Application Delivery (ADX)

Reply
Contributor
Posts: 26
Registered: ‎05-24-2010

Don't see http traffic on ADX

Hi,

I have configure two ADX servers for my client for LB of http traffic only to a cache farm. Both ADXs are configured on ip vrrp extended. The forward and reverse traffic to Cache Farm is coming from two different devices through two VRRPs., i.e.

<Router-1> ------> <ADX VRRP-1> -----> <Cache Servers> -------> <ADX VRRP-2> -------> <Router -2>

Router -1 = Hawawei BRAS

Router -2 = Juniper Router

Only http traffic is forwarded to VRRP-1 and rest of the traffic is passing directly from Router-1 to Router-2. Forward and Reverse PBRs are already there.

The client has forward http traffic to VRRP-1 but i don't see any traffic or session on ADX. Traceroute to port 80 ends to VRRP-1 but nothing goes beyond it and i dont see any session on ADX and Cache-Servers as well.

Below is my configuration for forwarding http traffic to Cache Servers.

server force-delete
server force-cache-rehash
server disable-cache-persist
server no-slow-start
server decrement-cnt-when-put-in-delq
server del-curr-conn-on-server-reset
!
server port 80
session-sync
tcp
tcp l4-check-only
!
context default                                                  
!
csw-rule "rule1" url exists
!
csw-policy "policy1"
match "rule1" forward 10
!
!
server cache-name cache-1 <ip address 1>
port default disable
port http
port http url "HEAD /"
port http group-id  10 10
!
server cache-name cache-2 <ip address 2>
port default disable
port http
port http url "HEAD /"
port http group-id  10 10
!
server cache-name cache-3 <ip address 3>
port default disable
port http
port http url "HEAD /"                                          
port http group-id  10 10
!
server cache-group 1
cache-name cache-1
cache-name cache-2
cache-name cache-3
spoof-support
csw-policy policy1
csw-hash url host-and-path
csw-force-rehash
csw
!                                            
ip l4-policy 1 cache tcp http global
ip route 0.0.0.0 0.0.0.0 <Gateway IP address>
!

I have already tried to enable "debug all " but nothing happens. Please let me know if anything goes wrong with the configuration.

Any tips to troubleshoot it, how can i find if the is actually forwarded to VRRP-1.

Thanks.

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Don't see http traffic on ADX

Hi Syed,

     I do not know the answer for you on thi one.  Suggest you go though this manual as it covers TCS with heaps of different setups.

http://www.brocade.com/sites/dotcom/support/Product_Manuals/ServerIron_AdvSLBGuide/index.html 

Thanks Michael.

Contributor
Posts: 26
Registered: ‎05-24-2010

Re: Don't see http traffic on ADX

Hi Micheal,

I have gone through it, and my configuration seems to be OK. But still dont see any traffic on ADX.

Any commands I can run to find out if the the traffic is actually coming on ADX.

Thanks

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Don't see http traffic on ADX

Hi Syed,

     If you logging to an external syslog then turn on the connection logging. see below.

To enable session logging for a specific TCP or UDP port, enter the following command.

ServerIron(config)# server port 80

ServerIron(config-port-80)# connection-log all url

Also for a test add 'default forward 10' to you policy - e.g.

csw-policy "policy1"
match "rule1" forward 10

default forward 10

I know this will send everything or should do to the cache servers, but see if the reason is something to do with the rule.  Also I assume that you are not using PBSLB on the ADX?

Contributor
Posts: 26
Registered: ‎05-24-2010

Re: Don't see http traffic on ADX

Yeah, I only listen to HTTP traffic and LB on URL basis. The customer says he is forwarding HTTP traffic to LB VRRP-1 and traceroute on Port 80 is ending to VRRP-1 but I don't see any session or activity on ADX.

First of all i need to confirm if the traffic is actually being forwarded or NOT. Any commad or debug which confirms this ??

The global policy for L4 is already there " ip l4-policy 1 cache tcp http global". What else I can open, I think I should remove all policies and just forward everthing to Internet.

Any suggestions ??

Thanks

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Don't see http traffic on ADX

ok - use the below show command to see if the policy any hit counts.

ServerIronADX# show csw-policy server-sw

Policy Name :server-sw

Reference Count :1

Action code description:

fwd: forward rst: reset-client per: persist

rdr: redirect err: reply-error unk: unknown

Flag description:

A: insert-cookie B: delete-cookie C: destroy-cookie

D: req-ins-hdr E: req-ins-client-ip F: resp-ins-hdr

L: log

Rule Name |Act|Data1 |Data2 |Data3 |Flags |Hit Cnt

------------------------------------------------------------------------------

url1024 |fwd|1024 | |N/A |_______ |2

url1025 |fwd|1025 | |N/A |_______ |3

default |fwd|1 | |N/A |_______ |10

-------------------------------------------------------------------------------

Also I think for CSW you need to use 'ip policy 1 cache tcp http global'

As for debug commands, I can not help you there as I have never use a ADX (I have used XL's, 4G and GTE/C) and do not have access to one at the moent to look.

You could if the only traffic for the ADX is is what you need switch just check show inferface eth 1/1 and see the packet counts.

Of course the best way is to do a mirror port aand capture the traffic or insert a tap.  Tat would tell you for sure.

Contributor
Posts: 26
Registered: ‎05-24-2010

Re: Don't see http traffic on ADX

Hi Micheal,

The traffic is passing through ADX but forwarding directly to Internet. No Cache Policy is being applied.

Traffic is not being passed to Cache Servers. I dont see sessions from client to cache-server although all Cache-Servers are up, please look at the show server session

#show server sessions

Avail. Sessions on MP       =     999892 Total Sessions on MP    =    1000000

bp-1 Avail.  Session =   1999996 Total Sessions =   2000000
bp-2 Avail.  Session =   1999996 Total Sessions =   2000000
bp-3 Avail.  Session =   1999996 Total Sessions =   2000000
bp-4 Avail.  Session =   1999996 Total Sessions =   2000000

Total C->S Conn      =          0  Total S->C Conn      =          0
Total Reassign       =          0  Unsuccessful Conn    =          0

Server State - 0: disabled, 1:enabled, 2:failed, 3:test, 4:suspect, 5:grace_dn, 6:active

Real Server        State   CurrConn    TotConn TotRevConn   CurrSess   PeakConn

WMX-01     6          0          0          0          0          0
WMX-02     6          0          0          0          0          0
WMX-03     6          0          0          0          0          0

Don't see anything on csw-policy policy1,

No logs for connection-log all url. Aslo, default  forward 10 did not work.

For ADX , global http can be enabled with command "  ip l4-policy 1 cache tcp http global  ", so it is there. ADX does not have " ip policy 1 cache tcp http global "

Is there anything I can look into it.

Thanks

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Don't see http traffic on ADX

Hi Syed,

     Here is a config that I have used in the past - not for ADX but the only command you should nbeed to change would be ip policy.

I think this will do what you are after.

ServerIron> en

ServerIron# config t

ServerIron(config)# ip address 10.1.1.2 255.255.255.0

ServerIron(config)# ip-default-gateway 10.1.1.1

ServerIron(config)# ip policy 1 cache tcp 80 global (enables redirection for ALL ports)

ServerIron(config)# server cache-name cacheServer1 10.1.1.3 (configure one or more caches)

ServerIron(config-rs-cacheServer1)# exit

ServerIron(config)# server cache-group 1 (creates a cache server group)

ServerIron(config-tc-1)# cache-name cacheServer1 (applies cache name to cache group)

ServerIron(config-tc-1)# exit

ServerIron(config)# interface ethernet 2 (configure ethernet interface 2)

ServerIron(config-if-1)# no cache-group 1 (disables redirection policy for the port where cache is

ServerIron(config)# interface ethernet 6 (configure ethernet interface 4)

ServerIron(config-if-6)# no cache-group 1 (disables redirection policy for the port where router is connected)

ServerIron(config-if-6)# exit

ServerIron(config)# exit

ServerIron# write mem (saves configuration)

To configure the ServerIron for TCS using a Local policy enter the following commands:

ServerIron(config)# ip policy 1 cache tcp http local

ServerIron(config)# server cache-name cacheServer1 10.1.1.3 (configure one or more caches)

ServerIron(config-rs-cacheServer1)# server cache-group 1 (creates a cache server group)

ServerIron(config-tc-1)# cache-name cacheServer1 (applies cache name to cache group)

ServerIron(config-tc-1)# exit

ServerIron(config)# interface ethernet 4 (configure ethernet interface 4)

ServerIron(config-if-4)# ip-policy 1 (apply local policy to port attached to router)

ServerIron(config-if-4)# exit

ServerIron(config)# write mem (saves configuration)

connected)

Note: The policy number can be any unused number from 1– 64.

To configure the ServerIron for TCS using a Global policy enter the following commands:

Contributor
Posts: 26
Registered: ‎05-24-2010

Re: Don't see http traffic on ADX

Hi Micheal,

Thanks for your support.

This configuration is already done on my ADX, except the global command difference, i.e. " ip l4-policy 1 cache tcp http global "

And I have created virtual interface and added physical ports in it.

The problem still exists, is there any command which prevents cache-group 1 to forward traffic to internet if Cache-servers are not available/ down.

In ADX documents it was " no-group-failover", but i dont see this command in my version of ADX.

I have upgraded boot and system to 12.1.00c

Thanks.

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Don't see http traffic on ADX

There is no command that I know to force it not to go to the internet.

Suggest you remove all the CWS config and all other commands that are not in my config that I posted, you can then build the config back up after you get a basic working config.

There are special requirment for using CSW in what it can be used for and with what other features.

Is there anything that is not in the basic config that I posted that you need?

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook