A question about oc4j load balancing/ failover behaviour
Hi
I have been trying to set up load balancing using 9.0.2 standalone oc4j instances that share sessions.
- I set up two oc4j instances (say oc4j1 and oc4j2) pointing to a load balancer entering the following in <J2EE_HOME>config\http-web-site.xml:
<web-site host="<ip>" port="<port>" display-name="Oracle 9iAS Java HTTP WebSite" cluster-island="1" >
and
<frontend host="<host>" port="80" />
- I entered <cluster-config/> and <session-tracking/> in each oc4j instance's orion-web.xml, and <distributable/> in their web.xml files.
- I started the loadbalancer(java -jar loadbalancer.jar -debug) and the oc4j instances.
Everything works fine up to a point. They are both added to the cluster and the debug messages show that requests are being routed to oc4j1 and cluster session value update messages are sent by oc4j1 and received by oc4j2. When I shut down oc4j1 requests are routed to oc4j2 and session information is maintained.
However, when I start up oc4j1 again, it does not appear to be receiving the session value updates now being sent by oc4j2 so if I now shut down oc4j2 the session is lost. Can anyone please tell me what I have missed?
Thanks in advance
- Al
Hi
I have been trying to set up load balancing using 9.0.2 standalone oc4j instances that share sessions.
- I set up two oc4j instances (say oc4j1 and oc4j2) pointing to a load balancer entering the following in <J2EE_HOME>config\http-web-site.xml:
<web-site host="<ip>" port="<port>" display-name="Oracle 9iAS Java HTTP WebSite" cluster-island="1" >
and
<frontend host="<host>" port="80" />
- I entered <cluster-config/> and <session-tracking/> in each oc4j instance's orion-web.xml, and <distributable/> in their web.xml files.
- I started the loadbalancer(java -jar loadbalancer.jar -debug) and the oc4j instances.
Everything works fine up to a point. They are both added to the cluster and the debug messages show that requests are being routed to oc4j1 and cluster session value update messages are sent by oc4j1 and received by oc4j2. When I shut down oc4j1 requests are routed to oc4j2 and session information is maintained.
However, when I start up oc4j1 again, it does not appear to be receiving the session value updates now being sent by oc4j2 so if I now shut down oc4j2 the session is lost. Can anyone please tell me what I have missed?
Thanks in advance
- Al
Similar Messages
-
Load balancing, failover and fallback in Non-Clustered WebLogic environment
hi,
Has anyone implemented WebLogic 10.3.3 (or 10.3.4) in a Non-Clustered environment, but also got load balancing, failover and fallback work?
We were successful in getting failover working using t3://server1:7001,server2:7002 provider URL, but not load balancing or fallback.
The fallback is working when it was connecting to server2 and if we kill server2, then it switches to server1, but not when server2 is still running while server1 comes back.
All we need to find a way to enforce fallback to primary site, even if secondary which the client connected is still up and running and primary site comes back.
Any help appreciated.
Thanks.
Best regards,
Balahi,
Has anyone implemented WebLogic 10.3.3 (or 10.3.4) in a Non-Clustered environment, but also got load balancing, failover and fallback work?
We were successful in getting failover working using t3://server1:7001,server2:7002 provider URL, but not load balancing or fallback.
The fallback is working when it was connecting to server2 and if we kill server2, then it switches to server1, but not when server2 is still running while server1 comes back.
All we need to find a way to enforce fallback to primary site, even if secondary which the client connected is still up and running and primary site comes back.
Any help appreciated.
Thanks.
Best regards,
Bala -
Question about Finder-Load-Beans flag
Hi all,
I've read that the Finder-Load-Beans flag could yield some valuable gains in performance
but:
1) why is it suggested to do individual gets of methods within the same Transaction
? (tx-Required).
2) this strategy is useful only for small sets of data, isn't it? I imagine I
would choose Finder-Load-Beans to false (or JDBC) for larger sets of data.
3) A last question: its default value is true or false ?
Thanks
FrancescoBecause if there are different transactions where the get method is called
then the state/data of the bean would most be reloaded from the database. A
new transactions causes the ejbLoad method to be invoked in the beginning
and the ejbStore at the end. That is the usual case but there are other ways
to modify this behavior.
Thanks
Gaurav
"Francesco" <[email protected]> wrote in message
news:[email protected]...
>
Hi thorick,
I have found this in the newsgroup. It's from R.Woolen answering
a question about Finder-Load-Beans flag.
"Consider this case:
tx.begin();
Collection c = findAllEmployeesNamed("Rob");
Iterator it = c.iterator();
while (it.hasNext()) {
Employee e = (Employee) it.next(); System.out.println("Favorite color is:"+ e.getFavColor());
tx.commit();
With CMP (and finders-load-beans set to its default true value), thefindAllEmployeesNamed
finder will load all the employees with the name of rob. The getFavColormethods
do not hit the db because they are in the same tx, and the beans arealready loaded
in the cache.
It's the big CMP performance advantage."
So I wonder why this performance gain can be achieved when the iterationis inside
a transaction.
Thanks
regards
Francesco
thorick <[email protected]> wrote:
1) why is it suggested to do individual gets of methods within thesame Transaction
? (tx-Required).I'm not sure about the context of this question (in what document,
paragraph
is this
mentioned).
2) this strategy is useful only for small sets of data, isn't it? Iimagine I
would choose Finder-Load-Beans to false (or JDBC) for larger sets ofdata.
>
If you know that you will be accessing the fields of all the Beans that
you get back from a
finder,
then you will realize a significant performance gain. If one selects
100s or more beans
using
a finder, but only accesses the fields for a few, then there may be some
performance cost.
It could
depend on how large some of the fields are. I'd guess that the cost
of 1 hit to the DB per
bean vs.
the cost of 1 + maybe 1 more hit to the DB per bean, would usually be
less. A performance
test using
your actual apps beans would be the only way to know for sure.
3) A last question: its default value is true or false ?The default is 'True'
-thorick -
Connection string in listener log file for loading balance/failover
Hi Experts,
I have 4 node RAC for oracle 10g2 in rad hate 5.0
We creaed service dbsale ( sale1,2 as pr imary and sale3/4 as available) with loading balance/failover.
The remote user created a local TNS as
localmarket =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 155.206.xxx.xx)(PORT = 1521))
(LOAD_BALANCE = OFF)
(CONNECT_DATA = (SERVICE_NAME = dbsale))
From server side, I saw that user send two request connection string. one fail and another is OK.
It seems that fail connecting come from failover/loading balance from dbsale3?
Why do we get two connection string in listener log file?
Which difference is between two connection string?
Where does system change these connection string?
Thanks for your explaining.
Jim
==============listener.log message
[oracle@sale log]$ cat listener_sale.log|grep pmason
15-SEP-2009 13:52:24 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54326)) * establish * dbsale * 0
15-SEP-2009 13:52:25 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))(SERVER=dedicated)(INSTANCE_NAME=sale3)) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54327)) * establish * dbsale * 12520
15-SEP-2009 13:52:30 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54329)) * establish * dbsale* 0
15-SEP-2009 13:52:47 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54332)) * establish * dbsale * 0
15-SEP-2009 13:52:47 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))(SERVER=dedicated)(INSTANCE_NAME=sale3)) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54333)) * establish dbsale 12520
15-SEP-2009 13:52:49 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54334)) * establish * dbsale * 0
Edited by: user589812 on Sep 16, 2009 7:21 AMHi Jim,
I think the best way on this case is create one service with one instance as primary and another 3 as available.
Or use the connect string with two vip addresses, cause the service has two instances and the tnsnames.ora entry has only one.
Cheers,
Rodrigo Mufalani
http://mufalani.blogspot.com -
Hardware clustering/load balancing/failover with Tomcat
Hello forum!
I recently bought a Cisco 1801, and it sure is capable! Anyhow, I've got a hobby website that is getting a fair bit of traffic - approaching too much for one node to handle and it's time to start thinking about distributing the load.
I'd like to do a little clustering of server nodes running Apache Geronimo, which is J2EE running atop Apache Tomcat. For the sake of keeping things generic, let's just call it Tomcat because it configures the same way.
I do not run Apache HTTP Server as a proxy, I only run Tomcat directly connected to the internet. I do this for performance reasons.
Anyhow, I'm wondering if any of you evil geniuses could suggest a way that I could cluster Tomcat nodes directly using the router to serve as a hardware load balancer and have the whole sticky session thing with failover, etc... All of the documents I find on the subject discuss clustering by way of Apache HTTP with Mod_JK.
I have already asked this question on the hardware side, and got great information about the capable load balancing features my router sports (but limited compared to Cisco CSS products.)
Now I'm wondering if anyone has experience taking an open source application server like Geronimo or Tomcat or JBoss and clustering it using hardware load balancing. What kinds of Tomcat configurations, if any, do I need to add for things like sticky sessions and failover? Or, is all that automatic?
Thanks so much for reading and for any replies. If there is a better forum for my question, please direct me there.
Cheers,
Dave Woldrich
http://CardMeeting.comThis occurs rarely when the Tomcat process is not able to connect to the database. The database connection problem is an internal cause which manifests externally as missing fields in reports.
Workaround: Restart the Apache process and the Tomcat process. From the CLI on your CiscoWorks Server, enter the following commands in the specified sequence:
1. pdterm Apache
2. pdterm Tomcat
3. pdexec Tomcat
4. pdexec Apache -
We got multiple JVMs configured and running. Since we are not able to share the session among the JVMs we are having issue running the application on mutiple JVM since the OC4J is doing the load balancing. For example, if request is established on one JVM the next request is sent to another thus the application fails by not finding the session object. Is there a way we can have the sticky on OC4J so that if the session is established on one JVM then continue to use that JVM through out the life cycle of the session. Another word load balance only if the request is new. Thanks in advance for your help.
Okay, how about if you have multiple web application that are sharing the session.
Is there a way we could say these web application should be running on the same JVM? If you mean by this that you have different WAR files (either standalone or contained in an EAR file) that need to share common session state, then we don't support this with OC4J. A session is bounded within the Web module that it is created within. I think someone on here had come up with a way to do once before it using a different cookie name and a common cookie path but its not something we do by default.
Do you know how to configure them to run on the same JVM. Would parent work?
Could we make one web app parent for others - if so would it guarantee to run the the same JVM?The parent config doesn't dictate any runtime behaviour -- it's configuration, classloading based parenting only.
We have a scenario where our web applications are dependent upon each other - meaning they need to run on the same JVM together since they are sharing the session. It sounds to me that if you have this sort of requirement, then it'd be worth your while looking at our Coherence*Web functionality. This provides a way to allow the Coherence distributed cache to be used as the session/session-replication infrastructure -- effectively switching out the native session manager from OC4J (and other J2EE servers, Tomcat, etc.).
It has a switch that enables cross Web module state sharing. Because it's a distributed cache too, it will allow all JVMs to see/use the same view of the current session state.
See here for more details:
http://coherence.oracle.com/display/COH34UG/Coherence*Web+Session+Management+Module
http://coherence.oracle.com/display/COH34UG/Coherence*Web+Session+and+Session+Attribute+Scoping
-steve- -
Session replication in oc4j load balancing not working ..
Hi All,
I have windows 2000 machine. I have installed 2 instances of oc4j running on ports 8888 and 8889. I started the loadbalancer.jar in the first instance, started the first oc4j instance and then started the second oc4j instance. I have a common application deployed on both instance1 and instance2 and that is nothing but out famous SessionServlet.
If I access this servlet using http://localhost:80/app/servlet/SessionServlet then I am getting a count as 1 . My loadbalancer that is started from first oc4j instance(running on port 8888) is showing that the request is routed to the first instance. I stopped my first instance1 and then again from the same browser/session/client if I access the same servlet using http://localhost:80/app/servlet/SessionServlet then still I am seeing the count as 1 instead of 2 . At this point my loadbalancer is showing that the request is routed to the second oc4j instance(running on port 8889) since first instance is stopped. So why am I seeing the count as 1 instead as 2.
Also,
1. Is it enough that we start the loadbalancer.jar in the first oc4j instance. What about the loadbalancer.jar in the second oc4j instance ?
2. We all know that Apache HTTP Server runs on port 80. But since I didnt[i]Long postings are being truncated to ~1 kB at this time.thank you debu, I have one doubt . In the clustering/load-balancing documentation at metalink(doc id: 151717.1) it is said that in point 4b that we should add the tag <cluster-config /> to orion-web.xml file but this file will be created only after the web application is deployed and it is accessed atlest for one time. So is it that we should first deploy the web application and then access it for atlest one time then stop the server and add this tag .. or is there any other way workaround ?
-
Monitoring oc4j load balancing
Hi
We are using mod_oc4j to load balance our OC4J_BI_Forms application between 3 application servers. Is it possible to monitor those servers ? Can i add or remove servers "on the fly" without restarting the servers?
We use 9iAS rel 2 with Windows 2000
Regards,
LouisThanks for the post. We had a little difficulty getting enough specifics out of the documentation to answer all our questions. But opened a TAR and got a good engineer who worked with us to get a custom load balancing solution that is working very well for us.
Thanks again,
Tony
For others out there that are interested, we ended up with a very simple load balancing setup that simply requires that the mod_oc4j.conf be modified to group the containers.
From Oracle:
To implement the solution, please execute the following steps:
1. Deploy application into different containers with the same application name.
2. Modify the mod_oc4j.conf as follows:
Oc4jMout /test <oc4j instance 1>, <oc4j instance 1>,... -
Can anyone point me to some good documentation for configuring load balancing for oc4j instances?
I've seen a lot on metalink, but all dated back to 2002. I was hoping there was some new documentation for 10gR2.
I'm trying to load balance 3 webservice OC4J instances which each point to different API servers as the API servers themselves are single threaded.
Thanks for the assistance,
TonyThanks for the post. We had a little difficulty getting enough specifics out of the documentation to answer all our questions. But opened a TAR and got a good engineer who worked with us to get a custom load balancing solution that is working very well for us.
Thanks again,
Tony
For others out there that are interested, we ended up with a very simple load balancing setup that simply requires that the mod_oc4j.conf be modified to group the containers.
From Oracle:
To implement the solution, please execute the following steps:
1. Deploy application into different containers with the same application name.
2. Modify the mod_oc4j.conf as follows:
Oc4jMout /test <oc4j instance 1>, <oc4j instance 1>,... -
Loading balance/failover in JDBC
Hi experts,
we have a 4 nodes oracle 10g2 RAC in linux
we created a service as TNS have info for failover and loading balance
as
(LOAD_BALANCE = yes)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = dbservice)
(FAILOVER_MODE =
(TYPE = SELECT)
(METHOD = BASIC)
(RETRIES = 180)
(DELAY = 5)
it works for no java application
I saw JDBC as
URL="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=dbhost1)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=dbhost2)(PORT=1521))(FAILOVER=on)(LOAD_BALANCE=off))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=dbservice)))"
my question as why are difference setting in TNS and JDBC for load_balance and failover?
do we nned to copy exactly TNS into JDBC?
Do we need to set MultiPools for JDBC? this java application use connection pool to connect toRAC database. and seems that failover does not work.
Thanks for help
JImOk, TAF does not work with jdbc-thin: [http://download.oracle.com/docs/cd/B19306_01/java.102/b14355/overvw.htm#sthref18]
With TAF the client takes care of failover transparent to the application.
But TAF is not the only feature/function that will help with failover. If you have an application server that employs a connection pool, it will also take care of this. When the connection pool determines that a connection is lost/broken (or it receives a FAN event) it will try to reopen a connection and it will be redirected to a working instance. This should keep the application up but all transactions and sessions that were being executed on the failed node will still crash and generate application errors (a smart application could catch such an exception and re-execute all sql).
Maybe you can explain more what kind of behavior you expect during failover and why you think it is not working.
Bjoern -
JMS Clustering : Load Balancing expected Behaviour
Hi All,
I have a Cluster with a 2 managed servers A and B . ConnectionFactory is deployed to the cluster and Server B hosts JMS Server.Destinations on the JMS Server are not distributed, but the JNDI Names of the same are replicated across the cluster.Both Load Balancing and server affinity are enabled on the connectionFactory(I hope these attributes are required only if the destinations are distributed).
An application containing MDBs and EJBs are deployed to the cluster and onMessage MDB looks up for a Facade and makes calls on it.An external java client sets up the initialContext based on the cluster address and starts sending messages to the destination
What should be the expected behaviour in this scenario ?According to my understanding,
-Eventhough, the connectionFactory is deployed across the cluster, since the physical destinations are available only in the weblogic server hosting the JMS Server(Server B), the actual message handling(MDB invocation) would be done only here.
-When the MDBs are invoked on serverB, it would performs a lookup for the Facade.Because of the colocation optimisation, the replica aware stub used would be the one in ServerB and henceforth all the method processing should be done on Server B.
Is this correct ? But this would also mean that no load balancing would happen because of the colocation optimisation ? Do i need to use a distributed destination to enable load balancing in this scenario ?
Any help would be greatly appreciated..
thanks,
JoshHi All,
I have a Cluster with a 2 managed servers A and B . ConnectionFactory is deployed to the cluster and Server B hosts JMS Server.Destinations on the JMS Server are not distributed, but the JNDI Names of the same are replicated across the cluster.Both Load Balancing and server affinity are enabled on the connectionFactory(I hope these attributes are required only if the destinations are distributed).
An application containing MDBs and EJBs are deployed to the cluster and onMessage MDB looks up for a Facade and makes calls on it.An external java client sets up the initialContext based on the cluster address and starts sending messages to the destination
What should be the expected behaviour in this scenario ?According to my understanding,
-Eventhough, the connectionFactory is deployed across the cluster, since the physical destinations are available only in the weblogic server hosting the JMS Server(Server B), the actual message handling(MDB invocation) would be done only here.
-When the MDBs are invoked on serverB, it would performs a lookup for the Facade.Because of the colocation optimisation, the replica aware stub used would be the one in ServerB and henceforth all the method processing should be done on Server B.
Is this correct ? But this would also mean that no load balancing would happen because of the colocation optimisation ? Do i need to use a distributed destination to enable load balancing in this scenario ?
Any help would be greatly appreciated..
thanks,
Josh -
2 x 2911 HSEC router 3 ADSL connections each Site ti Site VPN Load Balancing Failover
Hello,
My senario is as described in Title.
Site A Headquarters. The router is Cisco 2911HSEC with 3 ADSL connections
Site B Remote Office. The router is Cisco 2911HSEC with 3 ADSL connections and 10 Users.
All ADSL connections have static IPs and belong to same ISP.
Need - Site to Site VPN between the routers.
Client requests to load balance the traffic, due to poor ADSL speed and have a failover senarion in case an ADSL line goes down.
Any help will be appreciated.I don't believe you will find a One solution for this.
An idea would be to have all three ADSLs paired with ADSL on the other side.
Have 3 VTI (or GRE) tunnels up all the time (VRF-lite anybody?) and advertise routes to the other side with same metric.
This will cause IOS to load balance natively.
Potential problem: return path might not be the same as forward path, but it should not matter much for most applications.
Potential cool thing you can do: All the "magical" things in routing world (Did I head PfR?). FlexVPN on top to make it more flexible.
Benefit: Rely on IKE to bring down connections which are going down. Little-to-no management once it's up and running. -
Questions about the load processing of OpenSparc T1 Dcache
Hi,
I have some questions about OpenSparc T1 Dcache load processing.
During load processing, subsequent loads to the same address need to search the store buffer for a valid store to that address. If there is a CAM hit, data is sourced from the store buffer, not from the D-cache, and no load request will be sent to the L2.
What if there is no CAM hit. Would the load request be sent to L2? Or would Dcache be checked for the requested data?
If the load request would be sent to L2, what next? Would the Dcache be updated?
ThanksStore buffer is checked for Read after Write (RAW) condition on loads. If there is full RAW - i.e. full data exists in the store buffer - then the data is bypassed and no D cache access happens.
If RAW is partial (e.g. word store followed by a double word load) then load is treated as a miss. Store is allowed to complete in L2 cache and then load instruction is completed.
For the miss in STB, D cache is accessed. If hit, data is fetched from D$. If miss, data is fetched from L2$ and allocated in D$. -
Cisco 1921 Dual ADSL Load Balancing/Failover?
Hello,
We have purchased a Cisco 1921 with twin ADSL after advice from a Cisco sales rep. However I am having trouble working out the load balancing/fail over config for the device.
I would like traffic to balance over both ADSL lines and if one goes down not to interrupt connectivity.
I had a look at ppp multilink but I am unsure our ISP (BT) support this?
This is my current config which I think only one ADSL line is being used. Some input would be appreciated
Robbie
! Last configuration change at 13:18:34 UTC Tue Mar 29 2011
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname xxxxxx
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 xxxxx
enable password xxxx
no aaa new-model
no ipv6 cef
ip source-route
ip cef
ip name-server 194.74.65.68
ip name-server 194.72.0.114
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-xxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxx0
revocation-check none
rsakeypair TP-self-signed-xxxxx!
crypto pki certificate chain TP-self-signed-xxxxxx
certificate self-signed 02 nvram:IOS-Self-Sig#4.cer
license udi pid CISCO1921/K9 xxxxx
username admin privilege 15 secret 5 xxxxxxxxxx/
interface GigabitEthernet0/0
description lan$ETH-LAN$
ip address 10.0.8.1 255.255.248.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2
interface ATM0/0/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2
interface ATM0/1/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer0
mtu 1483
ip address negotiated
ip access-group spalding in
ip access-group spalding out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp multilink
ppp multilink links minimum 2
ppp multilink fragment disable
ppp timeout multilink link add 2
no cdp enable
interface Dialer1
mtu 1483
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp link reorders
ppp multilink
ppp multilink links minimum 2
ppp multilink fragment disable
ppp timeout multilink link add 2
no cdp enable
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.0.15.201 3389 interface Dialer0 3389
ip nat outside source static tcp 195.194.75.218 3389 10.0.15.200 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 permit 10.0.0.0 0.254.255.255
dialer-list 1 protocol ip permit
control-plane
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
scheduler allocate 20000 1000
endHi,
Can anyone help me with this config? not very reliable.
Building configuration...
Current configuration : 17349 bytes
! Last configuration change at 06:08:06 UTC Sun Apr 5 2015 by Shawn
version 15.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Router
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.154-3.M2.bin
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$sNeA$GB6.SMrcsxPf51tK2Eo9Z.
aaa new-model
aaa authentication login local_authen local
aaa authorization exec local_author local
aaa session-id common
no ip source-route
ip port-map user-protocol--8 port udp 3392
ip port-map user-protocol--9 port tcp 3397
ip port-map user-protocol--2 port udp 3391
ip port-map user-protocol--3 port tcp 14000
ip port-map user-protocol--1 port tcp 3391
ip port-map user-protocol--6 port udp 3394
ip port-map user-protocol--7 port tcp 3392
ip port-map user-protocol--4 port udp 14100
ip port-map user-protocol--5 port tcp 3394
ip port-map user-protocol--10 port udp 3397
ip dhcp excluded-address 192.168.1.1 192.168.1.49
ip dhcp excluded-address 192.168.10.1 192.168.10.49
ip dhcp pool DHCP_POOL1
import all
network 192.168.1.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.1.1
lease infinite
ip dhcp pool ccp-pool1
import all
network 192.168.10.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.10.1
lease infinite
no ip bootp server
ip host SHAWN-PC 192.168.1.10
ip host DIAG 192.168.1.5
ip host MSERV 192.168.1.13
ip name-server 139.130.4.4
ip name-server 203.50.2.71
ip cef
ip cef load-sharing algorithm include-ports source destination
no ipv6 cef
multilink bundle-name authenticated
cts logging verbose
crypto pki trustpoint TP-self-signed-1982477479
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1982477479
revocation-check none
rsakeypair TP-self-signed-1982477479
license udi pid
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
redundancy
controller VDSL 0/0/0
operating mode adsl2+
controller VDSL 0/1/0
operating mode adsl2+
no cdp run
track timer interface 5
track 1 interface Dialer0 ip routing
delay down 15 up 10
track 2 interface Dialer1 ip routing
delay down 15 up 10
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-all sdm-nat-user-protocol--7-1
match access-group 104
match protocol user-protocol--7
match access-group 102
class-map type inspect match-all sdm-nat-user-protocol--4-2
match access-group 101
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--6-1
match access-group 103
match protocol user-protocol--6
class-map type inspect match-all sdm-nat-user-protocol--5-1
match access-group 103
match protocol user-protocol--5
class-map type inspect match-all sdm-nat-user-protocol--4-1
match access-group 102
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--7-2
match access-group 101
match protocol user-protocol--7
class-map type inspect match-all sdm-nat-user-protocol--3-1
match access-group 102
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--2-1
match access-group 101
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--1-2
match access-group 102
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 101
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--2-2
match access-group 102
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--3-2
match access-group 101
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--8-2
match access-group 101
match protocol user-protocol--8
class-map type inspect match-all sdm-nat-user-protocol--9-2
match access-group 104
match protocol user-protocol--9
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-all sdm-nat-user-protocol--9-1
match access-group 101
match protocol user-protocol--9
match access-group 104
class-map type inspect match-all sdm-nat-user-protocol--8-1
match access-group 104
match protocol user-protocol--8
match access-group 102
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-nat-user-protocol--10-2
match access-group 104
match protocol user-protocol--10
class-map type inspect match-all sdm-nat-user-protocol--10-1
match access-group 101
match protocol user-protocol--10
match access-group 104
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-any CCP_PPTP
match class-map SDM_GRE
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class type inspect sdm-nat-user-protocol--3-1
inspect
class type inspect sdm-nat-user-protocol--4-1
inspect
class type inspect sdm-nat-user-protocol--5-1
inspect
class type inspect sdm-nat-user-protocol--6-1
inspect
class type inspect sdm-nat-user-protocol--7-1
inspect
class type inspect sdm-nat-user-protocol--8-1
inspect
class type inspect sdm-nat-user-protocol--9-1
inspect
class type inspect sdm-nat-user-protocol--10-1
inspect
class type inspect CCP_PPTP
pass
class type inspect sdm-nat-user-protocol--7-2
inspect
class type inspect sdm-nat-user-protocol--8-2
inspect
class type inspect sdm-nat-user-protocol--1-2
inspect
class type inspect sdm-nat-user-protocol--2-2
inspect
class type inspect sdm-nat-user-protocol--9-2
inspect
class type inspect sdm-nat-user-protocol--10-2
inspect
class type inspect sdm-nat-user-protocol--3-2
inspect
class type inspect sdm-nat-user-protocol--4-2
inspect
class class-default
drop log
policy-map type inspect ccp-permit
class class-default
drop
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
interface Null0
no ip unreachables
interface Embedded-Service-Engine0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
interface GigabitEthernet0/0
description $ETH-LAN$
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
no mop enabled
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/0/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0/0/0.2 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
interface Ethernet0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no mop enabled
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/1/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 2
interface Ethernet0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no mop enabled
interface GigabitEthernet0/3/0
no ip address
interface GigabitEthernet0/3/1
no ip address
interface GigabitEthernet0/3/2
no ip address
interface GigabitEthernet0/3/3
no ip address
interface GigabitEthernet0/3/4
no ip address
interface GigabitEthernet0/3/5
no ip address
interface GigabitEthernet0/3/6
no ip address
interface GigabitEthernet0/3/7
no ip address
interface Vlan1
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 1444405858557A
ppp pap sent-username [email protected] password 7 135645415F5D54
ppp multilink
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 01475E540E5D55
ppp pap sent-username [email protected] password 7 055F5E5F741A1D
ppp multilink
router eigrp as#
router eigrp 10
network 192.168.1.1 0.0.0.0
router rip
version 2
network 192.168.1.0
no auto-summary
ip forward-protocol nd
ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source static tcp 192.168.1.10 3392 interface Dialer1 3392
ip nat inside source static udp 192.168.1.10 3392 interface Dialer1 3392
ip nat inside source static tcp 192.168.1.35 3391 interface Dialer0 3391
ip nat inside source static udp 192.168.1.35 3391 interface Dialer0 3391
ip nat inside source static tcp 192.168.1.5 3394 interface Dialer0 3394
ip nat inside source static udp 192.168.1.5 3394 interface Dialer0 3394
ip nat inside source static tcp 192.168.1.17 3397 interface Dialer0 3397
ip nat inside source static udp 192.168.1.17 3397 interface Dialer0 3397
ip nat inside source static tcp 192.168.1.10 14000 interface Dialer0 14000
ip nat inside source static udp 192.168.1.10 14100 interface Dialer0 14100
ip nat inside source route-map ADSL0 interface Dialer0 overload
ip nat inside source route-map ADSL1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1 track 2
ip access-list extended NAT
remark CCP_ACL Category=18
permit ip 192.0.0.0 0.255.255.255 any
ip access-list extended SDM_GRE
remark CCP_ACL Category=1
permit gre any any
remark CCP_ACL Category=1
ip access-list extended STATIC-NAT-SERVICES
permit ip host 192.168.1.35 any
permit ip host 192.168.1.5 any
permit ip host 192.168.1.10 any
permit ip host 192.168.1.17 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
route-map ADSL0 permit 10
match ip address NAT
match interface Dialer0
route-map ADSL1 permit 10
match ip address NAT
match interface Dialer1
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 3 remark HTTP Access-class list
access-list 3 remark CCP_ACL Category=1
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 3 deny any
access-list 10 remark INSIDE_IF=NAT
access-list 10 remark CCP_ACL Category=2
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 139.130.227.0 0.0.0.255 any
access-list 100 permit ip 203.45.106.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.10
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.35
access-list 101 permit tcp any any eq www
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.35
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.10
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.1.5
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 192.168.1.17
control-plane
banner login ^CCE-Rescue Systems^C
line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
authorization exec local_author
login authentication local_authen
transport input telnet ssh
line vty 5 15
authorization exec local_author
login authentication local_authen
transport input telnet ssh
scheduler allocate 20000 1000
end
Thanks
Shawn -
wondering if anyone would have advice for me on load
balancing with coldfusion either with software or hardware.
our basic set up is NAT through a firewall to local IPs. we
don't really have the option of assigning outward IPs to the
webservers.
it's not so much the load balancing that is important as much
as it is coldfusion availability as occasionally coldfusion stops
or crashes leaving a 503 msg for visitors (this is rare, but does
happen).
it would be nice to have a device or software switch the
incoming traffic to another server if CF is unavailable on the
other.
we are using MX 6.1 on win2003.
any help would be appreciated.These articles may help:
http://www.adobe.com/devnet/coldfusion/clustering.html
Maybe you are looking for
-
How can I see my iPhoto folders in apple tv?
When I use the Apple TV, I cant see the folders I've created on my Iphoto. Instead of that the Apple tv shows my entire (12,500) pics database. Anyone know how to split that data out?
-
ICC Profiles: Does the iPad not recognise them?
Is the iPad not colour aware in the sense that it recognises and uses ICC profiles embedded in images? Secondly, it's a great shame the display can not be calibrated. So much for portfolio display or any work that is colour sensitive.
-
InDesign CS5 XCode - DataBaseLib.dylib missing - Is this correct?
Hi, I just set up the CS5 SDK and started porting plugins, but I'm getting a problem building Release Builds. DataBaseLib.dylib seems to be missing from "/build/mac/release/packagefolder/contents/macos/" Is this intentional or do I need to download t
-
I disabled my cousins iPhone by pressing random numbers until his iPhone said ; iPhone is disabled connect to iTune ; in red on his front screen. He is in a different province for a month from where he last backed up his iPhone. We tried connecting i
-
When deploying the ear to weblogic 9.2 mp3 I encountered the error below.
<Apr 9, 2009 2:15:52 AM MDT> <Error> <J2EE> <BEA-160197> <Unable to load descriptor E:\rachen\domain\cc_rc2\cc_rc2\servers\AdminServer\tmp\.appmergegen_1239264945800_command-center-weblogic-10-6.0.1.e ar\war-syndicationManager.war/WEB-INF/web.xml of