the ACE will reject it, because it is acting as a firewall by default. And second you have to apply the policymap to both interfaces as well or you put the policymap globally on the ACE. -
ACE Module: Recover a real server probe-failed status
How does the ACE module recover a real server that has entered a probe-failed status state? We are doing some testing, purposely dropping a servers interface. ACE recognizes the server as being down and show it in a probe-failed state. When we bring the system's interface back up, will ACE see this and automatically bring the state back into Operational status, or does someone have to do something on the ACE module?
ACE continues to probe servers that are down or probe_failed. As soon as a server starts responding again its state will switch to alive again.
Nothing to be done.
Gilles. -
ACE 4710 use dns name in real server
Is there any way to use a DNS name in real server and not a static IP.
Hi,
This is not possible at the moment. With ACE EOL, i don't think it would be added either.
Regards,
Kanwal
Note: Please mark answers if they are helpful. -
ACE 4710 Probes on other servers than the real server
Hi,
I wanted to know if there is a means to configure a probe that is independent of the real servers.
The aim is to configure a probe a real server but also probe another intermediate server which is not in the server farm.
The objective is to declare the real server down if its probe fails but also the probe to an intermediate server fails as well as a or condition.
From the document, there is no mention of it.
But is there a means to do it.
Thanks.Hi Ashley,
i see it is not mentioned anywhere in document but i think ou should be able to bind two probes with real server of which one probe is actually probing another server.
I would configure one probe let's say TCP based and bind it with serverfarm. Then i would configure another probe TCP based and define IP address in that probe (the other server IP which we need to probe) and bind this probe with same serverfarm. Serverfarm will not have this rserver added. And then i would configure "fail-on-all" and test if that works for you.
i know you can set probe on redirect server/serverfarm which actually probes another real server so logically should work for normal host rserver as well. But i have never tested it myself.
Regards,
Kanwal -
Hi All,
I have tried to configure the above parameter but it doesn't seem to be working.
The version running on the ACE is 2.3.4 and I am running multiple contexts.
The below configuration was tried on one of the contexts, not being Admin.
The command I used was :
logging rate-limit 42 60 message 251010
What I am trying to achieve here is receive notification that a rserver has failed its connectivity check, therefore alerting the relevant people.
The issue I am encountering is that every second I receive all the alerts again.
I am only wanting to receive the alert once if possible and gain once the rserver has come back online.
Is this possible, if so please explain how I can do it?
TIA.
Jack.your rate limit should be giving you 42 of those messages per 60 seconds. But this is health probe failure which depending on how many does not necessarily mean server is down. (depends on fail count). also it is level 6 message. the message you really want is:
Error Message %ACE-4-442001: Health probe probe name detected real_server_name
(interface interface_name) in serverfarm sfarm_name changed state to UP
Explanation The state of a real server changed from down to up.
Recommended Action None required.
442002
Error Message %ACE-4-442002: Health probe probe name detected real_server_name
(interface interface_name) in serverfarm sfarm_name changed state to DOWN
suggest you do logging at level 4 and you will only see the message when server state changes -
Real server to access a different Virtual server in same context ??
Hi all,
I got a scenario need to clarified before go to production. Below is my traffic explaination
SETUP
Context WEB -1st Virtual server (10.10.10.1) - > bind 2 Real Server ( 1.1.1.1 and 1.1.1.2) ->sticky configured
Context WEB - 2nd Virtual server (20.20.20.1) - > bind 2 Real Server (2.2.2.1 and 2.2.2.2) ->sticky configured
My question is
User will HIT 10.10.10.1 and load balance to RS 1.1.1.1 and 1.1.1.2, RS 1.1.1.1 and 1.1.1.2 will need to go destination 20.20.20.1 and ACE load balance to 2.2.2.1 and 2.2.2.2.
Will RS1.1.1.1 and 1.1.1.2 success HIT 20.20.20.1 and ACE can load balace to 2.2.2.1 and 2.2.2.2 and response to RS1.1.1.1 and 1.1.1.2?
Any comment is welcome !!!
Thank you,
Meng KiatHi Meng,
It is possible. You need to apply the Virtual server (20.20.20.1) policy to the server side Vlan interface.
That way server ( 1.1.1.1 and 1.1.1.2) can hit virtual server (20.20.20.1)
This should work just fine without any trouble.
regards,
Ajay Kumar. -
Cisco C6500 CSM - Real server cannot ping its VIP.
I've been running into an issue with Cisco CSM for a number of years, but always found a way around it. Im attempting to get to the bottom of this to find out once and for all, if this is infact a limitation of the device, or a config issue/work around is possible.
Here is my situation. My CSM's are configured in bridging mode. Traffic works great, traffic bridges across vlans correctly. Everything works and have many instances of smilar configurations running in production. Every once and a while, a client requests that a "real" server (ie LWCMW-021)
cannot ping its VIP address (10.95.88.68). I am assuming this is related to the NAT Server, but not 100% sure. Clients have requested this functionality for some type of application based purpose, but Im unaware if CSM in bridging mode can provide this or not.
Any suggestions?
real LWCMW-021
address 10.95.88.59
inservice
real LWCMW-022
address 10.95.88.60
inservice
serverfarm LWCMW-80
nat server
no nat client
real name LWCMW-021 80
inservice
real name LWCMW-022 80
inservice
probe HTTP-80 (defined elsewhere)
vserver LWCMW-80
virtual 10.95.88.68 tcp WWW
vlan 120
serverfarm LWCMW-80
persistent rebalance
inserviceSorry for giving false hope. It is only possible in ACE module. In case of CSM I believe we can only use workaround.
In case of ACE we can bind the Virtual IP to mutliple vlan. In that case we see a ARP entry like this.
10.10.10.111 e0.5f.b9.a1.72.2b vlan345 VSERVER LOCAL _ up
10.10.10.111 e0.5f.b9.a1.72.2b vlan346 VSERVER LOCAL _ up
As Virtual IP is not bound to a particular vlan in case of CSM it does not work here, but I can say for sure it is expected behavior.
The logic would be that the server tries to resolve the ARP for Virtual IP and it does not get a response.
In my case virtual ip is 10.10.10.111 before applying policy on ACE you can see that it is exhibiting the same behaviour.
Time | Vmware_b4:72:11 | 10.0.0.0 | 10.10.10.4 |
| | | Broadcast | | 224.0.0.1 | | 224.0.0.22 |
|0.000 | Who has 10.10.10.11 | | | | |ARP: Who has 10.10.10.111? Tell 10.10.10.11
| |(0) ------------------> (0) | | | | |
|0.999 | Who has 10.10.10.11 | | | | |ARP: Who has 10.10.10.111? Tell 10.10.10.11
| |(0) ------------------> (0) | | | | |
| | | | | |(0) ------------------> (0) |
|1.998 | Who has 10.10.10.11 | | | | |ARP: Who has 10.10.10.111? Tell 10.10.10.11
| |(0) ------------------> (0) | | | | |
|3.014 | Who has 10.10.10.11 | | | | |ARP: Who has 10.10.10.111? Tell 10.10.10.11
| |(0) ------------------> (0) | | | | |
|4.014 | Who has 10.10.10.11 | | | | |ARP: Who has 10.10.10.111? Tell 10.10.10.11
| |(0) ------------------> (0) | | | | |
Hope that helps. -
ACE: Virtual Server (VMWARE) running on ACE
Hello,
I have 2 servers to do loadbalance. they are running VMWARE, they have 4 servers inside of real server. each vmware server only has 1 port connected to Switch, if I want to balance one of them? how do I do?
Best RegardsIt shouldn't make any difference whether the servers are real or virtual. The ACE works on IP addresses and VLANs. How you configure the context will depend on your network. You may need to use source NAT or you might be able to just use the network as is. It all depends on how you have configured your network.
You'll need to balance across real physical servers to maximise resilience though.
HTH
Cathy -
How can I change the real server convergence timer in LD ?
I have LD416(3.1.4) and configured 1*VIP and 2*Real server. looks it takes about 30 seconds to switching to the other real server when one of failure.
Q) How can I reduce the the convergence time?
Thanks,I am not sure , but check with by configure the DELAY command and see if that helps resolve this.For related information on timers, could you refer the below URL :
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca75d.html -
Load balancing with only one Real Server on CSM
Other than create a VSERVER with only one real server in it - is there a way of load balancing when you have only one real server now and may be additional servers to be added later?
the only way is to use the vserver.
Gilles. -
CSS 11500:Client ip-address visible to the real server
Is it possible to keep the original ip-address of the client when the the css is redirecting the traffic to the real server. customer needs the client ip-address on the real server for reporting.
regards
Dietrich SchleyerDietrich,
by default the CSS will keep the original client ip address.
To have the CSS changing the client ip, your customer must have configured a group with 'add destination service'.
Probably because your client is using a one-armed setup which is the easiest to implement but the worst to use.
So, your customer should go to a 2-sides CSS design and have the traffic flow through the CSS without the need to do client nat.
Once the design is correct, you can remove the group and the CSS will keep the client ip address.
Regards,
Gilles.
Thanks for rating. -
Good day everyone,
I have a question in regard to real server operation with different server farms, and VIPs
Can a Real Server be associated ( for simpliciy) with two different Server Farms that have a VIP associated with each, servicing the same TCP Port (443).
Example:
SF-A
RSRV-1: 192.168.1.10 /24
RSRV-2: 192.168.1.11 /24
VIP-A: 192.168.1.20 /24
VIP-A: https:web-A
Protocol: HTTPS
SF-B
RSRV-2: 192.168.1.11 /24
RSRV-3: 192.168.1.12 /24
VIP-B: 192.168.1.30 /24
VIP-b: https:web-B
Protocol: HTTPS
Client-A: 172.16.128.10
Client-B: 172.16.128.15
I have attached an sketch depicting the connectivity.
As always any feedback/Suggestions will be greatly apprecaited.
Cheers,
Raman AzizianRaman,
This type of config is no problem. What the server is doing is virtual web hosting. The server would have two different web services running for the same IP, but each listening for a unique host header.
From an IP point of view both connections would be destined to the rserver address on port 80, but in the http header they would have two different Host headers.
one for www.example1.com and the second for www.example2.com. If the web server is configured correct so each host name is tied to one web service it will not have any issues.
The config you attached looks ok. The way you have the sticky group is ok doing source IP. If you use cookies for the sticky group I would suggest you create two sticky groups each with a different cookie name and add the same serverfarm to both groups. The client will only send a cookie for the domain it received it from so using the same cookie in two vips could cause problems if the same client hits both vips.
Hope that helps
Regards
Jim -
Is Snow Leopard Server that Last Real Server OS?
After trying to get Lion Server to work for the last few days, I finally gave up. The Virtual Hosting is broken period. I tried all of the work arounds and some worked to some extent, but all had problems with various client computers. There are so many other things not working that it woud take too long to list them all.
As a result, I can only assume that Apple now intends it's servers to be toys for some home user to install to play with. I can't belive that they released this with the word "Server" attached to it.
My question is: Do you think that Apple will ever release a real server OS again?Hi
"My question is: Do you think that Apple will ever release a real server OS again?"
I don't doubt you've had problems but the question gets asked every time Apple release a new version of the Server. IIRC there were many saying the same or something similar for 10.4, 10.5 and 10.6. No Server version ever really 'settles down' - possibly - until Apple release the .1 update. Generally and in my experience things don't become 'stable' until the .3 and .4 Updates have been released.
As far as I can see nothing has really changed that much and the best advice I can give is to wait and see.
HTH?
Tony
Maybe you are looking for
-
Logic Pro (9.1.7) fails to open in OS Mountain Lion
Hi, After replacement of HD (made by authorised Apple dealers) and installation of Mountain Lion, Logic Pro will not launch; Message: Logic Pro failed to open. The following problem report pops up on launch; Process: Logic Pro [329] Path:
-
All in one printer won't print black ink - colour only
My all in one printer won't print in black right now - colour only - even though the black ink is new. It will print a couple of black ink pages and then reverts to colour. If I give it a rest it will print a couple more black pages and then again,
-
Lightroom (1.4.1 and 2.0) doesn't properly save IPTC in UTF8?
I'm having problems viewing metadata written in Lightroom 1.4.1 or 2.0 beta in other applications. I write titles, captions and keywords in Lightroom on Mac OSX, using danish characters such as Æ Ø and Å. I then export the files to a JPG, and try to
-
TNS:operation timed out - on different subnets
I am having a problem with Oracle on a companys local network. The problem is manifested by TNS-12535: TNS:operation timed out error which happens when client repetitively makes connection to Oracle instance located on a different subnet (going via
-
Are non-Unibody Macbook Pros still viable for professional Photoshop/Lightroom work?
I currently own a late 2008 Macbook pro (the first unibody) model with a 2.4ghz core 2 duo processor, and I am looking for something similar to get my wife who works with as an upgrade to her crappy old laptop that crashes on her when she has more th