ACE real server rate liiting

Similar Messages

• ACE 4710: Find out the response time of a real server

  Hi to everyone,
  I have a couple of ACE 4710 and I need to find out what is the response time of a real server.
  Is there a way for this?
  Thank you for any answer!
    giorgio romano

  Hi,
  Kindly add the following line in your serverfarm configuration:
  predictor response syn-to-synack
  Suppose your serverfarm looks like this:
  serverfarm host AAA_FARM
  predictor response syn-to-synack
  probe HTTP_PROBE
  probe TCP9001_PROBE
  rserver SC106
  inservice
  rserver SC107
  inservice
  rserver SC108
  inservice
  rserver SC109
  inservice
  rserver SC110
  inservice
  rserver SC111
  inservice
  rserver SC112
  inservice
  rserver SC113
  inservice
  rserver SC114
  inservice
  rserver SC120
  inservice
  rserver SC131
  inservice
  And then use the following command to see the average response time from your rserver as follows:
  ACE1/prod# show serverfarm AAA_FARM detail
  serverfarm     : AAA_FARM, type: HOST
  total rservers : 11
  active rservers: 11
  description    : ServerFarm AAA
  state          : ACTIVE
  predictor      : RESPONSE
  method            : syn-to-synack
  samples           : 8
  failaction     : -
  back-inservice    : 0
  partial-threshold : 0
  num times failover       : 0
  num times back inservice : 0
  total conn-dropcount : 0
  Probe(s) :
  HTTP_PROBE,  type = HTTP
  TCP9001_PROBE,  type = TCP
  ----------connections-----------
  real                  weight state        current    total      failures
  ---+---------------------+------+------------+----------+----------+---------
  rserver: SC106
  x.x.x.x.:0        8      OPERATIONAL  2          1125       0
  max-conns            : 4000000   , out-of-rotation count : 0
  min-conns            : 4000000
  conn-rate-limit      : -         , out-of-rotation count : -
  bandwidth-rate-limit : -         , out-of-rotation count : -
  retcode out-of-rotation count : -
  load value           : 0
  average response time (usecs) : 81   ----> thats what you might be looking for
  From other day :
  rserver: SC114
  x.x.x.x:0        8      OPERATIONAL  70         10903      2
  max-conns            : 4000000   , out-of-rotation count : 0
  min-conns            : 4000000
  conn-rate-limit      : -         , out-of-rotation count : -
  bandwidth-rate-limit : -         , out-of-rotation count : -
  retcode out-of-rotation count : -
  load value           : 0
           average response time (usecs) : 1334                       ----> thats what you might be looking for
  For Serverfarm BBB_FARM
  serverfarm     : BBB_FARM, type: HOST
  total rservers : 1
  active rservers: 1
  description    : ServerFarm BBB
  state          : ACTIVE
  predictor      : RESPONSE
  method            : syn-to-synack
  samples           : 8
  failaction     : -
  back-inservice    : 0
  partial-threshold : 0
  num times failover       : 1
  num times back inservice : 1
  total conn-dropcount : 0
  Probe(s) :
  ----------connections-----------
  real                  weight state        current    total      failures
  ---+---------------------+------+------------+----------+----------+---------
  rserver: SC208
  x.x.x.x:0        8      OPERATIONAL  0          0          0
  max-conns            : 4000000   , out-of-rotation count : 0
  min-conns            : 4000000
  conn-rate-limit      : -         , out-of-rotation count : -
  bandwidth-rate-limit : -         , out-of-rotation count : -
  retcode out-of-rotation count : -
  load value           : 0
           average response time (usecs) : 0   ----> thats what you might be looking for
  Use more detials for response predictor:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp1068831
  Configuring the Application Response Predictor
  To instruct the ACE to select the server with the lowest average response time for the specified response-time measurement based on the current connection count and server weight (if configured), use the predictor response command in server farm host or redirect configuration mode. This predictor is considered adaptive because the ACE continuously provides feedback to the load-balancing algorithm based on the behavior of the real server.
  To select the appropriate server, the ACE measures the absolute response time for each server in the server farm and averages the result over a specified number of samples (if configured). With the default weight connection option configured, the ACE also takes into account the server's average response time and current connection count. This calculation results in a connection distribution that is proportional to the average response time of the server.
  The syntax of this command is as follows:
  predictor response {app-req-to-resp | syn-to-close | syn-to-synack}[samples number]
  The keywords and arguments are as follows:
  •app-request-to-resp—Measures the response time from when the ACE sends an HTTP request to a server to the time that the ACE receives a response from the server for that request.
  •syn-to-close—Measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives a CLOSE from the server.
  •syn-to-synack—Measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives the SYN-ACK from the server.
  •samples number—(Optional) Specifies the number of samples over which you want to average the results of the response time measurement. Enter an integer from 1 to 16 in powers of 2. Valid values are 1, 2, 4, 8, and 16. The default is 8.
  For example, to configure the response predictor to load balance a request based on the response time from when the ACE sends an HTTP request to a server to when the ACE receives a response back from the server and average the results over four samples, enter:
  host1/Admin(config)# serverfarm SFARM1
  host1/Admin(config-sfarm-host)# predictor response app-req-to-resp
  samples 4
  To reset the predictor method to the default of round-robin, enter:
  host1/Admin(config-sfarm-host)# no predictor
  To configure an additional parameter to take into account the current connection count of the servers in a server farm, use the weight connection command in server farm host predictor configuration mode. By default, this command is enabled. The syntax of this command is as follows:
  weight connection
  For example, enter:
  host1/Admin(config)# serverfarm SF1
  host1/Admin(config-sfarm-host)# predictor response app-request-to-resp
  samples 4
  host1/Admin(config-sfarm-host-predictor)# weight connection
  To remove the current connection count from the calculation of the average server response time, enter:
  host1/Admin(config-sfarm-host-predictor)# no weight connection
  You can use threshold milliseconds parameter which is optional Specifies the required minimum average response time for a server. If the server response time is greater than the specified threshold value, the ACE removes the server from the load-balancing decision process (takes the server out of service).
  Enter an integer from 1 to 300000 milliseconds (5 minutes). The default is no threshold (servers are not taken out of service).
  In case if you have measures the response time from  when the ACE sends a TCP SYN to a server to the time that the ACE receives a CLOSE from the server  use syn-to-close      (already discussed previously)
  If you have to measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives the SYN-ACK from the server use syn-to-synack   (already discussed previously)
  SAMPLES parameter is optional and  specifies the number of samples that you want to average from the results of the response time measurement and response time is used to select the server with the lowest response time for the requested response-time measurement. If you do not specify a response-time measurement method, the ACE uses the HTTP app-req-to-response method.
  Whenever a server's load reaches zero, by default, the ACE uses the autoadjust feature to assign a maximum load value of 16000 to that server to prevent it from being flooded with new incoming connections. The ACE periodically adjusts this load value based on feedback from the server's SNMP probe and other configured options.
  Using the least-loaded predictor with the configured server weight and the current connection count option enabled, the ACE calculates the final load of a real server as follows:
  final load = weighted load × static weight × current connection count
  where:
  •weighted load is the load reported by the SNMP probe
  •static weight is the configured weight of the real server
  •current connection count is the total number of active connections to the real server
  The ACE recalculates the final load whenever the connection count changes, provided that the (config-sfarm-host-predictor) weight connection command is configured. If the (config-sfarm-host-predictor) weight connection command is not configured, the ACE updates the final load when the next load update arrives from the SNMP probe.
  If two servers have the same lowest load (either zero or nonzero), the ACE load balances the connections between the two servers in a round-robin manner.
  HTH
  Plz rate if u find it useful.
  Sachin

• ACE- From one real server to another VIP

  Hi,
  I have a problem with ACE;
  We have multiple serverfarms configured in the ACE module based on the application and different VIPs related to it. We are running the ACE in bridging mode. Now the requirement is from one serverfarm real server wants communicate to the VIP of the second serverfarm...Is this possible..???? Wil some NATing help in this situation. Below is the configuration.
  ======================
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  access-list LAN_Traffic remark For all IP Traffic
  access-list LAN_Traffic line 10 extended permit ip any any
  access-list LAN_Traffic line 20 extended permit icmp any any
  probe http PORTAL_HTTP
    passdetect interval 20
    passdetect count 2
    request method get url http://portal
    expect status 0 600
  probe http RMS_HTTP
    request method get url /_wmcs
    expect status 0 600
  rserver host PORTAL1
    ip address 172.22.11.241
    inservice
  rserver host PORTAL2
    ip address 172.22.11.243
  rserver host QGLRSPW1
    inservice
  rserver host RMS01
    ip address 172.22.10.12
    inservice
  rserver host RMS02
    ip address 172.22.10.8
    inservice
  serverfarm host PORTAL
    failaction purge
    probe PORTAL_HTTP
    rserver PORTAL1
      inservice
    rserver PORTAL2
      inservice
  serverfarm host RMS
    failaction purge
    probe RMS_HTTP
    rserver RMS01
      inservice
    rserver RMS02
      inservice
  class-map match-any PORTAL
    2 match virtual-address 172.22.10.166 tcp any
  class-map match-any RMS
    2 match virtual-address 172.22.10.52 tcp eq www
    3 match virtual-address 172.22.10.52 tcp eq https
  policy-map type loadbalance first-match RMS-POLICY
    class class-default
      serverfarm RMS
  policy-map type loadbalance first-match PORTAL-POLICY
    class class-default
      serverfarm PORTAL
  policy-map multi-match SFARM-LB-POLICY
    class RMS
      loadbalance vip inservice
      loadbalance policy RMS-POLICY
      loadbalance vip icmp-reply active
  class PORTAL
      loadbalance vip inservice
      loadbalance policy PORTAL-POLICY
      loadbalance vip icmp-reply active
  interface vlan 800
    description ACE Client Interface
    bridge-group 1
    mac-sticky enable
    service-policy input SFARM-LB-POLICY
    no shutdown
  interface vlan 898
    description ACE Server Interface
    bridge-group 1
    mac-sticky enable
    no shutdown
  interface bvi 1
    ip address 172.22.11.151 255.255.252.0
    alias 172.22.11.153 255.255.252.0
    peer ip address 172.22.11.152 255.255.252.0
    description Bridge Group for 800 and 898 Interfaces
    no shutdown
  ip route 0.0.0.0 0.0.0.0 172.22.8.17
  ===================================
  Pleae help..Thanks in advance

  Hello!
  Well yes it would work. BUT...you have to change your config a bit. First you need to apply your accesslist to both interfaces, or the ACE will reject it, because it is acting as a firewall by default. And second you have to apply the policymap to both interfaces as well or you put the policymap globally on the ACE.

• ACE Module: Recover a real server probe-failed status

  How does the ACE module recover a real server that has entered a probe-failed status state? We are doing some testing, purposely dropping a servers interface. ACE recognizes the server as being down and show it in a probe-failed state. When we bring the system's interface back up, will ACE see this and automatically bring the state back into Operational status, or does someone have to do something on the ACE module?

  ACE continues to probe servers that are down or probe_failed. As soon as a server starts responding again its state will switch to alive again.
  Nothing to be done.
  Gilles.

• ACE 4710 use dns name in real server

  Is there any way to use a DNS name in real server and not a static IP.

  Hi,
  This is not possible at the moment. With ACE EOL, i don't think it would be added either.
  Regards,
  Kanwal
  Note: Please mark answers if they are helpful.

• ACE 4710 Probes on other servers than the real server

  Hi,
  I wanted to know if there is a means to configure a probe that is independent of the real servers.
  The aim is to configure a probe a real server but also probe another intermediate server which is not in the server farm.
  The objective is to declare the real server down if its probe fails but also the probe to an intermediate server fails as well as a or condition.
  From the document, there is no mention of it.
  But is there a means to do it.
  Thanks.

  Hi Ashley,
  i see it is not mentioned anywhere in document but i think ou should be able to bind two probes with real server of which one probe is actually probing another server.
  I would configure one probe let's say TCP based and bind it with serverfarm. Then i would configure another probe TCP based and define IP address in that probe (the other server IP which we need to probe) and bind this probe with same serverfarm. Serverfarm will not have this rserver added. And then i would configure "fail-on-all" and test if that works for you.
  i know you can set probe on redirect server/serverfarm which actually probes another real server so logically should work for normal host rserver as well. But i have never tested it myself.
  Regards,
  Kanwal

• Ace Module logging rate limit

  Hi All,
  I have tried to configure the above parameter but it doesn't seem to be working.
  The version running on the ACE is 2.3.4 and I am running multiple contexts.
  The below configuration was tried on one of the contexts, not being Admin.
  The command I used was :
  logging rate-limit 42 60 message 251010
  What I am trying to achieve here is receive notification that a rserver has failed its connectivity check, therefore alerting the relevant people.
  The issue I am encountering is that every second I receive all the alerts again.
  I am only wanting to receive the alert once if possible and gain once the rserver has come back online.
  Is this possible, if so please explain how I can do it?
  TIA.
  Jack.

  your rate limit should be giving you 42 of those messages per 60 seconds. But this is health probe failure which depending on how many does not necessarily mean server is down. (depends on fail count). also it is level 6 message. the message you really want is:
  Error Message    %ACE-4-442001:  Health probe probe name detected real_server_name
  (interface interface_name) in serverfarm sfarm_name changed state to UP
  Explanation    The state of a  real server changed from down to up.
  Recommended Action    None  required.
  442002
  Error Message    %ACE-4-442002:  Health probe probe name detected real_server_name
  (interface interface_name) in serverfarm sfarm_name changed state to DOWN
  suggest you do logging at level 4  and you will only see the message when server state changes

• Real server to access a different Virtual server in same context ??

  Hi all,
  I got a scenario need to clarified before go to production. Below is my traffic explaination
  SETUP
  Context WEB -1st Virtual server (10.10.10.1) - > bind 2 Real Server ( 1.1.1.1 and 1.1.1.2) ->sticky configured
  Context WEB - 2nd Virtual server (20.20.20.1) - > bind 2 Real Server (2.2.2.1 and 2.2.2.2) ->sticky configured
  My question is
  User will HIT 10.10.10.1 and load balance to RS 1.1.1.1 and 1.1.1.2, RS 1.1.1.1 and 1.1.1.2 will need to go destination 20.20.20.1 and ACE load balance to 2.2.2.1 and 2.2.2.2.
  Will RS1.1.1.1 and 1.1.1.2 success HIT 20.20.20.1 and ACE can load balace to 2.2.2.1 and 2.2.2.2 and response to RS1.1.1.1 and 1.1.1.2?
  Any comment is welcome !!!
  Thank you,
  Meng Kiat

  Hi Meng,
  It is possible. You need to apply the Virtual server (20.20.20.1) policy to the server side Vlan interface.
  That way server ( 1.1.1.1 and 1.1.1.2) can hit virtual server (20.20.20.1)
  This should work just fine without any trouble.
  regards,
  Ajay Kumar.

• Cisco C6500 CSM - Real server cannot ping its VIP.

  I've been running into an issue with Cisco CSM for a number of years, but always found a way around it.  Im attempting to get to the bottom of this to find out once and for all, if this is infact a limitation of the device, or a config issue/work around is possible.
  Here is my situation.  My CSM's are configured in bridging mode.  Traffic works great, traffic bridges across vlans correctly.  Everything works and have many instances of smilar configurations running in production.  Every once and a while, a client requests that a "real" server (ie LWCMW-021)
  cannot ping its VIP address (10.95.88.68).  I am assuming this is related to the NAT Server, but not 100% sure.  Clients have requested this functionality for some type of application based purpose, but Im unaware if CSM in bridging mode can provide this or not. 
  Any suggestions?
  real LWCMW-021
  address 10.95.88.59
  inservice
  real LWCMW-022
  address 10.95.88.60
  inservice
  serverfarm LWCMW-80
  nat server
  no nat client
  real name LWCMW-021 80
    inservice
  real name LWCMW-022 80
    inservice
  probe HTTP-80 (defined elsewhere)
  vserver LWCMW-80
  virtual 10.95.88.68 tcp WWW
  vlan 120
  serverfarm LWCMW-80
  persistent rebalance
  inservice

  Sorry for giving false hope. It is only possible in ACE module. In case of CSM I believe we can only use workaround.
  In case of ACE we can bind the Virtual IP to mutliple vlan. In that case we see a ARP entry like this.
  10.10.10.111    e0.5f.b9.a1.72.2b  vlan345   VSERVER    LOCAL     _         up
  10.10.10.111    e0.5f.b9.a1.72.2b  vlan346   VSERVER    LOCAL     _         up
  As Virtual IP is not bound to a particular vlan in case of CSM it does not work here, but I can say for sure it is expected behavior.
  The logic would be that the server tries to resolve the ARP for Virtual IP and it does not get a response.
  In my case virtual ip is 10.10.10.111 before applying policy on ACE  you can see that it is exhibiting the same behaviour.
  Time     | Vmware_b4:72:11                       | 10.0.0.0                              | 10.10.10.4                            |
  |         |                   | Broadcast         |                   | 224.0.0.1         |                   | 224.0.0.22        |                  
  |0.000    |         Who has 10.10.10.11           |                   |                   |                   |                   |ARP: Who has 10.10.10.111?  Tell 10.10.10.11
  |         |(0)      ------------------>  (0)      |                   |                   |                   |          |
  |0.999    |         Who has 10.10.10.11           |                   |                   |                   |                   |ARP: Who has 10.10.10.111?  Tell 10.10.10.11
  |         |(0)      ------------------>  (0)      |                   |                   |                   |                   |
  |         |                   |                   |                   |                   |(0)      ------------------>  (0)      |
  |1.998    |         Who has 10.10.10.11           |                   |                   |                   |                   |ARP: Who has 10.10.10.111?  Tell 10.10.10.11
  |         |(0)      ------------------>  (0)      |                   |                   |                   |                   |
  |3.014    |         Who has 10.10.10.11           |                   |                   |                   |                   |ARP: Who has 10.10.10.111?  Tell 10.10.10.11
  |         |(0)      ------------------>  (0)      |                   |                   |                   |                   |
  |4.014    |         Who has 10.10.10.11           |                   |                   |                   |                   |ARP: Who has 10.10.10.111?  Tell 10.10.10.11
  |         |(0)      ------------------>  (0)      |                   |                   |                   |                   |
  Hope that helps.

• ACE: Virtual Server (VMWARE) running on ACE

  Hello,
  I have 2 servers to do loadbalance. they are running VMWARE, they have 4 servers inside of real server. each vmware server only has 1 port connected to Switch, if I want to balance one of them? how do I do?
  Best Regards

  It shouldn't make any difference whether the servers are real or virtual. The ACE works on IP addresses and VLANs. How you configure the context will depend on your network. You may need to use source NAT or you might be able to just use the network as is. It all depends on how you have configured your network.
  You'll need to balance across real physical servers to maximise resilience though.
  HTH
  Cathy

• How can I change the real server convergence timer in LD ?

  I have LD416(3.1.4) and configured 1*VIP and 2*Real server. looks it takes about 30 seconds to switching to the other real server when one of failure.
  Q) How can I reduce the the convergence time?
  Thanks,

  I am not sure , but check with by configure the DELAY command and see if that helps resolve this.For related information on timers, could you refer the below URL :
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca75d.html

• Load balancing with only one Real Server on CSM

  Other than create a VSERVER with only one real server in it - is there a way of load balancing when you have only one real server now and may be additional servers to be added later?

  the only way is to use the vserver.
  Gilles.

• CSS 11500:Client ip-address visible to the real server

  Is it possible to keep the original ip-address of the client when the the css is redirecting the traffic to the real server. customer needs the client ip-address on the real server for reporting.
  regards
  Dietrich Schleyer

  Dietrich,
  by default the CSS will keep the original client ip address.
  To have the CSS changing the client ip, your customer must have configured a group with 'add destination service'.
  Probably because your client is using a one-armed setup which is the easiest to implement but the worst to use.
  So, your customer should go to a 2-sides CSS design and have the traffic flow through the CSS without the need to do client nat.
  Once the design is correct, you can remove the group and the CSS will keep the client ip address.
  Regards,
  Gilles.
  Thanks for rating.

• Can a real Server be applied in two different server farms associated with two different VIP IP and TCP Port

  Good day everyone,
  I have a question in regard to real server operation with different server farms, and VIPs
  Can a Real Server be associated ( for simpliciy) with two different Server Farms that have a VIP associated with each, servicing the same TCP Port (443).
  Example:
  SF-A
  RSRV-1: 192.168.1.10 /24
  RSRV-2: 192.168.1.11 /24
  VIP-A: 192.168.1.20 /24
  VIP-A: https:web-A
  Protocol: HTTPS
  SF-B
  RSRV-2: 192.168.1.11 /24
  RSRV-3: 192.168.1.12 /24
  VIP-B: 192.168.1.30 /24
  VIP-b: https:web-B
  Protocol: HTTPS
  Client-A: 172.16.128.10
  Client-B: 172.16.128.15
  I have attached an sketch depicting the connectivity.
  As always any feedback/Suggestions will be greatly apprecaited.
  Cheers,
  Raman Azizian

  Raman,
  This type of config is no problem. What the server is doing is virtual web hosting. The server would have two different web services running for the same IP, but each listening for a unique host header.
  From an IP point of view both connections would be destined to the rserver address on port 80, but in the http header they would have two different Host headers.
  one for www.example1.com and the second for www.example2.com. If the web server is configured correct so each host name is tied to one web service it will not have any issues.
  The config you attached looks ok. The way you have the sticky group is ok doing source IP. If you use cookies for the sticky group I would suggest you create two sticky groups each with a different cookie name and add the same serverfarm to both groups. The client will only send a cookie for the domain it received it from so using the same cookie in two vips could cause problems if the same client hits both vips.
  Hope that helps
  Regards
  Jim

• Is Snow Leopard Server that Last Real Server OS?

  After trying to get Lion Server to work for the last few days, I finally gave up.  The Virtual Hosting is broken period.  I tried all of the work arounds and some worked to some extent, but all had problems with various client computers.  There are so many other things not working that it woud take too long to list them all.
  As a result, I can only assume that Apple now intends it's servers to be toys for some home user to install to play with.  I can't belive that they released this with the word "Server" attached to it. 
  My question is:  Do you think that Apple will ever release a real server OS again?

  Hi
  "My question is:  Do you think that Apple will ever release a real server OS again?"
  I don't doubt you've had problems but the question gets asked every time Apple release a new version of the Server. IIRC there were many saying the same or something similar for 10.4, 10.5 and 10.6. No Server version ever really 'settles down' - possibly - until Apple release the .1 update. Generally and in my experience things don't become 'stable' until the .3 and .4 Updates have been released.
  As far as I can see nothing has really changed that much and the best advice I can give is to wait and see.
  HTH?
  Tony