URL LOADBALANCING IN ACE 20
Hello Guys,
I have 2 rservers 10.30.1.73, 10.30.1.76,
I have 3 URLs in both
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:Arial;
mso-bidi-theme-font:minor-bidi;}
http://10.30.1.73:8000/hcs9prd/signon.html à Production
http://10.30.1.73:8085/hcs9fgtpwd/signon.html à Forgot password
http://10.30.1.73:8020/hcs9gst/signon.html à Guest login
The following are the URLs in 10.30.1.76
http://10.30.1.76:8000/hcs9prd/signon.html à Production
http://10.30.1.76:8085/hcs9fgtpwd/signon.html à Forgot password
http://10.30.1.76:8020/hcs9gst/signon.html à Guest login
I want to have only one link for two same link in both servers with this ip address 10.30.1.172
so I will have 3 link and will load balance to 6 links
http://10.30.1.172:8000/hcs9prd/signon.html
http://10.30.1.172:8085/hcs9fgtpwd/signon.html
http://10.30.1.172:8020/hcs9gst/signon.html
Please help me in configuration.
Hi Danial
I have configured the below but still not working!
access-list any line 8 extended permit icmp any any
access-list any line 16 extended permit ip any any
probe http HTTP_PROBE
interval 20
passdetect interval 60
expect status 200 300
rserver host Server01
ip address 10.30.1.73
inservice
rserver host Server02
ip address 10.30.1.76
inservice
serverfarm host SIS
probe HTTP_PROBE
rserver Server01
weight 5
rate-limit bandwidth 268435456
inservice
rserver Server02
weight 5
rate-limit bandwidth 268435456
inservice
class-map match-any L4VIPCLASS
2 match virtual-address 10.30.1.172 tcp eq www
3 match virtual-address 10.30.1.172 tcp eq 8000
4 match virtual-address 10.30.1.172 tcp eq 8085
5 match virtual-address 10.30.1.172 tcp eq 8020
6 match virtual-address 10.30.1.172 tcp eq 8050
7 match virtual-address 10.30.1.172 tcp eq 8065
8 match virtual-address 10.30.1.172 tcp eq 8035
class-map type management match-any REMOTE-ACCESS
description REMOTE ACCESS TRAFFIC MATCH
2 match protocol telnet any
3 match protocol ssh any
4 match protocol icmp any
class-map type http loadbalance match-any SIS_VIP_URL
2 match http url http://10.30.1.172:8000/hcs9prd/signon.html
3 match http url http://10.30.1.172:8085/hcs9fgtpwd/signon.html
4 match http url http://10.30.1.172:8020/hcs9gst_u/signon.html
5 match http url http://10.30.1.172:8035/hcs9gst_p/signon.html
6 match http url http://10.30.1.172:8050/hcs9gst_t/signon.html
7 match http url http://10.30.1.172:8065/hcs9gst_v/signon.html
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE-ACCESS
permit
policy-map type loadbalance first-match POLICYMAP_L7
class SIS_VIP_URL
serverfarm SIS
policy-map multi-match VIPs
class L4VIPCLASS
loadbalance vip inservice
loadbalance policy POLICYMAP_L7
loadbalance vip icmp-reply active
loadbalance vip advertise active
interface vlan 301
ip address 10.30.1.203 255.255.255.0
access-group input any
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
Regards,
Salah
Similar Messages
-
URL Filtering on ACE 4710 -Deny access
Hi,
I have a requirement to filter (deny access) to certain URL's. The URL's are listed below. Any guidance/assitance in achieving this would be greatly appreciated.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
https://<Domainname>/corp/BANKAWAY?Action.Admin.Init=Y&AppSignonBankID=NG
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
https://<Domainname>/corp/BANKAWAY?Action.RMUser.Init.001=Y&AppSignonBankId=NG&AppType=corporate&CorporateSignonLangId=001
Also, to achieve this, would we need to do SSL off-loading. I believe so. Then would have to initiate back to server.
Thanks in advance.
Paul.Yes SSL offload is mandatory.
You can achieve this in at least two ways :
Use L7 inspection and a reset action : http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/security/guide/appinsp.html#wp1283413
or use two L7 class-maps and direct the requests to a dummy / redirect server farm.
The best way to achieve this would be to generate a 403 forbidden but the ACE seems to not be able to send such a code by itself. -
QoS Cisco SCE8000, Caching Cisco IronPort WSA, Loadbalancing Cisco ACE solution
Hi all,
Our customer is a mobile operator. They need a integrated solution for caching, QoS and Loadbalancing in a combination. From my understanding of their goals, they need to providing stable and speedy broadband access as well as good user experience by the differentiation service offering. They need to classify IP traffic and prioritize and control of content-based services for a given subscriber while transparently and dynamically redirect and load balance the application level classified of IP traffic to a proxy caching server regardless of protocols such as http, https, ssl, ftp, flv, mms and rstp, sip, p2p....
Attached pls find the RFP and technical specification for Caching and QoS.
I appreciate your expertise to consult me whether I can propose for them the Cisco ACE standalone appliance or ACE engine module for 7600/6500 for loadbalancing, Cisco IronPort WSA for caching and dual Cisco SCE8000 for QoS as an integrated solution. Is this solution feasible/workable and where could I find the same reference or solution design or technical guidance on this?
Thanks a lot and would like to hear from you at the soonest!
Best regards, -
L3 OOB NAC Server loadbalanced by ACE
Hi is there any documentation or information on NAC server loadbalance by cisco ACE? I want to know typically how is the setup like and what is the traffic flow? is there a way to configure NAC clients to talk to the NAC directly after being loadbalanced by the ACE? meaning traffic flow going
users>ACE>NAC Server Untrusted interface>user <---- during authentication
instead of
user>ACE>NAC Server Untrusted interface>ACE>user.Adrian,
I've seem some internal documents on this. Please ping your account team and they can possibly help you out with the design for this.
HTH,
Faisal -
Hi,
I want to redirect some url on a specific server of mywebfarm. The loadbalancing work but the specific rules I create based on http url not. (The loadbalancing dont keep the same server during the same user session by the way)
Here is my config :
access-list ANY line 8 extended permit icmp any any
access-list ANY line 16 extended permit ip any any
probe tcp PROBE_TCP
interval 30
passdetect interval 60
rserver host web1
ip address 172.16.0.101
conn-limit max 50000 min 40000
inservice
rserver host web2
ip address 172.16.0.102
conn-limit max 50000 min 40000
inservice
serverfarm host FARM_WEB
predictor leastconns
probe PROBE_TCP
rserver web1
inservice
rserver web2
inservice
serverfarm host SINGLE_WEB1
rserver web1
inservice
parameter-map type http HTTP_PARAMETER_MAP
persistence-rebalance
class-map match-all L4-WEB-IP
2 match virtual-address x.x.x.x tcp eq www
class-map match-all L4-WEBHTTPS-IP
2 match virtual-address x.x.x.x tcp eq https
class-map type http loadbalance match-all L7CLASSWEB1
2 match http url http://www.mycompany*
class-map type http loadbalance match-all L7CLASSWEB1-Mycompany.com
2 match http url http://www.mycompany.com/*
class-map type management match-all REMOTE_ACCESS
2 match protocol ssh any
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_ACCESS
permit
policy-map type loadbalance http first-match WEB_L7_POLICY
class L7CLASSWEB1
serverfarm SINGLE_WEB1
class L7CLASSWEB1-Mycompany.com
serverfarm SINGLE_WEB1
class class-default
serverfarm FARM_WEB
insert-http x-forward header-value "%is"
insert-http X-FORWARDED-FOR header-value "%is"
policy-map multi-match WEB-to-vIPs
class L4-WEB-IP
loadbalance vip inservice
loadbalance policy WEB_L7_POLICY
loadbalance vip icmp-reply active
nat dynamic 1 vlan 2129
appl-parameter http advanced-options HTTP_PARAMETER_MAP
class L4-WEBHTTPS-IP
loadbalance vip inservice
loadbalance policy WEB_L7_POLICY
loadbalance vip icmp-reply active
nat dynamic 1 vlan 2129
appl-parameter http advanced-options HTTP_PARAMETER_MAPHello Jean
The first thing which comes to my mind when you say: "The loadbalancing dont keep the same server during the same user session by the way" is you need to configure some stickiness configuration, here you have a link about it:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/sticky.html#wp1007300
For the redirection question, what exactly do you want to acomplish?
Here you have an example which might help you out: http://docwiki.cisco.com/wiki/URL_Load_Balancing_Using_One_Arm_Mode_with_Source_NAT_on_the_Cisco_Application_Control_Engine_Configuration_Example
ACE-1/onearm(config)# class-map slb-vip
ACE-1/onearm(config-cmap)# match virtual-address 172.16.5.101 any
ACE-1/onearm(config)# class-map type http loadbalance match-all images
ACE-1/onearm(config-cmap-http-lb)# match http url /images/.*
ACE-1/onearm(config)# policy-map type loadbalance http first-match slb-logic
ACE-1/onearm(config-pmap-lb)# class images
ACE-1/onearm(config-pmap-lb-c)# serverfarm imagefarm
ACE-1/onearm(config-pmap-lb-c)# class class-default
ACE-1/onearm(config-pmap-lb-c)# serverfarm webfarm
As you can see above in this partial configuration, you have the VIP:172.16.5.101, that is
our website: www.example.com, now we want to match www.example.com/images/, this is where we
aree using the other class-map and based on that we finally execute the action of sending the
request to the serverfarm imagefarm.
Hope this helps!!!
Jorge
http://docwiki.cisco.com/wiki/URL_Load_Balancing_Using_One_Arm_Mode_with_Source_NAT_on_the_Cisco_Application_Control_Engine_Configuration_Example -
ACE url tampering and other security capabilities
Hi,
I was wondering if anyone knows weather it's possible with the ACE to secure administrative/backend urls from the internet? ie. https://x.company.com/IGGS/Admin I would like to block access to this url from the internet for example. I have read the documentation but it only mentions HTTP deep packet inspection and alot of RFC stuff
Regards
TyroneI can answer myself because I finally found a link to another post.
The following will restrict certain source addresses from accessing certain URL via the ACE, I have tried this in one armed-mode, but should work even with routed-mode.
### Also important to notice is that doing Layer-7 loadbalancing with ssl the ACE will need to terminate the tunnel otherwise all traffic passed the ACE encrypted###
class-map type http loadbalance match-all ten
2 match source-address 10.0.0.0 255.0.0.0
4 match http url .*
class-map type http loadbalance match-all seventeen
2 match source-address 17.16.0.0 255.255.0.0
4 match http url .*
class-map type http loadbalance match-any restrict
2 match http url /public.*
4 match http url /downloads.*
then use in load balance policy as follows:
policy-map type loadbalance first-match WEBSERVER_L7 class ten sticky-serverfarm WEBSERVER_StickyGroup class seventeen sticky-serverfarm WEBSERVER_StickyGroup class restrict sticky-serverfarm WEBSERVER_StickyGroup
if you want to send outside users with other urls to a sorry page you would have a server in a serverfarm taht would do that and use it in a class class-default on the bottom of the load balance policy. The matches on load balance policy are top down so order is important. -
Can ACE rewrite the URL sent back to the browser?
Hi,
I want to know that if there is a link on a webpage, for example: www.test.com/folder1/folder2/index.html
Would be it be possible to rewrite this so that when the webserver provides you with that page, that the ACE rewrites the given URL so that the browser only says in the URL bar: www.test.com
Or is this impossible and would the webserver itself need to do this rewrite?
Thanks!Hi Robin,
As per my understanding, when you click on that link the URL would say www.test.com/folder1/folder2/index.html in URL bar. ACE can rewrite URL and forward to server or can modify server response but i am not sure if there's anyway you can get the URL change in the bar after you click on hyperlink and webpage loads. May be you can have redirection but not rewrite here.
Regards,
Kanwal -
Cisco ACE 4710 - Health Monitoring for Real Servers
Hi,
I have setup the following health probe to check for the existence of a specific web page. My intention is that when the web page is removed, the health check fails and the rserver status changes to 'out of service'. Unfortunately, when I remove the web page, I see the health check fail, and the rserver state change to 'PROBE-FAILED', however the rserver does not go 'out of service' and continues to respond to requests.
Can anyone see where I'am going wrong?
Health check probe config
probe http live_http_int
interval 15
passdetect interval 60
request method get url /loadbalancer/internal.html
expect status 199 201
open 10
RSERVER config
rserver host Server1
description Server1
ip address 10.10.10.1
conn-limit max 4000000 min 4000000
probe live_http_int
inservice
rserver host Server2
ip address 10.10.10.2
conn-limit max 4000000 min 4000000
probe live_http_int
inserviceHi syannetwork,
I think you have to "force" the failed server to close the connection when it has failed. Otherwise it will still serve the available HTML pages.
Have a look at the "Configuring the ACE Action when a Server Fails" in the "Cisco Application Control Engine Module Server Load-Balancing Configuration Guide" and let me know if the following command helped:
conf t
serverfarm host ServerFarm
failaction purge
Have a good WE.
Cheers
LPL -
Hi,
I need to configure ACE for load-balancing FTPS. And simply deploying L4 policies are not helping either. Configured the FTPS servers and both of them are working fine when accessed via physical IP, but do not work when accessed via the VIP.
if it is possible, a reference URL would really be a great help.Hi Rajiv,
Do you want to loadbalance SFTP ?
Or just have it pass through ??
Loadbalancing SFTP is difficult because it starts as regular FTP and switches over to SSL which ACE can't do and fails to understand.
you don't need anything to have it passthrough.
As long as you don't ask ACE to inspect the traffic, and assuming this traffic is permitted in your access-group, then there is nothing to do to have it go through.
I think your goal is to distribute inbound file deposits evenly across SFTP servers.
High-level Overview
Clients -> Internet -> Tier-1 Firewall -> ACE Load-balancer -> SFTP Servers
I would like to tell you that SFTP is nothing but SSH. It uses a single connection. There are no issues loadbalancing it using traditional Layer 4 load balancing.
So you are good.
On the other hand FTP over SSL (FTPS) can neither offloaded nor loadbalanced using ACE.
FTPS uses multiple channels and Since the control channel is encrypted, ACe is not able to get the port numbers for the data connections.
Kindly find these examples for FTP load balance method in cisco ACE:
1. FTP serverfarm on Cisco ACE
http://snippets101.blogspot.com/2007/06/ftp-serverfarm-on-cisco-ace.html
2. FTP Load Balancing on ACE in Routed Mode Configuration Example
http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_Routed_Mode_Configuration_Example
3. FTP Load Balancing on ACE in One-Arm Mode Configuration Example
http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_One-Arm_Mode_Configuration_Example
Kindly refer the folowing URL for Layer4 policies:
http://cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3048.shtml
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html
http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_Layer_4_Load_Balancing
http://snippets101.blogspot.com/2008/08/cisco-ace-and-private-vlans-in-switch.html
http://snippets101.blogspot.com/2008/08/asymmetric-server-normalization-on.html
http://docwiki.cisco.com/wiki/Cisco_ACE_4700_Series_Appliance_Quick_Start_Guide,_Release_A3(1.0)_--_Configuring_Server_Load_Balancing
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/security/guide/tcpipnrm.html#wpmkr1116809
Hope it will help you furhter in configuring the ACE load balancing L4 policies.
Kindly rate
Sachin Garg -
ACE http health probes - best practice for interval and passdetect interval?
Hi,
Is there a recommended standard for http health probes in terms of interval and passdetect interval timings, i.e. should the passdetect interval always be less than the interval or visa versa? Can a http probe be 'mis-configured', i.e. return a 'false positive' by configuring an interval timeout thats 'incompatible' with the device it's polling?
I have a http probe for a serverfarm consisting of two Apache http servers and get intermittent 'server reply timeout' probe failures. I'm keen to ensure that the configuration of the probe isn't at fault so I can be confident that a failed probe indicates a problem with the server and not my configuration.
The probe is currently configured as below:-
probe http http-apache
interval 30
passdetect interval 15
passdetect count 6
request method get url /cs/images/ACE.html
expect status 200 304
Any advice on the subject woud be gratefully received.
thanks
MatthewHi Gilles,
Thanks for the advice. In another dicussion (found here https://supportforums.cisco.com/message/462397#462397) a poster has stated that:-
"(The) "Probe interval" should always be less then (open+recieve) timeout value. Default open & receive timeouts are 10 seconds."
Are you able to advise on whether the above is correct and if so, why? I currently have an interval value of 30 that obviously goes against the advice above (which I've interpretted to mean that if you leave the open & receive timeouts at their default settings your probe interval should be less than 20 seconds?).
thanks
Matthew -
Can anybody point me in the right direction for changing the URL when the ACE is performing the redirection?
I have the standard ace redirection to HTTPS set up and it is working fine.
I have a wildcard certificate *.abc.com but when the application was being tested the URL abc.com kicks up a certificate error in the browser.
Not sure if I should have set the CN as *acb.com when ordering it but its done now.
I am wanting to redirect when http://abc.com is put in the client browser to https://www.abc.com
I have tried reading these forums and using header rewrite to change the location on response but it just doesn't seem to work.
I have tried deleting/renaming/replacing the host header on request and rewrite/delete on response. Tried all sorts of regex nothing works.
I can insert a header so I know the action is being hit, just can't seem to change the host on request or location on response.
Any idea's?
I am guessing the inner workings only allow for modification of these headers when the redirects are being done by the server and the headers are passing through the load balancer.
on latest 5(2.1) version
example of one I tried
action-list type modify http ABC_MODIFY
header rewrite response location header-value "https://abc(.*)" replace "https://www.abc%1"
then applied to policy redirect mapI tried another approach which seemed to work.
rserver redirect RED2A
webhost-redirection https://www.%h 302
inservice
rserver redirect RED2
webhost-redirection https://%h 302
inservice
serverfarm redirect RED2-VIP-IN
rserver RED2
inservice
serverfarm redirect RED2A-VIP-IN
rserver RED2A
inservice
class-map type http loadbalance match-any RED2A-VIP-IN
2 match http header Host header-value "abc.com"
class-map match-any RED2-VIP-IN
2 match virtual-address x.x.x.x tcp eq www
..etc
policy-map type loadbalance first-match RED2-VIP-IN-LB-POLICY
class RED2A-VIP-IN
serverfarm RED2A-VIP-IN
class class-default
serverfarm RED2-VIP-IN
this seemed to redirect the abc.com to https://www.abc.com and the other requests like other.abc.com to https://other.abc.com
I tried regex for the header value match like [^\.]abc.com and ^abc.com but these didn't seem to match. -
Traceroute not happening to ACE from Oracle Server
Hi,
Our ACE is configured in One-ARM Mode. I have Oracle Serverfarm been loadbalanced by ACE from where traceroute to ACE is not happening.
Oracle Server in VLAN 10 with Gateway configured at Core Switch: 10.10.10.21
VLAN 60: 10.10.60.21 in Core switch & ACE ip: 10.10.60.1
If from ACE i doa traceroute at one of the Oracle DB servers (10.10.10.5 & 10.10.10.6) it's going nicely. But sitting at Oracle DB servers if i do trace to ACE IP: 10.10.60.1 it gets dropped at Core switch: 10.10.10.21
This probem is not happening from any other Windows machines....
Can someone highlight....
Attached the ACE config...some machine use icmp to do traceroute and others use udp.
Your oracle machine might be using udp and your core switch as a security acl to block this udp traffic.
G. -
Hi all
Has anyone ever sucessfully loadbalanced dhcp with an ACE module?
We use an ACE20-MOD-K9 with version A2(3.5). After I configured a policy which loadbalances everything to one rserver and one standby rserver it seems that it does not work as expected.
config:
probe udp PROBE_7_101_DHCP
port 67
interval 10
passdetect interval 60
passdetect count 2
rserver host REAL_SERVER_IDDHCP03
ip address <ip1>
inservice
rserver host REAL_SERVER_IDDHCP04
ip address <ip2>
inservice
serverfarm host SERVERFARM_7_101
probe PROBE_7_101_DHCP
rserver REAL_SERVER_IDDHCP03
backup-rserver REAL_SERVER_IDDHCP04
inservice
rserver REAL_SERVER_IDDHCP04
inservice standby
class-map match-all CLASS_MAP_VIP_7_101
2 match virtual-address <vip> any
policy-map type loadbalance first-match POLICY_MAP_L7_7_101
class class-default
serverfarm SERVERFARM_7_101
policy-map multi-match POLICY_MAP_L3L4_7_101
class CLASS_MAP_VIP_7_101
loadbalance vip inservice
loadbalance policy POLICY_MAP_L7_7_101
loadbalance vip icmp-reply active
interface vlan 1207
bridge-group 7
no normalization
mac-sticky enable
no icmp-guard
service-policy input POLICY_MAP_L3L4_7_101
no shutdown
interface vlan 1257
bridge-group 7
no normalization
no icmp-guard
no shutdown
interface bvi 7
ip address ...
alias ...
peer ip address ...
no shutdown
After some tcpdumping we saw that the dhcp requests gets it's way to the IDDHCP03 which correcty answers with an dhcp offer. But the offer never comes back to the client (which sends it's request over an ASA with a dhcp relay agent configured).
Any ideas?
Should dhcp loadbalancing work with the ACE module? (it just has to loadbalance udp/67 like it does it with every other protocol)
Thanks
PatrikHI Patrcik,
This link should answer your question
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/rtg_brdg/guide/dhcp.html
We dont support DHCP loadbalancing. ACE can act like a DHCP relay. The above link should answer your question.
If not let me know
Thanks
VK -
Hello,
We are having an issue with http based application loadbalanced by ACE - sometimes one of the page in the browser is partialy blank (some of the code referenced in main html document seems to be missing). We've discovered the following syslog message from ACE in regard to such http session:
Jul 8 2010 09:24:03 : %ACE-6-302023: Teardown TCP connection 0xd7f1 for vlan10:10.1.1.1/1783 to vlan20:10.1.2.1/443 duration 0:00:00 bytes 45497 Exception
What can be told about this "exception" code? Documentation isn't especially helpful in this case...
thanks
WMThe error code states connection setup error which could be a number of things.
https://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/system/message/guide/messags.html#wp1147957
Can you post the ACE config you are using first and any details of the webserver. Would be a good place to start.
Dave -
Load-balancing inbound sftp connections with ACE
Hi,
Can anyone share experiences or any info relating to issues that might be encountered when load-balancing sftp protocol?
The goal is to distribute inbound file deposits evenly across SFTP servers.
High-level Overview
Clients -> Internet -> Tier-1 Firewall -> ACE Load-balancer -> SFTP Servers
Many ThanksSFTP is nothing but SSH. It uses a single connection. There are no issues loadbalancing it using traditional Layer 4 load balancing.
So you are good.
On the other hand FTP over SSL (FTPS) can neither offloaded nor loadbalanced using ACE.
FTPS uses multiple channels and Since the control channel is encrypted, ACe is not able to get the port numbers for the data connections.
HTH
Syed Iftekhar Ahmed
Maybe you are looking for
-
Mapping issue with iphone maps
Why does the map on my iphone not correctly place my searches in the right spot. 2 times today it was off by a mile, literally a mile, and map quest maps was right on. The map icon on my iphone is useless since they upgraded the software.
-
Need help iPhone 5 not working correctly
my iPhone 5 keeps pressing all the keys around the key I want it to press on the keyboard also problems using lock screen numbers have re-started and the phone just reverts to not working correctly also when I got this phone I did it from a back up o
-
Original .pdfs colours different (darker) in printed magazine - WHY?
I am running InDesign on a PC (Windows XP). I use it to edit and design a full colour short run magazine which is professionally printed. My problem is that the colours of the final printers proofs and finished magazine are coming through darker in t
-
Pdf files now have a firefox icon
WIN XP. Have checked file association settings and pdf files are directed towards using Adobe reader. Completed uninstall of FFox31 and icons changed back to Adobe. Cleaned computer and carried out clean install. Icons remained as pdf for two restart
-
Hello, I am seeing this Error from past few minutes when trying to do smart view retrieval or running reports , Any comments !! Error 1051293 : Login Fails due to Invalid login credentials Thanks.