Class-Map and Policy-Map Configuration in CM Confusion

Hi,
I'm implementing a green field WAAS deployment for a customer. We currently have a Proof-of-Concept up and running.
I've got some questions regarding custom class-map and policy-map configuration in the CM. I'd like to nail-down the custom class-map and policy-map configuration (and understanding) in the PoC before cutting over the PoC branches to the production WAAS environment.
Assuming a typical WAAS Deployment using WCCP for off-path interception, branch to DC.
 ==> 61 in LAN (BRANCH ROUTER) <== 62 in WAN        (WAN CLOUD)        ==> 61 in WAN (DC ROUTER) <== 62 in LAN
We are using two distinct device groups, BRANCH and DATA CENTER.
If the customer has traffic that we need to classify in order to provide TFO only optimisation, should the single class-map include the traffic in both directions? Ie., (assume the SERVER is 10.1.1.1 TCP Port 443). Should the class-map be configured as:
Class-Map
Line 1: DST IP 10.1.1.1 DST Port 443
Line 2: SRC IP 10.1.1.1 SRC Port 443
Or in this case is only the DST line required? And in which Device Group should the custom policy be applied? Or should it be applied to both Device Groups? If it should be applied to both Device Groups, then would it make more sense to have the policy-map in the Branch DG configured to match the DST traffic, and on the Data Center DG have a different class-map match the SRC traffic?
My confusion is how to classify the traffic (SRC or DST or Both - Separate classes for each or different lines within the same class-map), and where to apply the appropriate policy (both Device Groups, just Branch, just DC) and why...
I tried to apply a custom policy and the impact in the PoC was that the TCP Summary report stopped reporting the individual traffic classes showed 'other traffic' only. Can anyone explain why this may have occurred?
I hope this makes sense.

for instance like this:
policy-map police-in
class class-default
police rate 10 mpbs <optionally set burst>
policy-map shape-out-parent
class class-default
shape 10 mpbs <optional burst config>
service-policy shape-out-child
policy-map shape-out-child
class class-default
queue-limit 10 packets
int g 0/0/0/0
service-policy police-in in
service-policy shape-out-parent out
also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
and the support forum article of "asr9000 quality of service architecture"
xander

Similar Messages

  • Help with Class-map configuration - ZBFW

    Hello,
    I need some clarification regarding the class-map configuration in a ZBFW. I need to allow https,http,ftp & rdp traffic from Internet to few of the servers inside our LAN. So I put the below configuration to accomplish the task (example shows class-map for only https protocol) :
    a.)
    class-map type inspect match-all HTTPS-ACCESS
    match protocol https
    match access-group name HTTPS-SERVER-ACCESS
    ip access-list extended HTTPS-SERVER-ACCESS
    permit tcp any host 172.17.0.55 eq 443
    permit tcp any host 172.17.0.56 eq 443
    permit tcp any host 172.17.0.36 eq 443
    permit tcp any host 172.17.0.45 eq 443
    permit tcp any host 172.17.0.60 eq 443
    Where 55,56,36,45,60 are the servers inside the LAN (12 more servers are there) that need to be accessed via https,http,ftp & rdp from Internet.
    Is it a correct approach? or do I need to change my configuation so that I have to match ACL with my class-map like below:
    b.)
    ip access-list extended OUTSIDE-TO-INSIDE-ACL
    permit tcp any host 172.17.0.55 eq 443
    permit tcp any host 172.17.0.55 eq www
    permit tcp any host 172.17.0.55 eq 21
    permit tcp any host 172.17.0.55 eq 3389
    permit tcp any host 172.17.0.56 eq 443
    permit tcp any host 172.17.0.56 eq www
    permit tcp any host 172.17.0.56 eq 21
    permit tcp any host 172.17.0.56 eq 3389
    permit tcp any host 172.17.0.36 eq 443
    permit tcp any host 172.17.0.36 eq www
    permit tcp any host 172.17.0.36 eq 21
    permit tcp any host 172.17.0.36 eq 3389
    permit tcp any host 172.17.0.45 eq 443
    permit tcp any host 172.17.0.45 eq www
    permit tcp any host 172.17.0.45 eq 21
    permit tcp any host 172.17.0.45 eq 3389
    class-map type inspect match-all OUT-IN-CLASS
    match access-group name OUTSIDE-TO-INSIDE-ACL
    Which one is the correct approach when we consider the performance of the firewall ? Please help me.
    Regards,
    Yadhu

    Hey
    I do not agree with Varun, I think the first approach is the best one.
    Why? Because when you issue the "match protocol ..." you are usig NBAR wich is an application inspection software, which means that https or whatever protocol is inspected at layer 7, not layer 3 and 4 which the seconds approach does (IP and port-number).
    Lets say you use the second approach and an attacker uses some malicious protocol that runs over port 443 or whatever (a port that you opened).  That attack would be successfull because all you say, you are going to IP-address 172.17.0.56 over port 443 so go ahead.
    But if you are using NBAR, this would not work because NBAR will look at layer 7, inside the protocol itself and look if this really is HTTPS (or whatever protocol).
    That's my two cents. Hope it helped!

  • Software Updates Failing - Group Policy Overwritten - Server and Policy NOT CONFIGURED

    I have seen a few posts about this issue and group policy overwriting the settings needed by SCCM with the wrong WSUS server. I checked the wuahandlerlog and found this error but it didnt have the server information.
    "Group policy settings were overwritten by a higher authority (Domain Controller) to: Server  and Policy NOT CONFIGURED"
    The only coputer policy that applies to this system does not have WSUS entries in it.  Windows update runs ok, and I deleted the WSUS registry keys that were set by a script and reinstall the client still getting the same error. I dont see any GPO local or domain, or reg keys that are setting anything. I have 10 other servers is the same AD container that this is working perfecly on.......
    Suggestions????

    Check out this GPO:
    Computer Configuration -> Administrative Templates -> System -> Group Policy: 
    "Turn off Local Group Policy Objects processing"
    The help text:
    "This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.
    By default, the policy settings in Local GPOs are applied before any domain-based GPO policy settings. These policy settings can apply to both users and the local computer. You can disable the processing and application of all Local GPOs to ensure that only
    domain-based GPOs are applied.
    If you enable this policy setting, the system does not process and apply any Local GPOs.
    If you disable or do not configure this policy setting, Local GPOs continue to be applied.
    Note: For computers joined to a domain, it is strongly recommended that you only configure this policy setting  in domain-based GPOs. This policy setting will be ignored on computers that are joined to a workgroup."
    Rolf Lidvall, Swedish Radio (Ltd)

  • ACE - HTTPS CLASS MAP CONFIGURATION

    Hi,
    We have a secured web site (HTTPS) currently fronted by Cisco ACE 4170, running version A5(1.2). We are trying to use the http class map to manipulate the traffic flow in the following manner:
    https://abc.com/ABC/* -> serverfarm#1
    https://abc.com/* -> serverfarm#2           (Default)
    Tecnically this should not be difficult and below is a sample of our configuration. We have similar configuration working on our non-secured web site (HTTP) However for the secure web site, the https request https://abc.com/ABC/xxx is continued being routed to serverfarm#2 instead of serverfarm#1 which is very frustrating.
    We can easily get this working on my F5 LTM within 5 minutes but this Cisco ACE continue to frustrate me...Appreciate if any expert on Cisco ACE can help to advise on our configuration.. Thanks.
    =========================================================
    serverfarm host serverfarm#1
    predictor leastconns
    probe https_probe
    rserver rs_server#1
      inservice
    rserver rs_server#2
      inservice
    serverfarm host serverfarm#2
    predictor leastconns
    probe https_probe
    rserver rs_server#3
      inservice
    rserver rs_server#4
      inservice
    sticky http-cookie STICKY_HTTPS_serverfarm#1
    cookie insert browser-expire
    timeout 15
    replicate sticky
    serverfarm serverfarm#1
    sticky http-cookie STICKY_HTTPS_serverfarm#2
    cookie insert browser-expire
    timeout 15
    replicate sticky
    serverfarm serverfarm#2
    class-map type http loadbalance match-any class-map-serverfarm#1
    2 match http url /ABC/.*
    policy-map type loadbalance first-match vs_serverfarm_https
    class class-map-serverfarm#1
      sticky-serverfarm STICKY_HTTPS_serverfarm#1
      insert-http x-forward header-value "%is"
      ssl-proxy client ssl_serverfarm
    class class-default
      sticky-serverfarm STICKY_HTTPS_serverfarm#2
      insert-http x-forward header-value "%is"
      ssl-proxy client ssl_serverfarm
    =========================================================

    Kanwaljeet,
    Yes, we are using ACE for SSL termination i.e. front end is https and back-end is also https.
    We are doing end-to-end encryption as our IT security and audit wanted end-to-end encryption between the client and servers. ACE should be able to look at the HTTP header at the front end since the client SSL session is terminate on the ACE.
    Below is an extract of the configuration, I've leave out the remaining configuration which is not required.
    =========================================================
    serverfarm host serverfarm#1
    predictor leastconns
    probe https_probe
    rserver rs_server#1
      inservice
    rserver rs_server#2
      inservice
    serverfarm host serverfarm#2
    predictor leastconns
    probe https_probe
    rserver rs_server#3
      inservice
    rserver rs_server#4
      inservice
    sticky http-cookie STICKY_HTTPS_serverfarm#1
    cookie insert browser-expire
    timeout 15
    replicate sticky
    serverfarm serverfarm#1
    sticky http-cookie STICKY_HTTPS_serverfarm#2
    cookie insert browser-expire
    timeout 15
    replicate sticky
    serverfarm serverfarm#2
    class-map match-all vs_serverfarm
      2 match virtual-address 10.178.50.140 tcp eq https
    class-map type http loadbalance match-any class-map-serverfarm#1
    2 match http url /ABC/.*
    policy-map type loadbalance first-match vs_serverfarm_https
    class class-map-serverfarm#1
      sticky-serverfarm STICKY_HTTPS_serverfarm#1
      insert-http x-forward header-value "%is"
      ssl-proxy client ssl_serverfarm
    class class-default
      sticky-serverfarm STICKY_HTTPS_serverfarm#2
      insert-http x-forward header-value "%is"
      ssl-proxy client ssl_serverfarm
    policy-map multi-match PRODWEB_POLICY
      class vs_serverfarm
        loadbalance vip inservice
        loadbalance policy vs_serverfarm_https
        loadbalance vip icmp-reply active
        nat dynamic 100 vlan 100
        ssl-proxy server ssl_serverfarm
    =========================================================

  • Source ip filtering with class map on cisco ace30

    Hello ,
    I would like to know if it is  possible to filter source ips connecting to a virtual ip  within a class map configuration ( or something else  ) ?
    access-list S_IP_FILTERING line 8 extended permit ip host 1.1.1.1 any
    class-map match-all S_IP_FILTERING_XVIP
    2 match access-list S_IP_FILTERING
    3 match virtual-address 2.2.2.2 any
    Error: Only one match access-list is allowed in a match-all class-map and it cannot mix with any other match type
    thanks for your support
    Case,

    Hi,
    Yes, it is possible to do this. Use the ACL filter for the source IP address under the policy-map type loadbalance. Then you would call that load balance policy in your multi-match policy under the appropriate class.
    for example:
    class-map type http loadbalance match-any LOADBALANCE-FILTER
      2 match source-address X.X.X.X 255.255.255.255
    class-map match-any TEST-CLASSMAP
      2 match virtual-address Y.Y.Y.Y tcp eq www
    policy-map type loadbalance first-match LOADBALANCE
      class LOADBALANCE-FILTER
        serverfarm TEST-SERVERFARM
    policy-map multi-match UTC-PM
      class TEST-CLASSMAP
        loadbalance policy LOADBALANCE
        loadbalance vip inservice
    -Alex

  • Class-map in IOS XR

    Hi, anyone can explain the "sh class-map list type qos" in XR platforms ? is this command used to know how many types of class-maps configured in one router ?

    It is a useful command to help clean up unused class-maps:
    RP/0/RSP0/CPU0:A9K-BNG#show class-map list type qos
    Thu Sep 12 14:58:56.383 EDT
    1) ClassMap: class1    Type: qos
        Referenced by 3 Policymaps
    2) ClassMap: class3    Type: qos
        Referenced by 2 Policymaps
    in this examples the QOS class-maps class1 and class3 which have index 1 and 2 respectively are used by respectively 3 or 2 policy-maps. can't remove them.
    I could technically remove this class-map:
    20) ClassMap: v6    Type: qos
        Referenced by 0 Policymaps
    Not used at all.
    regards
    xander

  • Policy map/ class map/ service policy for IOS xr

    Hi,
    I need to create a policy map and class map/service policy to limit the amount of bandwidth that can be used on one interface both in and out.
    I need the cap for the bandwidth to traverse this circuit to ne 10 Meg.
    the IOS xr version we are using is 4.3.4
    I was hoping someone could help me out by giving me a configuration example I could follow.
    Thank you.

    for instance like this:
    policy-map police-in
    class class-default
    police rate 10 mpbs <optionally set burst>
    policy-map shape-out-parent
    class class-default
    shape 10 mpbs <optional burst config>
    service-policy shape-out-child
    policy-map shape-out-child
    class class-default
    queue-limit 10 packets
    int g 0/0/0/0
    service-policy police-in in
    service-policy shape-out-parent out
    also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
    and the support forum article of "asr9000 quality of service architecture"
    xander

  • Class-map/policy-map

    @all...
    Can i apply class-map in both inbound/outbound, or is it restricted to outbound only. whereas for policy-map i understand it can be applied either in or out bound...
    correct me if i am wrong
    ta
    hanu

         According to this link http://www.pingafrica.org/node/135 i configure my CISC OIOS (tm) C1700 Software (C1700-Y-M), Version 12.3(17a), router to filter HTML trafic. It works perfectly.
         Could you tell me how to configure it to not filter traffic for specific IP addresses ex. administrators and other privileged users in my network?
    Thanks a lot

  • Redirection class overlap on policy-map

    Hello.
    I was asked to implement some rules and one of them is overlaping the other I think becasue is shorter and it´s using the regular expression .*
    Regarding the configuration below I always get redirected to http://SITE1 instead of http://SITE2 when I type www.AAA/fr/pages/AAA/index.php because the class REDIRECT_NM_LORO_PMUR_CLASS always win even it´s in the bottom of the policy-map.
    Is there some way to order the classes in a policy-map to act as an  access-list does? (from the top to the bottom and stop looking up when a  match is found), In other words, make the class REDIRECT_PMUR_RAPPORTS_CLASS is done before REDIRECT_NM_LORO_PMUR_CLASS
    which is more generic.
    Config example:
    rserver redirect REDIRECT_PMUR
      webhost-redirection http://SITE1 301
      inservice
    rserver redirect REDIRECT_PMUR_RAPPORTS
      webhost-redirection http://SITE2 301
      inservice
    rserver redirect REDIRECT_PMUR_RESULTATS
      webhost-redirection http://SITE3 301
      inservice
    serverfarm redirect REDIRECT_NM_LORO_PMUR_FARM
      rserver REDIRECT_PMUR
        inservice
    serverfarm redirect REDIRECT_PMUR_RAPPORTS_FARM
      rserver REDIRECT_PMUR_RAPPORTS
        inservice
    serverfarm redirect REDIRECT_PMUR_RESULTATS_FARM
      rserver REDIRECT_PMUR_RESULTATS
        inservice
    class-map type http loadbalance match-any REDIRECT_NM_LORO_PMUR_CLASS
      4 match http url /fr/pages.*
    class-map type http loadbalance match-any REDIRECT_PMUR_RAPPORTS_CLASS
      3 match http url www.AAA/fr/pages/AAA/index.php
    class-map type http loadbalance match-any REDIRECT_PMUR_RESULTATS_CLASS
      3 match http url www.BBB/fr/pages/BBB/index.php
    policy-map type loadbalance first-match POLICY_REDIRECT_NM_LORO_CAT2_FARM
      class REDIRECT_PMUR_RESULTATS_CLASS
        serverfarm REDIRECT_PMUR_RESULTATS_FARM
      class REDIRECT_PMUR_RAPPORTS_CLASS
        serverfarm REDIRECT_PMUR_RAPPORTS_FARM
      class REDIRECT_NM_LORO_PMUR_CLASS
        serverfarm REDIRECT_NM_LORO_PMUR_FARM
      class class-default
        serverfarm NM_LoRo_CAT2_FARM
    Thank you very much,
    Miquel

    Hi Miquel,
    This is what it seems is happening. Your class-map condition is based on URL and not host-header value so ACE is not even considering www.AAA or www.BBB. It is only looking for fr/pages/xxxxxxxx which only matches 3rd class map and that's why you get the match and hence the corresponding redirection.
    Can you try using class map condition based on Host ?
    switch/Admin(config-cmap-http-lb)# 2 match http header Host header-value ?
    Please try and let me know how it goes.
    You can also test my removing that /fr/pages/.* condition and see if it matches or not as well.
    Regards,
    Kanwal

  • Number of class maps (QOS) supported on 7200 and 7600

    Hi,
    Have few queries on class maps for QOS, putting forward for your comments/inputs.
    1. Want to know if there are any limitation (s) on the number of class maps (to be applied inbound/outbound) that can be configured on the 7200 and 7600 routers.
    2. Is there any imitation on the numbers (of class maps) in general or will it depend on the sum total of BW configured in the classes? I mean which one will be the deciding factor i.e. if the limit is wrt to the configured classes or the number of classes can't go beyond the consolidated bandwidth configured on the interface.
    Kindly share details on the same and if there are any recommendations.
    Thanks! in advance.

    From: http://www.cisco.com/en/US/tech/tk543/tk545/technologies_q_and_a_item09186a00800cdfab.shtml
    "Q. How many classes does a Quality of Service (QoS) policy support?
    A. In Cisco IOS versions earlier than 12.2 you could define a maximum of only 256 classes, and you could define up to 256 classes within each policy if the same classes are reused for different policies. If you have two policies, the total number of classes from both policies should not exceed 256. If a policy includes Class-Based Weighted Fair Queueing (CBWFQ) (meaning it contains a bandwidth [or priority] statement within any of the classes), the total number of classes supported is 64.
    In Cisco IOS versions 12.2(12),12.2(12)T, and 12.2(12)S, this limitation of 256 global class-maps was changed, and it is now possible to configure up to 1024 global class-maps and to use 256 class-maps inside the same policy-map."

  • ZBF Class-map and different way of doing them

    Hi People just though i would ask a question on how to set up a ZBF. (question at the end of example config's)
    i have been playing with this for a while now and like to get advice over what way is the recomended way of doing multiple matchs
    ok we we all know the basic
    class-map type inspect match-any ZBF_CM_ICMP
    match protocol icmp
    policy-map type inspect ZBF_PM_EXTERNAL->DMZ
    class type inspect ZBF_CM_ICMP
      inspect
    and then the ZP dont need to show, this is a simple map using nbar fair enough
    then we could a mulitiple matches
    class-map type inspect match-any ZBF_CM_STD_DMZ_PORTS
    match protocol icmp
    match protocol http
    match protocol dns
    match protocol https
    policy-map type inspect ZBF_PM_DMZ->EXTERNAL
    class type inspect ZBF_CM_STD_DMZ_PORTS
      inspect
    Ok still easy to understand but now come the bit that a little more copmplex non NBAR matches
    ip access-list extended AL_RDP_PORT
    permit tcp any any eq 3389
    class-map type inspect match-all ZBF_CM_RDP
    match access-group name AL_RDP_PORT
    policy-map type inspect ZBF_PM_EXTERNAL->DMZ
    class type inspect ZBF_CM_RDP
      inspect
    This config is now using an access list because NBAR dosent have the protocol in it then map the AL to the CM then CM to PM. next is example is what i setup to get more non NBAR ports and only for 1 host
    ip access-list extended AL_HOST_IP_IN
    permit ip any host 11.11.11.11
    ip access-list extended AL_ISATAP
    permit 41 any any
    ip access-list extended AL_TEREDO
    permit udp any any eq 3544
    class-map type inspect match-ANY ZBF_CM_DirectAccess_Protocols
    description Nested Class Map
    match access-group name AL_ISATAP
    match access-group name AL_TEREDO
    match protocol https
    class-map type inspect match-ALL ZBF_CM_APP_IN
    match access-group name AL_HOST_IP_IN
    match access-group name ZBF_CM_DirectAccess_Protocols
    policy-map type inspect ZBF_PM_EXTERNAL->DMZ
    class type inspect ZBF_CM_APP_IN
      inspect                                                                                                      (or pass with rule for other direction)
    THis is what i setup and it works not for this example but the rule flow i then was having issues with DMVPN and ZBF (turned out to be an iso bug annoying me) but i used CiscoCP to setup the ZBF automaticly forthe DMVPN and it ZBF rule where  same proceduare as below.
    ip access-list extended AL_HOST_IP_IN
    permit ip any host 11.11.11.11
    ip access-list extended AL_ISATAP
    permit 41 any any
    ip access-list extended AL_TEREDO
    permit udp any any eq 3544
    class-map type inspect match-ANY CM_ISATAP
    match access-group name AL_ISATAP
    class-map type inspect match-ANY CM_TEREDO
    match access-group name AL_TEREDO
    class-map type inspect match-ANY ZBF_CM_DirectAccess_Protocols
    description Nested Class Map
    match class-map CM_ISATAP
    match class-map CM_TEREDO
    match protocol https
    class-map type inspect match-ALL ZBF_CM_APP_IN
    match access-group name AL_HOST_IP_IN
    match access-group name ZBF_CM_DirectAccess_Protocols
    policy-map type inspect ZBF_PM_EXTERNAL->DMZ
    class type inspect ZBF_CM_APP_IN
      inspect
    So what Cisco CP did was make yet another level of nesting rather then the match-all class map having the match access list command then made a cm with access list then the main class map had only other match class maps in it..
    QUESTION:
    Why did CiscoCP do the extra nesting
    both ways worked but i would like to know why the cisco CP did the same thing with the other layer of CM did it do this for best practise or dose this make changed later easier i cant understand whats the advange to doing it this way... but if there is a valid reason then ill great jjust trying to understand.
    thanks
    regards
    A very sore headed
    Dave

    When people say "use as few classes as possible", it's usually related not to optimize heap usage, but jar size.
    But it's true that some smart use of OOP can save a lot of memory during runtime (and even jar size in some cases). Using an interface in my GUI library helps make the architecture a lot simpler and more compact, to the point that even if all the GUI widgets are being used (so the "just loading the code you need at the moment" argument is moot) memory use is still smaller because I need a lot less hacks to glue everything together.
    It still is worth noting that often memory fragmentation is the true cause of running-out-of-memory-errors, and in this case loading many small classes will achieve exactly the opposite.
    shmoove

  • Update List of Protocols When Configuring a Class-map During IOS FW Configuration

    Hi Everyone.
    I am working on a 2911 router with IOS version 15.2 and I want to configure Zone Base Firewalls. I have a list of protocols I want to allow through the firewall but when I do match protocol ? after creating a class-map of type inspect, I don't see some of the protocols like rtp, rtcp, secure-imap and skype. Is there anyway I can update the list of protocols available to be selected?
    Thanks

    You should be able to match on any of the applications in NBAR. Have you updated to NBAR2? It can be downloaded here-
    http://software.cisco.com/download/release.html?mdfid=282774227&flowid=7440&softwareid=284509011&release=7.0.0&relind=AVAILABLE&rellifecycle=&reltype=latest
    The release notes list all the protocol definitions.
    Hope it helps

  • Datastore id and flat class mapping

    Hi,
    I have
    - an abstract persistent class A with 2 concrete persistent subclasses A1
    and A2. I'm using datastore identity and flat class mapping.
    - a class B that has a field fb with a one-many mapping to A1 objects
    (Hashset).
    - a class C that has a field fc with a one-many mapping to A objects
    (Hashset).
    - an instance a1 of A1 (id = 5)
    - an instance b of B in which fb contains a1
    - an instance c of C in which fc contains a1
    When loading b and then c, i happen to have 2 instances representing a1 in
    the same persistent manager. the one loaded in b has A1-5 as ObjectId and
    the one loaded in c has A-5 as ObjectId. Thus those two objects have a
    different object id while they represents the same data.
    I would expect to find only one.
    Do you have any idea ?
    Thanks,
    Laurent Czinczenheim

    I found the problem! There is no more jdo-1.0.1.jar in the kodo rar :-)
    Czinczenheim wrote:
    I have only kodo in the rar. If i put the kodo rar 3.1.3, i can deploy it.
    if i put the kodo rar 3.2.0, i cannot and get the previous exception. Is
    there any difference in the packages used by kodo 3.2.0 (other than kodo
    packages) that could interfer with the one i could have in my jboss lib
    directories ?
    thanks
    laurent
    Stephen Kim wrote:
    Kodo should either not be in the classpath and only in the rar or
    viceversa. It still seems like a classpath issue. Can you inspect your
    kodo-jdo-runtime.jars for the existence of kodo/util/FatalUserException?
    Czinczenheim wrote:
    I have only one version of Kodo in my classpath. Therefore, when i
    replace
    the rar by the one from version 3.1.3 (or any older version), i don'thave
    any problem to deploy the kodo resource adapter.
    Stephen Kim wrote:
    It appears that you may be having classpath problems. Do you have
    multiple versions of Kodo in the classpath or ear/rar?
    Czinczenheim wrote:
    Marc,
    i wanted to try it with the new 3.2 beta version but i can't even deploy
    kodo 3.2.b1 in JBoss 3.2.3. Here is the stacktrace i get when deploying
    the rar (My kodo-ds.xml is the same as the one i used with kodo 3.1.3):
    11:47:52,975 INFO [RARDeployment] Starting
    11:47:53,036 WARN [ServiceController] Problem starting service
    jboss.jca:service=ManagedConnectionFactory,name=jdo/pmf/prisma01
    java.lang.NoClassDefFoundError: kodo/util/FatalUserException
         at java.lang.Class.getDeclaredConstructors0(Native Method)
         at java.lang.Class.privateGetDeclaredConstructors(Class.java:1610)
         at java.lang.Class.getConstructor0(Class.java:1922)
         at java.lang.Class.newInstance0(Class.java:278)
         at java.lang.Class.newInstance(Class.java:261)
         at
    org.jboss.resource.connectionmanager.RARDeployment.startService(RARDeployment.java:533)
    >>>
         at
    org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:192)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    >>>
         at java.lang.reflect.Method.invoke(Method.java:324)
         at
    org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
    >>>
         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
         at
    org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:976)
    >>>
         at $Proxy12.start(Unknown Source)
         at org.jboss.system.ServiceController.start(ServiceController.java:394)
         at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
         at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    >>>
         at java.lang.reflect.Method.invoke(Method.java:324)
         at
    org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
    >>>
         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
         at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
         at $Proxy4.start(Unknown Source)
         at org.jboss.deployment.SARDeployer.start(SARDeployer.java:226)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    >>>
         at java.lang.reflect.Method.invoke(Method.java:324)
         at
    org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
    >>>
         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
         at
    org.jboss.mx.util.JMXInvocationHandler.invoke(JMXInvocationHandler.java:177)
         at $Proxy18.start(Unknown Source)
         at org.jboss.deployment.XSLSubDeployer.start(XSLSubDeployer.java:231)
         at org.jboss.deployment.MainDeployer.start(MainDeployer.java:824)
         at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:632)
         at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:605)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    >>>
         at java.lang.reflect.Method.invoke(Method.java:324)
         at
    org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
    >>>
         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
         at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
         at $Proxy6.deploy(Unknown Source)
         at
    org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:302)
    >>>
         at
    org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:476)
    >>>
         at
    org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:201)
    >>>
         at
    org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:274)
    >>>
         at
    org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:192)
         at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
         at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    >>>
         at java.lang.reflect.Method.invoke(Method.java:324)
         at
    org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
    >>>
         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
         at
    org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:976)
    >>>
         at $Proxy0.start(Unknown Source)
         at org.jboss.system.ServiceController.start(ServiceController.java:394)
         at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
         at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    >>>
         at java.lang.reflect.Method.invoke(Method.java:324)
         at
    org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
    >>>
         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
         at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
         at $Proxy4.start(Unknown Source)
         at org.jboss.deployment.SARDeployer.start(SARDeployer.java:226)
         at org.jboss.deployment.MainDeployer.start(MainDeployer.java:824)
         at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:632)
         at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:605)
         at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:589)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    >>>
         at java.lang.reflect.Method.invoke(Method.java:324)
         at
    org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
    >>>
         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
         at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
         at $Proxy5.deploy(Unknown Source)
         at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:384)
         at org.jboss.system.server.ServerImpl.start(ServerImpl.java:291)
         at org.jboss.Main.boot(Main.java:150)
         at org.jboss.Main$1.run(Main.java:388)
         at java.lang.Thread.run(Thread.java:534)
    Thanks for your help since the initial bug i described is critical forus.
    Laurent
    Marc Prud'hommeaux wrote:
    Laurent-
    I believe I have seen that problem, but I can't recall the exact
    symptoms (or the exact bug number). However, I do think that it was
    fixed for Kodo 3.2. Can you download the 3.2 beta and see if the
    problem
    still occurs?
    If it does still happen, can you provide us with your .jdo, .mapping,
    and .java files for the classes so we can take a look?
    In article <[email protected]>, Czinczenheim wrote:
    Hi,
    I have
    - an abstract persistent class A with 2 concrete persistent subclasses
    A1
    and A2. I'm using datastore identity and flat class mapping.
    - a class B that has a field fb with a one-many mapping to A1 objects
    (Hashset).
    - a class C that has a field fc with a one-many mapping to A objects
    (Hashset).
    - an instance a1 of A1 (id = 5)
    - an instance b of B in which fb contains a1
    - an instance c of C in which fc contains a1
    When loading b and then c, i happen to have 2 instances representing
    a1
    in
    the same persistent manager. the one loaded in b has A1-5 as ObjectIdand
    the one loaded in c has A-5 as ObjectId. Thus those two objects have a
    different object id while they represents the same data.
    I would expect to find only one.
    Do you have any idea ?
    Thanks,
    Laurent Czinczenheim
    Marc Prud'hommeaux
    SolarMetric Inc.
    Steve Kim
    [email protected]
    SolarMetric Inc.
    http://www.solarmetric.com
    Steve Kim
    [email protected]
    SolarMetric Inc.
    http://www.solarmetric.com

  • QoS - Create class-map while inside policy-map

    The cisco training notes for CME claim you can create a non-existant class-map while in the policy-map. Here is the what the notes say
    router(config-pmap)#class class-map-name condition
    ? Optionally you can define a new class-map by entering the condition after the name of the new class map
    Does this work

    If my memory serves me, it was on a 7206VXR running a 12.3 cut. Also, I do recall that the '?' will not present this as an option but it still works...
    Paresh.

  • ACE SSL Sticky class-map generic vs class default differences.

    There was a thread recently titled "ACE 3.0(0) SW / LB with SSL Session-ID" where Giles Dufour outlined a configuration for an ACE performing sticky based on SSL Session ID.
    Can anyone explain the benefits and differences of using a specific class-map generic such as this:
    class-map type generic match-any SSL-v3-32
      2 match layer4-payload regex "\x16\x03\x00..\x01.*"
      3 match layer4-payload regex "\x16\x03\x01..\x01.*"
    Versus just matching class default?
    So if I have a configuration such as this:
    policy-map type loadbalance generic first-match SSL-v3-Sticky
    class SSL-v3-32
       sticky-serverfarm ssl-v3
    vs
    policy-map type loadbalance generic first-match SSL-v3-Sticky
    class class-default
       sticky-serverfarm ssl-v3
    What's the benefit or drawback?

    The SSL session id is only available in version 3.0.1 and 3.1.1
    So you can match this particular version and then attempt to do stickyness.
    You are guaranteed to find what you're looking for.
    If you match a class-default it means you apply stickyness to any version of ssl packet.
    So there is a risk to misinterpret the content of the packet and stick on something else than the session id.
    Gilles.

Maybe you are looking for

  • Properties are not shown in the Logical model

    Sometimes when I right click on some entity in a logical model and select Properties - nothing happens and no properties dialog appears. The normal behavior restores after modeler is restarted. Is it a known bug?

  • Lumia 730 ds : background downloading issue

    I've checked it with both data connection & Wi-Fi. My Lumia 730 is not supporting background downloading. It stops when i do some other task on my phone & have to restart it each time & also sometimes d page crashes.. PLZ HELP..

  • Problem after 2.1.1 update with SONY A700 RAW

    Hi, after installing the update every raw from the Sony Alpha 700 DSLR are completly white and I can't change white balance, ... So Aperture is inopérative with my raw !

  • How to set report server to process 2 reports concurrently?

    Dear Sir, I'm using Oracle9iAS R2 Enterprise edition. Can the report server be configured to handle 2 concurrent requests? Reason being our production system, when one big report is being generated, the small report that comes second will need to wai

  • Converting CMYK design to K+1PMS

    Hello, My design was originally created as a CMYK. Now, it needs to be converted to a Black + one PMS. Using channels, then copying and pasting portions into a new PMS channel, I thought I had it. However, two portions of the design are not looking r