2 * 4260 Sensors connected to Active/standby FWSM in 6500
4260 Sensors connected to Active/ Active firewalls
I have the following scenario:
We have two edge firewalls with Active/ standbye setup connected directly to two core switches5600. New two IPS sensor s4260 are required to be connected inline between the FWSM and core switches. What is the best practice design for such a scenario? Does the below diagram work fine in this case or another design is applicable?
we use vlan paring
re you using Inline Interface Pair or VLAN Pair?
we will use Vlan Pair
What is the expected throughput of the Network?
100 mb/s
Are these WAN firewalls or Internet?
wan firewall (FWSM)
Are there any server farms?
conected 6500
Similar Messages
-
4260 Sensors connected to Active/ Active firewalls
I have the following scenario:
We have two edge firewalls with Active/ Active setup connected directly to two core switches. New two IPS sensor s4260 are required to be connected inline between the firewalls and core switches. What is the best practice design for such a scenario? Does the below diagram work fine in this case or another design is applicable?re you using Inline Interface Pair or VLAN Pair?
we will use Vlan Pair
What is the expected throughput of the Network?
100 mb/s
Are these WAN firewalls or Internet?
wan firewall (FWSM)
Are there any server farms?
conected 6500 -
What is best conection string for application to connect to active standby
I have setup a primary db and an active standby database on two servers in different city.
Now for people to test it, what is the best tnsnames strings I should provide to them?
Plus how do I test it?
Thanks in advance.Hello;
What you are looking at Transparent Application Failover for Data Guard. ( Way cool idea if you decide to use it )
Example
ernie =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = Primary.server.com)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = Standby.server.com)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = ernie)
)The DBMS_SERVICE.CREATE_SERVICE will let create an alias for database which can be used on both servers so the end user never sees a failover.
The rough outline is
1. Create the service
BEGIN
DBMS_SERVICE.CREATE_SERVICE('ernie','ernie');
END;
/2. Start the service
BEGIN
DBMS_SERVICE.START_SERVICE('ernie');
END;
/3. default parameters can now be set for 'ernie'.
BEGIN
DBMS_SERVICE.MODIFY_SERVICE
('ernie',
FAILOVER_METHOD => 'BASIC',
FAILOVER_TYPE => 'SELECT',
FAILOVER_RETRIES => 200,
FAILOVER_DELAY => 1);
END;
/4. Finally a database STARTUP trigger should be created to ensures that this service is only offered if the database is primary.
CREATE TRIGGER CHECK_ERNIE_START AFTER STARTUP ON DATABASE
DECLARE
V_ROLE VARCHAR(30);
BEGIN
SELECT DATABASE_ROLE INTO V_ROLE FROM V$DATABASE;
IF V_ROLE = 'PRIMARY' THEN
DBMS_SERVICE.START_SERVICE('ernie');
ELSE
DBMS_SERVICE.STOP_SERVICE('ernie');
END IF;
END;
/A complete document is available here :
http://uhesse.wordpress.com/2009/08/19/connect-time-failover-transparent-application-failover-for-data-guard/
Best Regards
mseberg -
Adding CONNECTION to Active Standby icons
Using N73, how do I add Connection to the icons on Active Standby apps. Connection is in Settings represented by a globe sign.
I do think that you can add anything below 'Settings' as a Standby icon. If you chose 'Settings' though you only have one more level to reach 'Connections'
To change your Active Standby icons, go to Menu/Tools/Settings/General/Personalisation/Standby Mode/Active Standby apps. Then select the Shortcut you want to edit and pick from the list, before selecting OK.
History: Always Nokia since 1994 including Nokia 2140, 7110e, 6150, 6210, 6310i, 6230i, N82
Current: Nokia N8 (Anna - I have no intention of going to Belle) - and delighted with it! -
FWSM Active/Standby in VSS mode
hello,
i do have two 6500 in VSS mode , and one FWSM module on each 6500, i want to configure these modules as Active/Standby, how do i start , should i follow this (not in VSS mode):
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/fail_f.html
or are there other things should i do to make it work,
thanksup!
-
FWSM move from Active/Standby to Active/active
Hi there,
we have some FWSM installed in 6500 with many contexts in them. They are at the moment configured as Active/Standby and in production. But we have noticed that whenever a backup is run which goes through some of the contexts, the FWSM start counting errors which was already determined to be an oversubscription issue. So, while we wait for the new ASA 5585X to arrive and finally replace them, we want to mitigate the issue by configuring the FWSM as Active/Active and move the contexts for backup traffic to the other box (keeping the production contexts in the other one).
My question is, can this be done without impacting the production traffic? Or as soon as we enable the active/active by the configuration of the groups and assignments of the contexts, the traffic will be impacted and we will produce an outage to the network?
Thanks in advance for your help.
Regards,
PaulaSo no answers?
Just one to update why had problem here: we need to to pull changes from Physical StandBy, because of performance reasons we cannot afford to reload every table with full refresh, we only want to get changes. At first I thought that it will be easy just create materialized view log and do basic replication, but in Physical StandBy we cant do it -
FWSM 4.0: switch from active/standby to active/active failover mode
Hello,
I have a pair of FWSM's running version 4.0 currently in active/standby failover mode, and I'd like to switch them to be active/active. Is there a documented procedure for doing this? What are the implications for any contexts switched to be primary on the FWSM that is currently acting as a standby (i.e., what kind of outage time can we expect)?
Thanks in advance,
MikeHi Bro
Thanks for the update, but still you'll need to create 2 contexts, each context will be ACTIVE on different Cisco ASA FW units. Hence, there will be some cut, copy and paste effort, not forgetting recabling, if that's needed. Here's a Cisco document to configure ACTIVE/ACTIVE for those who can't seem to find this document http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#req
Conclusion: There will be some network downtime. I'm guessing 15min, if it was me :-)
P/S: If you think this comment is helpful, please do rate it nicely :-) -
N97 Active Standby net connection
My N97 will only connect using a 'WAP' (2G) connection for the active standby apps (i.e. facebook accuweather etc.) How can I get it to lose that preference and start using the 'internet' (3G) connection instead?
Cheers.Ok, I have discovered why it's doing it, The settings in the web browser were pointing it to look through the WAP AP list rather than the Internet AP list. Even though it was offering me an Internet AP to go online through the browser and OVI store. I have corrected this and restored my settings.
Message Edited by phischy on 14-Aug-2009 01:10 PM -
iTunes RADIO is not working.
“iTunes could not connect to the iTunes Store. Make sure your internet connection is active and try again.” Try as I may, as many as ten attempts, trying to connect after restart, after shutdown, nothing works. Just so …
iTunes STORE not “connectable” with my otherwise perfectly-working internet connection, viable, up and running for all other uses.
Simply put, firstly, I can't connect to the internet when I click on Radio. People are quite suspicious that this is Apple incompetence or your company's famous arrogance for this commonly-suffered problem that you won't or “can’t” fix.
Read the many web comments and you won’t be pleased with yourselves: the suspicion is that if you ruin internet radio on iTunes, Apple will somehow make more money on music downloads, etc. Bull.
Also, thirdly, my old playlist of 20 or so internet radio stations in the Ambient category STILL PLAYS !
Then fourth, I installed the latest available version of QuickTime Player 7.app Version 7.6.6 but it didn’t solve the problem either. I had QuickTime Player.app Version 10.2, but substituted what Apple website said was the latest, LOWER NUMBERED QuickTime Player version of 7.6.6
Fifth, I can't connect to iTunes store no matter what I do or what user group's advice I try. So I can’t buy or download anything from iTunes. Bad for business.
Sixth, I updated to the latest version of iTunes but this weird problem remains. All suggested Apple fixes or user group fixes are useless. Where is Apple’s famous technical competency, vaunted customer support?, and user-friendly product reputation? Get it back, please.
Solve this problem of yours ASAP for us, your numerous disgruntled, dissatisfied customers of iTunes. You can do better, should, and really –in all fairness- must.
===============================================================
NOTE: no password for iTunes exists in my Keychain. Is this a problem?
Apple ACCOUNT ID, and iTunes ID password, works but not to access iTunes with my healthy internet connection.
Apple store id It works via direct internet connetion but not through iTunes. Very strange.
===============================================================
FYI, Hardware Overview:
Model Name: MacBook Pro
Model Identifier: MacBookPro8,2
Processor Name: Intel Core i7
Processor Speed: 2 GHz
Number of Processors: 1
Total Number of Cores: 4
L2 Cache (per Core): 256 KB
L3 Cache: 6 MB
Memory: 16 GB
Boot ROM Version: MBP81.0047.B27
SMC Version (system): 1.69f4
Serial Number (system): C0*******F8V
Sudden Motion Sensor:
State: Disabled
Intel 6 Series Chipset:
Vendor: Intel
Product: 6 Series Chipset
Link Speed: 6 Gigabit
Negotiated Link Speed: 6 Gigabit
Description: AHCI Version 1.30 Supported
M4-CT512M4SSD2:
Capacity: 512.11 GB (512,110,190,592 bytes)
Model: M4-CT512M4SSD2
Revision: 040H
Serial Number: 0000000012330912E75A
Native Command Queuing: Yes
Queue Depth: 32
Removable Media: No
Detachable Drive: No
BSD Name: disk0
Medium Type: Solid State
TRIM Support: Yes
Partition Map Type: GPT (GUID Partition Table)
S.M.A.R.T. status: Verified
Volumes:
disk0s1:
Capacity: 209.7 MB (209,715,200 bytes)
BSD Name: disk0s1
Content: EFI
disk0s2:
Capacity: 511.25 GB (511,250,432,000 bytes)
BSD Name: disk0s2
Content: Apple_CoreStorage
Recovery HD:
Capacity: 650 MB (650,002,432 bytes)
BSD Name: disk0s3
Content: Apple_Boot
Volume UUID: 600737FB-7A29-3BAE-859E-CBFE2E90C39A
<Edited by Host>This my sound too simple, but I just kept clikning on the arrow next to the selected music and it finally "Kicked" in.
I live in Europe ,So Be persistent and don't give up ! Aug. 2013 -
How to see data in BAM from sensor on BPEL activity?
Hello, I 'am working with BPEL on Jdeveloper (last version).
I have putted sensors on some activity of my process. On an other machine I have putted the BAM server (last version) which is ON and I have the BAM connection on Jdevlepper. Now I try to see data on BAM from sensor but I can't.
Can someone explain me how to do?
(I just can build some data just like in a data base with BAM architect but I can't read and put to graphics the ones from the sensors)
Thank's much
JAckHello,
To answer your question, I have install BAM on the same machine where BPEL server is running.
Now I steel can't get sensor's data from BPEL:
With BAM architect I can build data, with BAM studio I can use that data to design graphics but when I try to feed data from BPEL it doesn't work because I just can't press the OK button!!
In BPEL : When I try to Create BAM sensor action (from structure panel), I can't generate the xsl map file no action is done when pressing OK, create mapping or edit mapping button! -
ASA 5520: Configuring Active/Standby High Availability
Hi,
I am new to Cisco firewalls. We are moving from a different vendor to Cisco ASA 5520s.
I have two ASA 5520s running ASA 8.2(5). I am managing them with ASDM 6.4(5).
I am trying to setup Active/Standby using the High Availability Wizard. I have interfaces on each device setup with just an IP address and subnet mask. Primary is 10.1.70.1/24 and secondary is 10.1.70.2/24. The interfaces are connected to a switch and these interfaces are the only nodes on this switch. When I run the Wizard on the primary, configure for Active/Standby, enter the peer IP of 10.1.70.2 and I get an error message saying that the peer test failed, followed by an error saying ASDM is temporarily unable to connect to the firewall.
I tried this using a crossover cable to connect the interfaces directly with the same result.
Any ideas?
Thanks.
DanThe command Varun is right.
Since you want to know a little bit more about this stuff, here goes a bit. Every interface will have a secondary IP and a Primary IP where the Active/Standby pair will exchange hello packes. If the hellos are not heard from mate, the the unit is delcare failed.
In case the primary is the one that gets an interface down, it will failover to the other unit, if it is the standby that has the problem, the active unit will declare the other Unit "standby failed). You will know that everything is alright when you do a show failover and the standby pair shows "Standby Ready".
For configuring it, just put a secondary IP on every interface to be monitored (If by any chance you dont have an available secondary IP for one of the interfaces you can avoid monitoring the given interface using the command no "monitor-interface nameif" where the nameif is the name of the interface without the secondary IP.
Then put the commands for failover and stateful link, the stateful link will copy the connections table (among other things) to avoid downtime while passing from One unit to another, This link should have at least the same speed as the regular data interfaces.
You can configure the failover link and the stateful link in just one interface, by just using the same name for the link, remember that this link will have a totally sepparate subnet from the ones already used in firewall.
This is the configuration
failover lan unit primary
failover lan interface failover gig0/3
failover link failover gig0/3
failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2
failover lan unit secondary
failover lan interface failover gig0/3
failover link failover gig0/3
failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2
Make sure that you can ping each other secondary/primary IP and then put the command
failover first on the primary and then on the secondary.
That would fine.
Let me know if you have further doubts.
Link for reference
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml
Mike -
Cisco ASA Active standby failover problem
We have configured ASA Active standby failover with ASA5505 . When primary unit power off, secondary unit became active. when primary unit power on, then primary unit is becoming active again. i think for active standby setup there is no preemption. The real issue is when primary ASA became active after power on all the external connectivity getting down. Please see the below config,
ASA01# show run
ASA01# show running-config
: Saved
ASA Version 8.2(5)
hostname ASA01
enable password PVSASRJovmamnVkD encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.1.1 MPLS_Router description MPLS_Router
name 192.168.2.1 SCADA_Router description SCADA_Router
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 2
interface Ethernet0/3
interface Ethernet0/4
switchport access vlan 3
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.3.8 255.255.255.0 standby 192.168.3.9
interface Vlan2
nameif outside
security-level 0
ip address 192.168.1.8 255.255.255.0 standby 192.168.1.9
interface Vlan3
description LAN Failover Interface
ftp mode passive
clock timezone AST 3
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit ip any host MPLS_Router
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any 192.168.2.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
failover
failover lan unit primary
failover lan interface FAILOVER Vlan3
failover key *****
failover interface ip FAILOVER 10.1.1.1 255.255.255.0 standby 10.1.1.2
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route-map Route_Out permit 1
match ip address inside_access_in outside_access_in
match interface inside
route outside 0.0.0.0 0.0.0.0 MPLS_Router 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.2.0 255.255.255.0 inside
http authentication-certificate inside
http authentication-certificate outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 192.168.2.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 outside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password eY/fQXw7Ure8Qrz7 encrypted
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1a8e46a787aa78502ffd881ab62d1c31
: endI suggest removing the failover configuration on both units and then re-add them, and then test.
Primary
failover lan interface FAILOVER Vlan3
failover interface ip FAILOVER 10.1.1.1 255.255.255.0 standby 10.1.1.2
failover lan unit primary
failover key KEY
failover
Secondary
failover lan interface FAILOVER Vlan3
failover interface ip FAILOVER 10.1.1.1 255.255.255.0 standby 10.1.1.2
failover lan unit secondary
failover key KEY
failover
Please remember to select a correct answer and rate helpful posts -
ASA failover with 1 AIP SSM in Active/Standby?
I have a customer with two ASAs; in Active/Standby. They want to purchase one AIP. Will failover (without the AIP functionality) to the Standby work if the AIP is configured for Promiscuous mode? Thanks, Bob
The only connection to the SSM that can be done internally through the ASA is a "session". This is an internal telnet to the SSM and can be used to access the SSM's CLI.
This is very usefull when you manage your SSM directly through the CLI.
However, most customers prefer to use a graphics based tool like IDM, ASDM, or CSM for managing the configuration of the SSM, and prefer to use a graphics based tool like IEV or CS MARS for monitoring of the alerts from the SSM.
All of these graphics based tools need network access to the SSM through a web port (https on port 443 by default). Access to this port is not allowed internally through the ASA direct to the SSM.
All web connections must be made to the External Management interface of the SSM.
If you are not using all 4 of your ASA interfaces you could choose to wire the External SSM interface directly to one of your ASA interfaces, and create a small subnet for the ASA and IPS IP Addresses. So then all external connections to the SSM would be routed into the ASA, then out of the ASA, and into the external port of the SSM.
That subnet of just the ASA and SSM could be made using a network reserved for local IPs (like a 10, or 172, or 192 network) and then use NAT/PAT for translation on the other network interfaces of the ASA.
But it does still require that wire connected to the external port of the SSM. -
E71-1 - No inbox/notification in active standby
In the past days I have tried to configure any kind of information about my primary email account for the active standby/home screen. The email account works fine (imap-idle account), receiving emails works fine, but other than the @-symbol in the top-right corner (when new emails are available) no information about the inbox or any indication about new emails are displayed on the home screen.
In the mode-config I selected the email account to be displayed on the home screen, and no matter what option I choose in the email notification 1 details (headers only, headers with popup, headers with unread etc.) nothing at all is shown. I have seen screen shots where at least a bubble notification is shown (for new emails) and also at least a link with the account name. The way it is now I have a really hard time keeping track of my (new) emails, because I really have to open my inbox every time to be sure.
I have tried every imaginable configuration detail, the manual is no help at all, and I didn't find any information in any forums about this problem. Is this a software bug? Has anybody experienced this? Is there a solution?I've been experiencing the same issue where that active standby plugin wouldnt show a notification. But I *THINK* I have it figured out from the clues in this discussion. This post is to benefit any other people googling for the solution. To my knowledge, this method will enable you to have the single line email notication on your Active Standby aka homescreen (where your calendar and meetings show up) in the format of Gmail (6). I believe the catch is you need to have less than 999 emails in your inbox. As a workaround you need to archive all extra emails in your Gmail inbox. A disclaimer: I am not 100% on this, so I will give you as much detail to replicate my scenario where it works, so adjust it for your own situation
I went through various deletes of my Gmail account in the Email settings area of the NATIVE messaging app (where text messages are).
If you look at Messaging --> Options --> Settings --> Other
There is a setting called "Number of saved msgs." I figured out the maximum of this to be 999. In my opinion this setting is talked about saved SENT messages (the setting above it is called "Save sent messages" Yes/No). Set this number to 999.
I assumed this 999 number of messages to be the limit for all emails out of a hunch. I went into my Gmail account on the web and pretty much archived a lot of emails except the recent ones. Archiving your emails does not delete them, but rather stores them outside of the inbox and are still searchable within Gmail. I made sure the number of emails in my inbox were under 900.
Next, I followed the steps we all know to put in a Gmail account via IMAP via the setup email wizard and some minor tweaking in the settings dialogs (Messaging --> Options --> Settings --> Email --> Gmail --> Connections Settings --> Both Incoming e-mail and Outgoing e-mail sections) using the guide: Symbian S60 - Gmail Help
It might also be worth it to set your "Access point in use" for both incoming and outgoing servers.
Under
Messaging --> Options --> Settings --> Email --> Gmail --> User Settings --> New e-mail alerts should be ON
Under
Messaging --> Options --> Settings --> Email --> Gmail --> Retrieval Settings --> there are no necessary changes (the next section will override settings related to retrieval amount and cause ALL emails to be retrieved.). Note that putting folder subscriptions may put you over the 999 limit. I don't know if the 999 limit applies to each folder or to ALL emails as a whole. If you do put folder subscriptions, the next section setting will automatically also override the # of emails from folders retrieved to be ALL as well. Experiment at your own risk.
Under
Messaging --> Options --> Settings --> Email --> Gmail --> Automatic Retrieval:
Email notifications -- Disabled (you can only have one or the other and email retrieval is more important than this unknown and ill defined setting)
Email retrieval -- Enabled or "only in home network" (more options will appear now regarding scheduling. Pick your frequency according to how long you want your battery to last and how important your emails are). If you choose "only in home network" I am inclined to believe that it will only use the access point you described earlier in "Connection Settings"
Out of this menu,
Under
Messaging --> Options --> Settings --> Email
Make sure your default mailbox is Gmail
If you go into Modes (Modes--> Home screen apps --> Enabled apps) at this point and try to put the "Email 1 notification" as active, and go into "Email 1 notification's " settings, and try to set your mailbox to Gmail, it will tell you to connect first. So lets do that and hope it works
So go to Messaging --> Gmail --> Options --> Connect and watch it retrieve headers of your emails from Gmail. Make sure that theres 1 or 2 *NEW* emails before downloading for testing out the Active Standby plugin's temperment.
Go into Modes while it is retrieving the headers of your emails
Modes --> Home screen apps --> Enabled Apps --> and select "Email 1 notification"
Go back into
Modes --> Home screen apps --> Go into the new "Email 1 Notification" setting there
Mailbox: Gmail
Preview: You have a choice of three
Header only -- shows your mailbox's name and # of unread mails on homescreen -- eg: Gmail (3)
Header and popup -- show the header described above in 1 line, plus when you hover over it, a preview of your emails in a bubble that includes Sender, Subject, and Date. To me, this is the most useful
Header and unread -- Shows the header described above in 1 line, and in a 2nd line shows the most recent unread email's Sender, subject, and date
Assuming you've put a audio tone for email alerts in Profiles --> Whichever profile --> Customize --> Email alert tone
Then once you head back to your home screen and once the email retrieval finishes, you should hear a audio sound, and see Gmail (3).
Good luck -
Active Standby Pair Clustering.
Hi Chris, I had created ActiveStandby Pair as follows:
Server 1 => DSN: TTCluster1
Server 2 => DSN: TTCluster2.
Then I created ActiveStandby Pair in Server1, Started RepAgent and then Duplicated the DSN on Server 2 with name TTCluster 2. It worked fine.
Now to access it from the client server mode, I created Client DSN on Client machine using Virtual IP. (Using Linux Cluster Manager).
But inthis case I had to create two client DSN. TTCluster1Client and TTCluster2client. Since Application can connect to only one DSN and shifting to other while failover is very difficult.
So I am trying following model now, Let me know your views on this.
Server 1 and Server 2, both will have same DSN name "TTCluster".
Client Machin will have only one DSN "TTClusterClient" using VIP.
When the Server1 failes, Server 2 will take over and there is no need of shifting client DSN. Application will be routed to Server 2 after switch over.
Step1: created server DSN "TTCluster" on Server 1 and Server 2.
Step2: created user 'ttcluster' on Server 1 and Server 2.
Step3: Create DataStore TTCluster on Server 1. (By connecting to TTCluster).
Step4: Create Cache Groups (AWT) on Server1.
Step5: Started Cache Agent on Server1.
Step6: Created ActiveStandby Pair on Server1 as follows:
CREATE ACTIVE STANDBY PAIR
TTCluster ON "wabtectimesten.patni.com",
TTCluster ON "wabtectimesten2.patni.com"
RETURN TWOSAFE
STORE TTCluster PORT 20000 TIMEOUT 120;
Step8: executed ttrepstateset('ACTIVE') on server1.
Step9: Started Replication Agent on Server1.
Step10: Duplicated DataStore on Server2.
Issues:
Server2 is not coming up as Standby. The log on Server1 shows following messages:
15:19:33.83 Warn: REP: 8671: TTCLUSTER:receiver.c(1723): TT16060: Failed to read data from the network. select() timed out
15:19:37.09 Err : REP: 8671: TTCLUSTER:receiver.c(3428): TT16142: Failed to retrieve peer information. No peers found
15:19:37.09 Err : REP: 8671: TTCLUSTER:transmitter.c(5523): TT16229: Transmitter thread failure due to lack of state consistency at subscriber store _ORACLE
Question:
While creating replication scheme I have mentioned.
STORE TTCluster PORT 20000 TIMEOUT 120;
I need to define the timeout for both DataStores. How will I do that?
The above timeout will be applicable for which datastore??
Can you please let me know if I am going in the right direction???Hi Tanweer,
When designing a monitoring scheme for TimesTen one has to bear a few things in mind (though not all will be relevant in every case):
1. There could be multiple 'instances' of TimesTen installed on a machine. Each instance is completely independent and must be monitoried separately.
2. Each instance has a 'main daemon' (timestend) that is the instance master supervisor. If this daemon is running and healthy then the 'instance' is considered to be 'up' and 'healthy'.
3. Each instance can manage multiple datastores. Each datastore is independent from the others and so each datastore must be monitored separately.
4. Each datastore may be using replication and/or cache connect. If so, these must also be monitored as well as the datastore since it is perfectly possible e.g. for the datastore to be healthy but for replication to be 'down'.
Depending on your requirements, your monitoring mechanism must 'model' this structure and relationships...
- If the instance main daemon is not running, or is not responding, then the entire instance is 'down' and all datastores managed by the instance should also be considered as 'down'
- If a datastore goes down (e.g. call invalidate), other stores in the instance are not affected and neither is the main daemon for the instance. They will continue to operate normally.
- A datastore may be healthy in itself but maybe replication or cache connect for the datastore is not healthy. Do you then consider the datastore as down? That depends on your applications requirements!
Hopefully this helps to clarify the interrelationship of components. Crashing a datastore by calling 'invalidate' does not crash the daemon (if it does then that is a bug!).
For monitoring the instance (main daemon) there are a few options:
1. ps -ef | grep timestend. This can detect if the daemon process is running but not if it is healthy...
2. Connect to a datastore. Every connect/disconnect request is processed via the main daemon so if the daemon is not healthy this will result in some error (usually a 'cannot communicate with the daemon' error). However, connect/disconnect are relatively expensive so you don't want to do this too often.
3. Have a monitoring process that maintains an open connection to the instance level datastore (DSN=TT_<instancename>). Periodically (as often as required within reason) it can execute the built in procedure ttDataStoreStatus() passing it the pathname of the instaance datastore checkpoint files (obtainable from the built in procedure ttConfiguration). This procedure communicates with the main daemon so will either return success (meaning daemon is okay) or an error (daemon is in big trouble).
If you have to do the test from a script then I would suggest that (2) is best but if you can do it from a continually running monitoring process then (3) is better.
For monitoring a datastore the best way to ascertain overall health is as follows:
1. Have a dummy table in the datastore. And as part of the check update a row in th dummy and commit the transaction. If this returns success then this shows that the datastore is up and able to service update requests (which means it is also okay for read requests).
2. You should also monitor the available space in the datastore and warn someone or something if the free space gets too low. You can query space allocation, current usage and high watermark usage from the SYS.MONITOR table. You can also configure TimesTen to generate SNMP traps and/or return warnings to applications if space usage exceeds some configured threshold. The objective is to take proactive action to prevent the datastore becoming full since that will require more disruptive corrective action.
For monitoring replication you should periodically:
1. Check that the datastore's repagent is running (you can do this using ttDatastoreStatus)
2. Check the status of each replication peer by calling ttReplicationStatus and checking the values of pstate (should be 'start') logs (if this value increases over time then the peer is in some kind of trouble) and lastMsg (if there is no message from the peer for a long time then it may be in some kind of trouble).
3. Sometimes an easier way is to have a dummy table set up for synchronous replication and do an update+commit for a row in that table. if replicatioin is working the commit will return within a few ms at most. If you get a timeout error returned that tells you that replication is in trouble,
To monitor cache connect is not so easy at present.
For AWT cache groups, the same monitoring as is used for replication is okay).
For SWT cache groups, if the sync to Oracle is not working every commit will get an error (so that's kind of obvious).
For AUTOREFRESH cache groups it's a bit harder. There is currenyly no supported way to determine when the last successful autorefresh occurred. I am hoping this capability will be added in a future release.
Sorry if that is a bit long winded - I hope it helps...
Chris
Maybe you are looking for
-
Which Makes Of DVD-Rs work?
Hi Everyone I've been trying to burn a DVD to disc, but keep getting a message saying that 'this type of media is not supported'. From reading through the postings I gather that the G4 iMacs are pre-set to burn at X4 and can be temperamental with man
-
Problem showing the crystal report viewer in form after added the component on it
Greetings I have a problem running a program. I created a form which I added the component Crystal Report Viewer perfecty but during program execution when I call that form my VS 2012 Ultimate show the following error: Translated: Failed to create th
-
'Exchange rate Fixed' ticked by default in PO [Me21N]
HI The requirement is to tick 'Exchange rate Fixedu2019 at PO header for all PO's as default for specific plant/Company code Screen selection layout can be defined at PO Document type level, is it possible to check this 'fixed indicator at plant leve
-
Hi i want to know how to set the delivery date as a standard for PO
hi in terms of delivery date how is it possible to set a later date so that I dont need to change it every time I save a purchase order.
-
I can only hear phonecalls on speaker, how do I turn off headset setting?
My phone says I have headsets attached. How do I turn off that feature?