CSS load balancing issue: url isn't accessible even though services are up
service Server1:80
ip address 10.10.10.34
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
active
service Server2:80
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
ip address 10.10.10.35
active
owner Ow1
content LBR1:80
vip address 192.168.1.159
port 80
protocol tcp
url "/*"
balance weightedrr
add service Server1:80
add service Server2:80
advanced-balance sticky-srcip
sticky-inact-timeout 21
flow-timeout-multiplier 8
active
service Server1:80
ip address 10.10.10.34
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
active
service Server2:80
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
ip address 10.10.10.35
active
owner OW1
content LBR2:80
vip address 192.168.1.98
protocol tcp
port 80
url "/*"
balance weightedrr
add service Server1:80
add service Server2:80
advanced-balance sticky-srcip
sticky-inact-timeout 21
flow-timeout-multiplier 8
active
All services are alive all the time and both contexts are alive all the time.
when user tries to access LBR2:80's URL it works all the time. but when user tries to access LBR1:80's url then it works sometimes and some times it doesn't work.
could you advise what the issue could be?
When the SYN comes in the CSS will first check for the srcip in the sticky database and if it finds a match will forward to the stuck server. If the source ip is not in the sticky database the request will be load balanced using weightedrr and a server selected. That sticky server will then be added to the sticky database.
If the sticky-srcip is used between 2 content rule, it will use separate sticky table.
You may need to take packet capture to understand what is really failing along with
a following outputs :
sh flow
sh rule Ow1 LBR1:80 ser
regards
Andrew
Similar Messages
-
Hi,
I'm facing a problem with CSS while load balaning for the web application with two servers.
The application is based on activex..
Basically I have two servers running web application for which I have created VIP in the CSS, user hits the VIP address and they access the application, also we use the sticky thing as the application requires the session persistence.. everything is fine, but the problem starts when one of the server fails...
Assume a user hits the VIP address and access the application, due to the sticky thing his session will be with server A (for eg.), now suddenly the server A fails and in that time the user was doing a transcation and inputting some data and after that he press the submit button on the page, as the server A is down the web page gets refreshed and he has to relogin to the application and redo the whole thing what he was doing in that particular transcation...
Now the application guys are telling this problem should not happen as the CSS should be able to take care of the session getting reestablished to the other server B during the server A failure...
Can someone through some lights on this... I'm bit confused now... as what I understand is that the webpage gets refreshed during a server failure because the tcp session id will get changed and the server B will not accept the same tcp session so it reinitiates the new session...
Is my understanding right?? or is there something which we can do on the CSS to avoid this problem...
Regards
Vijay.Hi Gilles,
Thanks for the clarification.
I have two more issues too...
1. The load balancing of the application between the two servers are not even. Actually the traffic from the users keep hitting only one server, I understand the point of sticky method used in our case, but even atleast the connection from another client machine should go to the other server,but it is not the case... traffic from all the clients goes to only one server..
what could be the possible reason for the same...
My config is as below...
service SERVER-1
port 80
protocol tcp
keepalive port 80
keepalive type tcp
redundant-index 4
ip address 10.6.223.87
active
service SERVER-2
port 80
protocol tcp
keepalive port 80
keepalive type tcp
ip address 10.6.223.77
redundant-index 5
active
owner WEB
content WEB
add service SERVER-1
add service SERVER-2
redundant-index 104
vip address 10.6.223.78
protocol tcp
port 80
url "/webretrieve*"
advanced-balance sticky-srcip
active
2. Slow response of the application when users access application through VIP address(CSS), what can be done further in the configuration to improve the performance?? or any thing else I can do...
Regards -
I am using a Mac and the 9.0.1 version of Firefox
Firefox Help already had an answer for me - should have looked better: https://support.mozilla.org/en-US/kb/latest-firefox-issues#w_icons-missing-in-the-bookmarks-menu
IT WORKS PERFECTLY NOW!!! THANK YOU! -
Read the title please. And yes, the person is a contact.
Does that person have an iPod, iPad or iPhone with the Messages app and are you trying to Message that persons with the email addres (or phone number for an iPhone) they aves set up to use for Messages?
Have them send you a Message to verify.
Next try
iOS: Troubleshooting Messages -
CSS arrowpoint cookie load balancing issue
Hi guys,
I need some advice on a load balancing issue.
We have connections hitting the CSS via a proxy environment. As a result i see only one source ip address. I want to use arrowpoint cookies for session stickeyness. However when i enable the rule the tcp session negotiation fails. The CSS sends a TCP/RST which terminates the session.
Here's the rule config:
content HTTP_rule
add service ZSTS299102
add service ZSTS281101
vip address <filtered>
add service LONS299102
add service LONS281101
balance weightedrr
change service ZSTS299102 weight 5
change service ZSTS281101 weight 5
advanced-balance arrowpoint-cookie
protocol tcp
port 80
url "/*"
active
Any help would be much appreciated.Remko,
in L3/L4 the CSS sends the SYN directly to the server.
So when the FIN comes in, we simply pass it to the server.
With L5 the CSS spoofs the connection and we select the server only after receiving the GET.
If there was some delay between the GET and the FIN, the CSS would have time to establish a connection with the server and the FIN could be simply forwarded.
Unfortunately, in this case the FIN is right after the GET with no delay.
Gilles. -
Problem with WLIOTimeoutSecs in weblogic and apche CSS load balancer
Hi,
We are using Weblogic 11g, apache 2.2 and CSS load balancer for load balancing.
we have huge reports which take minutes to generate and hence we need higher value for WLIOTimeoutSecs. This works fine when we use server url but WLIOTimeoutSecs is not working when we use CSS load balancer.
We checked with our load balancing team they said CSS load balancer will not repost the request.
Here is the plugin configuration
<Location /*****>
SetHandler weblogic-handler
PathTrim /
WebLogicHost 'serevrip'
WebLogicPort 'port'
WLIOTimeoutSecs 3600
Idempotent OFF
WLProxySSL ON
DefaultFileName /***/***/index.jsp
Debug On
WLLogFile /***/***/***/***.log
</Location>
Could some please help me on this.
Thanks in advance
Regards,
VenkatHi Tarun,
The problem occurs when the SSL is enabled on apache. If I access the same URL over HTTP, the parameter WLIOTimeOut works fine.
Also I observed that, none of the parameters are getting applied to the plugin. I had switched on 'DebugConfigInfo'. With this the HTTP URL with ?__WebLogicBridgeConfig as query parameter returned the complete configuration. However when accessed with HTTPS the server did not return the configuration.
Is there a specific configuration to be applied when apache is used with SSL?
Thanks for your help,
Shashi -
CSS Load Balancing with Billing Server
Hi Gilles
Could I have a CSS load balancing two servers and also have it communicate with a billing server across the network. If yes then how can I do it?
Regards,
Sushilthe CSS does not have the notion of billing server. A separate device - like the CSG - should be used if you need to collect billing info.
Gilles. -
Hi all,
During our testing we are getting a load balancing issue. However, one of the agates in our network is has more CPU power than compared to the other agates in our ITS network. The memory on all the agate servers is the same.
Our current issue we are getting is the one agate that has more cpu power but acquires more sessions as compared to the other two agates. It roughly gets 60 more sessions per agate process as compare to the other Agate servers. Does having more cpu on a Agate affect the load balancing on ITS? We are on ITS patch level 19 with the Hotfix.
Thanks,
Jin BaeHello Jin,
yes, at (re)initialize the WGate retrieves the capacity from the AGates.
This is an accumulated number based on CPU performance and the number of CPUs!
The number can be seen in "wgate-status" as the "Capacity" of the AGate.
When running multiprocess Agates the number is retrieved from the MManager and also involves the number of agate-processes.
The WGate dispatches the load in proportion depending on these capacity numbers.
By my knowledge there is no way that these values can be configured (fixed).
Regards,
Fekke -
SIP load balancing issue with ACE 4710
SIP Load balancing Issue with ACE 4710
I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
rserver host CIN-VOX-31
ip address 172.20.130.31
inservice
rserver host CIN-VOX-32
ip address 172.20.130.32
inservice
serverfarm host CIN-VOX
probe SIP-5060
rserver CIN-VOX-31
inservice
rserver CIN-VOX-32
inservice
sticky sip-header Call-ID VOX_SIP_GROUP
timeout 1
timeout activeconns
replicate sticky
serverfarm CIN-VOX
class-map match-all CIN_VOX_L4_CLASS
2 match virtual-address 172.22.12.30 any
class-map match-all CIN_VOX_SIP_L4_CLASS
2 match virtual-address 172.22.12.30 udp eq sip
policy-map type loadbalance sip first-match CIN_VOX_LB_SIP_POLICY
class class-default
sticky-serverfarm VOX_SIP_GROUP
policy-map multi-match GLOBAL_DMZ_POLICY
class CIN_VOX_SIP_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
class CIN_VOX_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
interface vlan 20
description VIP_DMZ_VLAN
ip address 172.22.12.4 255.255.255.192
alias 172.22.12.3 255.255.255.192
peer ip address 172.22.12.5 255.255.255.192
access-group input PERMIT-ANY-LB
service-policy input GLOBAL_DMZ_POLICY
could you please help me on this...
thanks
Rakesh PatelI mean there should be one more statement-
class-map type sip loadbalance match-any CIN_VOX_LB_SIP_POLICY
match sip header Call_ID header-value sip:
and that will be called under-
policy-map multi-match GLOBAL_DMZ_POLICY
class CIN_VOX_SIP_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
is that missing in your config ? -
LWAPP-3-REPLAY_ERR and load balancing issue
Guys, I was trying to troubleshoot this error in my WLC
Nov 24 00:30:01 wlc1: *spamApTask5: Nov 24 00:30:01.883: #LWAPP-3-REPLAY_ERR: spam_lrad.c:35169 The system has received replay error on slot 0, WLAN ID 1, count 1 from AP 08:d0:9f:23:4f:e0
I did some search and I was trying to check if there was any replay attack in the network but I don't know where to start and kept searching for other reasons, and got an anwser in other blog. And this issue could be related to a Load-balancing config.
Eventhough,I've got Load-Balancing disable in all my WLAN's but still got these counters. How can I check if those are false positives?
(wlc-1) >show load-balancing
Aggressive Load Balancing........................ per WLAN enabling
Aggressive Load Balancing Window................. 10 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 17682 clients
Total Denial Sent................................ 30891 messages
Exceeded Denial Max Limit Count.................. 5032 times
None 5G Candidate Count.......................... 206270 times
None 2.4G Candidate Count........................ 5040 times
In the GUI the Load-Balancing is DISABLED per WLAN.yes, even I've upgraded my entire campus to 1702i and 2702i lightweight AP's with 8.0.115.0 code in my WLC I still got huge amount of LWAPP Replay Erros, please check the summuary of erros during yesterday..
14 APF-1-CONFLICT_IN_ASS_REQ: apf_80211.c
14 APF-3-CHECK_EXT_SUPP_RATES_FAILED: apf_utils.c
14 APF-3-CHECK_SUPP_RATES_FAILED: apf_utils.c
15 APF-3-NO_FRAMED_IP_ADDRESS: apf_radius.c
638 APF-3-VALIDATE_DOT11i_CIPHERS_FAILED: apf_rsn_utils.c
103 DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c
2427 DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c
55 DOT1X-3-AUTHKEY_TX_TRANS_ERR: 1x_kxsm.c
20 DOT1X-3-CLIENT_NOT_FOUND: dot1x_msg_task.c
1365 DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c
69 DOT1X-3-INVALID_WPA_KEY_MSG: 1x_eapkey.c
296 DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c
2 DOT1X-3-INVALID_WPA_KEY_STATE: 1x_eapkey.c
923 DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c
7 DTL-3-ARP_CLIENT_IP_DUPLICATED: dtl_arp.c
2 IPV6-3-CREATE_BINDING_FAILED: ipv6_net.c
2 IPV6-3-ORPHAN_ADDR_LEARNING_FAILED: ipv6_net.c
2 LOG-3-Q_IND: 1x_eapkey.c
3 LOG-3-Q_IND: rrmChanUtils.c
22 LOG-3-Q_IND: spam_lrad.c
5120 LWAPP-3-REPLAY_ERR: spam_lrad.c
2 LWAPP-3-VENDOR_PLD_VALIDATE_ERR: spam_lrad.c
3 RRM-3-RRM_LOGMSG: rrmChanUtils.c
615 RRM-3-RRM_LOGMSG: rrmLrad.c
2 SISF-3-INTERNAL: sisf_shim_utils.c -
Load Balancer virtual URL not working with analytics page
We have configured Load Balancer virtual URL. But it is working for only iAS. We have Oracle Application Server 10.1.3
Our OBIEE is 10.1.3.4.1
Here is the virtual configuration
Listen 7877
+<VirtualHost default:7877>+
+# General setup for the virtual host+
DocumentRoot "/apps_base/obiee/ias/Apache/Apache/htdocs"
ServerName uat.bi.company.com
ServerAdmin [email protected]
ErrorLog "|/apps_base/obiee/ias/Apache/Apache/bin/rotatelogs /apps_base/obiee/ias/Apache/Apache/logs/error_log 43200"
TransferLog "|/apps_base/obiee/ias/Apache/Apache/bin/rotatelogs /apps_base/obiee/ias/Apache/Apache/logs/access_log 43200"
Port 443
+# SSL Engine Switch:+
+# Enable/Disable SSL for this virtual host.+
SSLEngine on
https://uat.bi.company.com -> WORKS great
https://uat.bi.company.com/em -> WORKS great
https://uat.bi.company.com/analytics -> page cannot be displayed
We have SSO configured. So i do get the SSO login page, but clicking on submit button, I get page cannot be displayed.
Everything works if I disable the load balancer virtual.
THe Load Balancer is configured to listen on 443 and then routes to 7877 on the physical server coorldas04.company.com
Can you assist in this one ??Is this still a problem?
-
After upgrading to 3.6.8 none of the extensions load even though there are updates available. The updates will not install and even though the error states to look at the console error log there are no errors listed in the log. All extensions are listed in Addons>Extensions.
== This happened ==
Every time Firefox opened
== Upgrading to newer Firefox version (3.6.8)I have been having the same issue for the last two weeks. No real indication as to why it ever began other than I had turned off my router and Airport Extreme Base Station off for a weekend while I was away from my place.
iPad, iPhone, iPod Touch, all have no issues at all with my Airport Extreme Base Station. Can stay connected throughout my living room, bathroom, bedroom, no issues whatsoever.
My 5 month old MacBook Pro 2.66 GHz Core i7 Airport is sometimes perfect, able to connect, DHCP, and browse without issue. Then, for no reason, I won't be able to join my wireless network, or when I can join, I can't pick up an IP address. And then it will connect, pick up and IP, and then it won't browse. No real rhyme or reason to when this will happen, or when it works.
I thought that it was an issue with my MacBook Pro, but then my sister visited with her brand new MacBook Pro 2.26 Intel Core 2 Duo, and while a month ago she was able to connect, DHCP, and browse without issue, this weekend she had all of the same issues I was having.
My XBOX 360 and MacBook Pro have absolutely no issues with the wired connection. Only my WAN seems to have this issue.
Did you ever find anything more to this? -
I just used stellar phoenix mac data recovery and it seemed to work but now my files won't open. Even though they are "jpeg, mov" files, the error message is "could not be opened". The movie's file format isn't recognized. " Any help or are they corrupted?
Sounds to me like the file is probably corrupt. If you had hard drive corruption or damage, that could easily result in recovered files not being fully intact. If you were trying to recover accidentally deleted files, it's possible they might have been partially overwritten before recovering. There are never any guarantees with file recovery.
Without more information on the circumstances that led you to try recovery, it's hard to give advice on what to try from here. You could always try another file recovery tool, like Data Rescue 3. Just be sure you're taking appropriate precautions when doing recovery. See Recovering deleted files. -
CSS 11501 Load Balancing Issue
Hi,
We are facing some issue in load balancing in cisco CSS 11501 as we are not able to access the application through virtual IP. Below is the ruuning configuration of the CSS:
CSS11501# sh running-config
!Generated on 10/06/2010 16:51:34
!Active version: sg0810106
configure
!*************************** GLOBAL ***************************
ip route 0.0.0.0 0.0.0.0 132.186.199.1 1
!************************** CIRCUIT **************************
circuit VLAN1
ip address 132.186.199.145 255.255.255.0
!************************** SERVICE **************************
service Server1
ip address 132.186.199.243
port 5001
protocol tcp
keepalive port 5001
active
service Server2
ip address 132.186.199.246
protocol tcp
port 5001
keepalive port 5001
active
!*************************** OWNER ***************************
owner L5_Owner
content L3_Rule
vip address 132.186.199.146
protocol tcp
port 5001
add service Server1
add service Server2
active
content L5_Rule
vip address 132.186.199.146
add service Server1
add service Server2
protocol tcp
port 5001
url "//132.186.199.146:5001/emi"
active
CSS11501#
Observation : We are able to telnet on VIP: 132.186.199.146 on port 5001, but not able to access the application.
In Actual scenarion customer access application by accessing URL: http://132.186.199.243:5001/emi and once he enter this URL in web browser the request redirects ( by server itself) to URL: https://132.186.199.44:6002/cas/login?service=http%3A%2F%2F132.186.199.243%3A5001%2Femi%2Findex.jsp&acceptStrength=BASIC on backend server for user authenticaton and once user is authenticated then it again redirect to main URL ( http://132.186.199.243:5001/emi ) to access the application but when we are trying to access the application through VIP ( URL: http://132.186.199.146:5001/emi) we are not getting the login page as the request is not gettting redirected to backend server for user authentication.
Please suggest a solution here.The problem is that you are in one-armed mode.
So you need to configure client nat.
Without nating the client ip address, the server response goes back directly to the client and bypasses the CSS.
Therefore the client receives a response from an unknown server ip address (not the vip).
So configure a group.
For example
group Client
vip address 132.186.199.146
add destination service Server1
add destination service Server2
active
Also, remove the url command from your content rule.
It is useless in your case and will just make performance worst.
Gilles. -
Hi all,
I using the CSS 11500 sg0750004 (07.50.0.04) to balacing requests between two web application servers, but the after applied the configurations, the balancing requests don't occurs as expect, see the configuration applied:
service SAPSRV1_8000
ip address 192.215.13.44
protocol tcp
keepalive method get
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv1
active
service SAPSRV2_8000
ip address 192.215.13.45
protocol tcp
keepalive method get
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv2
active
content SAPSRVS_8000
add service SAPSRV1_8000
add service SAPSRV2_8000
vip address 192.215.13.40
advanced-balance cookies
string process-length 7
no persistent
protocol tcp
port 8000
url "/*"
string prefix "sap-hostid="
string range 1 to 1999
active
group SAPSRV1_SAPSRV2Servers
add destination service SAPSRV1_8000
add destination service SAPSRV2_8000
vip address 192.215.13.40
active
So, the VIP Address is exclusively to the group service and the tcp port also is exclusively.
Could you please assist me, why the load balancing doesn't running correctly?
Case need more information, please let me know.
Thank you in advanced.
Sergio LimaHello Sergio,
Can you please elaborate on the issues you are experiencing? When you mention the VIP is not working as expected is that due to the fact that the connection simply hangs? Is the CSS actually balancing the inbound traffic? Or is it successfully balancing the traffic, but not maintaining session persistence based on the server-side cookie? Do you know if the session cookie will be embedded within the HTTP header or the URL string? If you are unsure you can always change the "advanced-balance" method to "cookie-url". Can you ping the VIP address?
Also, can you confirm that the server-side cookie should be located directly after the following name "sap-hostid="?
Ex:
sap-hostid=sapsrv1
The reason why I ask is you do not have a string skip-length defined so the CSS will attempt to locate the server-side cookie string after the prefix.
Also, have you verified the services have passed their keep-alive check? This can be performed by running the following command:
show service-summary
Both of the services should "alive" on their keep-alive check.
Also, on your service configuration you do not require the "keepalive method get" command since the services are setup to perform a tcp socket connection for their keep-alive check and not a keepalive type of http to a URI page.
service SAPSRV1_8000
ip address 192.215.13.44
protocol tcp
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv1
active
service SAPSRV2_8000
ip address 192.215.13.45
protocol tcp
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv2
active
Also, based on the service and content rule configuration it would seem as though your CSS has been deployed in Bridged Mode (single Circuit VLAN). That being said, the Group Rule will allow users from the 192.215.13.0/24 network to establish a port 8000 connection to the 192.215.13.40 VIP. However, please be advised external clients establishing a connection to the 192.215.13.40 VIP will "appear" as the .40 VIP address within the destination server logs. The CSS will SNAT the inbound client traffic and masquerade their true source address as the VIP. Unfortunately, the CSS does not support the X-Forwarded-For HTTP header option. However, this can be bypassed through the use of ACLs on the CSS.
- Jason
Maybe you are looking for
-
I am new to the EBS though I have worked on forms before. We have Apps 12.1.1 and I am working on Forms 10.1.2 I have some custom changes to be made in PO form (POXPOEPO). So I grabbed the FMB and opened it. Without any changes, I tried to re-compile
-
How to view airport network wep password?
I can't find where i wrote down my network passwod, and I am trying to view my airport network WEP password in System Preferences. However, the check box to "show password" is grayed out and won't let me view it. How can I view the password? thanks
-
Error 1 during vi event scripting
I am working on some VI scripting to automatically build event structures. I've made a lot of progress but am running into an error that is giving me trouble. I'm parsing a text file and extracting names of controls. I create a local variable for
-
Screen capture not working right in 10.6.2
Since installing 10.6.2, screen capture of a window puts a black border around the captured window instead of the shadow. Any idea's why?
-
E71 message notification symbol
Hi folks, I have a small problem with my E71. The mail / message notification symbol (closed envelope next to the battery indicator) won't go away. It appears in all my applications, i.e. music player, menus etc. I have tried rebooting the phone but