CSS load balancing issue: url isn't accessible even though services are up

Similar Messages

• CSS load balancing issue

  Hi,
  I'm facing a problem with CSS while load balaning for the web application with two servers.
  The application is based on activex..
  Basically I have two servers running web application for which I have created VIP in the CSS, user hits the VIP address and they access the application, also we use the sticky thing as the application requires the session persistence.. everything is fine, but the problem starts when one of the server fails...
  Assume a user hits the VIP address and access the application, due to the sticky thing his session will be with server A (for eg.), now suddenly the server A fails and in that time the user was doing a transcation and inputting some data and after that he press the submit button on the page, as the server A is down the web page gets refreshed and he has to relogin to the application and redo the whole thing what he was doing in that particular transcation...
  Now the application guys are telling this problem should not happen as the CSS should be able to take care of the session getting reestablished to the other server B during the server A failure...
  Can someone through some lights on this... I'm bit confused now... as what I understand is that the webpage gets refreshed during a server failure because the tcp session id will get changed and the server B will not accept the same tcp session so it reinitiates the new session...
  Is my understanding right?? or is there something which we can do on the CSS to avoid this problem...
  Regards
  Vijay.

  Hi Gilles,
  Thanks for the clarification.
  I have two more issues too...
  1. The load balancing of the application between the two servers are not even. Actually the traffic from the users keep hitting only one server, I understand the point of sticky method used in our case, but even atleast the connection from another client machine should go to the other server,but it is not the case... traffic from all the clients goes to only one server..
  what could be the possible reason for the same...
  My config is as below...
  service SERVER-1
  port 80
  protocol tcp
  keepalive port 80
  keepalive type tcp
  redundant-index 4
  ip address 10.6.223.87
  active
  service SERVER-2
  port 80
  protocol tcp
  keepalive port 80
  keepalive type tcp
  ip address 10.6.223.77
  redundant-index 5
  active
  owner WEB
  content WEB
  add service SERVER-1
  add service SERVER-2
  redundant-index 104
  vip address 10.6.223.78
  protocol tcp
  port 80
  url "/webretrieve*"
  advanced-balance sticky-srcip
  active
  2. Slow response of the application when users access application through VIP address(CSS), what can be done further in the configuration to improve the performance?? or any thing else I can do...
  Regards

• After installing the 9.0.1 update for Mozilla Firefox the bookmark icons are not loading on the bookmarks drop-down menu, even though they are loading when I go to Show All Bookmarks. Why?

  I am using a Mac and the 9.0.1 version of Firefox

  Firefox Help already had an answer for me - should have looked better: https://support.mozilla.org/en-US/kb/latest-firefox-issues#w_icons-missing-in-the-bookmarks-menu
  IT WORKS PERFECTLY NOW!!! THANK YOU!

• On iOS 6, I want to use iMessage. But, it says the person I'm sending to isn't registered even though they are. Any ideas?

  Read the title please. And yes, the person is a contact.

  Does that person have an iPod, iPad or iPhone with the Messages app and are you trying to Message that persons with the email addres (or phone number for an iPhone) they aves set up to use for Messages?
  Have them send you a Message to verify.
  Next try
  iOS: Troubleshooting Messages

• CSS arrowpoint cookie load balancing issue

  Hi guys,
  I need some advice on a load balancing issue.
  We have connections hitting the CSS via a proxy environment. As a result i see only one source ip address. I want to use arrowpoint cookies for session stickeyness. However when i enable the rule the tcp session negotiation fails. The CSS sends a TCP/RST which terminates the session.
  Here's the rule config:
  content HTTP_rule
  add service ZSTS299102
  add service ZSTS281101
  vip address <filtered>
  add service LONS299102
  add service LONS281101
  balance weightedrr
  change service ZSTS299102 weight 5
  change service ZSTS281101 weight 5
  advanced-balance arrowpoint-cookie
  protocol tcp
  port 80
  url "/*"
  active
  Any help would be much appreciated.

  Remko,
  in L3/L4 the CSS sends the SYN directly to the server.
  So when the FIN comes in, we simply pass it to the server.
  With L5 the CSS spoofs the connection and we select the server only after receiving the GET.
  If there was some delay between the GET and the FIN, the CSS would have time to establish a connection with the server and the FIN could be simply forwarded.
  Unfortunately, in this case the FIN is right after the GET with no delay.
  Gilles.

• Problem with WLIOTimeoutSecs in weblogic and apche  CSS load balancer

  Hi,
  We are using Weblogic 11g, apache 2.2 and CSS load balancer for load balancing.
  we have huge reports which take minutes to generate and hence we need higher value for WLIOTimeoutSecs. This works fine when we use server url but WLIOTimeoutSecs is not working when we use CSS load balancer.
  We checked with our load balancing team they said CSS load balancer will not repost the request.
  Here is the plugin configuration
  <Location /*****>
  SetHandler weblogic-handler
  PathTrim /
  WebLogicHost 'serevrip'
  WebLogicPort 'port'
  WLIOTimeoutSecs 3600
  Idempotent OFF
  WLProxySSL ON
  DefaultFileName /***/***/index.jsp
  Debug On
  WLLogFile /***/***/***/***.log
  </Location>
  Could some please help me on this.
  Thanks in advance
  Regards,
  Venkat

  Hi Tarun,
  The problem occurs when the SSL is enabled on apache. If I access the same URL over HTTP, the parameter WLIOTimeOut works fine.
  Also I observed that, none of the parameters are getting applied to the plugin. I had switched on 'DebugConfigInfo'. With this the HTTP URL with ?__WebLogicBridgeConfig as query parameter returned the complete configuration. However when accessed with HTTPS the server did not return the configuration.
  Is there a specific configuration to be applied when apache is used with SSL?
  Thanks for your help,
  Shashi

• CSS Load Balancing with Billing Server

  Hi Gilles
  Could I have a CSS load balancing two servers and also have it communicate with a billing server across the network. If yes then how can I do it?
  Regards,
  Sushil

  the CSS does not have the notion of billing server. A separate device - like the CSG - should be used if you need to collect billing info.
  Gilles.

• ITS load balancing issue

  Hi all,
  During our testing we are getting a load balancing issue.  However, one of the agates in our network is has more CPU power than compared to the other agates in our ITS network.  The memory on all the agate servers is the same. 
  Our current issue we are getting is the one agate that has more cpu power but acquires more sessions as compared to the other two agates.  It roughly gets 60 more sessions per agate process as compare to the other Agate servers.  Does having more cpu on a Agate affect the load balancing on ITS?  We are on ITS patch level 19 with the Hotfix. 
  Thanks,
  Jin Bae

  Hello Jin,
  yes, at (re)initialize the WGate retrieves the capacity from the AGates.
  This is an accumulated number based on CPU performance and the number of CPUs!
  The number can be seen in "wgate-status" as the "Capacity" of the AGate.
  When running multiprocess Agates the number is retrieved from the MManager and also involves the number of agate-processes.
  The WGate dispatches the load in proportion depending on these capacity numbers.
  By my knowledge there is no way that these values can be configured (fixed).
  Regards,
    Fekke

• SIP load balancing issue with ACE 4710

  SIP Load balancing Issue with ACE 4710
  I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
  rserver host CIN-VOX-31
    ip address 172.20.130.31
    inservice
  rserver host CIN-VOX-32
    ip address 172.20.130.32
    inservice
  serverfarm host CIN-VOX
    probe SIP-5060
    rserver CIN-VOX-31
      inservice
    rserver CIN-VOX-32
      inservice
  sticky sip-header Call-ID VOX_SIP_GROUP
    timeout 1
    timeout activeconns
    replicate sticky
    serverfarm CIN-VOX
  class-map match-all CIN_VOX_L4_CLASS
    2 match virtual-address 172.22.12.30 any
  class-map match-all CIN_VOX_SIP_L4_CLASS
    2 match virtual-address 172.22.12.30 udp eq sip
  policy-map type loadbalance sip first-match CIN_VOX_LB_SIP_POLICY
    class class-default
      sticky-serverfarm VOX_SIP_GROUP
  policy-map multi-match GLOBAL_DMZ_POLICY
     class CIN_VOX_SIP_L4_CLASS
      loadbalance vip inservice
      loadbalance policy CIN_VOX_LB_SIP_POLICY
      loadbalance vip icmp-reply
    class CIN_VOX_L4_CLASS
      loadbalance vip inservice
      loadbalance policy CIN_VOX_LB_SIP_POLICY
      loadbalance vip icmp-reply
  interface vlan 20
    description VIP_DMZ_VLAN
    ip address 172.22.12.4 255.255.255.192
    alias 172.22.12.3 255.255.255.192
    peer ip address 172.22.12.5 255.255.255.192
    access-group input PERMIT-ANY-LB
    service-policy input GLOBAL_DMZ_POLICY
  could you please help me on this...
  thanks
  Rakesh Patel

  I mean there should be one more statement-
  class-map type sip loadbalance match-any CIN_VOX_LB_SIP_POLICY 
  match sip header Call_ID header-value sip:
  and that will be called under-
  policy-map multi-match GLOBAL_DMZ_POLICY
     class CIN_VOX_SIP_L4_CLASS
      loadbalance vip inservice
      loadbalance policy CIN_VOX_LB_SIP_POLICY
      loadbalance vip icmp-reply
  is that missing in your config ?

• LWAPP-3-REPLAY_ERR and load balancing issue

  Guys, I was trying to troubleshoot this error in my WLC
  Nov 24 00:30:01 wlc1: *spamApTask5: Nov 24 00:30:01.883: #LWAPP-3-REPLAY_ERR: spam_lrad.c:35169 The system has received replay error on slot 0, WLAN ID 1, count 1 from AP 08:d0:9f:23:4f:e0
  I did some search and I was trying to check if there was any replay attack in the network but I don't know where to start and kept searching for other reasons, and got an anwser in other blog. And this issue could be related to a Load-balancing config.
  Eventhough,I've got Load-Balancing disable in all my WLAN's but still got these counters. How can I check if those are false positives?
  (wlc-1) >show load-balancing 
  Aggressive Load Balancing........................ per WLAN enabling
  Aggressive Load Balancing Window................. 10 clients
  Aggressive Load Balancing Denial Count........... 3 
                                                      Statistics
  Total Denied Count............................... 17682 clients
  Total Denial Sent................................ 30891 messages
  Exceeded Denial Max Limit Count.................. 5032 times
  None 5G Candidate Count.......................... 206270 times
  None 2.4G Candidate Count........................ 5040 times
  In the GUI the Load-Balancing is DISABLED per WLAN.

  yes, even I've upgraded my entire campus to 1702i and 2702i lightweight AP's with 8.0.115.0 code in my WLC I still got huge amount of LWAPP Replay Erros, please check the summuary of erros during yesterday..
       14 APF-1-CONFLICT_IN_ASS_REQ: apf_80211.c
       14 APF-3-CHECK_EXT_SUPP_RATES_FAILED: apf_utils.c
       14 APF-3-CHECK_SUPP_RATES_FAILED: apf_utils.c
       15 APF-3-NO_FRAMED_IP_ADDRESS: apf_radius.c
      638 APF-3-VALIDATE_DOT11i_CIPHERS_FAILED: apf_rsn_utils.c
      103 DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c
     2427 DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c
       55 DOT1X-3-AUTHKEY_TX_TRANS_ERR: 1x_kxsm.c
       20 DOT1X-3-CLIENT_NOT_FOUND: dot1x_msg_task.c
     1365 DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c
       69 DOT1X-3-INVALID_WPA_KEY_MSG: 1x_eapkey.c
      296 DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c
        2 DOT1X-3-INVALID_WPA_KEY_STATE: 1x_eapkey.c
      923 DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c
        7 DTL-3-ARP_CLIENT_IP_DUPLICATED: dtl_arp.c
        2 IPV6-3-CREATE_BINDING_FAILED: ipv6_net.c
        2 IPV6-3-ORPHAN_ADDR_LEARNING_FAILED: ipv6_net.c
        2 LOG-3-Q_IND: 1x_eapkey.c
        3 LOG-3-Q_IND: rrmChanUtils.c
       22 LOG-3-Q_IND: spam_lrad.c
     5120 LWAPP-3-REPLAY_ERR: spam_lrad.c
        2 LWAPP-3-VENDOR_PLD_VALIDATE_ERR: spam_lrad.c
        3 RRM-3-RRM_LOGMSG: rrmChanUtils.c
      615 RRM-3-RRM_LOGMSG: rrmLrad.c
        2 SISF-3-INTERNAL: sisf_shim_utils.c

• Load Balancer virtual URL not working with analytics page

  We have configured Load Balancer virtual URL. But it is working for only iAS. We have Oracle Application Server 10.1.3
  Our OBIEE is 10.1.3.4.1
  Here is the virtual configuration
  Listen 7877
  +<VirtualHost default:7877>+
  +# General setup for the virtual host+
  DocumentRoot "/apps_base/obiee/ias/Apache/Apache/htdocs"
  ServerName uat.bi.company.com
  ServerAdmin [email protected]
  ErrorLog "|/apps_base/obiee/ias/Apache/Apache/bin/rotatelogs /apps_base/obiee/ias/Apache/Apache/logs/error_log 43200"
  TransferLog "|/apps_base/obiee/ias/Apache/Apache/bin/rotatelogs /apps_base/obiee/ias/Apache/Apache/logs/access_log 43200"
  Port 443
  +# SSL Engine Switch:+
  +# Enable/Disable SSL for this virtual host.+
  SSLEngine on
  https://uat.bi.company.com -> WORKS great
  https://uat.bi.company.com/em -> WORKS great
  https://uat.bi.company.com/analytics -> page cannot be displayed
  We have SSO configured. So i do get the SSO login page, but clicking on submit button, I get page cannot be displayed.
  Everything works if I disable the load balancer virtual.
  THe Load Balancer is configured to listen on 443 and then routes to 7877 on the physical server coorldas04.company.com
  Can you assist in this one ??

  Is this still a problem?

• After upgrading to 3.6.8 none of the plugins load even though there are updates available. The updates will not install and even though the error states to look at the console error log there are no errors listed in the log.

  After upgrading to 3.6.8 none of the extensions load even though there are updates available. The updates will not install and even though the error states to look at the console error log there are no errors listed in the log. All extensions are listed in Addons>Extensions.
  == This happened ==
  Every time Firefox opened
  == Upgrading to newer Firefox version (3.6.8)

  I have been having the same issue for the last two weeks. No real indication as to why it ever began other than I had turned off my router and Airport Extreme Base Station off for a weekend while I was away from my place.
  iPad, iPhone, iPod Touch, all have no issues at all with my Airport Extreme Base Station. Can stay connected throughout my living room, bathroom, bedroom, no issues whatsoever.
  My 5 month old MacBook Pro 2.66 GHz Core i7 Airport is sometimes perfect, able to connect, DHCP, and browse without issue. Then, for no reason, I won't be able to join my wireless network, or when I can join, I can't pick up an IP address. And then it will connect, pick up and IP, and then it won't browse. No real rhyme or reason to when this will happen, or when it works.
  I thought that it was an issue with my MacBook Pro, but then my sister visited with her brand new MacBook Pro 2.26 Intel Core 2 Duo, and while a month ago she was able to connect, DHCP, and browse without issue, this weekend she had all of the same issues I was having.
  My XBOX 360 and MacBook Pro have absolutely no issues with the wired connection. Only my WAN seems to have this issue.
  Did you ever find anything more to this?

• I just used stellar phoenix mac data recovery and it seemed to work but now my files won't open.  Even though they are "jpeg, mov" files the error message is  could not be opened. The movie's file format isn't recognized. "  Any help or are they corrupted

  I just used stellar phoenix mac data recovery and it seemed to work but now my files won't open.  Even though they are "jpeg, mov" files, the error message is  "could not be opened". The movie's file format isn't recognized. "  Any help or are they corrupted?

  Sounds to me like the file is probably corrupt. If you had hard drive corruption or damage, that could easily result in recovered files not being fully intact. If you were trying to recover accidentally deleted files, it's possible they might have been partially overwritten before recovering. There are never any guarantees with file recovery.
  Without more information on the circumstances that led you to try recovery, it's hard to give advice on what to try from here. You could always try another file recovery tool, like Data Rescue 3. Just be sure you're taking appropriate precautions when doing recovery. See Recovering deleted files.

• CSS 11501 Load Balancing Issue

  Hi,
  We are facing some issue in load balancing in cisco CSS 11501 as we are not able to access the application  through virtual IP. Below is the ruuning configuration of the CSS:
  CSS11501# sh running-config
  !Generated on 10/06/2010 16:51:34
  !Active version: sg0810106
  configure
  !*************************** GLOBAL ***************************
    ip route 0.0.0.0 0.0.0.0 132.186.199.1 1
  !************************** CIRCUIT **************************
  circuit VLAN1
    ip address 132.186.199.145 255.255.255.0
  !************************** SERVICE **************************
  service Server1
    ip address 132.186.199.243
    port 5001
    protocol tcp
    keepalive port 5001
    active
  service Server2
    ip address 132.186.199.246
    protocol tcp
    port 5001
    keepalive port 5001
    active
  !*************************** OWNER ***************************
  owner L5_Owner
    content L3_Rule
      vip address 132.186.199.146
      protocol tcp
      port 5001
      add service Server1
      add service Server2
      active
    content L5_Rule
      vip address 132.186.199.146
      add service Server1
      add service Server2
      protocol tcp
      port 5001
      url "//132.186.199.146:5001/emi"
      active
  CSS11501#
  Observation : We are able to telnet on VIP: 132.186.199.146 on port 5001,  but not able to access the application.
  In Actual scenarion customer access  application by accessing URL: http://132.186.199.243:5001/emi and once he enter this URL in web browser the request redirects ( by server itself)  to URL: https://132.186.199.44:6002/cas/login?service=http%3A%2F%2F132.186.199.243%3A5001%2Femi%2Findex.jsp&acceptStrength=BASIC on backend server for user authenticaton and once user is authenticated then it again redirect to main URL ( http://132.186.199.243:5001/emi ) to access the application but when we are trying to access the application through VIP ( URL: http://132.186.199.146:5001/emi) we are not getting the login page as the request is not gettting redirected to backend server for user authentication.
  Please suggest a solution here.

  The problem is that you are in one-armed mode.
  So you need to configure client nat.
  Without nating the client ip address, the server response goes back directly to the client and bypasses the CSS.
  Therefore the client receives a response from an unknown server ip address (not the vip).
  So configure a group.
  For example
  group Client
      vip address 132.186.199.146
      add destination service Server1
       add destination service Server2
      active
  Also, remove the url command from your content rule.
  It is useless in your case and will just make performance worst.
  Gilles.

• CSS11500 Load Balancing issue

  Hi all,
  I using the CSS 11500 sg0750004 (07.50.0.04) to balacing requests between two web application servers, but the after applied the configurations, the balancing requests don't occurs as expect, see the configuration applied:
  service SAPSRV1_8000
    ip address 192.215.13.44
    protocol tcp
    keepalive method get
    keepalive type tcp
    keepalive port 8000
    keepalive frequency 30
    port 8000
    string  sapsrv1
    active
  service SAPSRV2_8000
    ip address 192.215.13.45
    protocol tcp
    keepalive method get
    keepalive type tcp
    keepalive port 8000
    keepalive frequency 30
    port 8000
    string  sapsrv2
    active
  content SAPSRVS_8000
      add service SAPSRV1_8000
      add service SAPSRV2_8000
      vip address 192.215.13.40
      advanced-balance cookies
      string process-length 7
      no persistent
      protocol tcp
      port  8000
      url "/*"
      string prefix "sap-hostid="
      string range 1 to 1999
      active
  group SAPSRV1_SAPSRV2Servers
    add destination service SAPSRV1_8000
    add destination service SAPSRV2_8000
    vip address 192.215.13.40
    active
  So, the VIP Address is exclusively to the group service and the tcp port also is exclusively.
  Could you please assist me, why the load balancing doesn't running correctly?
  Case need more information, please let me know.
  Thank you in advanced.
  Sergio Lima

  Hello Sergio,
  Can you please elaborate on the issues you are experiencing? When you mention the VIP is not working as expected is that due to the fact that the connection simply hangs? Is the CSS actually balancing the inbound traffic?  Or is it successfully balancing the traffic, but not maintaining session persistence based on the server-side cookie?  Do you know if the session cookie will be embedded within the HTTP header or the URL string?  If you are unsure you can always change the "advanced-balance" method to "cookie-url". Can you ping the VIP address?
  Also, can you confirm that the server-side cookie should be located directly after the following name "sap-hostid="?
  Ex:
  sap-hostid=sapsrv1
  The reason why I ask is you do not have a string skip-length defined so the CSS will attempt to locate the server-side cookie string after the prefix.
  Also, have you verified the services have passed their keep-alive check? This can be performed by running the following command:
  show service-summary
  Both of the services should "alive" on their keep-alive check.
  Also, on your service configuration you do not require the "keepalive method get" command since the services are setup to perform a tcp socket connection for their keep-alive check and not a keepalive type of http to a URI page.
  service SAPSRV1_8000
    ip address 192.215.13.44
    protocol tcp
    keepalive type tcp
    keepalive port 8000
    keepalive frequency 30
    port 8000
    string  sapsrv1
    active
  service SAPSRV2_8000
    ip address 192.215.13.45
    protocol tcp
    keepalive type tcp
    keepalive port 8000
    keepalive frequency 30
    port 8000
    string  sapsrv2
    active
  Also, based on the service and content rule configuration it would seem as though your CSS has been deployed in Bridged Mode (single Circuit VLAN).  That being said, the Group Rule will allow users from the 192.215.13.0/24 network to establish a port 8000 connection to the 192.215.13.40 VIP. However, please be advised external clients establishing a connection to the 192.215.13.40 VIP will "appear" as the .40 VIP address within the destination server logs.  The CSS will SNAT the inbound client traffic and masquerade their true source address as the VIP. Unfortunately, the CSS does not support the X-Forwarded-For HTTP header option.  However, this can be bypassed through the use of ACLs on the CSS.
  - Jason