CSS load balancing issue

Hi,
I'm facing a problem with CSS while load balaning for the web application with two servers.
The application is based on activex..
Basically I have two servers running web application for which I have created VIP in the CSS, user hits the VIP address and they access the application, also we use the sticky thing as the application requires the session persistence.. everything is fine, but the problem starts when one of the server fails...
Assume a user hits the VIP address and access the application, due to the sticky thing his session will be with server A (for eg.), now suddenly the server A fails and in that time the user was doing a transcation and inputting some data and after that he press the submit button on the page, as the server A is down the web page gets refreshed and he has to relogin to the application and redo the whole thing what he was doing in that particular transcation...
Now the application guys are telling this problem should not happen as the CSS should be able to take care of the session getting reestablished to the other server B during the server A failure...
Can someone through some lights on this... I'm bit confused now... as what I understand is that the webpage gets refreshed during a server failure because the tcp session id will get changed and the server B will not accept the same tcp session so it reinitiates the new session...
Is my understanding right?? or is there something which we can do on the CSS to avoid this problem...
Regards
Vijay.

Hi Gilles,
Thanks for the clarification.
I have two more issues too...
1. The load balancing of the application between the two servers are not even. Actually the traffic from the users keep hitting only one server, I understand the point of sticky method used in our case, but even atleast the connection from another client machine should go to the other server,but it is not the case... traffic from all the clients goes to only one server..
what could be the possible reason for the same...
My config is as below...
service SERVER-1
port 80
protocol tcp
keepalive port 80
keepalive type tcp
redundant-index 4
ip address 10.6.223.87
active
service SERVER-2
port 80
protocol tcp
keepalive port 80
keepalive type tcp
ip address 10.6.223.77
redundant-index 5
active
owner WEB
content WEB
add service SERVER-1
add service SERVER-2
redundant-index 104
vip address 10.6.223.78
protocol tcp
port 80
url "/webretrieve*"
advanced-balance sticky-srcip
active
2. Slow response of the application when users access application through VIP address(CSS), what can be done further in the configuration to improve the performance?? or any thing else I can do...
Regards

Similar Messages

CSS load balancing issue: url isn't accessible even though services are up

service Server1:80
ip address 10.10.10.34
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
active
service Server2:80
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
ip address 10.10.10.35
active
owner Ow1
content LBR1:80
    vip address 192.168.1.159
    port 80
    protocol tcp
    url "/*"
    balance weightedrr
    add service Server1:80
    add service Server2:80
    advanced-balance sticky-srcip
    sticky-inact-timeout 21
    flow-timeout-multiplier 8
    active
service Server1:80
ip address 10.10.10.34
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
active
service Server2:80
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
ip address 10.10.10.35
active
owner OW1
content LBR2:80
    vip address 192.168.1.98
    protocol tcp
    port 80
    url "/*"
    balance weightedrr
    add service Server1:80
    add service Server2:80
    advanced-balance sticky-srcip
    sticky-inact-timeout 21
    flow-timeout-multiplier 8
    active
All services are alive all the time and both contexts are alive all the time.
when user tries to access LBR2:80's URL it works all the time. but when user tries to access LBR1:80's url then it works sometimes and some times it doesn't work.
could you advise what the issue could be?

When the SYN comes in the CSS will first check for the srcip in the sticky database and if it finds a match will forward to the stuck server. If the source ip is not in the sticky database the request will be load balanced using weightedrr and a server selected. That sticky server will then be added to the sticky database.
If the sticky-srcip is used between 2 content rule, it will use separate sticky table.
You may need to take packet capture to understand what is really failing along with
a following outputs :
sh flow
sh rule Ow1 LBR1:80 ser
regards
Andrew

CSS arrowpoint cookie load balancing issue

Hi guys,
I need some advice on a load balancing issue.
We have connections hitting the CSS via a proxy environment. As a result i see only one source ip address. I want to use arrowpoint cookies for session stickeyness. However when i enable the rule the tcp session negotiation fails. The CSS sends a TCP/RST which terminates the session.
Here's the rule config:
content HTTP_rule
add service ZSTS299102
add service ZSTS281101
vip address <filtered>
add service LONS299102
add service LONS281101
balance weightedrr
change service ZSTS299102 weight 5
change service ZSTS281101 weight 5
advanced-balance arrowpoint-cookie
protocol tcp
port 80
url "/*"
active
Any help would be much appreciated.

Remko,
in L3/L4 the CSS sends the SYN directly to the server.
So when the FIN comes in, we simply pass it to the server.
With L5 the CSS spoofs the connection and we select the server only after receiving the GET.
If there was some delay between the GET and the FIN, the CSS would have time to establish a connection with the server and the FIN could be simply forwarded.
Unfortunately, in this case the FIN is right after the GET with no delay.
Gilles.

Problem with WLIOTimeoutSecs in weblogic and apche CSS load balancer

Hi,
We are using Weblogic 11g, apache 2.2 and CSS load balancer for load balancing.
we have huge reports which take minutes to generate and hence we need higher value for WLIOTimeoutSecs. This works fine when we use server url but WLIOTimeoutSecs is not working when we use CSS load balancer.
We checked with our load balancing team they said CSS load balancer will not repost the request.
Here is the plugin configuration
<Location /*****>
SetHandler weblogic-handler
PathTrim /
WebLogicHost 'serevrip'
WebLogicPort 'port'
WLIOTimeoutSecs 3600
Idempotent OFF
WLProxySSL ON
DefaultFileName /***/***/index.jsp
Debug On
WLLogFile /***/***/***/***.log
</Location>
Could some please help me on this.
Thanks in advance
Regards,
Venkat

Hi Tarun,
The problem occurs when the SSL is enabled on apache. If I access the same URL over HTTP, the parameter WLIOTimeOut works fine.
Also I observed that, none of the parameters are getting applied to the plugin. I had switched on 'DebugConfigInfo'. With this the HTTP URL with ?__WebLogicBridgeConfig as query parameter returned the complete configuration. However when accessed with HTTPS the server did not return the configuration.
Is there a specific configuration to be applied when apache is used with SSL?
Thanks for your help,
Shashi

CSS Load Balancing with Billing Server

Hi Gilles
Could I have a CSS load balancing two servers and also have it communicate with a billing server across the network. If yes then how can I do it?
Regards,
Sushil

the CSS does not have the notion of billing server. A separate device - like the CSG - should be used if you need to collect billing info.
Gilles.

ITS load balancing issue

Hi all,
During our testing we are getting a load balancing issue. However, one of the agates in our network is has more CPU power than compared to the other agates in our ITS network. The memory on all the agate servers is the same.
Our current issue we are getting is the one agate that has more cpu power but acquires more sessions as compared to the other two agates. It roughly gets 60 more sessions per agate process as compare to the other Agate servers. Does having more cpu on a Agate affect the load balancing on ITS? We are on ITS patch level 19 with the Hotfix.
Thanks,
Jin Bae

Hello Jin,
yes, at (re)initialize the WGate retrieves the capacity from the AGates.
This is an accumulated number based on CPU performance and the number of CPUs!
The number can be seen in "wgate-status" as the "Capacity" of the AGate.
When running multiprocess Agates the number is retrieved from the MManager and also involves the number of agate-processes.
The WGate dispatches the load in proportion depending on these capacity numbers.
By my knowledge there is no way that these values can be configured (fixed).
Regards,
Fekke

SIP load balancing issue with ACE 4710

SIP Load balancing Issue with ACE 4710
I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
rserver host CIN-VOX-31
ip address 172.20.130.31
inservice
rserver host CIN-VOX-32
ip address 172.20.130.32
inservice
serverfarm host CIN-VOX
probe SIP-5060
rserver CIN-VOX-31
    inservice
rserver CIN-VOX-32
    inservice
sticky sip-header Call-ID VOX_SIP_GROUP
timeout 1
timeout activeconns
replicate sticky
serverfarm CIN-VOX
class-map match-all CIN_VOX_L4_CLASS
2 match virtual-address 172.22.12.30 any
class-map match-all CIN_VOX_SIP_L4_CLASS
2 match virtual-address 172.22.12.30 udp eq sip
policy-map type loadbalance sip first-match CIN_VOX_LB_SIP_POLICY
class class-default
    sticky-serverfarm VOX_SIP_GROUP
policy-map multi-match GLOBAL_DMZ_POLICY
   class CIN_VOX_SIP_L4_CLASS
    loadbalance vip inservice
    loadbalance policy CIN_VOX_LB_SIP_POLICY
    loadbalance vip icmp-reply
class CIN_VOX_L4_CLASS
    loadbalance vip inservice
    loadbalance policy CIN_VOX_LB_SIP_POLICY
    loadbalance vip icmp-reply
interface vlan 20
description VIP_DMZ_VLAN
ip address 172.22.12.4 255.255.255.192
alias 172.22.12.3 255.255.255.192
peer ip address 172.22.12.5 255.255.255.192
access-group input PERMIT-ANY-LB
service-policy input GLOBAL_DMZ_POLICY
could you please help me on this...
thanks
Rakesh Patel

I mean there should be one more statement-
class-map type sip loadbalance match-any CIN_VOX_LB_SIP_POLICY
match sip header Call_ID header-value sip:
and that will be called under-
policy-map multi-match GLOBAL_DMZ_POLICY
   class CIN_VOX_SIP_L4_CLASS
    loadbalance vip inservice
    loadbalance policy CIN_VOX_LB_SIP_POLICY
    loadbalance vip icmp-reply
is that missing in your config ?

CSS 11501 Load Balancing Issue

Hi,
We are facing some issue in load balancing in cisco CSS 11501 as we are not able to access the application through virtual IP. Below is the ruuning configuration of the CSS:
CSS11501# sh running-config
!Generated on 10/06/2010 16:51:34
!Active version: sg0810106
configure
!*************************** GLOBAL ***************************
ip route 0.0.0.0 0.0.0.0 132.186.199.1 1
!************************** CIRCUIT **************************
circuit VLAN1
ip address 132.186.199.145 255.255.255.0
!************************** SERVICE **************************
service Server1
ip address 132.186.199.243
port 5001
protocol tcp
keepalive port 5001
active
service Server2
ip address 132.186.199.246
protocol tcp
port 5001
keepalive port 5001
active
!*************************** OWNER ***************************
owner L5_Owner
content L3_Rule
    vip address 132.186.199.146
    protocol tcp
    port 5001
    add service Server1
    add service Server2
    active
content L5_Rule
    vip address 132.186.199.146
    add service Server1
    add service Server2
    protocol tcp
    port 5001
    url "//132.186.199.146:5001/emi"
    active
CSS11501#
Observation : We are able to telnet on VIP: 132.186.199.146 on port 5001, but not able to access the application.
In Actual scenarion customer access application by accessing URL: http://132.186.199.243:5001/emi and once he enter this URL in web browser the request redirects ( by server itself) to URL: https://132.186.199.44:6002/cas/login?service=http%3A%2F%2F132.186.199.243%3A5001%2Femi%2Findex.jsp&acceptStrength=BASIC on backend server for user authenticaton and once user is authenticated then it again redirect to main URL ( http://132.186.199.243:5001/emi ) to access the application but when we are trying to access the application through VIP ( URL: http://132.186.199.146:5001/emi) we are not getting the login page as the request is not gettting redirected to backend server for user authentication.
Please suggest a solution here.

The problem is that you are in one-armed mode.
So you need to configure client nat.
Without nating the client ip address, the server response goes back directly to the client and bypasses the CSS.
Therefore the client receives a response from an unknown server ip address (not the vip).
So configure a group.
For example
group Client
    vip address 132.186.199.146
    add destination service Server1
     add destination service Server2
    active
Also, remove the url command from your content rule.
It is useless in your case and will just make performance worst.
Gilles.

CSS11500 Load Balancing issue

Hi all,
I using the CSS 11500 sg0750004 (07.50.0.04) to balacing requests between two web application servers, but the after applied the configurations, the balancing requests don't occurs as expect, see the configuration applied:
service SAPSRV1_8000
ip address 192.215.13.44
protocol tcp
keepalive method get
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv1
active
service SAPSRV2_8000
ip address 192.215.13.45
protocol tcp
keepalive method get
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv2
active
content SAPSRVS_8000
    add service SAPSRV1_8000
    add service SAPSRV2_8000
    vip address 192.215.13.40
    advanced-balance cookies
    string process-length 7
    no persistent
    protocol tcp
    port 8000
    url "/*"
    string prefix "sap-hostid="
    string range 1 to 1999
    active
group SAPSRV1_SAPSRV2Servers
add destination service SAPSRV1_8000
add destination service SAPSRV2_8000
vip address 192.215.13.40
active
So, the VIP Address is exclusively to the group service and the tcp port also is exclusively.
Could you please assist me, why the load balancing doesn't running correctly?
Case need more information, please let me know.
Thank you in advanced.
Sergio Lima

Hello Sergio,
Can you please elaborate on the issues you are experiencing? When you mention the VIP is not working as expected is that due to the fact that the connection simply hangs? Is the CSS actually balancing the inbound traffic? Or is it successfully balancing the traffic, but not maintaining session persistence based on the server-side cookie? Do you know if the session cookie will be embedded within the HTTP header or the URL string? If you are unsure you can always change the "advanced-balance" method to "cookie-url". Can you ping the VIP address?
Also, can you confirm that the server-side cookie should be located directly after the following name "sap-hostid="?
Ex:
sap-hostid=sapsrv1
The reason why I ask is you do not have a string skip-length defined so the CSS will attempt to locate the server-side cookie string after the prefix.
Also, have you verified the services have passed their keep-alive check? This can be performed by running the following command:
show service-summary
Both of the services should "alive" on their keep-alive check.
Also, on your service configuration you do not require the "keepalive method get" command since the services are setup to perform a tcp socket connection for their keep-alive check and not a keepalive type of http to a URI page.
service SAPSRV1_8000
ip address 192.215.13.44
protocol tcp
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv1
active
service SAPSRV2_8000
ip address 192.215.13.45
protocol tcp
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv2
active
Also, based on the service and content rule configuration it would seem as though your CSS has been deployed in Bridged Mode (single Circuit VLAN). That being said, the Group Rule will allow users from the 192.215.13.0/24 network to establish a port 8000 connection to the 192.215.13.40 VIP. However, please be advised external clients establishing a connection to the 192.215.13.40 VIP will "appear" as the .40 VIP address within the destination server logs. The CSS will SNAT the inbound client traffic and masquerade their true source address as the VIP. Unfortunately, the CSS does not support the X-Forwarded-For HTTP header option. However, this can be bypassed through the use of ACLs on the CSS.
- Jason

Load-balancing issues with iPlanet and multiple clusters

We're in performance test of a large-scale clustered deployment based on WLS 5.1sp10.
Due to scalability/functionality issues, some of which we've seen firsthand and
some of which we've been informed of by associates as well as BEA representatives,
we've chosen to implement multiple clusters with a maximum of three nodes each.
These clusters will be fronted by a web server tier consisting of iPlanet servers
using the proxy plugin.
Due to hardware constraints (both in test and in production), however, we've configured
the iPlanet servers to route across the multiple clusters. In our test environment,
for instance, we've got a single iPlanet server routing across two 3-node clusters,
and the configuration in obj.conf is as follows:
<Object name="application" ppath="*/application">
Service fn="wl-proxy" \
WebLogicCluster="clusterA_1:9990,clusterB_1:9991,clusterA_2:9990,clusterB_2:9991,clusterA_3:9990,
clusterB_3:9991" \
CookieName="ApplicationSession"
</Object>
Our issue is that the load-balancing doesn't appear to work across the clusters.
We're seeing one cluster get about 90% of the load, while the other receives
only 10%.
So, the question (finally!) is: Is this configuration correct (i.e., will it
work according to the logic of the proxy plugin), and is it appropriate for this
situation? Are there other alternative approaches that anyone can recommend?
Thanks in advance,
cramer

I use weblogic6.1 with sp2+windows 2000.I develop a web application and deploy
it to cluster.Through HttpClusterServlets proxy of weblogic I found that a server
in cluster almost get 95% of requests but another only get 5% of requests.Why???
I don't set any special parameter.And the weight of the two clustered server is
equal.I use round-robin arithmetic.
Thanks!
"cramer" <[email protected]> wrote:
>
We're in performance test of a large-scale clustered deployment based
on WLS 5.1sp10.
Due to scalability/functionality issues, some of which we've seen firsthand
and
some of which we've been informed of by associates as well as BEA representatives,
we've chosen to implement multiple clusters with a maximum of three nodes
each.
These clusters will be fronted by a web server tier consisting of iPlanet
servers
using the proxy plugin.
Due to hardware constraints (both in test and in production), however,
we've configured
the iPlanet servers to route across the multiple clusters. In our test
environment,
for instance, we've got a single iPlanet server routing across two 3-node
clusters,
and the configuration in obj.conf is as follows:
<Object name="application" ppath="*/application">
Service fn="wl-proxy" \
WebLogicCluster="clusterA_1:9990,clusterB_1:9991,clusterA_2:9990,clusterB_2:9991,clusterA_3:9990,
clusterB_3:9991" \
CookieName="ApplicationSession"
</Object>
Our issue is that the load-balancing doesn't appear to work across the
clusters.
We're seeing one cluster get about 90% of the load, while the other
receives
only 10%.
So, the question (finally!) is: Is this configuration correct (i.e.,
will it
work according to the logic of the proxy plugin), and is it appropriate
for this
situation? Are there other alternative approaches that anyone can recommend?
Thanks in advance,
cramer

CSS Load balancing for Exchange Server

Hi,
I have CSS configured in single arm and I have multiple servers configured for load balancing and it is working fine but when I am configuring Exchange server for load balancing I am facing problem and applications and printer/scanners are not able to send the email through the Virtual IP address configured for exchaneg server.
But if we configured the real server IP in the printer/scanners they are able to send the email. While checking the logs on the exchange server, it is showing that request for the email so coming from the Exchange VIP configured in the CSS.
I can telnet on port 25 on the VIP address (192.168.200.237). But unable to send the email through this VIP.
Below is the configuration
service ENOC_EXCHANGE-1
ip address 192.168.200.235
active
service ENOC_EXCHANGE-2
ip address 192.168.200.236
active
content EXCHANGE
    add service ENOC_EXCHANGE-2
    add service ENOC_EXCHANGE-1
    vip address 192.168.200.237
    active
group EXCHANGE
add destination service ENOC_EXCHANGE-1
add destination service ENOC_EXCHANGE-2
vip address 192.168.200.237
active
DC-CSS01# show rule GIT EXCHANGE
Name:                EXCHANGE   Owner:                ENOC_GIT
State:                 Active   Type:                     HTTP
Balance:          Round Robin   Failover:                  N/A
Persistence:          Enabled   Param-Bypass:         Disabled
Session Redundancy: Disabled
IP Redundancy:    Not Redundant
L3:         192.168.200.237
L4:         Any/Any
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: EXCHANGE-1-Alive, S-1
2: EXCHANGE-2-Down, S-1
=============================================================================
Please let me know how to solve this problem. System team is saying with the physical IP address it is working fine problem with Load balancing. I have even tried with the
Add service command in the group but didnt work for me. If i will remove the group command then I cant telnet on port 25.
I think this is related to single arm modle or some wrong configuration for the NAT.
Kindly assist me

Hi
Printers are on Vlan 80 ( gw is 192.168.80.1) and exange server is on vlan 200 (gw is 192.168.200.1) i have multiple vlan which will communcate with exchange.
I hv other servers on 200 subnet which are working fine in load balancing.
My CSS is single arm setup.
Please assist
Sent from Cisco Technical Support iPhone App

Could not retrieve Enterprise Global Template - Load balancer issue

Hi,
We have 4 Project Server 2010 servers. The 4 web servers are load balanced by networking team with sticky session configured.
When we try to connect to the Project Server using MPP 2007 SP2, it fails saying 'Could not retrieve Enterprise Global template'. It works perfect when we point to a specific server by specifying the IP address for server name in the 'hosts'
file.
Earlier we observed some errors in the event viewer related to the SharePoint's internal load balancer for which restarted the 'Project Server Application' on each web server and it got fixed.
Now, the only entries that we see related to load balancer are as mentioned below as Information (not errors).
SharePoint Web Services Round Robin Service Load Balancer Event: Initialization
Process Name: w3wp
Process ID: 15080
AppDomain Name: /LM/W3SVC/539065287/ROOT-1-130462463500778047
AppDomain ID: 2
Service Application Uri: urn:schemas-microsoft-com:sharepoint:service:ae7c7ee5c09b4e8198bdbb1ecb8c1c1b#authority=urn:uuid:9f626d347784423eb14bde4a1f4d13fc&authority=https://lonms12546:32844/Topology/topology.svc
Active Endpoints: 4
Failed Endpoints:0
Endpoint List:
http://lonxxx2532:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
http://lonxxx2545:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
http://lonxxx2546:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
http://lonxxx2566:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
Could the issue be due to network load balancer?
Could the issue be due to Sticky session configuration on the load balancer.?
How can we get to the root cause of the issue?
Which logging category should we set to 'Verbose' that can give us some hint.
Update: We tried to capture the requests through fiddler and observed that when fiddler is running on the client computer then the connection works perfectly fine even through the load balancer. Probably fiddler is reformatting the SOAP
envelop of the web service requests the way it should before sending the request to the server.
If we do not run fiddler and run some other similar tool (like Charles) then it again gives the issue and the request stucks at /PWA/_vti_bin/psi/winproj.asmx
We ran Wireshark on the servers and found the following for that web service call:
[TCP Previous segment not captured] Continuation or non-HTTP traffic.
Please let me know if someone could provide any hint what can be done next.
Regards, Amit Gupta

There are several ways to configure your load balancer. I would suggest that you work with the network engineer, the load balancer vendor and your project administrator to resolve this issue.
Basically you need URL to be resolved correctly. Also, I don't believe PS2007 did a good job handling load balancing, so you may need to bring someone in good with IIS and see they can tweek IIS to manage the cache better.
As I go back and look at your analysis, I think you should probably look at upgrading to Project Server 2013. They made some improvement in load balancing and the management of distributive cache.
I assume you have 4 WFE because you have thousands of project users. Roughly how many you have? Over 1000, over 5000
Have you tried to see if using two load balancing work? How about just one front end. I often see companies scaling SharePoint and Project server to extremes.
Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
Website http://www.WhartonComputer.com
Blog http://MyProjectExpert.com contains my field notes and SQL queries

Cisco ACE20 Load balancing issues

Dear All,
I have a problem with the ACE 20 load balance
To start with following is our architectural request flow:
Load Balancer --> Webseal /(reverse proxy) --> HTTP Server --> Portal Server
We have Hardware Load Balancer Cisco ACE20.
When we access our portal from Webseal server it works totally fine without any issue, but when we access the same application using ACE we face the following issues:
1) Some of the links on do not work. For eg: We have a link "subscribe" which points to https://intranet/abc/wps/portal/subscription , whenever we click on this link, the request is directed to https://intranet/abc/wps/portal i.e homepage
2) URL redirection does not work We have some links which have a url forwarding or redirection for example when we open https://intranet/ef/quickplace it forwards the requests to https://intranet/ef/quickplace/Main.nsf?opendocument....., but this redirection fails and again the request is thrown to homepage i.e https://intranet/abc/wps/portal
3) The response of the request and the overall portal when accessed via ACE is very sluggish and it takes 20 seconds for homepage to load, whereas the homepage loads in 4 secs when accessed via webseal.
below is the ACE details. Kindly provide the your inputs to resolve this issue. will rate all the suggestions
Hardware Product Number: ACE20-MOD-K9
Card Index:     207
Hardware Rev:   2.3
Feature Bits:   0000 0002
Slot No. :      7
Type:           ACE
Software
loader:    Version 12.2[120]
system:    Version A2(1.4) [build 3.0(0)A2(1.4) adbuild_11:54:12-2009/03/05_/a
uto/adbu-rel2/rel_a2_1_4_throttle/REL_3_0_0_A2_1_4]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_4.bin
installed license: ACE-SEC-LIC-K9

Dear all,
Please suggest on this issue.
BS

CSS Load Balancing with Cookies

We are trying to load balance 2 backend servers hosted on Websphere with advance balance cookies method.
Restrictions
ServerA is unable to accept cookies generated from ServerB.
ServerA and ServerB are generating random cookies
Unable to modify cookie string with a constant.
How can we load balance based on cookies considering the above restrictions?
We have attempted to do hash based load balancing with cookies but the problem we run into is the servers do not accept cookies generated from another server.
The configuration we tried is written below:
service ServerA
ip address 192.168.10.2
keepalive type tcp
keepalive port 80
active
service ServerB
ip address 192.168.20.2
keepalive type tcp
keepalive port 80
active
content ABC
url "/*"
add service ServerA
string prefix "JSESSIONID="
advanced-balance cookies
port 80
add service ServerB
string skip-length 5
string process-length 16
string operation hash-xor
protocol tcp
vip address 172.16.32.1
active
Can we change the string prefix to JSESSION instead of JSESSIONID= ?
The only place the app guys can add a constant string to match on is before the = sign.
Is it possible for CSS to match on a constant string before = sign e.g below:
service ServerA
ip address 192.168.10.2
keepalive type tcp
keepalive port 80
string id567=
active
service ServerB
ip address 192.168.20.2
keepalive type tcp
keepalive port 80
string id123=
active
content ABC
url "/*"
add service ServerA
string prefix "JSESSION"
advanced-balance cookies
port 80
add service ServerB
string skip-length 0
string process-length 6
protocol tcp
vip address 172.16.32.1
active

It should work.
There is no reason for it not to work...
This is the best method you can have on the CSS for stickyness.
Get a sniffer trace on the client and server with arrowpoint cookie configured on the CSS and capture a failure so we can see what is going on.
also send me the config so I can verify everything is ok.
If you have a service request open with the TAC, you can also give the SR # so I can review what has been done.
Gilles.

CSS load balancing in both directions.

Hi all,
my questions are
-if it is possible divide (virtualize) one physical CSS to separate ones?
and than
-if it is possible use one virtual CSS for loadbalancing in one direction and other CSS use for loadbalancing in opposite direction?
BR
gg

It sounds like you need to implement a group rule using 'add service service_name'.
ie.
service web1
ip address 192.168.1.1
port 80
active
service web2
ip address 192.168.1.2
port 80
active
owner vip
content web_servers
vip address 192.168.1.100
port 80
protocol tcp
add service web1
add service web2
active
group web_servers
vip address 192.168.1.100
add service web1
add service web2
active
What this should do is NAT any request *initiated* from web1 or web2 to the IP address specified in the group rule. In this case it is 192.168.1.100, the same as the content rule. This is fine, or you can use a different IP. I'm using RFC1918 addresses in this example, as 192.168.1.100 would be natted to some public IP on the firewall in front of the CSS.
If you wanted to do internal load balancing, or load balance to a service *NOT* within your environment (ie. 3rd party data center), you would simply change 'add service' to 'add destination service' in the group rule.
James

CSS load balancing issue

Similar Messages

Maybe you are looking for