Application ssl with balance leastconn
Messrs,
I'd like your help. I did the a cfg in CSS11501 where that have to load balance two server with SSL connections and was chosen the balance leastconn, but always one server has a great number of connections than another and the source IP address always be connected with the same server. So what could happen?
What could I do to improve that load balance?
Attached I send you the configuration, sh service summary and show flows.
the meaning of stickyness, is "if you came here already, will send you to the same server".
So, as soon as there is a sticky match, we do not care if you are doing leastconn or roundrobin or whatever, it is a match, so the loadbalancer sends the traffic to the matching server.
This is why you never get equal loadbalancing.
Because if you have only 2 users, when will be sent to server A and the other one to server B. If the first user open 3 connections and the 2nd user only one, you end up with 3 connections on server A and 1 on server B.
Moreover, sticky with leastconn is not a very good idea if you do not have a lot of traffic.
Because if user 1 comes in, it will be sent to server A, then it disconnects and user 1 comes in. Both servers are idle - no connection. The loadbalancer could select server A again. You then have 2 sticky entries pointing to A.
You should use roundrobin with stickyness or leastconn and no stickyness.
Gilles.
Similar Messages
-
SSL Load Balancing (Java applets problem)
Hi,
I have implemented loadbalancing of two webservers using CSS 11503.
Servers are containing SSL pages which need to be loadbalanced.
I have tried configuring the content rule for ssl using
port 443
application ssl
advanced-balance ssl
commands.The site opens properly using the VIP address (checked the SSL certificate issued by one of the servers. ) and I am able to see all the TABS on the same.The real problem starts when I am trying to upload a file to the server using the VIP address.
The moment I try to upload a file the session shifts to the second server and prompts for new certificate issued by the second server.
One more thing which I would like to mention here is that while uploading the file, JAVA is used.
i.e.the files are being uploaded using JAVA applets.
If anybody has encountered this kind of problem kindly suggest on the same.
Would appreciate if you send the solution on [email protected]
Any configs needed plz contact me on the above e-mail ID.
Thanks,
Pankaj P.HI Pankaj,
depending on your Java applett it might be possible that the applett opens a new connection. therefore depending on your total configuration it might be possible taht another server is used.Even worse if you do SSL-offloading the applett might tell the user to do http instead of https. I suggest that you check with a sniffertrace what is happening:
1) is there a new connection setup while the applett runs
2) is it again http or https and if https is it a new https session which will be again balanced not depending on the original https session.
Hope that helps
regards,
Joerg -
How to Implement SSL with Oracle Applications R12 without using Load Balanc
How to Implement SSL with Oracle Applications R12.1.3 without using Load Balancer
Please refer to (Enabling SSL in Release 12 [ID 376700.1]).
Thanks,
Hussein -
Oracle Applications 11i Load Balancing does not work with RAC one Node
Hi all,
Could you help me to resolve this issue.
Architecture environment is :
- One APPS tier node
- Two nodes Oracle Database Appliance (Primary node 1 holds INSTANCE_1 et Secondary node is configurured to holds INSTANCE_2), i.e RAC one Node.
- The primary node have instance_name SIGM_1 and the secondary node have instance_name SIGM_2, but in RAC one node, the secondary instance is not alive.
We convert our EBS 11i environment to RAC following note ID Using Oracle 11g Release 2 Real Application Clusters with Oracle E-Business Suite Release 11i [ID 823586.1].
When testing Database failover, Oracle Applications 11i load balancing does not work anymore.
The root cause is that, when the primary node of the Rac one node is down, the INSTANCE_NAME_1 is automaically relocating to the surviving node,.
During test failover, we imagine that when the primary node goes down, the secondary node start or relocate database with instance_name SIGM_2, and in that case the Oracle Applications load balancing works.
Currently, when the primary node goes down, the instance_name SIGM_1 is relocated on the secondary node, which cause failure of Oracle Applications Load Balancing.
Thank you for your advice.
MoussaThis is something I observed a long time ago for Safari (ie: around version 1). I'm not sure this is Safari, per se, but OpenSSL that is responsible for the behavior. I'm pretty sure Chrome does this and I've seen some Linux browsers do it.
What I have done at the last two companies I've worked for is recommend that our clients do not use SSL SessionID as the way of tracking sticky sessions on web servers, but instead using IP address. This works in nearly all cases and has few downsides. The other solution is to use some sort of session sharing on your web servers to mitigate the issue (which also means that your web servers aren't a point of failure for your users' sessions). (One of the products I supported had no session information stored on the web servers, so we could safely round-robin requests, the other product could be implemented with a Session State Server... but in most cases we just used IP address to load balance with). The other solution is to configure your load balancer to terminate the SSL tunnel. You get some other benefits from this, such as allowing your load balancer to reduce the number of actual connections to the web servers. I've seen many devices setup this way.
One thing to consider through this is that - due to the way internet standards work - this really can't be termed a bug on anyone's part. There is no guarantee in the SSL/TLS standards that a client will return the same SSL Session ID for each request and there is not requirement that subsequent requests will even use the same tunnel. Remember, HTTP is a stateless protocol. Each request is considered a new request by the web server and everything else is just trickery to try and get it to work the way you want. You can be annoyed at Safari's behavior, but it's been this way for over 5 years by my count, so I don't expect it to change. -
Hello
I have four servers that I want to load balance based on a URL both HTTP and HTTPS. Two are tomcat and two are IIS and I would like to use something like /jsp/* and /aspx/*. I can get the http L5 rules setup just fine but when I try and use port 443 with a layer 5 content rule I get nothing. The show flows command shows the external ip, the vip but 0.0.0.0 for the NAT IP. Is it possible to do what I'm trying to do?
my config is
service iis1
ip address 10.0.0.1
active
service iis2
ip address 10.0.0.2
active
service tomcat1
ip address 10.0.0.3
active
service tomcat2
ip address 10.0.0.4
active
owner test
content iis
vip address 10.1.1.1
url "/aspx/*"
advanced-balance arrowpoint-cookie
add service iis1
add service iis2
protocol tcp
port 80
active
content iis_ssl
vip address 10.1.1.1
url "/aspx/*"
advanced-balance ssl
application ssl
add service iis1
add service iis2
protocol tcp
port 443
active
Thanks in advance
JustinThanks for the response Giles. I've been working on doing that and I think I have it working but the problem now is that we have some apps that look to make sure the conversation is secure and redirect if not. With the SSL module, it doesn't look like the servers will ever see whether or not the user is connecting via HTTPS. Is there any way around that?
-
HTTPS ans SSL with CSS (No SSL Module)
Hi,
My customers have two server and need to load balance.
These servers initiate SSL.
and VIP address is :
https://erpappl.erp.mis.blabla.tgc:8005
My CSS has no ssl module. An dconfiguration is:
service venice
ip address 10.200.104.32
protocol tcp
port 8005
keepalive type tcp
keepalive port 8005
redundant-index 120
active
service calgary
ip address 10.200.104.33
protocol tcp
port 8005
keepalive type tcp
keepalive port 8005
redundant-index 121
active
owner ERPAPPL
content erpapp_test
add service venice
add service calgary
redundant-index 60
vip address 10.200.104.28
protocol tcp
port 8005
url "/*"
arrowpoint-cookie expiration 00:00:03:00
advanced-balance arrowpoint-cookie
application ssl
active
After this configuration I cannot reach the URL shown above.
Can you help me?if this is encrypted traffic [HTTPS] the CSS can't see the content of the packet.
So the CSS can't see the url [-> so the command url "/*" is incorrtect and should be removed] and the CSS can't see cookies [so the arrowpoint-cookie command is wrong and should be removed].
If we sell an SSL module, there is a reason :-)
The only sticky option you can use are :
- sticky based on srcip
- sticky on sslid
The first option [srcip] has a problem with mega proxy [many users being nated with the same ip] and the 2nd option has the problem that it only works with SSLV2 and that some browsers do not use the sslid.
Gilles. -
What is the 'application ssl' do? I can set protocol tcp and port 443 and everything seems to work fine. Does it have to work with 'advanced-balance ssl' too?
Thanks.
BradThe "advanced-balance ssl" command is actually the command that initiates sticking on the SSL session ID. The "application ssl" tells the CSS that it needs to look at the appropriate offset in the packet for the SSL session id. Remember that this is post handshake so the url "/*" command has to be used to bump the rule up to an L5 rule.
-
Enbaling SSL with my remote server
Hi All,
I have successfully configured one-way SSL with my normal web application on weblogic server. I am now working on creating a webservice to query with a database server. I would like to know what is the best way to establish SSL between my web service and the remote databaserver.
Environment:
Creating a composite application(SOA) using JDeveloper. Only one of the webservice is querying with the database. This communication needs to be secure, so need to establish SSL.
SOA Suite 11g
Scenario:
Webservice-> SSL -> Database server(remote)
Thanks in advance
/Shashi
Edited by: Shashi_sr on Aug 30, 2010 7:50 AMCopy the services-config.xml (and friends) to your local project.
The compiler switch does not support URLs.
Tom -
APEX application problem with Apple's Safari browser
Hello Everyone,
I'm working on Apple Safari (version 4.0.5) with Oracle APEX 4.0, the APEX development environment is working fine, but when we try to run our application, after login, while switching tabs, our application hangs with the following URI in the browser
xxx.xxx.x.xxx/apex/wwv_flow.accept
and page is rendered blank, even the page source view is blank.
Our page also carry some JQuery related code functionality, along with regular HTML and Stylesheet.
No idea what is causing this behavior?
Our application is running smooth with browsers like IE, FF, Opera.
Sample applications provided in-bundled with APEX 4.0, are running good on Safari as well.
So kindly suggest, what could be the possible reason behind this?
Regards,
KrishnaHi Patrick,
Yes, I'm using my own custom made theme also involved JQuery javascripts & functionality on apex pages.
I'm using Safari 4.0.5, didnt checked with the latest version yet.
Yes I've tried it on Google Chrome, its working fine, except with the already know issue, that on each page's post-back, chrome prompts for the XDB Username and Password, which is also a very major issue with my application.
I've gone through various threads from OTN to look out for the possible fix to this issue, but not helpful so far. Have tried few alternatives suggested on OTN, after which landed up in more complex issues causing my application to prompt XDB credentials on all the browsers. Now some how have brought the application back to the previous state, with the help of OTN indeed. Presently my application execute fine with IE, FF & Opera, except Safari & Chrome (XDB credentials prompt).
It would be really not an easy task for me to replicate the same scenario on apex.oracle.com, because it involves various database tables too.
I'm wondering, you asked me the 'theme' subject for the issue, kindly would you please educate me more, how themes can cause an improper functionality on Safari and not in rest of the browsers?
Thank you so much Patrick, I'm partially relieved knowing that you responded me. Great pleasure learning from you.
Regards,
Krishna -
Customer line items with balance carry forward no opening balance
Hello FI Experts,
We have ticket where the user is using a Z* Report for Customer line items with balance carry forward. In 31.01.2007 user has posted some legacy data, latter he was executing this Z* report then user can see the values posted on the same day (31.01.2007) as line items. But he was executing the report on 01.02.2007 then he was not able to see the line item as well as the values posted on 31.01.2007 as opening balance as on 01.02.2007. But if we run the report as on 01.01.2008 then we are able to see the values which are carry forwarded as opening balances. Did anyone have worked on this type of scenario?
Requirement Here Is: The values that have been posted on 31.03.2007 which are still open line items should get displayed as opening balance as on 01.02.2007.
Thanks for helping on this issue.Hi,
Any report will get data from Tables. Please check whether the table you have used to develop this report has opening balance.
Balance will be carry forwarded only when you run the balance carry forward program. Check whether this was run for the date you have specified. This can be done in the year end.
If you are checking in the middle of the year, then the balance will not be carry forwarded.
Regards,
B. Radhika. -
JavaMail application hanged with no error throwed at Transport.send
JavaMail application hanged with no error throwed at Transport.send,even though I set the timeout property
import java.util.Date;
import java.util.Properties;
import javax.mail.Authenticator;
import javax.mail.Message;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import javax.mail.internet.MimeUtility;
public class tt {
static Properties props=null;
static boolean needAuth=true;
static MailAuthenticator authenticator = null;
static String host="host";
static String account="account";
static String password="pwd";
static String sender="sender";
* @param args
* @throws Exception
public static void main(String[] args) throws Exception{
if (props == null) {
props = new Properties();
props.put("mail.smtp.host", host);
props.put("mail.smtp.timeout ", "1000");
props.put("mail.smtp.connectiontimeout ", "1000");
// props.put("mail.debug", "true");
props.put("mail.smtp.auth", String.valueOf(needAuth));
authenticator = new MailAuthenticator(account, password);
MailData mailData = new MailData();
mailData.setSubject("altireport mail configuration");
mailData.setContent("mail server has been configured successfully.");
mailData.setRecipients(new String[]{"[email protected]"});
final Session session = Session.getInstance(props, authenticator);
final MimeMessage msg = new MimeMessage(session);
InternetAddress from = new InternetAddress(sender);
msg.setFrom(from);
// msg.setSender(from);
final InternetAddress[] addressTo = new InternetAddress[mailData.getRecipients().length];
for (int i = 0; i < mailData.getRecipients().length; i++) {
addressTo[i] = new InternetAddress(mailData.getRecipients());
msg.addRecipients(Message.RecipientType.TO, addressTo);
//msg.setSubject(mailData.getSubject());
msg.setSubject(MimeUtility.encodeText(mailData.getSubject(), "UTF-8", "B"));
MimeBodyPart bodyPart1 = new MimeBodyPart();
bodyPart1.setContent(mailData.getContent(), "text/plain; charset=UTF-8");
MimeMultipart multipart = new MimeMultipart();
multipart.addBodyPart(bodyPart1);
msg.setContent(multipart);
msg.setSentDate(new Date());
// msg.saveChanges();
for(int i=0;i<10;i++){
new Thread(new Runnable(){
public void run() {
try {
System.out.println("send...");
Transport.send(msg);
} catch (Exception e) {
e.printStackTrace(System.out);
System.out.println("end!");
}).start();
class MailData {
private String[] recipients = null;
private String subject = null;
private String content = null;
private String attachment = null;
private String attachmentName = null;
* @return the attachment
public String getAttachment() {
return attachment;
* @param attachment the attachment to set
public void setAttachment(String attachment) {
this.attachment = attachment;
* @return the content
public String getContent() {
return content;
* @param content the content to set
public void setContent(String content) {
this.content = content;
* @return the recipients
public String[] getRecipients() {
return recipients;
* @param recipients the recipients to set
public void setRecipients(String[] recipients) {
this.recipients = recipients;
* @return the subject
public String getSubject() {
return subject;
* @param subject the subject to set
public void setSubject(String subject) {
this.subject = subject;
* @return the attachmentName
public String getAttachmentName()
return attachmentName;
* @param attachmentName the attachmentName to set
public void setAttachmentName(String attachmentName)
this.attachmentName = attachmentName;
class MailAuthenticator extends Authenticator {
private PasswordAuthentication authentication;
public MailAuthenticator(String account, String password) {
authentication = new PasswordAuthentication(account, password);
protected PasswordAuthentication getPasswordAuthentication() {
return authentication;
I have tried use session to get a SMTPTransport instance to use sendMessage ,but still have the same problem.No exception ,No error.
This problem doesn't appear always. It appears sometimes.
I hope get help for someone who has the solution for this problem.
Thanks in advanced.Ok, I think I see the problem:
props.put("mail.smtp.timeout ", "1000");
props.put("mail.smtp.connectiontimeout ", "1000");
Why do you have spaces at the end of the property names?
Those spaces are not being ignored, which means you've
set the wrong properties. -
App-V 5 SP2 (RDS) application integration with multiple office versions - general question
So I have been testing Office 2013 with app-V 5 SP2 and the package size is a hefty 1+GB with Visio and Project thrown in and I am not convinced by the speed and efficiency of delivering office 2013 this way (shared content mode) so I am thinking of
pre-installing Office 2013 on my XenApp servers instead.
However, we have some applications that integrate with office 2007 as they are not yet certified with Office 2013. Am I right in thinking that if I package Office 2007 and add it to a connection group with the other application, then that app will use Office
2007 regardless of Office 2013 being installed on the local OS?
ThanksHello,
This depends on how it technically integrates with Office 2007. Without knowing, or testing, how that is done it is not possible to state which version will be used.
See this general article on howto nativelly install and use multiple versions of Office;
http://support.microsoft.com/kb/290576/en-us
I suggest you test your scenario and try to understand how your specific application interacts with Office.
Nicke Källén | The Knack| Twitter:
@Znackattack -
Error after deploying a JSP Application developed with jdeveloper
Hi there
Running Oracle Enterpride Edition 8.1.7
including Oracle Http webserver
I'm trying to run a JSP application developed with Jdeveloper
through the oracle http server included in
Oracle Enterpride Edition 8.1.7
Think I have modified alle the .conf files correctly
I get the message :
"Error Message: java.lang.RuntimeException: JSP Registry could not locate runtime property file:ORDERS_ORDERS_PKG_ORDERS_PKGModule.properties"
Of course I know ,this file should be deployed as well. I have done this.
Any ideas what's wrong ?
Or can anyone point me to a (proper) document that decribes (correctly and completely) alle the steps that need to be done ?
Many Thanxs
Regards TJ
nullYep, I had the same problem deploying from JDeveloper 9.3.1, followed:
http://www.oracle.com/technology/products/jdev/howtos/10g/adf_runtime_update_howto.html
and it works! thanks for the clue! (now I only have to find out what ADF is now!)
Carlos. -
"You cannot use this version of the application Mail with this version...
I recently needed to replace my hard drive and now when I try to open the Mail application I get the following message: "You cannot use this version of the application Mail with this version of Mac OS X."
Any help is appreciated.ANSWERING MY OWN POST:
I have tried reinstalling Mail from my Snow Leopard upgrade disk directly and tried it using Pacifist. Neither worked because both simply reinstalled version 4.0. Fortunately, I have a MacBook Pro and it has version 4.1. I copied this directly, which was not ideal (it was quite confused about my mailboxes), but it worked.
The problem is that +Software Update+ did not detect the old version of Mail and Apple does not provide a direct way (that I could find) of downloading the latest version. Each time I downloaded Mail from Apple, it was version 4.0. -
FIle Creation in the Application Server With Unicode-8 and Byte-Order Mark
Hi Guys,
I've requirement of creating a file in the Application server with the Data.
The Data Format Should be in UTF-8 and Byte-Order Mark.
I need to supply this data from SAP to PRMS.
I'm able to create a file with Unicode, but any of the guys have worked on Umicode with Byte-Order Mark, please let me know.
Thanks,
Adi.Hi Mathieu,
If you haven't found an aswer yet, you can check in transaction SE24 CL_ABAP_FILE_UTILITIES method CREATE_UTF8_FILE_WITH_BOM. You can check the code of the method (it's very short) so you can understand how it works. It's also a static method so you can call it directly in your program.
Ex:
CALL METHOD cl_abap_file_utilities=>create_utf8_file_with_bom(your_file_name).
I hope this helps.
Pax Vobiscum.
~ Eric
Maybe you are looking for
-
[solved]Different Screen Resolution for different Users[/solved]
hello i'm running kdemod i'd like to set up an account for my mum she prefers a resolution of 800X600 whereas i like 1024X768 my xorg.conf is set up like Section "Screen" Identifier "Screen0" Device "Videocard0" Monitor "Monitor0" DefaultDepth 24 Opt
-
Hey guys, I've found myself in a bit of a quandary. A client wanted me to design a responsive (Though he didn't know that was the word at the time) website for his new restaurant. He wanted the user to be able to do things such as order their food on
-
Inactive sessions of oracle consume resources?
We Red Hat and Data Base Oracle 10g. Gracias y saludos.
-
System Preferences Keychain to provide access strange name
Today my mac started displaying foreign characters when these access pop ups come up. Does anyone have any idea how this happened or how to fix it? Any help would would appreciated. Thanks
-
AD binding lost after reboot 10.5.8
Hi All, i'm running multiple machines on a cross platform network, a few machines i have noticed after a reboot will not be bound to AD. They have full connectivity to it and when i log in as the local admin acocunt i am able to rebind it but it will