ACE 4700 load balancing Issue
Hi,
I am new in ACE 4700. I have configured ACE 4700 for load balancing the FAX servers. Probe, ServerFarm, Real server, Virtual server, VIP state every thing is up and in service. But I am not able to access the real server using VIP IP address.
Below is the running configuration. Please help me to troubleshot the problem.
HOB-ACE-1/Admin# sh run
Generating configuration....
no ft auto-sync startup-config
boot system image:c4710ace-mz.A3_2_0.bin
hostname HOB-ACE-1
interface gigabitEthernet 1/1
description Man_HOB_1
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
description VIP_HOB_1
switchport access vlan 24
no shutdown
interface gigabitEthernet 1/3
description HA_HOB_1
switchport access vlan 180
no shutdown
interface gigabitEthernet 1/4
shutdown
[7m--More-- [m
access-list ALL line 8 extended permit ip any any
probe icmp ICMP_PROBE1
interval 15
faildetect 4
passdetect interval 60
passdetect count 5
receive 5
rserver host MFREFSAS497
description MAAFAXSERVER
ip address 10.16.12.148
conn-limit max 4000000 min 4000000
inservice
rserver host MSHOFCFS489
description HOBFAXSERVER
ip address 10.26.12.130
conn-limit max 4000000 min 4000000
inservice
[7m--More-- [m
[K
serverfarm host SFHOBACE-1
description SFHOBACE-1
predictor hash header Accept
probe ICMP_PROBE1
rserver MFREFSAS497 80
conn-limit max 4000000 min 4000000
inservice
rserver MSHOFCFS489 80
conn-limit max 4000000 min 4000000
inservice
class-map match-all VSHOBACE-1
2 match virtual-address 10.26.24.242 any
class-map type management match-any remote_access
201 match protocol xml-https any
202 match protocol icmp any
203 match protocol telnet any
204 match protocol ssh any
205 match protocol http any
206 match protocol https any
207 match protocol snmp any
[7m--More-- [m
[K
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match VSHOBACE-1-l7slb
class class-default
serverfarm SFHOBACE-1
policy-map multi-match global
class VSHOBACE-1
loadbalance vip inservice
loadbalance policy VSHOBACE-1-l7slb
loadbalance vip icmp-reply
nat dynamic 1 vlan 24
nat dynamic 1 vlan 1000
service-policy input global
interface vlan 24
description "Client VLAN"
ip address 10.26.24.243 255.255.255.0
[7m--More-- [m
access-group input ALL
no shutdown
interface vlan 1000
ip address 10.26.12.132 255.255.255.0
peer ip address 10.26.12.133 255.255.255.0
access-group input ALL
service-policy input remote_mgmt_allow_policy
no shutdown
ft interface vlan 180
ip address 192.168.180.2 255.255.255.248
peer ip address 192.168.180.3 255.255.255.248
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 180
ft group 1
peer 1
priority 140
associate-context Admin
[7m--More-- [m
inservice
ip route 0.0.0.0 0.0.0.0 10.26.12.1
snmp-server contact "HOB_ACE"
snmp-server location "HOB"
snmp-server community FAXSERVER group Network-Monitor
snmp-server user administrator Network-Monitor
snmp-server trap-source vlan 1000
username admin password 5 $1$GtO1e504$eGuyxxDcXck7SkxqBfRkI. role Admin domain
default-domain
username www password 5 $1$N5ClX7jy$kDhGgN.uukWQKvQMd3pY.1 role Admin domain de
fault-domain
ssh key rsa 1024 force
Thanks and Regards,
Ashfaque
Hello Hossain,
Applying the policy globally on the box is commonly not the prefered way to go, you can use instead a single multi-match policy per SVI for easier managent; this will also also help to narrow down problems to a specific policy and VIP while T-Shooting.
Use the
ACE/Admin(config)# no service-policy input global
ACE/Admin(config)# interface vlan 24
ACE/Admin(config-if)# service-policy input global
Also you want to remove the NAT from the multi-match policy, you're running in routed mode so NAT should not be required; if it was required then you don't have any natpool configured or as Ahmad mentioned it was truncated from the configuration.
Something that caught up my attention is that your default route is pointing to the server VLAN that happens to be also your management VLAN, I'll have to lab it up but my first impression is that either the traffic coming to the VIP on vlan 24 should be always NAT'd to an IP of 10.26.24.X/24 before it gets to the ACE or else there will be a routing loop that will not allow the flow to complete correctly.
Do you happen to have a quick logical diagram of this piece of the network?
Thnx
Pablo
Similar Messages
-
SIP load balancing issue with ACE 4710
SIP Load balancing Issue with ACE 4710
I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
rserver host CIN-VOX-31
ip address 172.20.130.31
inservice
rserver host CIN-VOX-32
ip address 172.20.130.32
inservice
serverfarm host CIN-VOX
probe SIP-5060
rserver CIN-VOX-31
inservice
rserver CIN-VOX-32
inservice
sticky sip-header Call-ID VOX_SIP_GROUP
timeout 1
timeout activeconns
replicate sticky
serverfarm CIN-VOX
class-map match-all CIN_VOX_L4_CLASS
2 match virtual-address 172.22.12.30 any
class-map match-all CIN_VOX_SIP_L4_CLASS
2 match virtual-address 172.22.12.30 udp eq sip
policy-map type loadbalance sip first-match CIN_VOX_LB_SIP_POLICY
class class-default
sticky-serverfarm VOX_SIP_GROUP
policy-map multi-match GLOBAL_DMZ_POLICY
class CIN_VOX_SIP_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
class CIN_VOX_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
interface vlan 20
description VIP_DMZ_VLAN
ip address 172.22.12.4 255.255.255.192
alias 172.22.12.3 255.255.255.192
peer ip address 172.22.12.5 255.255.255.192
access-group input PERMIT-ANY-LB
service-policy input GLOBAL_DMZ_POLICY
could you please help me on this...
thanks
Rakesh PatelI mean there should be one more statement-
class-map type sip loadbalance match-any CIN_VOX_LB_SIP_POLICY
match sip header Call_ID header-value sip:
and that will be called under-
policy-map multi-match GLOBAL_DMZ_POLICY
class CIN_VOX_SIP_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
is that missing in your config ? -
Cisco ACE20 Load balancing issues
Dear All,
I have a problem with the ACE 20 load balance
To start with following is our architectural request flow:
Load Balancer --> Webseal /(reverse proxy) --> HTTP Server --> Portal Server
We have Hardware Load Balancer Cisco ACE20.
When we access our portal from Webseal server it works totally fine without any issue, but when we access the same application using ACE we face the following issues:
1) Some of the links on do not work. For eg: We have a link "subscribe" which points to https://intranet/abc/wps/portal/subscription , whenever we click on this link, the request is directed to https://intranet/abc/wps/portal i.e homepage
2) URL redirection does not work We have some links which have a url forwarding or redirection for example when we open https://intranet/ef/quickplace it forwards the requests to https://intranet/ef/quickplace/Main.nsf?opendocument....., but this redirection fails and again the request is thrown to homepage i.e https://intranet/abc/wps/portal
3) The response of the request and the overall portal when accessed via ACE is very sluggish and it takes 20 seconds for homepage to load, whereas the homepage loads in 4 secs when accessed via webseal.
below is the ACE details. Kindly provide the your inputs to resolve this issue. will rate all the suggestions
Hardware Product Number: ACE20-MOD-K9
Card Index: 207
Hardware Rev: 2.3
Feature Bits: 0000 0002
Slot No. : 7
Type: ACE
Software
loader: Version 12.2[120]
system: Version A2(1.4) [build 3.0(0)A2(1.4) adbuild_11:54:12-2009/03/05_/a
uto/adbu-rel2/rel_a2_1_4_throttle/REL_3_0_0_A2_1_4]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_4.bin
installed license: ACE-SEC-LIC-K9Dear all,
Please suggest on this issue.
BS -
Hi all,
During our testing we are getting a load balancing issue. However, one of the agates in our network is has more CPU power than compared to the other agates in our ITS network. The memory on all the agate servers is the same.
Our current issue we are getting is the one agate that has more cpu power but acquires more sessions as compared to the other two agates. It roughly gets 60 more sessions per agate process as compare to the other Agate servers. Does having more cpu on a Agate affect the load balancing on ITS? We are on ITS patch level 19 with the Hotfix.
Thanks,
Jin BaeHello Jin,
yes, at (re)initialize the WGate retrieves the capacity from the AGates.
This is an accumulated number based on CPU performance and the number of CPUs!
The number can be seen in "wgate-status" as the "Capacity" of the AGate.
When running multiprocess Agates the number is retrieved from the MManager and also involves the number of agate-processes.
The WGate dispatches the load in proportion depending on these capacity numbers.
By my knowledge there is no way that these values can be configured (fixed).
Regards,
Fekke -
CSS arrowpoint cookie load balancing issue
Hi guys,
I need some advice on a load balancing issue.
We have connections hitting the CSS via a proxy environment. As a result i see only one source ip address. I want to use arrowpoint cookies for session stickeyness. However when i enable the rule the tcp session negotiation fails. The CSS sends a TCP/RST which terminates the session.
Here's the rule config:
content HTTP_rule
add service ZSTS299102
add service ZSTS281101
vip address <filtered>
add service LONS299102
add service LONS281101
balance weightedrr
change service ZSTS299102 weight 5
change service ZSTS281101 weight 5
advanced-balance arrowpoint-cookie
protocol tcp
port 80
url "/*"
active
Any help would be much appreciated.Remko,
in L3/L4 the CSS sends the SYN directly to the server.
So when the FIN comes in, we simply pass it to the server.
With L5 the CSS spoofs the connection and we select the server only after receiving the GET.
If there was some delay between the GET and the FIN, the CSS would have time to establish a connection with the server and the FIN could be simply forwarded.
Unfortunately, in this case the FIN is right after the GET with no delay.
Gilles. -
ACE to load balance Citrix servers
Hello,
Have anyone configured ACE Modules to load balance Citrix Servers (HTTP) ?
Any special considerations needed?
Many thanks,HI Javier,
There is one complete design guide available on ciso site.
Kindly go through the below mentioned URL for complete config for ACE to load balance CITRIX as follows:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/App_Networking/citrixdg_final.html
You will get othe design guides also which can be very useful:
http://www.cisco.com/en/US/netsol/ns751/networking_solutions_design_guidances_list.html
Sachin Garg -
Using ACE to load balance HTTP/S traffic between client & proxy server using tcp 8080
Folks,
I have a scenario where ACE is in load balancing connections to a bunch of Websense servers in a one-armed topology. ACE presents a single VIP to web browser clients and each client's browser proxy configuration is populated with the VIP DNS name. Traffic then gets load balanced between the Websense servers. The problem arises due to Websense requiring the 'X-Forwarded-For' HTTP header in order to obtain the source IP of the client.
ACE inserts this header into the standard HTTP 'proxied' traffic but doing this for HTTPS traffic has required the configuration of the ACE SSL proxy client server.
So the problem I have is this:
How to configure ACE to load balance both HTTP & HTTPS applications using a single VIP and tcp port number ie tcp 8080
The ACE hardware being used is ACE20-MOD-K9 - MODULE
I have attempted to use a L7 class map to match all ciphers and attach this to a L7 Policy-Map but the documentation highlights the fact the 'match cipher' configuration is only available on the ACE appliance.
I believe I am on the correct track. The HTTPS traffic must be identified and used to match against PolicyA and HTTP traffic matched against PolicyB
I'm looking for ideas! I'm hopeful someone must have solved this problem previously!!
Regards,
SimonHi Simon,
The classification has to work on different ports. Whether client types http or https doesn't matter to client. His request will reach VIP which will classify the traffic based on port, protocol first and then it can look into further detail to send the traffic to appropriate serverfarm.
You can class-map match-any xxxxx
2 match virtual-address x.x.x.x tcp any
and then you configure further classification on the basis of L7 like url, header etc.
But again, you will still need SSL termination on ACE.
Regards,
Kanwal
Note: Please mark answers if they are helpful. -
Hi,
I have ACE module and 2 servers the problem i am facing is only one server is been serviced by ACE the other server is not getting much traffic at all.
One server gets hit most of the time like 3 pkts goes to server 1 and 1 pkt goes to server 2.
Could anyone tell me why is this issue that unequal load balancing is occoring on my device.
Thanks in advance.here's the output of
sh serverfarm det
serverfarm : DNS, type: HOST
total rservers : 2
active rservers: 2
description : -
state : ACTIVE
predictor : ROUNDROBIN
failaction : -
back-inservice : 0
partial-threshold : 0
num times failover : 0
num times back inservice : 0
total conn-dropcount : 0
Probe(s) :
DNS_PROBE, type = DNS
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: DNS-118-1
10.0.0.1:0 8 OPERATIONAL 206 127901 1
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
load value : 0
rserver: DNS-118-2
10.0.0.2:0 8 OPERATIONAL 230 212332 4
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
load value : 0
here's the output of
sh service-policy L3L4_LOADB detail
Status : ACTIVE
Description: -----------------------------------------
Context Global Policy:
service-policy: L3L4_LOADB
class: CLASS_MAP
nat:
nat dynamic 1 vlan 118
curr conns : 325 , hit count : 340457
dropped conns : 5
client pkt count : 2697687 , client byte count: 179735431
server pkt count : 2694477 , server byte count: 535957631
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
VIP Address: Protocol: Port:
10.0.0.3 tcp eq 53
10.0.0.3 udp eq 53
loadbalance:
L7 loadbalance policy: L7_LOADB
VIP Route Metric : 77
VIP Route Advertise : ENABLED-WHEN-ACTIVE
VIP ICMP Reply : ENABLED-WHEN-ACTIVE
VIP State: INSERVICE
curr conns : 325 , hit count : 340462
dropped conns : 5
client pkt count : 2697687 , client byte count: 179735431
server pkt count : 2694477 , server byte count: 535957631
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
L7 Loadbalance policy : L7_LOADB
class/match : class-default
LB action: :
primary serverfarm: DNS
state: UP
backup serverfarm : -
hit count : 340457
dropped conns : 0 -
Cisco ACE - Firewall load balancing
I am using two sets of ACE load balancers for load balancing traffic across two firewalls (firewall load balancing).
The solution works fine. I have a virtual address of 0.0.0.0 in either direction to match traffci going from the internal users to the internet and vice versa.
The problem is that when I try to manage the load-balanced firewalls (either using SSH (or) HTTPS) from outside, then that connection also gets load balanced and when I try to connect to FW1 then sometimes this connection ends up on FW2 and vice versa and the connection gets dropped. I have a workaround in place where i am using a virtual address per firewall to connect to the real IP address of the firewall.
Is there any other way of managing firewalls (which are defined as real-servers) in a FWLB setup.
Attached is the configuration of the external ACE which has the two firewalls defined as the real-servers.
access-list ALL line 8 extended permit ip any any
probe icmp ICMP-Probe
interval 15
passdetect interval 60
rserver host FW1-ASA
ip address 10.11.71.10
inservice
rserver host FW2
ip address 10.11.71.11
inservice
serverfarm host Firewalls
transparent
predictor leastconns
rserver FW1-ASA
inservice
rserver FW2
inservice
serverfarm host Firewalls-NO-LB
rserver FW1-ASA
inservice
serverfarm host Firewalls-NO-LB1
rserver FW2
inservice
sticky ip-netmask 255.255.255.255 address source new-sticky
timeout activeconns
serverfarm Firewalls
This is my workaround for connection to the IP address of the firewalls (for management)
class-map match-any FW-Real
2 match virtual-address 10.11.71.254 any
class-map match-any FW-Real2
2 match virtual-address 10.11.71.253 any
class-map type management match-any Remote-Access
201 match protocol telnet any
202 match protocol http any
203 match protocol https any
204 match protocol ssh any
205 match protocol snmp any
206 match protocol icmp any
class-map match-any fwlb
2 match virtual-address 0.0.0.0 0.0.0.0 any
policy-map type management first-match Remote-Management-Policy
class Remote-Access
permit
policy-map type loadbalance first-match FWLB-No-LB
class class-default
serverfarm Firewalls-NO-LB
policy-map type loadbalance first-match FWLB-No-LB1
class class-default
serverfarm Firewalls-NO-LB1
policy-map type loadbalance first-match FWLB-l7slb
class class-default
serverfarm Firewalls
policy-map multi-match Firewall-No-LB
class FW-Real
loadbalance vip inservice
loadbalance policy FWLB-No-LB
policy-map multi-match Firewall-No-LB1
class FW-Real2
loadbalance vip inservice
loadbalance policy FWLB-No-LB1
policy-map multi-match int70
class fwlb
loadbalance vip inservice
loadbalance policy FWLB-l7slb
interface vlan 70
description "Client side"
ip address 10.11.70.2 255.255.255.0
no icmp-guard
access-group input ALL
access-group output ALL
service-policy input Remote-Management-Policy
service-policy input Firewall-No-LB --> connect to the real IP address of the firewall for management
service-policy input Firewall-No-LB1 --> connect to the real IP address of the firewall for management
service-policy input int70
no shutdown
interface vlan 71
description "Firewall side"
ip address 10.11.71.2 255.255.255.0
mac-sticky enable
no icmp-guard
access-group input ALL
access-group output ALL
service-policy input Remote-Management-Policy
no shutdownHello,
as i know, there is no others ways.
You can only reduce your configuration by puting all your class undert the same policy-map:
policy-map multi-match int70
class FW-Real
loadbalance vip inservice
loadbalance policy FWLB-No-LB
class FW-Real2
loadbalance vip inservice
loadbalance policy FWLB-No-LB1
class fwlb
loadbalance vip inservice
loadbalance policy FWLB-l7slb
interface vlan 70
description "Client side"
ip address 10.11.70.2 255.255.255.0
no icmp-guard
access-group input ALL
access-group output ALL
service-policy input Remote-Management-Policy
service-policy input int70
no shutdown -
Load-balancing issues with iPlanet and multiple clusters
We're in performance test of a large-scale clustered deployment based on WLS 5.1sp10.
Due to scalability/functionality issues, some of which we've seen firsthand and
some of which we've been informed of by associates as well as BEA representatives,
we've chosen to implement multiple clusters with a maximum of three nodes each.
These clusters will be fronted by a web server tier consisting of iPlanet servers
using the proxy plugin.
Due to hardware constraints (both in test and in production), however, we've configured
the iPlanet servers to route across the multiple clusters. In our test environment,
for instance, we've got a single iPlanet server routing across two 3-node clusters,
and the configuration in obj.conf is as follows:
<Object name="application" ppath="*/application">
Service fn="wl-proxy" \
WebLogicCluster="clusterA_1:9990,clusterB_1:9991,clusterA_2:9990,clusterB_2:9991,clusterA_3:9990,
clusterB_3:9991" \
CookieName="ApplicationSession"
</Object>
Our issue is that the load-balancing doesn't appear to work across the clusters.
We're seeing one cluster get about 90% of the load, while the other receives
only 10%.
So, the question (finally!) is: Is this configuration correct (i.e., will it
work according to the logic of the proxy plugin), and is it appropriate for this
situation? Are there other alternative approaches that anyone can recommend?
Thanks in advance,
cramerI use weblogic6.1 with sp2+windows 2000.I develop a web application and deploy
it to cluster.Through HttpClusterServlets proxy of weblogic I found that a server
in cluster almost get 95% of requests but another only get 5% of requests.Why???
I don't set any special parameter.And the weight of the two clustered server is
equal.I use round-robin arithmetic.
Thanks!
"cramer" <[email protected]> wrote:
>
We're in performance test of a large-scale clustered deployment based
on WLS 5.1sp10.
Due to scalability/functionality issues, some of which we've seen firsthand
and
some of which we've been informed of by associates as well as BEA representatives,
we've chosen to implement multiple clusters with a maximum of three nodes
each.
These clusters will be fronted by a web server tier consisting of iPlanet
servers
using the proxy plugin.
Due to hardware constraints (both in test and in production), however,
we've configured
the iPlanet servers to route across the multiple clusters. In our test
environment,
for instance, we've got a single iPlanet server routing across two 3-node
clusters,
and the configuration in obj.conf is as follows:
<Object name="application" ppath="*/application">
Service fn="wl-proxy" \
WebLogicCluster="clusterA_1:9990,clusterB_1:9991,clusterA_2:9990,clusterB_2:9991,clusterA_3:9990,
clusterB_3:9991" \
CookieName="ApplicationSession"
</Object>
Our issue is that the load-balancing doesn't appear to work across the
clusters.
We're seeing one cluster get about 90% of the load, while the other
receives
only 10%.
So, the question (finally!) is: Is this configuration correct (i.e.,
will it
work according to the logic of the proxy plugin), and is it appropriate
for this
situation? Are there other alternative approaches that anyone can recommend?
Thanks in advance,
cramer -
Could not retrieve Enterprise Global Template - Load balancer issue
Hi,
We have 4 Project Server 2010 servers. The 4 web servers are load balanced by networking team with sticky session configured.
When we try to connect to the Project Server using MPP 2007 SP2, it fails saying 'Could not retrieve Enterprise Global template'. It works perfect when we point to a specific server by specifying the IP address for server name in the 'hosts'
file.
Earlier we observed some errors in the event viewer related to the SharePoint's internal load balancer for which restarted the 'Project Server Application' on each web server and it got fixed.
Now, the only entries that we see related to load balancer are as mentioned below as Information (not errors).
SharePoint Web Services Round Robin Service Load Balancer Event: Initialization
Process Name: w3wp
Process ID: 15080
AppDomain Name: /LM/W3SVC/539065287/ROOT-1-130462463500778047
AppDomain ID: 2
Service Application Uri: urn:schemas-microsoft-com:sharepoint:service:ae7c7ee5c09b4e8198bdbb1ecb8c1c1b#authority=urn:uuid:9f626d347784423eb14bde4a1f4d13fc&authority=https://lonms12546:32844/Topology/topology.svc
Active Endpoints: 4
Failed Endpoints:0
Endpoint List:
http://lonxxx2532:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
http://lonxxx2545:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
http://lonxxx2546:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
http://lonxxx2566:32843/ae7c7ee5c09b4e8198bdbb1ecb8c1c1b/PSI
Could the issue be due to network load balancer?
Could the issue be due to Sticky session configuration on the load balancer.?
How can we get to the root cause of the issue?
Which logging category should we set to 'Verbose' that can give us some hint.
Update: We tried to capture the requests through fiddler and observed that when fiddler is running on the client computer then the connection works perfectly fine even through the load balancer. Probably fiddler is reformatting the SOAP
envelop of the web service requests the way it should before sending the request to the server.
If we do not run fiddler and run some other similar tool (like Charles) then it again gives the issue and the request stucks at /PWA/_vti_bin/psi/winproj.asmx
We ran Wireshark on the servers and found the following for that web service call:
[TCP Previous segment not captured] Continuation or non-HTTP traffic.
Please let me know if someone could provide any hint what can be done next.
Regards, Amit GuptaThere are several ways to configure your load balancer. I would suggest that you work with the network engineer, the load balancer vendor and your project administrator to resolve this issue.
Basically you need URL to be resolved correctly. Also, I don't believe PS2007 did a good job handling load balancing, so you may need to bring someone in good with IIS and see they can tweek IIS to manage the cache better.
As I go back and look at your analysis, I think you should probably look at upgrading to Project Server 2013. They made some improvement in load balancing and the management of distributive cache.
I assume you have 4 WFE because you have thousands of project users. Roughly how many you have? Over 1000, over 5000
Have you tried to see if using two load balancing work? How about just one front end. I often see companies scaling SharePoint and Project server to extremes.
Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
Website http://www.WhartonComputer.com
Blog http://MyProjectExpert.com contains my field notes and SQL queries -
Hi,
I'm facing a problem with CSS while load balaning for the web application with two servers.
The application is based on activex..
Basically I have two servers running web application for which I have created VIP in the CSS, user hits the VIP address and they access the application, also we use the sticky thing as the application requires the session persistence.. everything is fine, but the problem starts when one of the server fails...
Assume a user hits the VIP address and access the application, due to the sticky thing his session will be with server A (for eg.), now suddenly the server A fails and in that time the user was doing a transcation and inputting some data and after that he press the submit button on the page, as the server A is down the web page gets refreshed and he has to relogin to the application and redo the whole thing what he was doing in that particular transcation...
Now the application guys are telling this problem should not happen as the CSS should be able to take care of the session getting reestablished to the other server B during the server A failure...
Can someone through some lights on this... I'm bit confused now... as what I understand is that the webpage gets refreshed during a server failure because the tcp session id will get changed and the server B will not accept the same tcp session so it reinitiates the new session...
Is my understanding right?? or is there something which we can do on the CSS to avoid this problem...
Regards
Vijay.Hi Gilles,
Thanks for the clarification.
I have two more issues too...
1. The load balancing of the application between the two servers are not even. Actually the traffic from the users keep hitting only one server, I understand the point of sticky method used in our case, but even atleast the connection from another client machine should go to the other server,but it is not the case... traffic from all the clients goes to only one server..
what could be the possible reason for the same...
My config is as below...
service SERVER-1
port 80
protocol tcp
keepalive port 80
keepalive type tcp
redundant-index 4
ip address 10.6.223.87
active
service SERVER-2
port 80
protocol tcp
keepalive port 80
keepalive type tcp
ip address 10.6.223.77
redundant-index 5
active
owner WEB
content WEB
add service SERVER-1
add service SERVER-2
redundant-index 104
vip address 10.6.223.78
protocol tcp
port 80
url "/webretrieve*"
advanced-balance sticky-srcip
active
2. Slow response of the application when users access application through VIP address(CSS), what can be done further in the configuration to improve the performance?? or any thing else I can do...
Regards -
Hello,
We are having a difficult time getting our app to work correctly on our load balanced system. Any help / suggestions would be greatly appreciated.
We have a very basic load balancer which is in round robin mode (this cannot be changed), two separate vms, each with an instance of apache(2.0.54) and tomcat(6.0.14). Each apache talks only to the tomcat on the same vm and the tomcats are configured to session replicate with each other (which is happening).
When I log in to the app and start pressing a few buttons there are no problems for a little while. I then leave the screen idle for 1 minute and resume pressing buttons. The main session bean which holds information about where the user is and other key information, gets its constructor called and is set back to default and the page goes back to the main menu. Immediately before the bean is reset, the logs show the following:
[MyApp] 17 Jun 2009 15:33:27,514 WARN: [ajp-8009-2 LoggerListener.onApplicationEvent(60)] : Authentication event AuthenticationSuccessEvent: v; details: (etc etc removed…)This is what the two logs look like:
VM1 - Authentication event
VM2 - Main menu
VM2 - Presss a button – progress a screen
VM2 - Presss a button – progress a screen
VM2 - Presss a button – progress a screen
VM2 - Presss a button – progress a screen
[wait 1 min]
VM1 - Authentication event
VM1 - Bean reset
Processing continues, but screen is redirected to main menu
We have the distributable tag in the web.xml file and javax.faces.STATE_SAVING_METHOD is set to client. Its set to client as the app will not work at all with it set to server (keeps asking for the user to re-log in).
Thank you,
VictoriaLooks like a Tomcat issue to me. JSF is not going to timeout in 1 minute. You might want to check your Tomcat replication settings. Note try to do a very simple loadbalancing application that just echos the Tomcat is executing on.
-
Load Balancing Issues SOMEBODY HELP ME!!
Good Morning.
A few days ago we implemented Load Balancing in our company, I printed a step by step procedure from MS and just follow it thinking that once I did that everything was going to be ok, but I am some issues that I managed to fix, but now I am stock in one
that I just can't figure it out, here I go.
When regular users try to connect to the Farm using the external IP they can't connect, we checked firewall seems to be ok, we check the configuration we did and we didn't miss any step, NOW here is the crazy part, when we use our Admin ID we can connect,
so I thought maybe is an Active Directory thing, but I don't know where to look or what to do so my questions are,
Can this be a licensing issue?
Do I have to have my TSBroker as part of my group of PC in the firewall?
Can it be a certificate issue? (not too sure because I can connect as an admin)
Can it be permissions to log in to the servers?
My co-worked is telling me now that if TS Broker sent them to TS1 they can connect but if TSBroker send them to the other two members of the farms they can't connect, TS1 is the original TS before this whole Load Balancing thing.
we tried so many solutions that we can find online and come up with and nothing seems to be working, so what do I do? What did I do wrong when I configure the Load balancing? is there any step beside what MS told me that I am missing...
PLEASE HELP!!
Thank you..Hi Rodrigo,
Thank you for posting in Windows Server Forum.
What’s your server OS in your environment?
Firstly see that, if you have not set up RD Licensing server and don’t have RDS CAL then your administrator can only get access for RDP connection (only 2 connection for Admin purpose). Now if you want more than 2 connection you need to setup RD Licensing server,
activate it, purchase RDS CAL and install it. After installing, you need to see that your user have enough permission to access RDS server and your user must be added under “Remote Desktop User” local group under RDS Server.
As you have commented that your admin can able to connect so I think you must have the issue with user permission, please go through above points and check the result.
Please check below article for more details.
1. TS Session Broker Load Balancing Step-by-Step Guide (Server 2008)
2. Checklist: Create a Load-Balanced RD Session Host Server Farm by Using RD Connection Broker (Server 2008 R2)
Hope it helps!
Thanks.
Dharmesh Solanki -
Could someone help me with load balancing, current stats:
I have a limited understanding, but from what I can make out, we have a significant number of clients being denied association and load balancing to different AP's but then the candidate count suggests a significant number of clients that failed to load balance, presumably because there wasnt an AP available in range that wasn't busy?
Uptime is 27 days, client count can reach around 220 at busy times, 63 AP's in the building 1142's, 5508 controller. I am wondering if increasing the window size would offer a more robust solution, or will this just degrade user experience further?
I am having a number of issues with failed client association now, and devices just not being able to operate wirelessly at all
Client count reaching 25 on some AP'sI guess per radio per AP client count is more in your case, clients more than the threshold are being shown busy status ( code 17 ) by AP. Therefore, clients are unable to associate to that AP. When the number of retries are over , they are denied. I guess there are network holes as well ( no coverage b/w the cells of differenet APs ). You can increase the window count , however, it depends on the AP model finally ( max. no. of clients associated ).
Maybe you are looking for
-
Sharing itunes between accounts.
Hi there, first time discussions user here. I have my iphone synced with itunes no problem, I now wish to sync my wife's iphone, so have set up her own account on our mac,up until now she's just used mine, so that she can have all her own settings, m
-
How can I get what is on my MacBookPro's screen to a TV using BoxeeBox?
I want to be able to display what is on my MBP's screen to my TV using the BoxeeBox that I have had for a few years. I have "Streaming from iOS devices" turned on, but when I go to the AirPlay option on my MBP, it doesn't say there are any compatible
-
Really need your help guys! Blue screen after powering Imac alu, SL 10.6.8 Failed methods so far: -repair disk permissions via external system or install DVD, no luck -->message "Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAge
-
Image Date error on importing TIFF images from Disk
I have thousands of high quality (~100 Mb each) images in 20 folders on a 1 Tb hard drive. I have been using Bridge to manage the images, adding some metadata such as keywords and copyright data. I am considering importing all these images into Apert
-
Hi, while doing delivery system showing error that Item category TAN is not defined, so item 000010 will be disregarded So please give me the solution for this. Thanks, Rashmi.