ACE - Reaching VIP between Context

Similar Messages

• ACE and VIP failover

  Hi,
  There is another one:-)
  On CSS i could define critical service and put the VIP down if critical service is down. Also CSS used something like VRRP to define active VIP per CSS.
  So the question is, can I do the same thing on two ACE modules? So, one is active for the VIP, and if service associated with that VIP fails, the active VIP is moved to another ACE module?
  Can this be accomplished with contexts? FT VLAN..etc. It is not the same as VRRP VIP fail over on CSS but i could use it. Can i use FT VLAN over L2 devices/MPLS backbone or do i have to use dedicated link?

  On ACE the failover is context based (not Vip based).
  ACe can be configured to track and detect failures in the following items in the
  Admin context and any user context:
  • Gateways or hosts
  • Interfaces
  • Hot Standby Router Protocol (HSRP) groups
  You need to configure a tracking priority for each tracking event.
  from ACE Admin guide
  "Suppose that on ACE 1 you configure the active FT group member
  with a priority of 100 and on ACE 2 you configure the standby FT group member
  with a priority of 70. Further, assume that you configure the FT group to track
  three critical interfaces, each with a unit priority of 15. To trigger a switchover,
  all three interfaces must fail so that the priority of the active member is less than
  the priority of the standby member (100 - 45 = 55)."
  Please read ACE Admin guide for more details
  Syed

• ACE 4710 VIP not pingable even with "always" selected.

  Hello, I have a somewhat complicated setup in order to allow one particular VIP to answer for the same serverfarm on two different ports (this was a previous question here.) Here is the scrubbed config below. The setup works, but the issue is that the VIP does not reply to pings. We use both the servers and the vip for monitoring internally. It is still operational on the ports it is balancing, but no setting for ping seems to work (Active, Primary, or Always.) What am I doing wrong here? The other sites I use stickys with respond for their VIPs. I'm assuming this one does not due to the more complicated policy map.
  probe http HTML-Site-Up_200
    description This probe is to verify HTTP operation via site-up.html check
    port 80
    interval 5
    faildetect 2
    passdetect interval 10
    request method get url /site-up.html
    expect status 200 200
    open 2
  probe icmp ICMP-Ping
    interval 5
    faildetect 2
    passdetect interval 10
  probe tcp RAW-TCP-81
    port 81
    interval 10
    faildetect 2
    passdetect interval 20
    connection term forced
    open 1
  rserver host psc-us-EQUIPprd1
    description EQUIP Prod, server 1
    ip address 10.1.1.84
    inservice
  rserver host psc-us-EQUIPprd2
    description EQUIP Prod, server 2
    ip address 10.1.1.85
    inservice
  serverfarm host EQUIPPROD
    description EQUIP Prod Server Pool
    predictor leastconns
    probe HTML-Site-Up_200
    probe ICMP-Ping
    probe RAW-TCP-81
    rserver psc-us-EQUIPprd1
      probe ICMP-Ping
      probe HTML-Site-Up_200
      probe RAW-TCP-81
      inservice
    rserver psc-us-EQUIPprd2
      probe ICMP-Ping
      probe HTML-Site-Up_200
      probe RAW-TCP-81
      inservice
  serverfarm host EQUIPPROD-CUSTOMER-81
    description EQUIP Customer Site Server Pool, port 81
    predictor leastconns
    probe RAW-TCP-81
    rserver psc-us-EQUIPprd1 81
      probe RAW-TCP-81
      inservice
    rserver psc-us-EQUIPprd2 81
      probe RAW-TCP-81
      inservice
  sticky ip-netmask 255.255.255.255 address source Sticky_EQUIPPROD
    timeout 180
    replicate sticky
    serverfarm EQUIPPROD
  class-map type http loadbalance match-all EQUIP_81_Redirect
    2 match http header Host header-value ".*equiponline.com"
  class-map type http loadbalance match-all EQUIP_81_Redirect_Full
    2 match http header Host header-value ".*www.equiponline.com"
  class-map match-all VIP-EQUIPPROD
    2 match virtual-address 10.1.1.97 any
  policy-map type loadbalance first-match VIP-EQUIPPROD-l7slb
    class EQUIP_81_Redirect
      serverfarm EQUIPPROD-CUSTOMER-81
    class EQUIP_81_Redirect_Full
      serverfarm EQUIPPROD-CUSTOMER-81
    class class-default
      sticky-serverfarm Sticky_EQUIPPROD
  policy-map multi-match global
    class VIP-EQUIPPROD
      loadbalance vip inservice
      loadbalance policy VIP-EQUIPPROD-l7slb
      loadbalance vip icmp-reply
      nat dynamic 13 vlan 1000
  interface vlan 1000
    nat-pool 13 10.1.1.97 10.1.1.97 netmask 255.255.255.0 pat

  Output from that class from the show service-policy command. And no, it doesn't appear to be pingable from the ACE.
      class: VIP-EQUIPPROD
        nat:
          nat dynamic 13 vlan 1000
          curr conns       : 361       , hit count        : 116690    
          dropped conns    : 5         
          client pkt count : 4815293   , client byte count: 739114009           
          server pkt count : 7281612   , server byte count: 8753101386          
          conn-rate-limit      : 0         , drop-count : 0         
          bandwidth-rate-limit : 0         , drop-count : 0         
       VIP Address:    Protocol:  Port:
       10.1.1.97    any
        loadbalance:
          L7 loadbalance policy: VIP-EQUIPPROD-l7slb
          Regex dnld status    : SUCCESSFUL
          VIP ICMP Reply       : ENABLED
          VIP State: INSERVICE
          VIP DWS state: DWS_DISABLED
          Persistence Rebalance: ENABLED
          curr conns       : 392       , hit count        : 134300    
          dropped conns    : 431       
          client pkt count : 4869950   , client byte count: 741545220           
          server pkt count : 7281612   , server byte count: 8753101386          
          conn-rate-limit      : 0         , drop-count : 0         
          bandwidth-rate-limit : 0         , drop-count : 0         
          L7 Loadbalance policy : VIP-EQUIPPROD-l7slb
            class/match : EQUIP_81_Redirect
              LB action :
                 primary serverfarm: EQUIPPROD-CUSTOMER-81
                      state: UP
                  backup serverfarm : -
              hit count        : 12602     
              dropped conns    : 0         
              compression      : off
            class/match : EQUIP_81_Redirect_Full
              LB action :
                 primary serverfarm: EQUIPPROD-CUSTOMER-81
                      state: UP
                  backup serverfarm : -
              hit count        : 0         
              dropped conns    : 0         
              compression      : off
            class/match : class-default
              LB action: :
                 sticky group: Sticky_EQUIPPROD
                    primary serverfarm: EQUIPPROD
                      state:UP
                    backup serverfarm : -
              hit count        : 107831    
              dropped conns    : 5         
              compression      : off
        compression:
          bytes_in  : 0                          bytes_out : 0                   
          Compression ratio : 0.00%
                  Gzip: 0               Deflate: 0         
        compression errors:
          User-Agent  : 0               Accept-Encoding    : 0         
          Content size: 0               Content type       : 0         
          Not HTTP 1.1: 0               HTTP response error: 0         
          Others      : 0         
  pscaceinside01/Prod# ping 10.1.1.97
   Pinging 10.51.221.97 with timeout = 2, count = 5, size = 100 ....
  No response received from 10.1.1.97 within last 2 sec
  No response received from 10.1.1.97 within last 2 sec
  No response received from 10.1.1.97 within last 2 sec
  No response received from 10.1.1.97 within last 2 sec
  No response received from 10.1.1.97 within last 2 sec
  5 packet sent, 0 responses received, 100% packet loss
  For what it's worth, none of my VIP's are pingable from the ACE. I think that has to do with me being in one-arm configuration, and using the NAT addresses per VIP. But all other VIPs are pingable from other sources on the subnet. With the exception of this VIP.

• Diff between context object and x path

  hi gurus,
    what is difference between context object and x path?

  Hi rohit,
  If u have multiple receiver system then to determine the reciever u can use context object.....
  Context objects are alternative to XPATH expressions. It is like macros in other programming langugage. If you define this , you can use this object in the receiver determination while doing conditional receiver determination
  To better idea see the blog...
  /people/prasadbabu.nemalikanti3/blog/2006/09/20/receiver-determination-based-on-the-payload-of-input-dataextended-xpathcontext-object
  Check out these also...
  http://help.sap.com/saphelp_nw2004s/helpdata/en/d6/e44fcf98baa24a9686a7643a33f26f/content.htm
  /people/prasadbabu.nemalikanti3/blog/2006/09/20/receiver-determination-based-on-the-payload-of-input-dataextended-xpathcontext-object
  Here is a scenario where context objects were used for BPM
  Technical Context Object in ccBPM
  Get the details here:
  http://help.sap.com/saphelp_nw04/helpdata/en/d6/e44fcf98baa24a9686a7643a33f26f/frameset.htm
  Technical Context Objects :
  http://help.sap.com/saphelp_nw04/helpdata/en/d6/e44fcf98baa24a9686a7643a33f26f/frameset.htm
  A list of the Technical Context Objects names can be found here:
  http://help.sap.com/saphelp_nw04/helpdata/en/6e/ff0bf75772457b863ef5d99bc92404/content.htm
  XPath to show the path (Multiple Receivers)
  /people/shabarish.vijayakumar/blog/2005/08/03/xpath-to-show-the-path-multiple-receivers
  Customize your 'XPATH' Expressions in Receiver Determination
  /people/shabarish.vijayakumar/blog/2006/06/07/customise-your-xpath-expressions-in-receiver-determination
  regards
  biplab
  Use a Good Subject Line, One Question Per Posting - Award Points

• Load balancing within the same ACE across two different contexts residing on the same vlan

  I'm working on a design that requires traffic be sent to a different context in the same ACE. The question I have is can this be done when both reside on the same VLAN. Would the traffic in this case be handled at layer 2 instead of layer 7. Would I have to create a seperate subnet in order to provide loadbalancing?
  |__________________|
  |   | vlan 5         |         |
      |                  |
      |                  |
  Context A        |
                         |
                         |
                      Context B
  Thanks, Jerilyn

  by design, two contexts on the same box in the same vlan can't communicate. You have to use an external L3 device.
  A workaround may be to use two diferent vlans and then bridge between them with a loopback cable.

• ACE 4710 VIP

  I am not able to access the web server throught the vip. Your help will be greatly appreciated. Below is my configuration on the ACE.
  Server:
  resource-class RS_web
  limit-resource all minimum 10.00 maximum unlimited
  boot system image:c4710ace-mz.A1_8_0a.bin
  hostname ACE1
  interface gigabitEthernet 1/1
  description Client Connectivity on VLAN 100
  switchport access vlan 100
  no shutdown
  interface gigabitEthernet 1/2
  description Server Connectivity on VLAN 10
  switchport access vlan 10
  no shutdown
  interface gigabitEthernet 1/3
  shutdown
  interface gigabitEthernet 1/4
  shutdown
  class-map type management match-any remote_access
  context VC_web
  allocate-interface vlan 10
  allocate-interface vlan 100
  member RS_web
  username admin password 5 xxx role Admin domain default-domain
  username www password 5 xxx role Admin domain default-domain
  ssh key rsa 1024 force
  Virtual:
  logging enable
  logging console 7
  logging trap 7
  logging history 7
  logging monitor 7
  access-list ALL line 8 extended permit ip any any
  rserver host RS_web1
  description content server web-one
  ip address 10.2.0.99
  inservice
  serverfarm host SF_web
  predictor hash header Accept
  rserver RS_web1 80
  inservice
  class-map type management match-any VC_web_Remote
  description VC Web Remote Access
  2 match protocol telnet any
  3 match protocol https any
  5 match protocol ssh any
  6 match protocol icmp any
  class-map match-all VS_web
  2 match virtual-address 10.1.0.99 255.255.252.0 tcp eq www
  policy-map type management first-match VC_web_MGMT_ALLOW_POLICY
  class VC_web_Remote
  permit
  policy-map type loadbalance first-match PM_LB
  class class-default
  serverfarm SF_web
  policy-map multi-match PM_multi_match
  class VS_web
  loadbalance vip inservice
  loadbalance policy PM_LB
  interface vlan 1
  description Server Connectivity on VLAN 10
  ip address 10.2.0.101 255.255.252.0
  nat-pool 1 10.2.0.200 10.2.0.204 netmask 255.255.252.0
  no shutdown
  interface vlan 100
  ip address 10.1.0.101 255.255.252.0
  service-policy input VC_web_MGMT_ALLOW_POLICY
  service-policy input PM_multi_match
  no shutdown
  ip route 0.0.0.0 0.0.0.0 10.1.0.1
  username admin password 5 xxxx role Admin domain default-domain
  logging enable
  logging console 7
  logging trap 7
  logging history 7
  logging monitor 7
  access-list ALL line 8 extended permit ip any any
  rserver host RS_web1
  description content server web-one
  ip address 10.2.0.99
  inservice
  serverfarm host SF_web
  predictor hash header Accept
  rserver RS_web1 80
  inservice
  class-map type management match-any VC_web_Remote
  description VC Web Remote Access
  2 match protocol telnet any
  3 match protocol https any
  5 match protocol ssh any
  6 match protocol icmp any
  class-map match-all VS_web
  2 match virtual-address 10.1.0.99 255.255.252.0 tcp eq www
  policy-map type management first-match VC_web_MGMT_ALLOW_POLICY
  class VC_web_Remote
  permit
  policy-map type loadbalance first-match PM_LB

  I've changed my VIP to a /32, and I can't still access the web server. Here my show service-policy detail result.
  Policy-map : PM_multi_match
  Status : ACTIVE
  Description: -
  Interface: vlan 1 100
  service-policy: PM_multi_match
  class: VS_web
  VIP Address: Protocol: Port:
  10.1.0.99 tcp eq 80
  loadbalance:
  L7 loadbalance policy: PM_LB
  VIP ICMP Reply : DISABLED
  VIP State: INSERVICE
  curr conns : 0 , hit count : 0
  dropped conns : 0
  client pkt count : 0 , client byte count: 0
  server pkt count : 0 , server byte count: 0
  conn-rate-limit : 0 , drop-count : 0
  bandwidth-rate-limit : 0 , drop-count : 0
  L7 Loadbalance policy : PM_LB
  class/match : class-default
  LB action :
  primary serverfarm: SF_web
  state: UP
  backup serverfarm : -
  hit count : 0
  dropped conns : 0
  compression : off
  compression:
  bytes_in : 0
  bytes_out : 0

• Upgrading ACE , redundant active-active context

  Hi,
  We have 2 ACE's running in our network, and we would like to upgrade the ACE software.
  To minimize any disruption to existing network traffic during a software upgrade or downgrade, deploy your ACE modules in a redundant configuration. For details about redundancy, see Chapter 7, Configuring Redundant ACE Modules. The following steps provide an overview on upgrading a redundant configuration used in conjunction with the procedures in this appendix:
  1. Upgrade the active module first.
  2. Reboot the active ACE after the software installation. When you reboot the active ACE, it fails over to the standby module and existing traffic continues without interruption.
  3. Upgrade the new active module.
  4. Reload the active ACE after the redundant module is up and the high availability (HA) state is hot. A similar failover occurs when you reboot this ACE and once again the existing traffic continues. The original active ACE is active once again.
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/upgrade.html
  This section describes the methods and CLI commands that you can use to troubleshoot redundancy issues in your ACE.
  1. Ensure that the software versions and licenses installed in the two ACEs are identical. A software or license mismatch may generate the following syslog message:
                                %ACE-1-727006:       HA: Peer is incompatible due to error str. Cannot be Redundant.
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_Redundancy
  Following those step, is there any problem would happen after step 2 , having a different software version on the first and second module?
  also on step 4 ' Reload the active ACE after the redundant module is up and the high availability (HA) state is hot. ' , is that possible with both module use a different software version ?

  Hi,
  When you upgrade or downgrade the ACE software in a redundant  configuration with different software versions, the STANDBY_WARM and  WARM_COMPATIBLE states allow the configuration and state synchronization  process between the peers to continue on a best-effort basis. This  basis allows the active ACE to synchronize configuration and state  information with the standby even though the standby may not recognize  or understand the CLI commands or state information.
  In the STANDBY_WARM state, as with the STANDBY_HOT state,  configuration mode is disabled on the standby ACE and configuration and  state synchronization continues. A failover from the active to the  standby based on priorities and preempt can still occur while the  standby is in the STANDBY_WARM state. However, while stateful failover  is possible for a WARM standby, it is not guaranteed. In general,  modules should be allowed to remain in this state only for a short  period of time.
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Module_Troubleshooting_Guide,_Release_A2%28x%29_--_Troubleshooting_Redundancy#About_WARM_COMPATIBLE_and_STANDBY_WARM
  Siva

• ACE-Single VIP-Multiple URL-Multiple ServerFarm

  Hi Everyone,
  I am trying to put together a configuration that has multiple requirements that are all dependant so I wanted to post in a single discussion.  Please see the parameters below:
  1. ACE 4710 placed in DMZ in one-armed mode
  2. Use only 2 VIPS (1 for HTTP traffic and 1 HTTPS traffic)
  3. Multiple URLs for each VIP. Each URL makes use of sub-domains (ex. "subdomain1.domain.com" , "subdomain2.domain.com")
  4. Match on the hostheader and send to a corresponding serverfarm. (each URL has seperate serverfarm).
  5. SSL off-load. All Secure URL's share a single wild-card certificate.
  6. Any connections to Secure URL's that connect using HTTP need to be redirected to HTTPS and then load-balanced. I would like to have a single redirect serverfarm that will take the path and url that is sent,whichever that may be, and redirect it to HTTPS.
  So here are my questions:
  1. One of the URL's being matched is for Exchange 2010 (OWA and ActiveSync).  Since all services will be directed at the same serverfarm I believe that matching on the sub-domain (host header) will be sufficient for both services but I would like some confirmation.
  2. I would like to confirm that the composition of my class-maps and subsequent policy-maps will meet the requirements listed above.
  3. I would like any suggestions on how I may make this configuration more efficient.
  I have attached a scrubbed copy of my configuration, any suggestions would be greatly appreciated!!!

  Hi Michael,
  One of the URL's being matched is for Exchange 2010 (OWA and ActiveSync).  Since all services will be directed at the same serverfarm I believe that matching on the sub-domain (host header) will be sufficient for both services but I would like some confirmation
  The ACE performs regular expression matching against the received packet data and hence you can use a single expression like \.mvnu\.edu and that should match msmail\.mvnu\.edu", ihelp\.mvnu\.edu and ishare\.mvnu\.edu and since all of them need to go to same serverfarm there is no need to define three different server farms under policy map.
  2. I would like to confirm that the composition of my class-maps and subsequent policy-maps will meet the requirements listed above.
  The config looks fine but you can make it more stream line by using one regex which will match all host header information and since it needs to go one serverfarm only, it is not required to have three different server farms unless needed of course. Pardon if i haven't  understood your requirment correctly.
  3. I would like any suggestions on how I may make this configuration more efficient.
  It should be there in answer 1:)
  Please feel free to discuss if there is something which is not what you were looking for.
  Regards,
  Kanwal

• Share variable value between context

  Hello people !
  I need to refresh a variable from DB only once, at the beginning, from a GLOBAL context, and then, i need to evaluate that value from several other contexts, but the value must remain the same.
  Is that possible ?
  ps: asi es, soy argentino. Saludos !

  On the package I think is that possible. See # Oracle® Data Integrator - Reference Manual - 10g Release 3 (10.1.3)
  http://www.oracle.com/technology/products/oracle-data-integrator/10.1.3/htdocs/documentation/oracledi_reference.pdf
  Definition of an iterative loop
  To create a loop that repeats ten times, simply create a numerical variable, snp_increment, that
  contains the increment, then insert the following three steps:
  • Step 1 (Initializing loop): A Set Variable -type step which assigns '0' to snp_increment.
  • Step 2 (Increment loop): A Set Variable -type step which increments snp_increment by '1'.
  • Step 3 to n: …actions to execute in a loop n times.... The snp_increment variable can be
  used in these procedures.
  • Step n+1 (loop end test): An Evaluate Variable -type step which tests snp_increment<=10.
  If successful, execute the task: "step 2", if failed, execute the task: "<<next step>>"
  • Step n+2: .... next actions

• Difference between Context and Queue in UDF

  hi,
  i am trying to write udf but i have doubt when do i select Contect and when do i select Queue as my udf ? How do we decide which one i select ?
  Thanks & Regards
  Naveen

  when u go 4 advanced udf functionalites u need this. for simple udf not req to play with queue nor context. the input when using a context or queue will be an array of strings but in simple udf's it is just a single string that u will be accessing. u can also check here:
  http://help.sap.com/saphelp_nw2004s/helpdata/en/40/7b8e40496f6f1de10000000a1550b0/content.htm

• Using ACE to load balance HTTP/S traffic between client & proxy server using tcp 8080

  Folks,
  I have a scenario where ACE is in load balancing connections to a bunch of Websense servers in a one-armed topology.  ACE presents a single VIP to web browser clients and each client's browser proxy configuration is populated with the VIP DNS name.  Traffic then gets load balanced between the Websense servers.  The problem arises due to Websense requiring the 'X-Forwarded-For' HTTP header in order to obtain the source IP of the client.  
  ACE inserts this header into the standard HTTP 'proxied' traffic but doing this for HTTPS traffic has required the configuration of the ACE SSL proxy client server.
  So the problem I have is this:
  How to configure ACE to load balance both HTTP & HTTPS applications using a single VIP and tcp port number ie tcp 8080
  The ACE hardware being used is ACE20-MOD-K9  -  MODULE
  I have attempted to use a L7 class map to match all ciphers and attach this to a L7 Policy-Map but the documentation highlights the fact the 'match cipher' configuration is only available on the ACE appliance.  
  I believe I am on the correct track.  The HTTPS traffic must be identified and used to match against PolicyA and HTTP traffic matched against PolicyB
  I'm looking for ideas!  I'm hopeful someone must have solved this problem previously!!
  Regards,
  Simon

  Hi Simon,
  The classification has to work on different ports. Whether client types http or https doesn't matter to client. His request will reach VIP which will classify the traffic based on port, protocol first and then it can look into further detail to send the traffic to appropriate serverfarm.
  You can class-map match-any xxxxx
  2 match virtual-address x.x.x.x tcp any
  and then you configure further classification on the basis of L7 like  url, header etc. 
  But again, you will still need SSL termination on ACE.
  Regards,
  Kanwal
  Note: Please mark answers if they are helpful.

• Sharing VLAN's on ACE context's

  Hi,
  I am quite a newbie with ACE configurations. I have a VLAN i want to share over three ACE context's. Every context needs to have its own vlan ip address. How can i manage to do this ? I can only define an ip address on the main ACE configuration.
  Regards,
  Sebastian

  You are probably talking about the transfer-network or client-side VLAN.
  If you have already assigned the vlan to the module from the cat6k just create the three contexts and assigned those vlans to each context. That is how i do it. Serve three different context's with three different server networks with one client-side or transfer-network.
  just make sure you use different ip's for the ip,peer ip and alias for each context if you use FT or 2 modules. With this setup i always need 4 IP's including the VIP per context on the client side.
  Then you can configure the shared vlan in each context separate.
  context A
  allocate-interface vlan 10
  allocate-interface vlan 20
  context B
  allocate-interface vlan 10
  allocate-interface vlan 30
  context C
  allocate-interface vlan 10
  allocate-interface vlan 40

• Share JSESSIONID cookie between 2 contexts

  Hi all,
  I am trying to share the JSESSIONID cookie between 2 contexts on the same virtual server.
  www.evador.ca/a and www.evador.ca/b
  I tried to put the following in my sun-web.xml:
  <session-config>
  <cookie-properties>
  <property name="cookieDomain" value=".evador.ca";>
  <description>The domain for which the cookie is valid.</description>
  </property>
  <property name="cookiePath" value="/" />
  </cookie-properties>
  </session-config>
  With Firefox I can look at the cookies created. There is only one JSESSIONID with path / and domain .evador.ca. But even with these encouraging info I cannot see the cookie in both contexts...
  I have an another cookie for localization purposes (That I create my self) called lang and believe it or not this works:
  langCookie.setMaxAge(Integer.MAX_VALUE);
  langCookie.setPath("/");
  langCookie.setDomain(domainName);
  response.addCookie(langCookie);
  What am I doing wrong?
  Thank you,
  Luc
  Edited by: lucbard on Dec 7, 2007 2:55 PM

  Servlet specification mentions:
  SRV.7.3 Session Scope
  HttpSession objects must be scoped at the application (or servlet context) level.
  The underlying mechanism, such as the cookie used to establish the session, can be
  the same for different contexts, but the object referenced, including the attributes in that object, must never be shared between contexts by the container.
  You cannot share a cookie between 2 contexts.

• Serverfarm VIP as rserver of another farm

  Hi guys,
  I'm curious if that's possible. The idea behind is to create "special rserver" which is in fact a webfarm with per-request LB, and can be placed as a backup-rserver when primary one is overloaded.
  Let's imageine caching webfarm (A) with URL hash-predictor, then, if one rserver has huge load its probe may switch traffic to backup, failover farm (B) which has per-request basis (let's say round-robin) to spread that (and only that) load. Another rservers from farm (A) are not affected.
  Don's see a way to do that in one context. No direct routing between contexts forces to use 6k/other devices to route packets between contexts. Some other ideas to achieve that? Maybe some other ways of solving the pbm?
  Regards,
  Jakub S.

  Hi Jakub,
  Instead of using another VIP as rserver of one of your serverfarms (which as you state would need you to first route the traffic out of the ACE before reaching this VIP since we cannot directly send traffic from a VIP to another), I would configure your backup rserver as one of type redirect which would have the client directly send the traffic to the per-request VIP through redirection once the main rserver is overloaded.
  Regards,
  Nicolas

• Load Balancing on ACE Modules

  hi,
  Is it possible to load balance VIP hits on two ACE Modules in an active/active configuration. Or is it that only per FT group only single context could be active.
  Regards.

  You can have 1 context active on one ACE and the other context active on the other ACE.
  If you have 2 Vip, you can have 1 vip belonging to one context and the other vip belonging to the other context.
  Like this, you split the traffic between the 2 devices which allows you to handle more traffic than what 1 device could normally do.
  If one device can handle all your traffic, I prefer to only have 1 active unit and 1 standby.
  Easier to implement and troubleshoot.
  Gilles.