SIP load balancing issue with ACE 4710
SIP Load balancing Issue with ACE 4710
I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
rserver host CIN-VOX-31
ip address 172.20.130.31
inservice
rserver host CIN-VOX-32
ip address 172.20.130.32
inservice
serverfarm host CIN-VOX
probe SIP-5060
rserver CIN-VOX-31
inservice
rserver CIN-VOX-32
inservice
sticky sip-header Call-ID VOX_SIP_GROUP
timeout 1
timeout activeconns
replicate sticky
serverfarm CIN-VOX
class-map match-all CIN_VOX_L4_CLASS
2 match virtual-address 172.22.12.30 any
class-map match-all CIN_VOX_SIP_L4_CLASS
2 match virtual-address 172.22.12.30 udp eq sip
policy-map type loadbalance sip first-match CIN_VOX_LB_SIP_POLICY
class class-default
sticky-serverfarm VOX_SIP_GROUP
policy-map multi-match GLOBAL_DMZ_POLICY
class CIN_VOX_SIP_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
class CIN_VOX_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
interface vlan 20
description VIP_DMZ_VLAN
ip address 172.22.12.4 255.255.255.192
alias 172.22.12.3 255.255.255.192
peer ip address 172.22.12.5 255.255.255.192
access-group input PERMIT-ANY-LB
service-policy input GLOBAL_DMZ_POLICY
could you please help me on this...
thanks
Rakesh Patel
I mean there should be one more statement-
class-map type sip loadbalance match-any CIN_VOX_LB_SIP_POLICY
match sip header Call_ID header-value sip:
and that will be called under-
policy-map multi-match GLOBAL_DMZ_POLICY
class CIN_VOX_SIP_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
is that missing in your config ?
Similar Messages
-
Load-balancing issues with iPlanet and multiple clusters
We're in performance test of a large-scale clustered deployment based on WLS 5.1sp10.
Due to scalability/functionality issues, some of which we've seen firsthand and
some of which we've been informed of by associates as well as BEA representatives,
we've chosen to implement multiple clusters with a maximum of three nodes each.
These clusters will be fronted by a web server tier consisting of iPlanet servers
using the proxy plugin.
Due to hardware constraints (both in test and in production), however, we've configured
the iPlanet servers to route across the multiple clusters. In our test environment,
for instance, we've got a single iPlanet server routing across two 3-node clusters,
and the configuration in obj.conf is as follows:
<Object name="application" ppath="*/application">
Service fn="wl-proxy" \
WebLogicCluster="clusterA_1:9990,clusterB_1:9991,clusterA_2:9990,clusterB_2:9991,clusterA_3:9990,
clusterB_3:9991" \
CookieName="ApplicationSession"
</Object>
Our issue is that the load-balancing doesn't appear to work across the clusters.
We're seeing one cluster get about 90% of the load, while the other receives
only 10%.
So, the question (finally!) is: Is this configuration correct (i.e., will it
work according to the logic of the proxy plugin), and is it appropriate for this
situation? Are there other alternative approaches that anyone can recommend?
Thanks in advance,
cramerI use weblogic6.1 with sp2+windows 2000.I develop a web application and deploy
it to cluster.Through HttpClusterServlets proxy of weblogic I found that a server
in cluster almost get 95% of requests but another only get 5% of requests.Why???
I don't set any special parameter.And the weight of the two clustered server is
equal.I use round-robin arithmetic.
Thanks!
"cramer" <[email protected]> wrote:
>
We're in performance test of a large-scale clustered deployment based
on WLS 5.1sp10.
Due to scalability/functionality issues, some of which we've seen firsthand
and
some of which we've been informed of by associates as well as BEA representatives,
we've chosen to implement multiple clusters with a maximum of three nodes
each.
These clusters will be fronted by a web server tier consisting of iPlanet
servers
using the proxy plugin.
Due to hardware constraints (both in test and in production), however,
we've configured
the iPlanet servers to route across the multiple clusters. In our test
environment,
for instance, we've got a single iPlanet server routing across two 3-node
clusters,
and the configuration in obj.conf is as follows:
<Object name="application" ppath="*/application">
Service fn="wl-proxy" \
WebLogicCluster="clusterA_1:9990,clusterB_1:9991,clusterA_2:9990,clusterB_2:9991,clusterA_3:9990,
clusterB_3:9991" \
CookieName="ApplicationSession"
</Object>
Our issue is that the load-balancing doesn't appear to work across the
clusters.
We're seeing one cluster get about 90% of the load, while the other
receives
only 10%.
So, the question (finally!) is: Is this configuration correct (i.e.,
will it
work according to the logic of the proxy plugin), and is it appropriate
for this
situation? Are there other alternative approaches that anyone can recommend?
Thanks in advance,
cramer -
Load balance issues with RV042
Hi,
I have some issue to configure my RV042.
I have 8 voip phones and 10 pcs on my network. I used DHCP to attribute IP between 192.168.1.10 and 192.168.1.20 to the phones and over .100 to the PC. I want my phone to have their own connexion. My switch doesn't support VLAN
Here is a screeshot of my config
The phones use WAN2, the PCs use WAN1 except to send emails.
Everything seems ok. If I change the ip of my computer to 192.168.1.19 I can verify on the web that my public ip is know as the one of WAN2, and if I change for 192.168.1.115, my public IP is the same as WAN1.
Few days ago, I checked the web interface of my phones provider and I watched the public IPs of each of my phones. Some have the wan2 IP but other have wan1 IP.
I thought I forced my phone to use WAN2 internet connection ... so how would my phone providers know the wan1 public IP ?? Is there another thing I have to check or force to avoid my phone tu use WAN1 ??
Thanks in advance,
FranxooisUp
Any advice or something I should learn or check ? Is this normal or known bug ?
Is there an easiesr way to do something like that ? -
Hi all,
During our testing we are getting a load balancing issue. However, one of the agates in our network is has more CPU power than compared to the other agates in our ITS network. The memory on all the agate servers is the same.
Our current issue we are getting is the one agate that has more cpu power but acquires more sessions as compared to the other two agates. It roughly gets 60 more sessions per agate process as compare to the other Agate servers. Does having more cpu on a Agate affect the load balancing on ITS? We are on ITS patch level 19 with the Hotfix.
Thanks,
Jin BaeHello Jin,
yes, at (re)initialize the WGate retrieves the capacity from the AGates.
This is an accumulated number based on CPU performance and the number of CPUs!
The number can be seen in "wgate-status" as the "Capacity" of the AGate.
When running multiprocess Agates the number is retrieved from the MManager and also involves the number of agate-processes.
The WGate dispatches the load in proportion depending on these capacity numbers.
By my knowledge there is no way that these values can be configured (fixed).
Regards,
Fekke -
CSS arrowpoint cookie load balancing issue
Hi guys,
I need some advice on a load balancing issue.
We have connections hitting the CSS via a proxy environment. As a result i see only one source ip address. I want to use arrowpoint cookies for session stickeyness. However when i enable the rule the tcp session negotiation fails. The CSS sends a TCP/RST which terminates the session.
Here's the rule config:
content HTTP_rule
add service ZSTS299102
add service ZSTS281101
vip address <filtered>
add service LONS299102
add service LONS281101
balance weightedrr
change service ZSTS299102 weight 5
change service ZSTS281101 weight 5
advanced-balance arrowpoint-cookie
protocol tcp
port 80
url "/*"
active
Any help would be much appreciated.Remko,
in L3/L4 the CSS sends the SYN directly to the server.
So when the FIN comes in, we simply pass it to the server.
With L5 the CSS spoofs the connection and we select the server only after receiving the GET.
If there was some delay between the GET and the FIN, the CSS would have time to establish a connection with the server and the FIN could be simply forwarded.
Unfortunately, in this case the FIN is right after the GET with no delay.
Gilles. -
How can ftp service on non-standard port be load balanced using Cisco ACE.
How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port
Hi Samarjit,
you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
Regards
Abijith -
Does anyone have a recommended network, hardware and software configuration guide for a Portal installation running with multiple gateways load balanced (ie one URL) that talk to multiple servers?
David,
We've used Resonate (software) to load balance the gateways. It allows
you to group all the gateways under 1 virtual URL and load balance the
incoming connections over each gateway depending on the rules that you
define in Resonate. Look in the SUN portal whitepapers there is one that
talks about it specifically.
As far as load balancing the calls to the portals, the gateways will
automatically load balance across all the portals that they know about
using a simple round-robin rotation. You may be able to use Resonate in
front of the portals but you may need to activate persistance within
Resonate to ensure that the user always ends up on the portal that he
established his initial connection on (if you want that), check with Sun
on this one.
David Broeren wrote:
Recommended configuration for load balanced Portal with load balancer,
multiple gateways and multiple servers.
Does anyone have a recommended network, hardware and software
configuration guide for a Portal installation running with multiple
gateways load balanced (ie one URL) that talk to multiple servers?
Try our New Web Based Forum at http://softwareforum.sun.com
Includes Access to our Product Knowledge Base! -
Hi,
I have ACE module and 2 servers the problem i am facing is only one server is been serviced by ACE the other server is not getting much traffic at all.
One server gets hit most of the time like 3 pkts goes to server 1 and 1 pkt goes to server 2.
Could anyone tell me why is this issue that unequal load balancing is occoring on my device.
Thanks in advance.here's the output of
sh serverfarm det
serverfarm : DNS, type: HOST
total rservers : 2
active rservers: 2
description : -
state : ACTIVE
predictor : ROUNDROBIN
failaction : -
back-inservice : 0
partial-threshold : 0
num times failover : 0
num times back inservice : 0
total conn-dropcount : 0
Probe(s) :
DNS_PROBE, type = DNS
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: DNS-118-1
10.0.0.1:0 8 OPERATIONAL 206 127901 1
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
load value : 0
rserver: DNS-118-2
10.0.0.2:0 8 OPERATIONAL 230 212332 4
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
load value : 0
here's the output of
sh service-policy L3L4_LOADB detail
Status : ACTIVE
Description: -----------------------------------------
Context Global Policy:
service-policy: L3L4_LOADB
class: CLASS_MAP
nat:
nat dynamic 1 vlan 118
curr conns : 325 , hit count : 340457
dropped conns : 5
client pkt count : 2697687 , client byte count: 179735431
server pkt count : 2694477 , server byte count: 535957631
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
VIP Address: Protocol: Port:
10.0.0.3 tcp eq 53
10.0.0.3 udp eq 53
loadbalance:
L7 loadbalance policy: L7_LOADB
VIP Route Metric : 77
VIP Route Advertise : ENABLED-WHEN-ACTIVE
VIP ICMP Reply : ENABLED-WHEN-ACTIVE
VIP State: INSERVICE
curr conns : 325 , hit count : 340462
dropped conns : 5
client pkt count : 2697687 , client byte count: 179735431
server pkt count : 2694477 , server byte count: 535957631
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
L7 Loadbalance policy : L7_LOADB
class/match : class-default
LB action: :
primary serverfarm: DNS
state: UP
backup serverfarm : -
hit count : 340457
dropped conns : 0 -
Hi,
I am new in ACE 4700. I have configured ACE 4700 for load balancing the FAX servers. Probe, ServerFarm, Real server, Virtual server, VIP state every thing is up and in service. But I am not able to access the real server using VIP IP address.
Below is the running configuration. Please help me to troubleshot the problem.
HOB-ACE-1/Admin# sh run
Generating configuration....
no ft auto-sync startup-config
boot system image:c4710ace-mz.A3_2_0.bin
hostname HOB-ACE-1
interface gigabitEthernet 1/1
description Man_HOB_1
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
description VIP_HOB_1
switchport access vlan 24
no shutdown
interface gigabitEthernet 1/3
description HA_HOB_1
switchport access vlan 180
no shutdown
interface gigabitEthernet 1/4
shutdown
[7m--More-- [m
access-list ALL line 8 extended permit ip any any
probe icmp ICMP_PROBE1
interval 15
faildetect 4
passdetect interval 60
passdetect count 5
receive 5
rserver host MFREFSAS497
description MAAFAXSERVER
ip address 10.16.12.148
conn-limit max 4000000 min 4000000
inservice
rserver host MSHOFCFS489
description HOBFAXSERVER
ip address 10.26.12.130
conn-limit max 4000000 min 4000000
inservice
[7m--More-- [m
[K
serverfarm host SFHOBACE-1
description SFHOBACE-1
predictor hash header Accept
probe ICMP_PROBE1
rserver MFREFSAS497 80
conn-limit max 4000000 min 4000000
inservice
rserver MSHOFCFS489 80
conn-limit max 4000000 min 4000000
inservice
class-map match-all VSHOBACE-1
2 match virtual-address 10.26.24.242 any
class-map type management match-any remote_access
201 match protocol xml-https any
202 match protocol icmp any
203 match protocol telnet any
204 match protocol ssh any
205 match protocol http any
206 match protocol https any
207 match protocol snmp any
[7m--More-- [m
[K
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match VSHOBACE-1-l7slb
class class-default
serverfarm SFHOBACE-1
policy-map multi-match global
class VSHOBACE-1
loadbalance vip inservice
loadbalance policy VSHOBACE-1-l7slb
loadbalance vip icmp-reply
nat dynamic 1 vlan 24
nat dynamic 1 vlan 1000
service-policy input global
interface vlan 24
description "Client VLAN"
ip address 10.26.24.243 255.255.255.0
[7m--More-- [m
access-group input ALL
no shutdown
interface vlan 1000
ip address 10.26.12.132 255.255.255.0
peer ip address 10.26.12.133 255.255.255.0
access-group input ALL
service-policy input remote_mgmt_allow_policy
no shutdown
ft interface vlan 180
ip address 192.168.180.2 255.255.255.248
peer ip address 192.168.180.3 255.255.255.248
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 180
ft group 1
peer 1
priority 140
associate-context Admin
[7m--More-- [m
inservice
ip route 0.0.0.0 0.0.0.0 10.26.12.1
snmp-server contact "HOB_ACE"
snmp-server location "HOB"
snmp-server community FAXSERVER group Network-Monitor
snmp-server user administrator Network-Monitor
snmp-server trap-source vlan 1000
username admin password 5 $1$GtO1e504$eGuyxxDcXck7SkxqBfRkI. role Admin domain
default-domain
username www password 5 $1$N5ClX7jy$kDhGgN.uukWQKvQMd3pY.1 role Admin domain de
fault-domain
ssh key rsa 1024 force
Thanks and Regards,
AshfaqueHello Hossain,
Applying the policy globally on the box is commonly not the prefered way to go, you can use instead a single multi-match policy per SVI for easier managent; this will also also help to narrow down problems to a specific policy and VIP while T-Shooting.
Use the
ACE/Admin(config)# no service-policy input global
ACE/Admin(config)# interface vlan 24
ACE/Admin(config-if)# service-policy input global
Also you want to remove the NAT from the multi-match policy, you're running in routed mode so NAT should not be required; if it was required then you don't have any natpool configured or as Ahmad mentioned it was truncated from the configuration.
Something that caught up my attention is that your default route is pointing to the server VLAN that happens to be also your management VLAN, I'll have to lab it up but my first impression is that either the traffic coming to the VIP on vlan 24 should be always NAT'd to an IP of 10.26.24.X/24 before it gets to the ACE or else there will be a routing loop that will not allow the flow to complete correctly.
Do you happen to have a quick logical diagram of this piece of the network?
Thnx
Pablo -
This is what I want to achieve USING the ACE as a reverse proxy.
User uses the url https://abc/password - gets to the destination server & the web page
If user tries to use any thing additional then the connection is dropped at the ACE such as
https://abc/password/test or any such variation.
Following is the config I have to achieve this
class-map type http loadbalance match-any L7-CLASS-TEST
match http url /password
match http url /password/
class-map type http loadbalance match-any L7-CLASS-TEST-deny
2 match http url .*.*
policy-map type loadbalance first-match LBP-TEST
class L7-CLASS-TEST
serverfarm FARM-TEST
ssl-proxy client TEST
class L7-CLASS-TEST-deny
drop
class class-default
serverfarm FARM-TEST
ssl-proxy client TEST
The problem with this is when the page opens I get broken links on all the images. If I use the following line
match http url /password.*
I get the images to work but the user can use the https://abc/password/test which is not what I want.
Has any one faced this issue ?
Any help will be appreciated.
Thanks in advance
PrasannaPrasanna,
What about if you try it in HTTP and apply the following change?
class-map type http loadbalance match-any L7-CLASS-TEST-deny
2 match http url /.*
This should work in HTTP but not with HTTPS
Anyway, it should not work since everything seems to be encrypted, you may require either SSL-termination or END-TO-END SSL for this then the ACE can decrypt the request see what it needs to do and take the load balance decision.
Jorge -
Cisco ACE20 Load balancing issues
Dear All,
I have a problem with the ACE 20 load balance
To start with following is our architectural request flow:
Load Balancer --> Webseal /(reverse proxy) --> HTTP Server --> Portal Server
We have Hardware Load Balancer Cisco ACE20.
When we access our portal from Webseal server it works totally fine without any issue, but when we access the same application using ACE we face the following issues:
1) Some of the links on do not work. For eg: We have a link "subscribe" which points to https://intranet/abc/wps/portal/subscription , whenever we click on this link, the request is directed to https://intranet/abc/wps/portal i.e homepage
2) URL redirection does not work We have some links which have a url forwarding or redirection for example when we open https://intranet/ef/quickplace it forwards the requests to https://intranet/ef/quickplace/Main.nsf?opendocument....., but this redirection fails and again the request is thrown to homepage i.e https://intranet/abc/wps/portal
3) The response of the request and the overall portal when accessed via ACE is very sluggish and it takes 20 seconds for homepage to load, whereas the homepage loads in 4 secs when accessed via webseal.
below is the ACE details. Kindly provide the your inputs to resolve this issue. will rate all the suggestions
Hardware Product Number: ACE20-MOD-K9
Card Index: 207
Hardware Rev: 2.3
Feature Bits: 0000 0002
Slot No. : 7
Type: ACE
Software
loader: Version 12.2[120]
system: Version A2(1.4) [build 3.0(0)A2(1.4) adbuild_11:54:12-2009/03/05_/a
uto/adbu-rel2/rel_a2_1_4_throttle/REL_3_0_0_A2_1_4]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_4.bin
installed license: ACE-SEC-LIC-K9Dear all,
Please suggest on this issue.
BS -
Load balancing imbalance in ACE
We are facing slowness an http application which is due to connection imbalance. This setup has one set of Load balancer and a proxy in DMZ where the connections gets terminated from the users and a load balancer inside LAN which load balances between the end point servers. All user connections terminate on the DMZ load balancer / proxy and proxy connects back to the internal load balancer VIP. (By collating a number of connections to very few - default proxy behavior) . Internal load balancer VIP does load balancing based on the number of connections in a least loaded manner and this load balancer doesn’t see how many sessions are beneath each connections and it distributes each connection to server underneath. Thus if one connection has around 100 sessions, another may have only a few and each of this gets forwarded to the end server causing the imbalance.
Is there a way that this imbalance can be tackled in this setup.
Users --> Proxy ---> Load balancer (Cisco ACE) --> Server 1
Server 2
Server 3
Least Connections predictor
HTTP Cookie insert stickyHi,
Persistance rebalance should solve the issue for you.
The persistent-rebalance function is required if you have proxy users and the proxy shares one TCP connection between multiple users.
With this behavior, inside a single connection you will see different cookies. Therefore, for each cookie, ACE needs to first detect the new cookie and then loadbalance to the appropriate server.
this is from the admin Guide :
The following example specifies the parameter-map type http command to enable HTTP persistence after it has been disabled:
host1/Admin(config)# parameter-map type http http_parameter_map
Host1/Admin(config-parammap-http)# persistence-rebalance
Please refer the following link for more info :
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_2_0/configuration/slb/guide/classlb.html#wp1062907
hope that helps,
Ajay Kumar -
Could not retrieve Enterprise Global Template - Load balancer issue
Hi,
We have 4 Project Server 2010 servers. The 4 web servers are load balanced by networking team with sticky session configured.
When we try to connect to the Project Server using MPP 2007 SP2, it fails saying 'Could not retrieve Enterprise Global template'. It works perfect when we point to a specific server by specifying the IP address for server name in the 'hosts'
file.
Earlier we observed some errors in the event viewer related to the SharePoint's internal load balancer for which restarted the 'Project Server Application' on each web server and it got fixed.
Now, the only entries that we see related to load balancer are as mentioned below as Information (not errors).
SharePoint Web Services Round Robin Service Load Balancer Event: Initialization
Process Name: w3wp
Process ID: 15080
AppDomain Name: /LM/W3SVC/539065287/ROOT-1-130462463500778047
AppDomain ID: 2
Service Application Uri: urn:schemas-microsoft-com:sharepoint:service:ae7c7ee5c09b4e8198bdbb1ecb8c1c1b#authority=urn:uuid:9f626d347784423eb14bde4a1f4d13fc&authority=https://lonms12546:32844/Topology/topology.svc
Active Endpoints: 4
Failed Endpoints:0
Endpoint List:
http://lonxxx2532:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
http://lonxxx2545:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
http://lonxxx2546:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
http://lonxxx2566:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
Could the issue be due to network load balancer?
Could the issue be due to Sticky session configuration on the load balancer.?
How can we get to the root cause of the issue?
Which logging category should we set to 'Verbose' that can give us some hint.
Update: We tried to capture the requests through fiddler and observed that when fiddler is running on the client computer then the connection works perfectly fine even through the load balancer. Probably fiddler is reformatting the SOAP
envelop of the web service requests the way it should before sending the request to the server.
If we do not run fiddler and run some other similar tool (like Charles) then it again gives the issue and the request stucks at /PWA/_vti_bin/psi/winproj.asmx
We ran Wireshark on the servers and found the following for that web service call:
[TCP Previous segment not captured] Continuation or non-HTTP traffic.
Please let me know if someone could provide any hint what can be done next.
Regards, Amit GuptaThere are several ways to configure your load balancer. I would suggest that you work with the network engineer, the load balancer vendor and your project administrator to resolve this issue.
Basically you need URL to be resolved correctly. Also, I don't believe PS2007 did a good job handling load balancing, so you may need to bring someone in good with IIS and see they can tweek IIS to manage the cache better.
As I go back and look at your analysis, I think you should probably look at upgrading to Project Server 2013. They made some improvement in load balancing and the management of distributive cache.
I assume you have 4 WFE because you have thousands of project users. Roughly how many you have? Over 1000, over 5000
Have you tried to see if using two load balancing work? How about just one front end. I often see companies scaling SharePoint and Project server to extremes.
Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
Website http://www.WhartonComputer.com
Blog http://MyProjectExpert.com contains my field notes and SQL queries -
Hi All ,
I am facing problem with my ACE 4710 in active-standby environment . When I check Show ft group detail on my Active ACE , it shows peer state as
FSM_FT_STATE_STANDBY_COLD for Admin context . Below is the output :
Primary_ACE/Admin#sh ft group detail
FT Group : 1
No. of Contexts : 1
Context Name : Admin
Context Id : 0
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 120
My Net Priority : 120
My Preempt : Enabled
Peer State : FSM_FT_STATE_STANDBY_COLD
Peer Config Priority : 100
Peer Net Priority : 100
Peer Preempt : Enabled
Peer Id : 1
Last State Change time : Tue Jan 1 05:32:55 2002
Running cfg sync enabled : Enabled
Running cfg sync status : Peer in Cold State. Error on Standby device when
applying configuration file replicated from active
Startup cfg sync enabled : Enabled
Startup cfg sync status : Peer in Cold State. Startup configuration sync ha
[7m--More--[m
s completed
Bulk sync done for ARP: 0
Bulk sync done for LB: 0
Bulk sync done for ICM: 0
FT Group : 2
No. of Contexts : 1
Context Name : APP_Context
Context Id : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 120
My Net Priority : 120
My Preempt : Enabled
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Config Priority : 100
Peer Net Priority : 100
Peer Preempt : Enabled
Peer Id : 1
Last State Change time : Tue Jan 1 05:32:56 2002
Running cfg sync enabled : Enabled
[7m--More--[m
Running cfg sync status : Running configuration sync has completed
Startup cfg sync enabled : Enabled
Startup cfg sync status : Startup configuration sync has completed
Bulk sync done for ARP: 0
Bulk sync done for LB: 0
Bulk sync done for ICM: 0
Also when I give show ft config-errors on my secondary ACE it gives the following result .
Secondary_ACE/Admin#sh ft config-error
Mon Jun 10 00:04:11 IST 2002
`no 3 match virtual-address 10.40.3.15 tcp eq https`
Error: LB action requires match vip command
`no 3 match virtual-address 10.40.3.15 tcp eq 8082`
Error: LB action requires match vip command
`no 3 match virtual-address 10.40.3.21 tcp eq www`
Error: LB action requires match vip command
`no 3 match virtual-address 10.40.3.21 tcp eq https`
Error: LB action requires match vip command
`2 match virtual-address 10.40.3.21 tcp eq https`
Error: This configuration already exists
`2 match virtual-address 10.40.3.21 tcp eq www`
Error: This configuration already exists
`2 match virtual-address 10.40.3.15 tcp eq 8082`
Error: This configuration already exists
`2 match virtual-address 10.40.3.15 tcp eq https`
Error: This configuration already exists
Error(s) while applying config.
I am attaching the running configuration of both the ACE's . Kindly help me in resolving the issue .
Also I noticed one thing . There is configuration difference in Primary and Secondary ACE . I guess this is causing the issue .
Need help to fix this asap .
Following configuration is missing on the secondary ACE .
======================================================================
class-map match-all WEB_FARM_VIP-80
3 match virtual-address 10.40.3.15 tcp eq www
policy-map type loadbalance first-match WEB_FARM_VIP-80-l7slb
class class-default
serverfarm HTTP-2-HTTPS
class WEB_FARM_VIP-80
loadbalance vip inservice
loadbalance policy WEB_FARM_VIP-80-l7slb
Thanks ,
TusharDear all,
Pls help me out in this regard, I dont have much idea about ACE.
Regards,
Sashi -
Hi,
I'm facing a problem with CSS while load balaning for the web application with two servers.
The application is based on activex..
Basically I have two servers running web application for which I have created VIP in the CSS, user hits the VIP address and they access the application, also we use the sticky thing as the application requires the session persistence.. everything is fine, but the problem starts when one of the server fails...
Assume a user hits the VIP address and access the application, due to the sticky thing his session will be with server A (for eg.), now suddenly the server A fails and in that time the user was doing a transcation and inputting some data and after that he press the submit button on the page, as the server A is down the web page gets refreshed and he has to relogin to the application and redo the whole thing what he was doing in that particular transcation...
Now the application guys are telling this problem should not happen as the CSS should be able to take care of the session getting reestablished to the other server B during the server A failure...
Can someone through some lights on this... I'm bit confused now... as what I understand is that the webpage gets refreshed during a server failure because the tcp session id will get changed and the server B will not accept the same tcp session so it reinitiates the new session...
Is my understanding right?? or is there something which we can do on the CSS to avoid this problem...
Regards
Vijay.Hi Gilles,
Thanks for the clarification.
I have two more issues too...
1. The load balancing of the application between the two servers are not even. Actually the traffic from the users keep hitting only one server, I understand the point of sticky method used in our case, but even atleast the connection from another client machine should go to the other server,but it is not the case... traffic from all the clients goes to only one server..
what could be the possible reason for the same...
My config is as below...
service SERVER-1
port 80
protocol tcp
keepalive port 80
keepalive type tcp
redundant-index 4
ip address 10.6.223.87
active
service SERVER-2
port 80
protocol tcp
keepalive port 80
keepalive type tcp
ip address 10.6.223.77
redundant-index 5
active
owner WEB
content WEB
add service SERVER-1
add service SERVER-2
redundant-index 104
vip address 10.6.223.78
protocol tcp
port 80
url "/webretrieve*"
advanced-balance sticky-srcip
active
2. Slow response of the application when users access application through VIP address(CSS), what can be done further in the configuration to improve the performance?? or any thing else I can do...
Regards
Maybe you are looking for
-
GMAIL Lost after upgrade to IOS 8.3
I have lost access to my GMAIL accounts after upgrading to IOS 8.3 ! IOS Settings does not provide me a way to enter a new application password for the account - there is NO PASSWORD box displayed anywhere in the GMAIL configuration. So I tried delet
-
Where can I get LabVIEW 8.5 toolkit? In particular, I am looking for the report generation toolkit. Thanks! Kudos and Accepted as Solution are welcome! Solved! Go to Solution.
-
My scan to email says 'there was an internal processing error'
My Scan To Email displays an error message 'There was an internal processing error. Please retry or manually check the firmware updates. ' I have retried many times and nothing happens on the all. This application worked very well a few weeks ago. P
-
Mackbook can't drag and drop after working in indesign CC for a while.
This has been going on for a while. I am working in Indesign then all of the sudden all my drag and drop cappabilities are gone. i have to restart my computer to fix the problem and being that the start up times for the cc software is outragous, t
-
how imessage works on iphone4