ACE 4710 blocking FTP WLSD directory listing
Hello
I have a ACE 4710 setup in a test environment(and context) with 2 filezilla FTP servers on the back end and a Win7 laptop on the front end with a FTP client(s). The ACE is setup to load balance by source(the requirement for our project).
When the laptop tries to FTP to the Filezilla FTP servers it connects, enters passive mode, and sends a WLSD command to get a directory listing, but never gets it. If the Win7 laptop is put on the same vlan as the Filezilla FTP servers, behind the ACE, everything works fine.
As far as I can tell the ACE configs doesn’t have any sort of deny acl acting on this traffic. *attached* The FTP client always connects, its just the directory listing that doesn't seem to work.. and we need it to work for the app this is targeting.
Any help is greatly appreciated.
e-
Yeah me too!
So after much packet capturing and hair pulling and general dismay, we(me, another admin, and a local var ccie) think this is a app layer issue. We added the inspect command but it wouldnt take without a nat pool in place, so we added that.
We found a packet in the FTP client that tells the server the real IP of client to the server. This is the only oddity that we can locate. Of course I admit we arent using a ACE in the normal way an ACE would be used, we LB by source not destination.
I put telnet servers on my targets and they also communicate directly to the clients IP, but they layer 2 back to the ace first, whereas the FTP server doesnt. We are still working on it to try and find a way to make FTP happy.
e-
Similar Messages
-
FTP Get File List Action Block, It's double listing files! ver 11.5
Hi guys.. I have a good one! I have an FTP Get File List action block in my BLS transaction. Occasionally, it double lists the files in its output. For testing I put a repeater with a logevent output where I log the filename, date, and size. Heres what I saw for my action block output.
2009-02-13 00:38:00,963 [UserEvent] : File Name: DMM_Export_0010056.txt, File Date 2009-02-13T00:36:00, File Size 339
2009-02-13 00:38:00,963 [UserEvent] : File Name: DMM_Export_0010056.txt, File Date 2009-02-13T00:36:00, File Size 339
This is xMII version 11.5.6 b73 with java 1.4.2_07
I have a workaround by putting in a distinct action block, after the filelist, but anybody have an idea why this might happen? My theory is that something might be occuring if the file is being written to while we try to process it, but not sure.
I've been building BLS parsers since 2003, (Remember those fun times with Jeremy?) I've never seen this happen.My example is a sample log file before the distinct action. The general log shows nothing other than the subsequent transaction errors I get as a result of running the same error twice (Tcode return from BAPI calls etc)
Here is something else interesting.. my userlog file is acting funny, like its trying to write on top of itself. could it be the transaction is actually running twice or parts of it?
For example look at the following log entries
This is how my log file entry for a production confirmation should look
2009-02-13 00:38:06,854 [LHScheduler-Int10_NestingWOProdConf] INFO UserLog - [UserEvent] :
However sometimes... its looking like this...
2009-02-13 2009-02-13 00:38:11,854 [LHScheduler-Int10_NestingWOProdConf] INFO UserLog - [UserEvent] :
Like it started writing to the log, then started again.
The problem we are having is that we have JCO calls to SAP in this transaction that does goods movement, we get locking / block errors back from our saying that we (our sap account) is already updating the information. Sometimes the information would be posted twice! You can see how this has become a HUGE issue posting data to a LIVE system twice.
This is happening on 2 xMII servers. -
Anonymous ftp does not list directory - Solaris 9
I've got 2 Solaris 9 systems set up for anonymous ftp access. One will show a directory listing, the other won't. AFAIK, I set them up the same, and the ftpd binaries have the same checksum. Anyone know how to permit the directory listing?
By directory listing, I mean either the '"dir" command in a command-line session or via a browser (e.g., ftp://ftpserver.whatever.domain)
Baffling behavior, and I can't find anything in Sun's docs to explain.
Thanks.This is exactly the same question which you posted in this thread:
ldd on my library (sample.so) fails to resolve SUNW_1.9.1 version of libnsl
Please don't post the same question twice -
FTP Server "Failed to retrieve directory listing"
I am setting up a new FTP site on Server 2012. I can access the site locally but when accessing using filezilla externally I get the error:
Status: Connecting to 203.109.232.97:21...
Status: Connection established, waiting for welcome message...
Response: 220 Microsoft FTP Service
Command: USER ftptest
Response: 331 Password required
Command: PASS **********
Response: 230-Directory has 857,133,400,064 bytes of disk space available.
Response: 230 User logged in.
Command: OPTS UTF8 ON
Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I.
Command: PASV
Response: 227 Entering Passive Mode (203,109,232,97,233,180).
Command: LIST
Response: 150 Opening BINARY mode data connection.
Error: Connection timed out
Error: Failed to retrieve directory listing
Have opened ports on firewall but still not working. Not sure what to try nextCheck : http://social.technet.microsoft.com/Forums/windowsserver/en-US/706e5104-325c-4c43-8c06-a20704569bf4/ftp-server-failed-to-retrieve-directory-listing?forum=winservergen
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread. -
Hi,
I need to configure ACE for load-balancing FTPS. And simply deploying L4 policies are not helping either. Configured the FTPS servers and both of them are working fine when accessed via physical IP, but do not work when accessed via the VIP.
if it is possible, a reference URL would really be a great help.Hi Rajiv,
Do you want to loadbalance SFTP ?
Or just have it pass through ??
Loadbalancing SFTP is difficult because it starts as regular FTP and switches over to SSL which ACE can't do and fails to understand.
you don't need anything to have it passthrough.
As long as you don't ask ACE to inspect the traffic, and assuming this traffic is permitted in your access-group, then there is nothing to do to have it go through.
I think your goal is to distribute inbound file deposits evenly across SFTP servers.
High-level Overview
Clients -> Internet -> Tier-1 Firewall -> ACE Load-balancer -> SFTP Servers
I would like to tell you that SFTP is nothing but SSH. It uses a single connection. There are no issues loadbalancing it using traditional Layer 4 load balancing.
So you are good.
On the other hand FTP over SSL (FTPS) can neither offloaded nor loadbalanced using ACE.
FTPS uses multiple channels and Since the control channel is encrypted, ACe is not able to get the port numbers for the data connections.
Kindly find these examples for FTP load balance method in cisco ACE:
1. FTP serverfarm on Cisco ACE
http://snippets101.blogspot.com/2007/06/ftp-serverfarm-on-cisco-ace.html
2. FTP Load Balancing on ACE in Routed Mode Configuration Example
http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_Routed_Mode_Configuration_Example
3. FTP Load Balancing on ACE in One-Arm Mode Configuration Example
http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_One-Arm_Mode_Configuration_Example
Kindly refer the folowing URL for Layer4 policies:
http://cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3048.shtml
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html
http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_Layer_4_Load_Balancing
http://snippets101.blogspot.com/2008/08/cisco-ace-and-private-vlans-in-switch.html
http://snippets101.blogspot.com/2008/08/asymmetric-server-normalization-on.html
http://docwiki.cisco.com/wiki/Cisco_ACE_4700_Series_Appliance_Quick_Start_Guide,_Release_A3(1.0)_--_Configuring_Server_Load_Balancing
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/security/guide/tcpipnrm.html#wpmkr1116809
Hope it will help you furhter in configuring the ACE load balancing L4 policies.
Kindly rate
Sachin Garg -
I am using an ACE 4710 and am converting incoming WSS username tokens to SAML Tokens - authenicating against Tivoli directory.
The receiving web service is attempting to validate the SAML token but fails on digest verification. i.e. calculates the digest value over the SAML token and compares to the digest in the Xml Signature block.
Is anybody else using SAML tokens?
Has anyone else seen a similar problem?By adding SAML assertions to outgoing requests, the ACE XML Gateway can act as an asserting party for systems that rely on SAML credentials. The SAML assertions generated by the ACE XML Gateway can be in the form of a SAML 1.0, SAML 1.1, or SAML 2.0 credential.
The following url may help you;
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_xml_gateway/v52/user/guide/axg_ug_backendauth.html#wp1049962 -
Hi,
We got new ACE 4710 device and i am trying to configure that in Bridging mode.
I am trying to loadbalance between two servers which is connected as shown below:
Servers -> Switch -> Router (with subinterface).
Servers IP: 172.16.11.1 and 172.16.11.2
Router IP: 172.16.11.254
Default route is router IP address for servers.
I am new to ACE and I am confused about how to assign interface on ACE so that ACE can bridge the traffic between router and servers VLAN.
We have some more servers which are on different VLAN but can connect to these servers as router is doing inter-vlan routing too.
I want inter-vlan routing and load balancing between above two servers concurrently. Pls. help in this regard.
Also attaching the ACE config file.Here is the config, hope this will help.
Admin Context
=============
resource-class ngmp_rc1
limit-resource all minimum 0.00 maximum unlimited
limit-resource sticky minimum 0.20 maximum unlimited
interface gigabitEthernet 1/1
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
switchport trunk allowed vlan 10,13
no shutdown
interface gigabitEthernet 1/3
no shutdown
interface gigabitEthernet 1/4
shutdown
access-list ALL line 8 extended permit ip any any
access-list everyone line 8 extended permit ip any any
access-list everyone line 16 extended permit icmp any any
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
interface vlan 1000
ip address 192.168.16.16 255.255.255.0
access-group input ALL
service-policy input remote_mgmt_allow_policy
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.16.254
context apps
allocate-interface vlan 10
allocate-interface vlan 13
member apps_rc1
APPS Context
============
rserver host srv1
ip address 192.168.10.1
inservice
rserver host srv2
ip address 192.168.10.2
inservice
rserver host srv3
ip address 192.168.10.3
inservice
serverfarm host apps_srv
rserver srv1
inservice
rserver srv2
inservice
rserver srv3
inservice
class-map match-all ftp-vip
2 match virtual-address 172.16.10.10 tcp eq ftp
class-map match-all http-vip
2 match virtual-address 172.16.10.11 tcp eq 8080
class-map type management match-any remote-mgmt
201 match protocol snmp any
202 match protocol ssh any
203 match protocol icmp any
204 match protocol http any
205 match protocol https any
206 match protocol xml-https any
policy-map type management first-match remote-mgmt
class remote-mgmt
permit
policy-map type loadbalance first-match slb
class class-default
serverfarm apps_srv
policy-map multi-match client-vips
class ftp-vip
loadbalance vip inservice
loadbalance policy slb
loadbalance vip icmp-reply
inspect ftp
class http-vip
loadbalance vip inservice
loadbalance policy slb
loadbalance vip icmp-reply
interface vlan 10
bridge-group 1
access-group input bpdu-fixup
access-group input ALL
access-group output ALL
no shutdown
interface vlan 13
bridge-group 1
access-group input bpdu-fixup
access-group input ALL
access-group output ALL
service-policy input remote-mgmt
service-policy input client-vips
no shutdown
interface bvi 1
ip address 192.168.10.9 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.10.254
Thanks,
Pawan -
reposted from another forum:
Am using an ACE 4710 and am converting incoming WSS username tokens to SAML Tokens - authenicating against Tivoli directory.
The receiving web service is attempting to validate the SAML token but fails on digest verification. i.e. calculates the digest value over the SAML token and fails when comparing to the digest in the Xml Signature block.
Is anybody else using SAML tokens?
Has anyone else seen a similar problem?You are right we are using transport encryption (SSL) to protect the WSS Password.
We then use LDAP to authenticate the username/password and create a SAML token using attributes from LDAP. The ACE Xml Gateway creates this SAML token, signs it and inserts into the SOAP header that is forwarded to our service.
At our service we are trying to verify the signed SAML token. The error we are seeing is the Xml signature digest created by the ACE XML Gateway is wrong.
With XML signature some Xml referenced by an ID is canonicalised, hashed (digest created) and then this digest is encrypted using the private key of some certificate.
On receipt we repeat the process, canonicalise and hash the Xml referenced and compare our computed digest to the one created by the ACE device. This is where we get the error. We are using the standard canonicalisation and hashing algorithms (c14n and SHA1 respectively). Our code can successfully verify SAML tokens from other sources. -
ACE 4710: Possible to allow a user to clear counters but nothing else?
Hello all,
Using an ACE 4710 we have a user setup with the Network-Monitor role which allows the user to view config, interface status, etc. We would also like to allow this user to clear the interface error counters as well, but nothing else. Is this possible?
Thanks!Hello Brandon-
Network-Monitor only lets you browse outputs, it is a not a role that allows a user to make any changes including clearing stats. You can create custom roles and domains to get closer to what you want, but you cannot zero in on a single command like that.
i.e.
ACE# conif t
ACE(config)# role MyRole
ACE(config-role)# rule 1 permit modify feature ?
AAA AAA related commands
access-list ACL related commands
connection TCP/UDP related commands
fault-tolerant Fault tolerance related commands
inspect Appln inspection related commands
interface Interface related commands
loadbalance Loadbalancing policy and class commands
pki PKI related commands
probe Health probe related commands
rserver Real server related commands
serverfarm Serverfarm related commands
ssl SSL related commands
sticky Sticky related commands
vip Virtual server related commands
You can create a permit or deny rule, within that, create/debug/modify/monitor each feature seperately.
Domains allow you to create containers for objects. You can place specific rservers, serverfarms, etc. into it - then apply it to a role so that the user assigned to it can only touch those objects.
Regards,
Chris Higgins -
Remote System Directory Listing/Navigation in JTree
Hi
I want my Remote System(Linux) directory listing to be available in a JTree. I need some help on implementing the same. Also How do i constantly get the directory structure of the remote system.
Thanks in Advancehttp://java.sun.com/docs/books/tutorial/uiswing/components/tree.html
http://en.wikipedia.org/wiki/Model-view-controller
How you get the data depends on how you access the server. Maybe FTP. -
ACE 4710 in bridge mode not working
I am trying to configure ACE 4710 bridge mode and I am stuck up in physical interface configuration. I have configured gig1/2 of ACE as trunk port and on layer 2 switch I have assigned that interface (gig1/2) to VLAN 11. I tried trunk port also but it got disabled due to BPDU error.
I am not able to ping servers as well as gateway. Below are the topology and context configuration:
Router (vlan 13: IP 172.16.11.254)
|
ACE (int gig1/2)
|
L2 Switch
|
Servers (vlan 11: IP 172.16.11.1 and 11.2)
Admin Context
===========
resource-class rc1
limit-resource all minimum 0.00 maximum unlimited
limit-resource sticky minimum 0.20 maximum unlimited
boot system image:c4710ace-mz.A3_2_4.bin
interface gigabitEthernet 1/1
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
switchport trunk allowed vlan 11,13
no shutdown
interface gigabitEthernet 1/3
shutdown
interface gigabitEthernet 1/4
shutdown
access-list ALL line 8 extended permit ip any any
access-list everyone line 8 extended permit ip any any
access-list everyone line 16 extended permit icmp any any
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
interface vlan 1000
ip address 172.16.16.16 255.255.255.0
access-group input ALL
service-policy input remote_mgmt_allow_policy
no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.16.254
context test
allocate-interface vlan 11
allocate-interface vlan 13
member rc1
test Context
=========
access-list bpdu-fixup ethertype permit bpdu
access-list ALL line 8 extended permit ip any any
access-list ALL line 16 extended permit icmp any any
rserver host srv1
ip address 172.16.11.1
inservice
rserver host srv2
ip address 172.16.11.2
inservice
serverfarm host srv
rserver srv1
inservice
rserver srv2
inservice
sticky ip-netmask 255.255.255.255 address both SG1
timeout 120
serverfarm srv
class-map type management match-any remote-mgmt
201 match protocol snmp any
202 match protocol ssh any
203 match protocol icmp any
204 match protocol http any
205 match protocol https any
206 match protocol xml-https any
class-map match-all slb-vip
2 match virtual-address 172.16.11.10 any
policy-map type management first-match remote-mgmt
class remote-mgmt
permit
policy-map type loadbalance first-match slb
class class-default
sticky-serverfarm SG1
policy-map multi-match client-vips
class slb-vip
loadbalance vip inservice
loadbalance policy slb
loadbalance vip icmp-reply
interface vlan 11
bridge-group 1
access-group input bpdu-fixup
access-group input ALL
access-group output ALL
no shutdown
interface vlan 13
bridge-group 1
access-group input bpdu-fixup
access-group input ALL
access-group output ALL
service-policy input remote-mgmt
service-policy input client-vips
no shutdown
interface bvi 1
ip address 172.16.11.9 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.11.254
Could you pls. suggest where I am doing wrong?
Thanks,
Pawan" I tried trunk port also but it got disabled" <----- if your L2 config is not correct, nothing will work.
What is the setup on the switch ? Trunk or access vlan ?
What is the status of the interface ? up ? down ?
Do you see something in your arp table ?
Gilles. -
Question:
Trying to create a page that displays a directory list of a folder content.
Don't want to use the literature module...
Would like to create a folder where I easily can upload files (ftp) and create a menu link that displays the folder content as a list using my master template and css ...
The files in the list should be available for download.
Any suggestions on how to achieve this?
Answer:
This is not possible on BC. You can display a folder view and links to all the content in it. You'll have to upload your items and create a page with links to those items.That's a server message. Means what it says.
-
Directory listing of a Multi volume encrypted tapes on OpenVMS 8.3
I have a full data backup for an openvms 8.3 server integrity server on two tapes that are encrypted. If I mount the first volume and try to do a directory listing the process goes on indefinately; without giving any output and eventually I have to kill the process. e.g. DEV_DAISY> sh dev mk Device Device Error Volume Free Trans MntName Status Count Label Space Count CntPLUTO$MKC200: Online 0 DEV_DAISY> mount PLUTO$MKC200: dat801%MOUNT-I-MOUNTED, DAT801 mounted on _PLUTO$MKC200: DEV_DAISY> dir PLUTO$MKC200:[000000] The process goes on indefinately at this point of time. However If I mount the second volume and do a directory listing, It executes and gives me the required output as : Directory PLUTO$MKC200:[]DAT801.BCK;1 294976 31-MAR-2015 00:00:00.00Total of 1 file, 294976 blocks. I want to ask is it possible to do a directory listing on first volume. If not is it possible to read tape header information (i.e saveset name and date on which backup was taken) from the first volume without specifying the encryption key.
I have a full data backup for an openvms 8.3 server integrity server on two tapes that are encrypted. If I mount the first volume and try to do a directory listing the process goes on indefinately; without giving any output and eventually I have to kill the process. e.g. DEV_DAISY> sh dev mk Device Device Error Volume Free Trans MntName Status Count Label Space Count CntPLUTO$MKC200: Online 0 DEV_DAISY> mount PLUTO$MKC200: dat801%MOUNT-I-MOUNTED, DAT801 mounted on _PLUTO$MKC200: DEV_DAISY> dir PLUTO$MKC200:[000000] The process goes on indefinately at this point of time. However If I mount the second volume and do a directory listing, It executes and gives me the required output as : Directory PLUTO$MKC200:[]DAT801.BCK;1 294976 31-MAR-2015 00:00:00.00Total of 1 file, 294976 blocks. I want to ask is it possible to do a directory listing on first volume. If not is it possible to read tape header information (i.e saveset name and date on which backup was taken) from the first volume without specifying the encryption key.
-
ACE 4710 Connectivity help?
I'm using an ACE 4710 in a new datacenter, with the following setup:
2/4 physical ethernet interfaces port channeled into port-channel 1
2/4 physical ethernet interfaces port channeled into port-channel 2
I have the following vlans defined:
1001 - admin - interface ip: 10.53.136.70
400 - client side - interface ip: 10.53.136.100
500 - server side - interface ip: 192.168.128.1
999 - fault tolerance - interface ip: 192.168.11.2
My problem is I am trying to nat ssh and web server traffic from the client side, to the server side, but it's never getting to the server. For example, if I ssh to 10.53.136.102, it times out. (10.53.136.102 should get nat'd to 192.168.128.2)
Also, I can connect to the ACE 4710 via telnet using 10.53.136.70, but cannot connect to 10.53.136.100.
I'm thinking there is either something wrong with the port-channels, or the access lists. On the other hand there could be something wrong with the nat'ing, but I had it working before switching over to the port-channels.
Any thoughts?
Thanks,
BrentI've attached the two contexts which we are using. The admin context is new_lb_config.txt and the second context where the loadbalancing occurs is in the new_lb_config_VC_WBPX.txt file.
From the load balancer, I am able to ping the real server ips in the 192.168. ip range. The 4710 recognizes that they are in service.
I believe the ACL for the VLAN 400 is set to permit all traffic, but I don't know if the service policies are preventing something from happening.
Right now, I have disconnected the two 4710s and I am only working on one of them to see if I can get the basic connectivity going. Once I accomplish that, I will work on high availability. I'll have to check whether it thinks it is in passive mode...not entirely sure how to do that, but I will check it out.
Thanks,
Brent -
ACE 4710 - Internet Explorer cannot display the webpage randomly
We have a ACE 4710 with a basic config, (see below).
When clicking on a tab from a window within Interent explorer we occasionally get an issue with it returning: "Internet Explorer cannot display the webpage" The details show "Access is denied" accessing a particular line of a javascript file.
We have put one web server out of service in the farm to make sure that this isn't a result of stickyness not quite working.
We have tested extensively by going directly to the web server directly without the load balancer and cannot reproduce the problem but we can produce the issue within a few minutes when going to the load balanced address.
Thanks in advance for any advice.
HOST-1/Admin# show run
Generating configuration....
logging enable
logging fastpath
logging standby
logging timestamp
logging trap 6
logging history 6
resource-class SLB_ResourceClass_T_R
limit-resource all minimum 10.00 maximum unlimited
resource-class sticky
limit-resource all minimum 10.00 maximum unlimited
boot system image:c4710ace-t1k9-mz.A5_1_2.bin
peer hostname HOST-2
hostname HOST-1
interface gigabitEthernet 1/1
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
shutdown
interface gigabitEthernet 1/3
description LB003
switchport access vlan 1
shutdown
interface gigabitEthernet 1/4
description LB004
switchport access vlan 2
shutdown
interface port-channel 1
port-channel load-balance src-dst-port
no shutdown
clock timezone standard GMT
switch-mode
context Admin
description SUTLB01
member SLB_ResourceClass_T_R
access-list ALL line 8 extended permit ip any any
access-list ALL line 16 extended permit icmp any any
access-list everyone line 8 extended permit ip any any
access-list everyone line 16 extended permit icmp any any
probe tcp probe_tcp_80
port 80
rserver host Server_S_W301
description Server_S_W301
ip address x.x.32.152
inservice
rserver host Server_S_W302
description Server_S_W302
ip address x.x.32.154
inservice
serverfarm host sfarm_T_R
description sfarm_T_R
predictor leastconns
probe probe_tcp_80
rserver Server_S_W301 80
rserver Server_S_W302 80
inservice
sticky http-cookie Cookie1 T_R_sticky_cookie
cookie insert browser-expire
timeout 3600
serverfarm sfarm_T_R
class-map match-any T_R_L4Class
2 match virtual-address x.x.33.150 tcp eq www
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match T_R_L7policy
class class-default
sticky-serverfarm T_R_sticky_cookie
policy-map multi-match T_R_L4Policy
class T_R_L4Class
loadbalance vip inservice
loadbalance policy T_R_L7policy
loadbalance vip icmp-reply active
nat dynamic 2 vlan 1000
interface vlan 1000
ip address x.x.33.148 255.255.254.0
access-group input ALL
nat-pool 2 x.x.33.151 x.x.33.151 netmask 255.255.254.0 pat
service-policy input remote_mgmt_allow_policy
service-policy input T_R_L4Policy
no shutdown
ip route 0.0.0.0 0.0.0.0 x.x.32.1
ssh key rsa 1024 force+------------------------------------------+
+-------------- HTTP statistics -----------+
+------------------------------------------+
LB parse result msgs sent : 421347 , TCP data msgs sent : 2099597
Inspect parse result msgs : 0 , SSL data msgs sent : 0
sent
TCP fin msgs sent : 6169 , TCP rst msgs sent: : 769
Bounced fin msgs sent : 5 , Bounced rst msgs sent: : 1
SSL fin msgs sent : 0 , SSL rst msgs sent: : 0
Drain msgs sent : 337811 , Particles read : 5040829
Reuse msgs sent : 0 , HTTP requests : 342499
Reproxied requests : 183422 , Headers removed : 37475
Headers inserted : 342124 , HTTP redirects : 0
HTTP chunks : 224859 , Pipelined requests : 71466
HTTP unproxy conns : 267246 , Pipeline flushes : 0
Whitespace appends : 0 , Second pass parsing : 0
Response entries recycled : 71302 , Analysis errors : 0
Header insert errors : 22 , Max parselen errors : 215
Static parse errors : 99 , Resource errors : 0
Invalid path errors : 0 , Bad HTTP version errors : 0
Headers rewritten : 0 , Header rewrite errors : 0
SSL headers inserted : 0 , SSL header insert errors : 0
SSL spoof headers deleted : 0 , Unproxy msgs sent : 267246
HTTP passthrough stat : 0
NOTE - We did turn on caching at one point to try and resolve the issue but it has since been turned off
Maybe you are looking for
-
Write Out a DOM as an XML File in "pretty format"
Hi all, I am using javax.xml.transform.Transformer to Write Out a DOM as an XML File. (URL: http://java.sun.com/j2ee/1.4/docs/tutorial/doc/JAXPXSLT4.html) It runs very well but in the XML output, it is not "format". I means, for example, there are a
-
I want to copy bookmarks in my folder.where i can find its and how i make it?
i want to copy bookmarks in my folder.where i can find its and how i make it?please
-
Hi guys, is it possible to create WEB SERVICE in SAP 4.7 ? i want to make a FM as web service enabled. plz advice with step by step procedure. Regards pabi
-
I wish to call an Oracle Graphics file(.ogd) using the read from file property of a field. The field will contain the file name of the chart. Is this possible? Which file format can I choose to do this.
-
Challenge for Smartform experts
Hi Experts, I have a complex requirement in smartforms.This should be done in ECC 6.0.The text should be printed in the followong way in the same page. fhsdjhrfwesuhtfwehgkjd - jkkdngfjeifgrisjgsrgeg hdgdsbgbfgjhughugejs bhdsbfdsbf