ACE in one-arm model. VIP on Client Side, servers in other vlan
Hello All
i have a LAN whit many servers,but only 2 need to be balanced. So i think in one-arm model, due to the higth trafic that not be pass trought ACE.
i have a vlan 900 where is the client side and the VIP also. (10.0.9.64/26)
the servers are in vlan 503 (10.12.3.0/24)
it mi first design with ONE-arm but i thinks something is missing, because doesn't work.
the configuration is the next:
MSFC:
svclc module 1 vlan-group 1,2,
svclc vlan-group 1 503,900-902
svclc vlan-group 2 511
interface Vlan503
description OSS_&_Otros
ip address 10.12.3.253 255.255.255.0
standby 10 ip 10.12.3.254
standby 10 priority 150
standby 10 preempt delay minimum 305
interface Vlan900
description MSF_<->_ACE
ip address 10.0.9.126 255.255.255.192
end
access-list 101 permit ip 10.12.3.0 0.0.0.255 10.0.9.64 0.0.0.63
access-list 101 deny ip any any
route-map From_Server_OSS_to_ACE permit 10
match ip address 101
set ip next-hop 10.0.9.125
ACE_1/admin#
ip route 0.0.0.0 0.0.0.0 10.0.9.126
context OSS
allocate-interface vlan 511
allocate-interface vlan 900
allocate-interface vlan 902
member Max20
ACE_1/OSS# sh run
Generating configuration....
access-list EVERYONE line 10 extended permit ip any any
access-list EVERYONE line 20 extended permit icmp any any
rserver host OSS_FES_1
description OSS_Front_End_Server_1
ip address 10.12.3.140
inservice
rserver host OSS_FES_2
description OSS_Front_End_Server_2
ip address 10.12.3.150
inservice
serverfarm host SERVER_farm_OSS
rserver OSS_FES_1
inservice
rserver OSS_FES_2
inservice
class-map match-all VIP-OSS
2 match virtual-address 10.0.9.66 any
policy-map type loadbalance first-match OSS-LB-POLICY
class class-default
serverfarm SERVER_farm_OSS
policy-map multi-match OSS-POLICY-MAP
class VIP-OSS
loadbalance vip inservice
loadbalance policy OSS-LB-POLICY
loadbalance vip icmp-reply
interface vlan 900
description Clients-side
ip address 10.0.9.125 255.255.255.192
access-group input EVERYONE
access-group output EVERYONE
service-policy input OSS-POLICY-MAP
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.9.126
maybe a i need to allocate the vlan 503 in OSS Context, any advice?
Thanks in advace,
Gianni From Chile
Since you server are not behind the ACE in either bridge or routed mode add the follwoing to your config and use nat to get the traffic back to the ace.
This is how one-armed mode works.
ACE_1/OSS# sh run
Generating configuration....
access-list EVERYONE line 10 extended permit ip any any
access-list EVERYONE line 20 extended permit icmp any any
rserver host OSS_FES_1
description OSS_Front_End_Server_1
ip address 10.12.3.140
inservice
rserver host OSS_FES_2
description OSS_Front_End_Server_2
ip address 10.12.3.150
inservice
serverfarm host SERVER_farm_OSS
rserver OSS_FES_1
inservice
rserver OSS_FES_2
inservice
class-map match-all VIP-OSS
2 match virtual-address 10.0.9.66 any
policy-map type loadbalance first-match OSS-LB-POLICY
class class-default
serverfarm SERVER_farm_OSS
policy-map multi-match OSS-POLICY-MAP
class VIP-OSS
loadbalance vip inservice
loadbalance policy OSS-LB-POLICY
loadbalance vip icmp-reply
nat dynamic 10 vlan 900
interface vlan 900
description Clients-side
ip address 10.0.9.125 255.255.255.192
nat-pool 10 0.9.126 10 0.9.126 netmask 255.255.255.192 pat
access-group input EVERYONE
access-group output EVERYONE
service-policy input OSS-POLICY-MAP
no shutdown
Similar Messages
-
ACE 4700 one-arm design with SSL termination
Hi,
We are evaluating the one-arm design for the ACE 4700 and need some clarifications:
1. Are there any limitations in the one-arm design and the SSL offloading
2. Can the ACE be configured with an IN and an OUT vlan to the router
CLIENT -> Router -> ACE IN -> ACE OUT -> Router -> Server Vlan
so that the SSL and the clear text traffic is in a separate Vlan?
3. In some sample configuration i saw SNAT configuration on the ACE to modify the client IP. This i assume is for instructing the return traffic from the server to go through ACE? Using SNAT we eliminate the requirement for NAT or PBR on the router? Will i still be able to insert the client IP address after the SSL offload?
I would appreciate if you can share some sample configs
Regards,
George GeorgiouThere are two ways to implement One Arm topology.
1. One Arm with PBR & 2.One Arm with SRC NAT
PBR/Source Nat is needed to ensure that the return traffic from Real Servers should not bypass ACE.
1. Are there any limitations in the one-arm design and the SSL offloading
The limitations/config issues I can think of are following
One ARM with PBR:
Direct access to Servers require the enabling of Assymtric routing (by turning off Normalization). If direct server access is not required then you dont need to enable assymtric routing. Now for these assymetric connection (Direct Server Access return traffic) its required to purge idle connections more frequently (default being one hour).
One ARM with SRC NAT:
You will loose the client information. Server logs will show the connections initiated from NAT IP Pool configured on ACE.
2. Can the ACE be configured with an IN and an OUT vlan to the router
CLIENT -> Router -> ACE IN -> ACE OUT -> Router -> Server Vlan
so that the SSL and the clear text traffic is in a separate Vlan?
Yes you can do that but wouldnt it make it routed mode topology?
3. In some sample configuration i saw SNAT configuration on the ACE to modify the client IP. This i assume is for instructing the return traffic from the server to go through ACE? Using SNAT we eliminate the requirement for NAT or PBR on the router? Will i still be able to insert the client IP address after the SSL offload?
As I said earlier you loose the Source IP address with SRC NAT. But with ACE you have an option to use header-insert and insert this source ip as an HTTP Header.
Details at
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/slb/guide/classlb.html#wp1040008
HTH
Syed Iftekhar Ahmed -
ACE 4710 one-arm L4 load balancing removes accept-encoding?
We have built a simple one-arm PAT config to round robin load balance two Varnish servers. In the "Default L7 load-balancing action" we have left compression to "N/A". It looks like the ACE removes "Accept-Encoding: gzip, deflate" from the client header.
Is this normal behaviour? We would like the Varnish to do the compression. Do we need modify the headers to get this through the ACE?Hi,
Yes this does seem to be the behavior. Please read below:
HTTP compression is a capability built into web servers and web browsers to improve site performance by reducing the amount of time required to transfer data between the server and the client. Performing compression on the ACE offloads that work from the server, thereby freeing up the server to provide other services to clients and helping to maintain fast server response times.
When you enable HTTP compression on the ACE, the appliance overwrites the client request with "Accept-Encoding identity" and turns off compression on the server-side connection. HTTP compression reduces the bandwidth associated with a web content transfer from the ACE to the client.
So ACE rewrites the ACCEPT-ENCODING header to IDENTITY to indicate to the server that it should not compress the return data. That would be done by ACE.
Also, default method is used when client comes with both gzip or deflate for "ACCEPT ENCODING". For compression to work, a client must send a request with an ACCEPT-ENCODING method of gzip or deflate. If a client sends both methods, then the ACE uses the configured method(default method).
Also, you can see if ACE is compressing the packets or in "show service-policy detail.
switch/Admin#
show service-policy L7_COMP_SLB_POLICY detail
Status : ACTIVE
Description: -----------------------------------------
Interface: vlan 1 108
service-policy: L7_COMP_SLB_POLICY
class: vip
VIP Address: Protocol: Port:
2.0.5.1 tcp eq 80
loadbalance:
L7 loadbalance policy: pm
VIP ICMP Reply : ENABLED
VIP state: OUTOFSERVICE
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 0
dropped conns : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
L7 Loadbalance policy : pm
class/match : h
ssl-proxy client : c
LB action :
primary serverfarm: sf1
state: DOWN
backup serverfarm : -
hit count : 0
dropped conns : 0
compression : on <------------------------------ Compression is enabled if the value is "on"
compression bytes_in : 0 bytes_out : 0 <--- Number of bytes transmitted after compressing the server response
Compression ratio : 0.00% <------------------------------ Percentage of data compressed
Gzip: 0 Deflate: 0 <--------------- Number of times the method is used
compression errors: _
User-Agent : 0 Accept-Encoding : 0 |
Content size: 0 Content type : 0 |
Not HTTP 1.1: 0 HTTP response error: 0 |-- Check these error counters to see if they are increasing
Let me know if you have any questions.
Regards,
Kanwal -
Probe fail on Standby ACE in One-armed mode
Hi there
I'm Kilsoo.
I made One-armed mode using ACE.
Real servers are in away Vlan from ACE.
So, I configured the PBR with ACE alias ip address for the next-hop on the real server's gateway interface.
And, the probe from active ACE works well.
But, the probe from standby ACE was fail.
At this point, my first question
Is it normal situation that the probe fail from standby ACE????
So, I made the route-map for PBR like below for temporary solution.
route-map deny PBR 5
match ip address Probe_ACL
route-map permit PBR 10
match ip address L4_ACL
set ip next-hop <Alias IP address>
ip access-list extended Probe_ACL
pemit ip any <Standby ACE's IP address>
ip access-list extended L4_ACL
permit tcp <Real server's IP address> eq 80 any
Second question...
Do you have any other good solutions???
ThanksHi Cesar
Thanks for your reply.
But I think I was confuse when I wrote the message.
I used both ace's vlan ip address for next-hop ip address like your advice.
Do you know the standby ace can't check probe without route-map in one-armed mode like below diagram???
Backbone Router
|
|
|
Supervisor --------------------ACE(vserver: 172.19.100.100)
| (vlan 200)
|
|
|(vlan 110)
|
|
Real servers
(172.19.110.111) -
ACE30 - PING to VIP and Client side SVI not working
Hi Guys,
Having setup the ACE30 based on the configuration guides, I've been able to get basic load balancing working, probes, stickness etc. However in testing connectivty, I've noticed that from the real server on the backend I cannot seem to PING:
1. The VIP for the web service that the server is a part of
2. The Client side SVI
I'd like this to work to ensure full connectivity.
I've applied ACLs to the Client side SVI (on the ACE) to allow this in both directions, and also removed any ACLs attached to the client side SVI on the MSFC where the subnet is actually homed. However I just cannot seem to PING the Client side SVI on the ACE, or the VIP. Trying to understand if this is normal behavior.
Have inserted my config below for completeness.
ACE30 Config
login timeout 60
hostname ACE1
boot system image:c6ace-t1k9-mz.A90_6_3_5.bin
boot system image:c6ace-t1k9-mz.A4_1_0.bin
resource-class RC_1
limit-resource all minimum 10.00 maximum unlimited
access-list all line 8 extended permit ip any any
access-list v6-any line 8 extended permit ip anyv6 anyv6
class-map type management match-any REMOTE_ACCESS
description Remote access traffic match
2 match protocol telnet any
3 match protocol ssh any
4 match protocol icmp any
5 match protocol https any
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_ACCESS
permit
interface vlan 768
description Management connectivity
ip address 10.20.40.72 255.255.255.0
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
ip route 0.0.0.0 0.0.0.0 10.20.40.254
context VC_1
allocate-interface vlan 11
allocate-interface vlan 186
member RC_1
username admin password 5 $1$STizNv5q$i96.Qrt4C4SfHkbLyVT74. role Admin domain default-domain
username www password 5 $1$ZAn8bOtv$xmmNlH8akF6iYfXdQCKMo1 role Admin domain default-domain
ssh key rsa1 1024 force
! VC_1
ACE1/VC_1# sh run
probe http HTTP_PROBE1
interval 15
passdetect interval 60
expect status 200 200
open 1
rserver host RS_MONASH_WEB1
description Test Monash Web Server 1
ip address 10.194.27.177
inservice
serverfarm host SF_MONASH_WEB
probe HTTP_PROBE1
rserver RS_MONASH_WEB1 80
inservice
sticky ip-netmask 255.255.255.255 address source STICKY_MONASH_WEB
timeout 3600
serverfarm SF_MONASH_WEB
class-map type management match-any REMOTE_ACCESS
description Remote access traffic match
2 match protocol ssh any
3 match protocol telnet any
4 match protocol icmp any
5 match protocol https any
class-map match-all VS_MONASH_WEB
2 match virtual-address 10.194.11.1 tcp eq www
access-list ALLOW_TRAFFIC_TOWARDS_ACE extended permit ip any any
access-list ALLOW_TRAFFIC_TOWARDS_ACE extended permit icmp any any
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_ACCESS
permit
policy-map type loadbalance first-match PM_MONASH_WEB_LB
class class-default
sticky-serverfarm STICKY_MONASH_WEB
policy-map multi-match PM_MULTI_MATCH_CLIENT_VIP
class VS_MONASH_WEB
loadbalance vip inservice
loadbalance policy PM_MONASH_WEB_LB
service-policy input REMOTE_MGMT_ALLOW_POLICY
interface vlan 11
description Client connectivity on Vlan 11
ip address 10.194.11.250 255.255.255.0
access-group input ALLOW_TRAFFIC_TOWARDS_ACE
access-group out ALLOW_TRAFFIC_TOWARDS_ACE ! not sure if this is required as well?
service-policy input PM_MULTI_MATCH_CLIENT_VIP
no shutdown
interface vlan 186
description CSM www monash
ip address 10.194.27.189 255.255.255.240
access-group input ALLOW_TRAFFIC_TOWARDS_ACE ! not sure if this is required?
access-group out ALLOW_TRAFFIC_TOWARDS_ACE ! not sure if this is required?
ip dhcp relay server 130.194.15.17
ip dhcp relay server 130.194.15.1
ip dhcp relay enable
no shutdown
ip route 0.0.0.0 0.0.0.0 10.194.11.254
6500s
! test-clay1-gw - ACE connects to this 6500
svclc multiple-vlan-interfaces
svclc module 2 vlan-group 2
svclc vlan-group 2 11,171-499,768
! test-clay0-gw - Where Client side subnet, VLAN11 is homed
interface Vlan11
description Testlab server subnet
ip address 10.194.11.253 255.255.255.0
no shut
ip route 10.194.27.176 255.255.255.240 10.194.11.250
thanks
SheldonTo ping your VIP of the webserver, you should apple the service-policy input command on VLAN 186 too. Currently the VIP only listens on VLAN 11. For the SVI i think that was forbidden by security reason, but i cant remember anymore. Maybe you just need to put the management policy on the interface VLAN 186. If it dont work, then my first guess was right
-
Headstart 6i installation - HTTP client side servers?
We are performing the headstart 6i client side install and are confused as to the client software requirements.
Is it necessary to install a HTTP listener on each client that is to be used for development. Or can we use the server based listener(Apache).
The installation document specifies the installation of WEB DB as an option and indicates that this is shipped with Designer 6i, however this does not appear to be contained within the Designer 6i CD's
Rgds, PierreIt is not necessary to install and configure a HTTP Listener/Forms Server installation on each (developer)client. Yet it can be useful in a number of cases, for instance when your application server is Unix based.
WebDB itself is not shipped with Designer 6i, but when you install Des6i it will also install a Forms 6i runtime environment, and this will prompt you with a question whether you want to install a 'trial' version of Forms Server. The WebDB Listener service is a part of this Forms Server installation.
Kind Regards,
Peter
null -
Hello Forum, ;-)
I have 2 basic questions I am having doubts about it and would love to have some clarifications:
1) I configure in one ACE4710 (running 4.2.2) context a bridged interface and in another context the same interface, like here below :
---- Context Microsoft ----
ACE1/Microsoft# sh run
interface vlan 503
bridge-group 3
access-group input NONIP
access-group input ALL
access-group output ALL
service-policy input POLICY
no shutdown
interface vlan 1503
bridge-group 3
access-group input ALL
access-group output ALL
no shutdown
interface bvi 3
ip address 120.223.22.30 255.255.255.0
no shutdown
Then I move to the Juniper context and I try to create an interface (either L-2 or L-3) but it doesn’t work:
---- Context Juniper----
ACE1/Juniper(config)# int vlan 503
Error: VLAN creation is not allowed, shared bridged VLAN exists in another context
ACE1/Juniper(config)#
It gives ERROR!!
So if I configure an interface as bridged in one Context, I cannot configure it in another context??
2) If I want to migrate in context Microsoft from One-armed to inline (L-2 bridged), can I migrate one service at the time ( I.e. the config i showed above for context Microsoft, would it work also for one-armed based???)
Thanks so much for your explanations!!
Giulio.Hello Giulio-
You can only share vlans in one-armed or routed modes. Think of it this way:
Interface vlan 10 and 11 are bridged on context C1. (bridged mode)
Interface vlan 12 and 13 are configured on context C2. (routed mode)
When you have routed mode, your server's gateway is configured to point to the ACE interface IP (or alias if you are have FT.) If a packet comes into the physical interface on the ACE, the processor has to decide which context it belongs to. Since the mac address is the interface on context X, it knows instantly where it goes. It will either hit a VIP, or be routed via the routing table.
If a packet arrived on vlan 12 or 13 and the MAC address did not belong to the ACE, it would drop the packet by basic routing rules. (think a client connected to a hub sees a packet destine to a MAC that is not its own, it drops/ignores the packet.)
In bridged mode, the gateway for your server is the router on the other side of the bridged vlan. I.e., you server is on vlan 10, the gateway is on vlan 11 and ace is bridging them together. When packets arrive to the physical interface, ACE knows the traffic arrived on vlan 10 or 11 which belongs to context C2. If the MAC address is not a VIP, ACE simply hucks the packet out of the other vlan. If you send traffic to the interface MAC that does not belong to a VIP, ACE drops it because it would not make sense to send a packet out the other vlan that has a MAC address that belongs to the interface of the ACE itself.
One-armed mode is simply routed mode with a single vlan and source NAT. Nothing special applies to how ACE handles the traffic versus routed mode with only a single vlan.
Now imagine this:
Interface vlan 10 and 11 are bridged on context C1.
Interface vlan 11 and 12 are configured on context C2.
Remember 3 things:
a.) ACE conserves MAC addresses - so the VIPs share MAC addresses with the interface.
b.) ACE will never communicate between 2 contexts directly.
c.) If you are in a routed mode and share vlans between 2 contexts, ACE will make each vlan have a unique MAC address. If you create unique vlans on each context, ACE uses the same single MAC across all vlans for all contexts.
With traffic that is destine to ACE's MAC address and the IP is a VIP, its not a problem - ACE could figure out which context the traffic belongs to (especially since vlan 11 would have unique mac addresses on each context. However, what if ACE recieved a packet to the interface 10 and 12 MAC address? How would it know if it belonged to the bridged or routed context if it was not a VIP IP? What about traffic that arrives that doesn't have the MAC of any of the interfaces? 2 different entirely behaviors would occur, ACE should drop the packet on the bridged context, and route the packet on the routed context.
So the bottom line is - you can't determine which context a packet would need to apply to in all circumstances if you tried to share vlans in a bridge mode across multiple contexts.
Regards,
Chris Higgins -
is it possible to preserve the clients originating IP address somewhere while using the 4710 in one armed mode? I have a situation where the client source ip is needed, and I am deciding between one-armed mode and inline. I'd like to use one-armed, so that only load balanced traffic traverses the load balancer, but I haven't seen an example where that can be done without loosing the clients src address.
Only thing I can think of is http header-insertion. Create an action-list, that inserts the original client src.ip/port into the http-header. The configuration is quite simple:
action-list type modify http name
header insert both Host header-value %is:%ps
Then apply the action-list to your loadbalance policy-map.
Take a look at the url below for futher information:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1131842
But that depends on your situation. If is the original client src.ip/port is expected in the L3/L4 header, this won't cut it. Is this for logging purposes or some form of packet filtering ?
If you intend to run your ACE in one-arm mode, in my opponion, src.nat and header-insertion is your only option.
hth
/Ulrich -
What is Sharepoint client side object model ?
What is Sharepoint client side object model ?
The client-side object model (CSOM) provides client-side applications with access to a subset of the SharePoint Foundation server object model, including core objects such as site collections, sites, lists, and list items. As described in Data Access for
Client Applications, the CSOM actually consists of three distinct APIs—the ECMAScript object model, the Silverlight client object model, and the .NET managed client object model—that target distinct client platforms. The ECMAScript object model and the Silverlight
client object model provide a smaller subset of functionality. This is designed to enhance the user experience, because it minimize the time it takes Silverlight applications or JavaScript functions running in a Web page to load the files required for operation.
The .NET managed client object model provides a larger subset of functionality for standalone client applications. However, these APIs provide a broadly similar developer experience and work in a similar way.
You can write both managed client object model code and JavaScript Client Object model code in Visual Studio. As an example, you can create a console application having managed client object model code. Similarly, you may create a Visual Web Part and have
JavaScript client object model code in it. The JavaScript client object model code can also be directly written inside the SharePoint Designer as well.
Blog | SharePoint Learnings CodePlex Tools |
Export Version History To Excel |
Autocomplete Lookup Field -
Client side weblogic.management jar
Hi,
Could you help me with the following issue?
I am writing a simple mgmt application that uses Weblogic's JMX APIs remotely
via JNDI/RMI either from another VM on the same or another box (no firewall issues).
All is fine except that the weblogic.management interfaces, stubs, and skeletons
are all part of the huge weblogic.jar.
Do you know where I can find a client side classes for weblogic.management? I
noticed that the Weblogic 8.1 distribution comes with client side jars for other
APIS (e.g. JMS, Web services, EJB etc.) but cannot find one for JMX.
Thanks a lot for any insight on this,
PiotrHi Piotr,
I do not believe there is a client side jar for wl management. This is
being considered for our next release.
Thanks,
-satya
Piotr Krychniak wrote:
Hi,
Could you help me with the following issue?
I am writing a simple mgmt application that uses Weblogic's JMX APIs remotely
via JNDI/RMI either from another VM on the same or another box (no firewall issues).
All is fine except that the weblogic.management interfaces, stubs, and skeletons
are all part of the huge weblogic.jar.
Do you know where I can find a client side classes for weblogic.management? I
noticed that the Weblogic 8.1 distribution comes with client side jars for other
APIS (e.g. JMS, Web services, EJB etc.) but cannot find one for JMX.
Thanks a lot for any insight on this,
Piotr -
Selecting the treenode at client side
Hi all,
I am using JSF tree (Dynamic Tree) for my application.
I have constructed a dynamic tree .Below which one button is there.
Requirement is like this
1)i have to select a node and some check image will sit on the node.
Every time i click the node it hitting to the server.But I don't wan't it to be hitted the server every time.The selection of node should not refresh the page.Only after clicking the button it should move to next page.
2)when i navigate back to this page the node which i have selected should be remained as selected (or checked).
Whenever i return back to the tree page the tree is refreshing and no node is selected.
Only single node has to be selected at a time.
So plz suggest me how can i select the tree node client side how to make it remain selectd when we navigate back to tree page.
regards
Raghavendra Pattar
Bangalore.
India.Rajkumar G,
I am not clear ... is this issue happening on only one PC and IS working on the server and other PC's? Also ... are you getting an error or is the error you are getting this "Error We are sorry for the inconvenience at client side"?
Eddy -
Cisco AQM 8.5 not recording : wav files are deleted from client side
Daer Networkers,
We do have Cisco AQM 8.5 SR2 ES1 installed with UCCX 8.5
The issue is that when accessing the Web interface of AQM and try to look for calls, I can't find any one.
When checking the client side, I can see that the call are being recorded : The FROM and TO files are there. But once the call is terminated, the wav file appear for some seconds and then it dissappears asi fi it's deleted.
The wav files are not in the server too;
I don't know what is the issue. Can you please help ?
Thanks in advance.Hi,
This issue was resolved by doing a repair to the QM Base services, then run postinstall as if it was run for the first once.
The Proxy Gateway program was missing for some reason. After doing the repair the issue was resovled and calls are uploaded to the server.
Now I am facing another issue ! : I can hear the client voice only. Agent's voice couln't be heard in the recorded files. As if the agent's voice is not recorded. Can you please advise ? -
Client-side Conversion using NumberConverter and DateConverter
Hi,
In our application we have a custom input text component and we are using the same component to capture date, number, currency and string values .As we are using the same component to capture date/number/string values I can't add number/date converter to it.
At run time I have to read the user entered values and need to convert them into date/ number /currency values. I am planning to use Client-side Converters to format the values.
Please let me know how make use of NumberConverter and DateConverter in java script to convert the values at client side.
Regards,
KiranHi Gabrie,
Thanks for your response.
ADF is providing NumberConverter / DateConverter to convert date/number/currency values. Instead of writing my own custom converters can I use the framework provided converters to convert the values at client side? -
I'm using an Ace 4710 Appliance deployed in One-Armed mode, using Source NAT to loadbalance HTTP request to a couple of Proxy servers.
Everything is working fine, but the thing is that I can't see the Clients IP addresses on Proxy's logs, so I can't keep track of them.
The Interfaces and Nat configs are:
interface vlan 200
description Server-Side-VLAN
bridge-group 5
nat-pool 5 10.1.1.5 10.1.1.5 netmask 255.255.255.0 pat
service-policy input VIPS
interface vlan 300
description Client-Side-VLAN
bridge-group 5
interface bvi 5
ip address 10.1.1.3 255.255.248.0
description Client-Server-Virtual-Interface
ip route 0.0.0.0 0.0.0.0 10.1.1.1
and the policy map looks like this
policy-map multi-match VIPS
class Port80
loadbalance vip inservice
loadbalance policy Port80
nat dynamic 5 vlan 200
Resource assignment:
sticky ip-netmask 255.255.255.255 address both RESOURCE-CLASS
timeout 5
serverfarm Service80
Any suggestions will be appreciated,
ThanksHi Kanwal,
Thanks for your quick reply,
I've already tried this but it didn't work. The problem is that I don't manage the proxy servers so I rely on their skills to see the logs.
The Proxies are Squid. Do you know if they need to do something else on the servers to see that field of the HTTP header?
But I'll try again tomorrow and let you know how it goes.
Thank you again. -
Sniffer Trace on ACE w/VACLs and One-Arm Design
Wow...that was a mouthful of a title!
Here is what I'm trying to accomplish. There is an application that is having issues. This application is being load balanced by the ACE. The ACE is configured in a One-Armed design. Essentially the application flow is as follows:
client --> ACE VIP --> SNAT Pool --> rserver and then the reverse.
The vlan for my ACE is 3002. It is the only vlan in this context. I have a WildPackets OmniEngine connected to port on the 6500. Here is its config:
interface GigabitEthernet x/xx
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
switchport capture
switchport capture allowed vlan 3002
no ip address
no cdp enable
Here is the problem. When I take a trace I only see the back half of the conversation. That is I only see from the SNAT pool IPs to the rservers and back. I need to be able to see the conversation between the client IPs and the VIP. Does anyone know how this can be done? If you need more details or have questions please fire away! Thanks for the help...
bcThis can be done by setting up a monitor session on the Sup, with the
TenGig/1 as SPAN
source, and a trunk port as SPAN destination.
For example, if the ACE is in slot X, the configuration would be:
monitor session 10 source interface TeX/1
monitor session 10 destination interface Giy/z
The configuration for this port would be:
int giy/z
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
Syed Iftekhar Ahmed
Maybe you are looking for
-
SharePoint Foundation which is installed during TFS 2013 installation has no search capability
I installed a Team Foundation Server 2013 . I opted to install SharePoint Foundation 2013 during the TFS installation on the same application server. The installation went well and everything looked fine. TFS was running and the SharePoint teamsites
-
Cannot Sync Ipod touch after upgrading to OS 3.0 (error 13001)
I got the error 13001 when I sync after I upgraded my ipod touch (2nd gen) to OS 3.0. I tried to reinstall itunes and restore the ipod but the problem still cant be solved. Some topics here said that it can be solved if you do not sync the song with
-
Newbie question on the Java communications API
Hi All, I found the javax.comm extension package that lets me listen to the serial port of the PC, but am unsure as to how to use it. Well, I've tried running the SimpleRead.java program and I get an error message that says the package is missing in
-
IPad mini Cannot Connect to ANY network, best course of action?
iPad mini was working until around 6 PM, where it just stopped connecting to wifi and internet just stopped. Tried all methods that was discussed in the past post, which included resetting network setting in Settings section, hard reset, putting the
-
Are there adapters for the proprietary SSD drives in the X1 carbon?
That can be used to convert it to a normal commercial sized SSD drive so it can be used in a duplicator. The company I work for are switching to these Carbon X1 laptops for deployment and this will conflict with our current process of reimaging whic