SIP load balancing issue with ACE 4710

Similar Messages

• Load-balancing issues with iPlanet and multiple clusters

  We're in performance test of a large-scale clustered deployment based on WLS 5.1sp10.
  Due to scalability/functionality issues, some of which we've seen firsthand and
  some of which we've been informed of by associates as well as BEA representatives,
  we've chosen to implement multiple clusters with a maximum of three nodes each.
  These clusters will be fronted by a web server tier consisting of iPlanet servers
  using the proxy plugin.
  Due to hardware constraints (both in test and in production), however, we've configured
  the iPlanet servers to route across the multiple clusters. In our test environment,
  for instance, we've got a single iPlanet server routing across two 3-node clusters,
  and the configuration in obj.conf is as follows:
  <Object name="application" ppath="*/application">
  Service fn="wl-proxy" \
  WebLogicCluster="clusterA_1:9990,clusterB_1:9991,clusterA_2:9990,clusterB_2:9991,clusterA_3:9990,
  clusterB_3:9991" \
  CookieName="ApplicationSession"
  </Object>
  Our issue is that the load-balancing doesn't appear to work across the clusters.
  We're seeing one cluster get about 90% of the load, while the other receives
  only 10%.
  So, the question (finally!) is: Is this configuration correct (i.e., will it
  work according to the logic of the proxy plugin), and is it appropriate for this
  situation? Are there other alternative approaches that anyone can recommend?
  Thanks in advance,
  cramer

  I use weblogic6.1 with sp2+windows 2000.I develop a web application and deploy
  it to cluster.Through HttpClusterServlets proxy of weblogic I found that a server
  in cluster almost get 95% of requests but another only get 5% of requests.Why???
  I don't set any special parameter.And the weight of the two clustered server is
  equal.I use round-robin arithmetic.
  Thanks!
  "cramer" <[email protected]> wrote:
  >
  We're in performance test of a large-scale clustered deployment based
  on WLS 5.1sp10.
  Due to scalability/functionality issues, some of which we've seen firsthand
  and
  some of which we've been informed of by associates as well as BEA representatives,
  we've chosen to implement multiple clusters with a maximum of three nodes
  each.
  These clusters will be fronted by a web server tier consisting of iPlanet
  servers
  using the proxy plugin.
  Due to hardware constraints (both in test and in production), however,
  we've configured
  the iPlanet servers to route across the multiple clusters. In our test
  environment,
  for instance, we've got a single iPlanet server routing across two 3-node
  clusters,
  and the configuration in obj.conf is as follows:
  <Object name="application" ppath="*/application">
  Service fn="wl-proxy" \
  WebLogicCluster="clusterA_1:9990,clusterB_1:9991,clusterA_2:9990,clusterB_2:9991,clusterA_3:9990,
  clusterB_3:9991" \
  CookieName="ApplicationSession"
  </Object>
  Our issue is that the load-balancing doesn't appear to work across the
  clusters.
  We're seeing one cluster get about 90% of the load, while the other
  receives
  only 10%.
  So, the question (finally!) is: Is this configuration correct (i.e.,
  will it
  work according to the logic of the proxy plugin), and is it appropriate
  for this
  situation? Are there other alternative approaches that anyone can recommend?
  Thanks in advance,
  cramer

• Load balance issues with RV042

  Hi,
  I have some issue to configure my RV042.
  I have 8 voip phones and 10 pcs on my network. I used DHCP to attribute IP between 192.168.1.10 and 192.168.1.20 to the phones and over .100 to the PC. I want my phone to have their own connexion. My switch doesn't support VLAN
  Here is a screeshot of my config
  The phones use WAN2, the PCs use WAN1 except to send emails.
  Everything seems ok. If I change the ip of my computer to 192.168.1.19 I can verify on the web that my public ip is know as the one of WAN2, and if I change for 192.168.1.115, my public IP is the same as WAN1.
  Few days ago, I checked the web interface of my phones provider and I watched the public IPs of each of my phones. Some have the wan2 IP but other have wan1 IP.
  I thought I forced my phone to use WAN2 internet connection ... so how would my phone providers know the wan1 public IP ?? Is there another thing I have to check or force to avoid my phone tu use WAN1 ??
  Thanks in advance,
  Franxoois

  Up
  Any advice or something I should learn or check ? Is this normal or known bug ?
  Is there an easiesr way to do something like that ?

• ITS load balancing issue

  Hi all,
  During our testing we are getting a load balancing issue.  However, one of the agates in our network is has more CPU power than compared to the other agates in our ITS network.  The memory on all the agate servers is the same. 
  Our current issue we are getting is the one agate that has more cpu power but acquires more sessions as compared to the other two agates.  It roughly gets 60 more sessions per agate process as compare to the other Agate servers.  Does having more cpu on a Agate affect the load balancing on ITS?  We are on ITS patch level 19 with the Hotfix. 
  Thanks,
  Jin Bae

  Hello Jin,
  yes, at (re)initialize the WGate retrieves the capacity from the AGates.
  This is an accumulated number based on CPU performance and the number of CPUs!
  The number can be seen in "wgate-status" as the "Capacity" of the AGate.
  When running multiprocess Agates the number is retrieved from the MManager and also involves the number of agate-processes.
  The WGate dispatches the load in proportion depending on these capacity numbers.
  By my knowledge there is no way that these values can be configured (fixed).
  Regards,
    Fekke

• CSS arrowpoint cookie load balancing issue

  Hi guys,
  I need some advice on a load balancing issue.
  We have connections hitting the CSS via a proxy environment. As a result i see only one source ip address. I want to use arrowpoint cookies for session stickeyness. However when i enable the rule the tcp session negotiation fails. The CSS sends a TCP/RST which terminates the session.
  Here's the rule config:
  content HTTP_rule
  add service ZSTS299102
  add service ZSTS281101
  vip address <filtered>
  add service LONS299102
  add service LONS281101
  balance weightedrr
  change service ZSTS299102 weight 5
  change service ZSTS281101 weight 5
  advanced-balance arrowpoint-cookie
  protocol tcp
  port 80
  url "/*"
  active
  Any help would be much appreciated.

  Remko,
  in L3/L4 the CSS sends the SYN directly to the server.
  So when the FIN comes in, we simply pass it to the server.
  With L5 the CSS spoofs the connection and we select the server only after receiving the GET.
  If there was some delay between the GET and the FIN, the CSS would have time to establish a connection with the server and the FIN could be simply forwarded.
  Unfortunately, in this case the FIN is right after the GET with no delay.
  Gilles.

• How can ftp service on non-standard port be load balanced using Cisco ACE.

  How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port

  Hi Samarjit,
  you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
  Regards
  Abijith

• Recommended configuration for load balanced Portal with load balancer, multiple gateways and multiple servers.

  Does anyone have a recommended network, hardware and software configuration guide for a Portal installation running with multiple gateways load balanced (ie one URL) that talk to multiple servers?

  David,
  We've used Resonate (software) to load balance the gateways. It allows
  you to group all the gateways under 1 virtual URL and load balance the
  incoming connections over each gateway depending on the rules that you
  define in Resonate. Look in the SUN portal whitepapers there is one that
  talks about it specifically.
  As far as load balancing the calls to the portals, the gateways will
  automatically load balance across all the portals that they know about
  using a simple round-robin rotation. You may be able to use Resonate in
  front of the portals but you may need to activate persistance within
  Resonate to ensure that the user always ends up on the portal that he
  established his initial connection on (if you want that), check with Sun
  on this one.
  David Broeren wrote:
  Recommended configuration for load balanced Portal with load balancer,
  multiple gateways and multiple servers.
  Does anyone have a recommended network, hardware and software
  configuration guide for a Portal installation running with multiple
  gateways load balanced (ie one URL) that talk to multiple servers?
  Try our New Web Based Forum at http://softwareforum.sun.com
  Includes Access to our Product Knowledge Base!

• ACE load balancing issue

  Hi,
  I have ACE module and 2 servers the problem i am facing is only one server is been serviced by ACE the other server is not getting much traffic at all.
  One server gets hit most of the time like 3 pkts goes to server 1 and 1 pkt goes to server 2.
  Could anyone tell me why is this issue that unequal load balancing is occoring on my device.
  Thanks in advance.

  here's the output of
  sh serverfarm det
  serverfarm : DNS, type: HOST
  total rservers : 2
  active rservers: 2
  description : -
  state : ACTIVE
  predictor : ROUNDROBIN
  failaction : -
  back-inservice : 0
  partial-threshold : 0
  num times failover : 0
  num times back inservice : 0
  total conn-dropcount : 0
  Probe(s) :
  DNS_PROBE, type = DNS
  ----------connections-----------
  real weight state current total failures
  ---+---------------------+------+------------+----------+----------+---------
  rserver: DNS-118-1
  10.0.0.1:0 8 OPERATIONAL 206 127901 1
  max-conns : - , out-of-rotation count : -
  min-conns : -
  conn-rate-limit : - , out-of-rotation count : -
  bandwidth-rate-limit : - , out-of-rotation count : -
  retcode out-of-rotation count : -
  load value : 0
  rserver: DNS-118-2
  10.0.0.2:0 8 OPERATIONAL 230 212332 4
  max-conns : - , out-of-rotation count : -
  min-conns : -
  conn-rate-limit : - , out-of-rotation count : -
  bandwidth-rate-limit : - , out-of-rotation count : -
  retcode out-of-rotation count : -
  load value : 0
  here's the output of
  sh service-policy L3L4_LOADB detail
  Status : ACTIVE
  Description: -----------------------------------------
  Context Global Policy:
  service-policy: L3L4_LOADB
  class: CLASS_MAP
  nat:
  nat dynamic 1 vlan 118
  curr conns : 325 , hit count : 340457
  dropped conns : 5
  client pkt count : 2697687 , client byte count: 179735431
  server pkt count : 2694477 , server byte count: 535957631
  conn-rate-limit : 0 , drop-count : 0
  bandwidth-rate-limit : 0 , drop-count : 0
  VIP Address: Protocol: Port:
  10.0.0.3 tcp eq 53
  10.0.0.3 udp eq 53
  loadbalance:
  L7 loadbalance policy: L7_LOADB
  VIP Route Metric : 77
  VIP Route Advertise : ENABLED-WHEN-ACTIVE
  VIP ICMP Reply : ENABLED-WHEN-ACTIVE
  VIP State: INSERVICE
  curr conns : 325 , hit count : 340462
  dropped conns : 5
  client pkt count : 2697687 , client byte count: 179735431
  server pkt count : 2694477 , server byte count: 535957631
  conn-rate-limit : 0 , drop-count : 0
  bandwidth-rate-limit : 0 , drop-count : 0
  L7 Loadbalance policy : L7_LOADB
  class/match : class-default
  LB action: :
  primary serverfarm: DNS
  state: UP
  backup serverfarm : -
  hit count : 340457
  dropped conns : 0

• ACE 4700 load balancing Issue

  Hi,
  I am new in ACE 4700. I have configured ACE 4700 for load balancing the FAX servers. Probe, ServerFarm, Real server, Virtual server, VIP state every thing is up and in service. But I am not able to access the real server using VIP IP address.
  Below is the running configuration. Please help me to troubleshot the problem.
  HOB-ACE-1/Admin# sh run
  Generating configuration....
  no ft auto-sync startup-config
  boot system image:c4710ace-mz.A3_2_0.bin
  hostname HOB-ACE-1
  interface gigabitEthernet 1/1
    description Man_HOB_1
    switchport access vlan 1000
    no shutdown
  interface gigabitEthernet 1/2
    description VIP_HOB_1
    switchport access vlan 24
    no shutdown
  interface gigabitEthernet 1/3
    description HA_HOB_1
    switchport access vlan 180
    no shutdown
  interface gigabitEthernet 1/4
    shutdown
  [7m--More-- [m
  access-list ALL line 8 extended permit ip any any
  probe icmp ICMP_PROBE1
    interval 15
    faildetect 4
    passdetect interval 60
    passdetect count 5
    receive 5
  rserver host MFREFSAS497
    description MAAFAXSERVER
    ip address 10.16.12.148
    conn-limit max 4000000 min 4000000
    inservice
  rserver host MSHOFCFS489
    description HOBFAXSERVER
    ip address 10.26.12.130
    conn-limit max 4000000 min 4000000
    inservice
  [7m--More-- [m
  [K
  serverfarm host SFHOBACE-1
    description SFHOBACE-1
    predictor hash header Accept
    probe ICMP_PROBE1
    rserver MFREFSAS497 80
      conn-limit max 4000000 min 4000000
      inservice
    rserver MSHOFCFS489 80
      conn-limit max 4000000 min 4000000
      inservice
  class-map match-all VSHOBACE-1
    2 match virtual-address 10.26.24.242 any
  class-map type management match-any remote_access
    201 match protocol xml-https any
    202 match protocol icmp any
    203 match protocol telnet any
    204 match protocol ssh any
    205 match protocol http any
    206 match protocol https any
    207 match protocol snmp any
  [7m--More-- [m
  [K
  policy-map type management first-match remote_mgmt_allow_policy
    class remote_access
      permit
  policy-map type loadbalance first-match VSHOBACE-1-l7slb
    class class-default
      serverfarm SFHOBACE-1
  policy-map multi-match global
    class VSHOBACE-1
      loadbalance vip inservice
      loadbalance policy VSHOBACE-1-l7slb
      loadbalance vip icmp-reply
      nat dynamic 1 vlan 24
      nat dynamic 1 vlan 1000
  service-policy input global
  interface vlan 24
    description "Client VLAN"
    ip address 10.26.24.243 255.255.255.0
  [7m--More-- [m
    access-group input ALL
    no shutdown
  interface vlan 1000
    ip address 10.26.12.132 255.255.255.0
    peer ip address 10.26.12.133 255.255.255.0
    access-group input ALL
    service-policy input remote_mgmt_allow_policy
    no shutdown
  ft interface vlan 180
    ip address 192.168.180.2 255.255.255.248
    peer ip address 192.168.180.3 255.255.255.248
    no shutdown
  ft peer 1
    heartbeat interval 300
    heartbeat count 10
    ft-interface vlan 180
  ft group 1
    peer 1
    priority 140
    associate-context Admin
  [7m--More-- [m
    inservice
  ip route 0.0.0.0 0.0.0.0 10.26.12.1
  snmp-server contact "HOB_ACE"
  snmp-server location "HOB"
  snmp-server community FAXSERVER group Network-Monitor
  snmp-server user administrator Network-Monitor
  snmp-server trap-source vlan 1000
  username admin password 5 $1$GtO1e504$eGuyxxDcXck7SkxqBfRkI.  role Admin domain
  default-domain
  username www password 5 $1$N5ClX7jy$kDhGgN.uukWQKvQMd3pY.1  role Admin domain de
  fault-domain
  ssh key rsa 1024 force
  Thanks and Regards,
  Ashfaque

  Hello Hossain,
  Applying the policy globally on the box is commonly not the prefered way to go, you can use instead a single multi-match policy per SVI for easier managent; this will also also help to narrow down problems to a specific policy and VIP while T-Shooting.
  Use the
  ACE/Admin(config)# no service-policy input global
  ACE/Admin(config)# interface vlan 24
  ACE/Admin(config-if)# service-policy input global
  Also you want to remove the NAT from the multi-match policy, you're running in routed mode so NAT should not be required; if it was required then you don't have any natpool configured or as Ahmad mentioned it was truncated from the configuration.
  Something that caught up my attention is that your default route is pointing to the server VLAN that happens to be also your management VLAN, I'll have to lab it up but my first impression is that either the traffic coming to the VIP on vlan 24 should be always NAT'd to an IP of 10.26.24.X/24 before it gets to the ACE or else there will be a routing loop that will not allow the flow to complete correctly.
  Do you happen to have a quick logical diagram of this piece of the network?
  Thnx
  Pablo

• Issue with ACE HTTP class map

  This is what I want to achieve USING the ACE as a reverse proxy.
  User uses the url https://abc/password - gets to the destination server & the web page
  If user tries to use any thing additional then the connection is dropped at the ACE such as
  https://abc/password/test or any such variation.
  Following is the config I have to achieve this
  class-map type http loadbalance match-any L7-CLASS-TEST
    match http url /password
    match http url /password/
  class-map type http loadbalance match-any L7-CLASS-TEST-deny
    2 match http url .*.*
  policy-map type loadbalance first-match LBP-TEST
    class L7-CLASS-TEST
      serverfarm FARM-TEST
      ssl-proxy client TEST
    class L7-CLASS-TEST-deny
      drop
    class class-default
      serverfarm FARM-TEST
      ssl-proxy client TEST
  The problem with this is when the page opens I get broken links on all the images. If I use the following line
  match http url /password.*
  I get the images to work but the user can use the https://abc/password/test which is not what I want.
  Has any one faced this issue ?
  Any help will be appreciated.
  Thanks in advance
  Prasanna

  Prasanna,
  What about if you try it in HTTP and apply the following change?
  class-map type http loadbalance match-any L7-CLASS-TEST-deny
    2 match http url /.*
  This should work in HTTP but not with HTTPS
  Anyway, it should not work since everything seems to be encrypted, you may require either SSL-termination or END-TO-END SSL for this then the ACE can decrypt the request see what it needs to do and take the load balance decision.
  Jorge

• Cisco ACE20 Load balancing issues

  Dear All,
  I have a problem with the ACE 20 load balance
  To start with following is our architectural request flow:
  Load Balancer --> Webseal /(reverse proxy) --> HTTP Server --> Portal Server
  We have Hardware Load Balancer Cisco ACE20.
  When we access our portal from Webseal server it works totally fine without any issue, but when we access the same application using ACE we face the following issues:
  1) Some of the links on do not work. For eg: We have a link "subscribe" which points to https://intranet/abc/wps/portal/subscription , whenever we click on this link, the request is directed to https://intranet/abc/wps/portal i.e homepage
  2) URL redirection does not work We have some links which have a url forwarding or redirection for example when we open https://intranet/ef/quickplace it forwards the requests to https://intranet/ef/quickplace/Main.nsf?opendocument....., but this redirection fails and again the request is thrown to homepage i.e https://intranet/abc/wps/portal
  3) The response of the request and the overall portal when accessed via ACE is very sluggish and it takes 20 seconds for homepage to load, whereas the homepage loads in 4 secs when accessed via webseal.
  below is the ACE details. Kindly provide the your inputs to resolve this issue. will rate all the suggestions
  Hardware Product Number: ACE20-MOD-K9
    Card Index:     207
    Hardware Rev:   2.3
    Feature Bits:   0000 0002
    Slot No. :      7
    Type:           ACE
  Software
    loader:    Version 12.2[120]
    system:    Version A2(1.4) [build 3.0(0)A2(1.4) adbuild_11:54:12-2009/03/05_/a
  uto/adbu-rel2/rel_a2_1_4_throttle/REL_3_0_0_A2_1_4]
    system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_4.bin
    installed license: ACE-SEC-LIC-K9

  Dear all,
  Please suggest on this issue.
  BS

• Load balancing imbalance in ACE

  We are facing slowness an http application which is due to connection imbalance. This setup has one set of Load balancer and a proxy in DMZ where the connections gets terminated from the users and a load balancer inside LAN which load balances between the end point servers. All user connections terminate on the DMZ load balancer / proxy and proxy connects back to the internal load balancer VIP. (By collating a number of connections to very few - default proxy behavior) . Internal load balancer VIP does load balancing based on the number of connections in a least loaded manner and this load balancer doesn’t see how many sessions are beneath each connections and it distributes each connection to server underneath. Thus if one connection has around 100 sessions, another may have only a few and each of this gets forwarded to the end server causing the imbalance.
  Is there a way that this imbalance can be tackled in this setup.
  Users --> Proxy ---> Load balancer (Cisco ACE) --> Server 1
                                                                                                  Server 2
                                                                                                  Server 3
  Least Connections predictor
  HTTP Cookie insert sticky

  Hi,
  Persistance rebalance should solve the issue for you.
  The persistent-rebalance function is required if you have proxy users and the proxy shares one TCP connection between multiple users.
  With this behavior, inside a single connection you will see different cookies. Therefore, for each cookie, ACE needs to first detect the new cookie and then loadbalance to the appropriate server.
  this is from the admin Guide :
  The following example specifies the parameter-map type http command to enable HTTP persistence after it has been disabled:
  host1/Admin(config)# parameter-map type http http_parameter_map
  Host1/Admin(config-parammap-http)# persistence-rebalance
  Please refer the following link for more info :
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_2_0/configuration/slb/guide/classlb.html#wp1062907
  hope that helps,
  Ajay Kumar

• Could not retrieve Enterprise Global Template - Load balancer issue

  Hi,
  We have 4 Project Server 2010 servers. The 4 web servers are load balanced by networking team with sticky session configured.
  When we try to connect to the Project Server using MPP 2007 SP2, it fails saying 'Could not retrieve Enterprise Global template'. It works perfect when we point to a specific server by specifying the IP address for server name in the 'hosts'
  file.
  Earlier we observed some errors in the event viewer related to the SharePoint's internal load balancer for which restarted the 'Project Server Application' on each web server and it got fixed.
  Now, the only entries that we see related to load balancer are as mentioned below as Information (not errors).
  SharePoint Web Services Round Robin Service Load Balancer Event: Initialization
  Process Name: w3wp
  Process ID: 15080
  AppDomain Name: /LM/W3SVC/539065287/ROOT-1-130462463500778047
  AppDomain ID: 2
  Service Application Uri: urn:schemas-microsoft-com:sharepoint:service:ae7c7ee5c09b4e8198bdbb1ecb8c1c1b#authority=urn:uuid:9f626d347784423eb14bde4a1f4d13fc&authority=https://lonms12546:32844/Topology/topology.svc
  Active Endpoints: 4
  Failed Endpoints:0
  Endpoint List:
  http://lonxxx2532:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
  http://lonxxx2545:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
  http://lonxxx2546:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
  http://lonxxx2566:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
  Could the issue be due to network load balancer?
  Could the issue be due to Sticky session configuration on the load balancer.?
  How can we get to the root cause of the issue?
  Which logging category should we set to 'Verbose' that can give us some hint.
  Update: We tried to capture the requests through fiddler and observed that when fiddler is running on the client computer then the connection works perfectly fine even through the load balancer. Probably fiddler is reformatting the SOAP
  envelop of the web service requests the way it should before sending the request to the server.
  If we do not run fiddler and run some other similar tool (like Charles) then it again gives the issue and the request stucks at /PWA/_vti_bin/psi/winproj.asmx
  We ran Wireshark on the servers and found the following for that web service call:
  [TCP Previous segment not captured] Continuation or non-HTTP traffic.
  Please let me know if someone could provide any hint what can be done next.
  Regards, Amit Gupta

  There are several ways to configure your load balancer.   I would suggest that you work with the network engineer, the load balancer vendor and your project administrator to resolve this issue. 
  Basically you need URL to be resolved correctly.  Also, I don't believe PS2007 did a good job handling load balancing, so you may need to bring someone in good with IIS and see they can tweek IIS to manage the cache better.
  As I go back and look at your analysis, I think you should probably look at upgrading to Project Server 2013.  They made some improvement in load balancing and the management of distributive cache.
  I assume you have 4 WFE because you have thousands of project users.  Roughly how many  you have?  Over 1000, over 5000
  Have you tried to see if using two load balancing work?  How about just one front end.  I often see companies scaling SharePoint and Project server to extremes. 
  Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
  Website http://www.WhartonComputer.com
  Blog http://MyProjectExpert.com contains my field notes and SQL queries

• Facing Issue in ACE 4710 ..Secondary ACE showing as FSM_FT_STATE_STANDBY_COLD ...

  Hi All ,
   I am facing problem with my ACE 4710 in active-standby environment . When I check Show ft group detail on my Active ACE , it shows peer state as
  FSM_FT_STATE_STANDBY_COLD for Admin context . Below is the output :
  Primary_ACE/Admin#sh ft group detail
  FT Group                     : 1
  No. of Contexts              : 1
  Context Name                 : Admin
  Context Id                   : 0
  Configured Status            : in-service
  Maintenance mode             : MAINT_MODE_OFF
  My State                     : FSM_FT_STATE_ACTIVE
  My Config Priority           : 120
  My Net Priority              : 120
  My Preempt                   : Enabled
  Peer State                   : FSM_FT_STATE_STANDBY_COLD
  Peer Config Priority         : 100
  Peer Net Priority            : 100
  Peer Preempt                 : Enabled
  Peer Id                      : 1
  Last State Change time       : Tue Jan  1 05:32:55 2002
  Running cfg sync enabled     : Enabled
  Running cfg sync status      : Peer in Cold State. Error on Standby device when
  applying configuration file replicated from active
  Startup cfg sync enabled     : Enabled
  Startup cfg sync status      : Peer in Cold State. Startup configuration sync ha
  [7m--More--[m
  s completed
  Bulk sync done for ARP: 0
  Bulk sync done for LB: 0
  Bulk sync done for ICM: 0
  FT Group                     : 2
  No. of Contexts              : 1
  Context Name                 : APP_Context
  Context Id                   : 1
  Configured Status            : in-service
  Maintenance mode             : MAINT_MODE_OFF
  My State                     : FSM_FT_STATE_ACTIVE
  My Config Priority           : 120
  My Net Priority              : 120
  My Preempt                   : Enabled
  Peer State                   : FSM_FT_STATE_STANDBY_HOT
  Peer Config Priority         : 100
  Peer Net Priority            : 100
  Peer Preempt                 : Enabled
  Peer Id                      : 1
  Last State Change time       : Tue Jan  1 05:32:56 2002
  Running cfg sync enabled     : Enabled
  [7m--More--[m
  Running cfg sync status      : Running configuration sync has completed
  Startup cfg sync enabled     : Enabled
  Startup cfg sync status      : Startup configuration sync has completed
  Bulk sync done for ARP: 0
  Bulk sync done for LB: 0
  Bulk sync done for ICM: 0
  Also when I give show ft config-errors on my secondary ACE it gives the following result .
  Secondary_ACE/Admin#sh ft config-error
  Mon Jun 10 00:04:11 IST 2002
  `no 3 match virtual-address 10.40.3.15 tcp eq https`
  Error: LB action requires match vip command
  `no 3 match virtual-address 10.40.3.15 tcp eq 8082`
  Error: LB action requires match vip command
  `no 3 match virtual-address 10.40.3.21 tcp eq www`
  Error: LB action requires match vip command
  `no 3 match virtual-address 10.40.3.21 tcp eq https`
  Error: LB action requires match vip command
  `2 match virtual-address 10.40.3.21 tcp eq https`
  Error: This configuration already exists
  `2 match virtual-address 10.40.3.21 tcp eq www`
  Error: This configuration already exists
  `2 match virtual-address 10.40.3.15 tcp eq 8082`
  Error: This configuration already exists
  `2 match virtual-address 10.40.3.15 tcp eq https`
  Error: This configuration already exists
  Error(s) while applying config.
   I am attaching the running configuration of both the ACE's . Kindly help me in resolving the issue .
  Also I noticed one thing . There is configuration difference in Primary and Secondary ACE . I guess this is causing the issue .
  Need help to fix this asap .
   Following configuration is missing on the secondary ACE .
  ======================================================================
  class-map match-all WEB_FARM_VIP-80
    3 match virtual-address 10.40.3.15 tcp eq www
  policy-map type loadbalance first-match WEB_FARM_VIP-80-l7slb
    class class-default
      serverfarm HTTP-2-HTTPS
    class WEB_FARM_VIP-80
      loadbalance vip inservice
      loadbalance policy WEB_FARM_VIP-80-l7slb
  Thanks ,
  Tushar

  Dear all,
  Pls help me out in this regard, I dont have much idea about ACE.
  Regards,
  Sashi

• CSS load balancing issue

  Hi,
  I'm facing a problem with CSS while load balaning for the web application with two servers.
  The application is based on activex..
  Basically I have two servers running web application for which I have created VIP in the CSS, user hits the VIP address and they access the application, also we use the sticky thing as the application requires the session persistence.. everything is fine, but the problem starts when one of the server fails...
  Assume a user hits the VIP address and access the application, due to the sticky thing his session will be with server A (for eg.), now suddenly the server A fails and in that time the user was doing a transcation and inputting some data and after that he press the submit button on the page, as the server A is down the web page gets refreshed and he has to relogin to the application and redo the whole thing what he was doing in that particular transcation...
  Now the application guys are telling this problem should not happen as the CSS should be able to take care of the session getting reestablished to the other server B during the server A failure...
  Can someone through some lights on this... I'm bit confused now... as what I understand is that the webpage gets refreshed during a server failure because the tcp session id will get changed and the server B will not accept the same tcp session so it reinitiates the new session...
  Is my understanding right?? or is there something which we can do on the CSS to avoid this problem...
  Regards
  Vijay.

  Hi Gilles,
  Thanks for the clarification.
  I have two more issues too...
  1. The load balancing of the application between the two servers are not even. Actually the traffic from the users keep hitting only one server, I understand the point of sticky method used in our case, but even atleast the connection from another client machine should go to the other server,but it is not the case... traffic from all the clients goes to only one server..
  what could be the possible reason for the same...
  My config is as below...
  service SERVER-1
  port 80
  protocol tcp
  keepalive port 80
  keepalive type tcp
  redundant-index 4
  ip address 10.6.223.87
  active
  service SERVER-2
  port 80
  protocol tcp
  keepalive port 80
  keepalive type tcp
  ip address 10.6.223.77
  redundant-index 5
  active
  owner WEB
  content WEB
  add service SERVER-1
  add service SERVER-2
  redundant-index 104
  vip address 10.6.223.78
  protocol tcp
  port 80
  url "/webretrieve*"
  advanced-balance sticky-srcip
  active
  2. Slow response of the application when users access application through VIP address(CSS), what can be done further in the configuration to improve the performance?? or any thing else I can do...
  Regards