ASA UC proxy Failover Solution

Hi,
I have two ISP's at my disposal, one of the ASA is utilized as UC proxy and people from internet directly access call manager through the same..
The UC proxy in ASA is configured with one of ISP's IP address block.
In case ISP connected to ASA is down, the Unified communication services through internet fails..
Request you to help me i providing solution for UC Proxy failover solution..
Regards

My configuration is given below ........please see it
tls-proxy ASA-tls-proxy
server trust-point _internal_PP_ctl_phoneproxy_file
ctl-file ctl_phoneproxy_file
                record-entry capf trustpoint capf_trustpoint address 220.227.14.x
                record-entry cucm-tftp trustpoint phoneproxy_trustpoint address 220.227.14.X
                 no shutdown
                media-termination my
                 address 10.60.1.92 interface lan
                address 220.227.14.x interface wan
               phone-proxy ASA-phone-proxy
                media-termination my
                tftp-server address 10.60.1.151 interface lan
                 tls-proxy ASA-tls-proxy
               ctl-file ctl_phoneproxy_file
                 no disable service-settings
if for soft phone there is some changes required then please share it . And also share the port ,,which should be opened for softphone communication

Similar Messages

Manual failover solution for a custom proxy service that should be deployed

I am looking for a manual failover solution for a custom proxy service that should be deployed on a cluster as a pinned service (requests have to be executed one after the other). The constraints I am encountering are:
a) Proxy service are deployed to all cluster's members by default.
b) Configuration of proxy services to cope with migration of JMS ressources.
Any idea?
Thanks in advance for your support
Fred

hi leroy,
this is the OracleAS Portal Content Management forum. Please post your question in the Database forum
General Database Discussions
thanks,
christian

Cisco ASA Active standby failover problem

We have configured ASA Active standby failover with ASA5505 . When primary unit power off, secondary unit became active. when primary unit power on, then primary unit is becoming active again. i think for active standby setup there is no preemption. The real issue is when primary ASA became active after power on all the external connectivity getting down. Please see the below config,
ASA01# show run
ASA01# show running-config
: Saved
ASA Version 8.2(5)
hostname ASA01
enable password PVSASRJovmamnVkD encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.1.1 MPLS_Router description MPLS_Router
name 192.168.2.1 SCADA_Router description SCADA_Router
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 2
interface Ethernet0/3
interface Ethernet0/4
switchport access vlan 3
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.3.8 255.255.255.0 standby 192.168.3.9
interface Vlan2
nameif outside
security-level 0
ip address 192.168.1.8 255.255.255.0 standby 192.168.1.9
interface Vlan3
description LAN Failover Interface
ftp mode passive
clock timezone AST 3
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit ip any host MPLS_Router
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any 192.168.2.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
failover
failover lan unit primary
failover lan interface FAILOVER Vlan3
failover key *****
failover interface ip FAILOVER 10.1.1.1 255.255.255.0 standby 10.1.1.2
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route-map Route_Out permit 1
match ip address inside_access_in outside_access_in
match interface inside
route outside 0.0.0.0 0.0.0.0 MPLS_Router 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.2.0 255.255.255.0 inside
http authentication-certificate inside
http authentication-certificate outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 192.168.2.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 outside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password eY/fQXw7Ure8Qrz7 encrypted
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1a8e46a787aa78502ffd881ab62d1c31
: end

I suggest removing the failover configuration on both units and then re-add them, and then test.
Primary
failover lan interface FAILOVER Vlan3
failover interface ip FAILOVER 10.1.1.1 255.255.255.0 standby 10.1.1.2
failover lan unit primary
failover key KEY
failover
Secondary
failover lan interface FAILOVER Vlan3
failover interface ip FAILOVER 10.1.1.1 255.255.255.0 standby 10.1.1.2
failover lan unit secondary
failover key KEY
failover
Please remember to select a correct answer and rate helpful posts

IChat Load Balancing or failover solution?

Hello, I am working a plan to develop a iChat server. I think a Mac Mini would be a good start for a group of 50 users. The users are all over the country and my role is to unite them all in a iChat domain. I thought about building two Mac Mini servers and have them run a same domain where all users are registered in. So, we would not be impacted when one of them goes down.
Anyway, the question is how can I have a load balancing or failover solution for the iChat domain?

On the issue of load balancing, whilst I don't have any experience with macMini's, you will not need to worry about load balancing with 50 users. I'm sure you can probably put a few naughts on the end of that before you need to worry.
The design you are proposing will not work for iChat services / and for that matter most of Apple server services. For high availability services (e.g. transparent failover) I think you are going to struggle to get this working and it 'seems' Apple no longer offers guidance on this subject on 10.6.x.
You will increase availability by using an Xserve with dual PSUs and raid disks. If you are only running high availability ichat services, I would buy a pair of second hand xserves with 10.5 OS and set the ipfailover services running. Personally I would buy one and a service kit and not bother with HA - as you will find the servers are very reliable.
If you have to use mini's then just have one live and keep a near constant clone of it on another ready to manually swap out if you have a hardware failure.
Your proposed design will not work without a lot of effort non of which is supported by Apple - although it would be rewarding if you did get it working. You cannot have server to server traffic for the same domain as all your application data needs to be stored centrally. OD only provides services for authentication. The ichat server also has its own data store and this is not distributed nor can it be. It is possible to move the data store over to say an enterprise version of mysql and have that distributed.

ASA auth-proxy timeout

Hi, everyone
I have a puzzle with ASA auth-proxy authentication timeout. I want to achieve the inactivity timeout, that is, when there are some traffic btw client and host through ASA after user authenticated, cache timeout timer don't work. When traffic is end, cache timeout timer work again.
but when I configurate the ASA 7.0, I found if I have configurate the ASA timeout timer as absolute with the following command:
timeout uauth 0:05:00 absolute
I cannot change the timer to inactivity,
but can changed to as below
timeout uauth 0:05:00 absolute uauth 0:05:00 inactivity
what is its meaning?
and can user authentication timer change to inactivity?
very thanks

Use the timeout uauth absolute & inactivity values locally.
Try the bug CSCsg52108
http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/t_711.html#wp1318629

Active/passive failover solution using Oracle 10gR2

Hi,
We have 2 windows 2003 servers clustered together using Microsoft Clustering Services.
ORACLE_HOME on D: drive on both servers
Data drive (P:) will be failing across to each server.
I want to implement an active/passive failover solution using Oracle 10gR2.
One option is to use Oracle Failsafe,
But Are there any best practice for Failsafe which we is more reliable?
Thanks

More inof here:
http://www.oracle.com/technology/tech/windows/failsafe/index.html

BGP + HSRP Active Passive failover solution

Hi all,
I would like to know how to configure an Active Passive failover solution using BGP + HSRP(with ip sla to track line up/down) in 2x Cisco CPE.
For example the IP assignment as below:
Primary Router:-
WAN IP: 10.10.10.2/30; GW: 10.10.10.1/30
LAN IP(Primary): 172.16.1.1/24
LAN IP(Secondary): 12.12.12.1/24
HSRP Virtual IP: 172.16.1.3
Backup Router:-
WAN IP: 10.10.10.6/30; GW: 10.10.10.5/30
LAN IP(Primary): 172.16.1.2/24
LAN IP(Secondary): 12.12.12.2/24
HSRP Virtual IP: 172.16.1.3
BGP info:
AS No: 12345
Remote-AS: 67890
Password: abcde
There will be an unmanaged switch connect to these 2 routers LAN interface and my PC will connect to this switch to perform failover test.
Appreciate if anyone can share his/her knowledge and guide me on this.
Let me know if the details above is insufficient.
Thanks.
CS

Hi,
As per my understaing few things are missing here:
First you mentioned only 1 virtual IP here from primary LAN Subnet, what about secondary LAN Subnet?
Secondly, you need to advertise something ( atlest 1 subnet) to BGP, that will show in remote side routing table.
1 IP SLA and 1 tracking object should be configure also.
Thanks,
SAP

AMS on AWS - Failover Solution

Hi everyone, I would like to know what kind of failover solution Adobe provides por its AMS instances on Amazon Web Services, ie., round-robin for maximum connections limit on RTMFP (currently 100 on large-type instances), or even in more complicated scenarios, like server disruption.
Any kind of help would be kindly appreciated.

You can purchase an Adobe Media Server license and run the product on a CentOS AMI. This is similar to running the server on a CentOS Server on your premises.
AWS does not charges when instances are shut down.
Could you suggest why you would not use the AMS AMI available on AWS ? It comes with two default EBS Volumes. You can configure them to persist even after the instance is shut down. By default, the primary EBS volume which has AMI related data is terminated . But the secondary EBS volume that has video archives or other video streaming data is persisted.

ASA 5505 ISP Failover (PPPoE/DHCP)

Hello,
I have 2 WAN uplinks:
The primary is VDSL (PPPoE) - very fast, and I have a static IP + /29 subnet 'assigned' to me.
The secondary is DSL (DHCP) - slower
What I'm trying to do is setup ISP failover on my ASA 5505 with security plus licence... and the way I have it currently setup 'half-works'. If the primary goes down - the primary route is removed from the routing table and the secondary route is 'inserted'. I have the NATs setup so I have internet access and all seems well. The problem however is when the primary ISP comes online again, the ASA doesn't switch back over. It maintains the backup route until I manually switch it (by temporarily disabling the backup ISP switch port).
This is what I did to configure it:
config t
sla monitor 10
type echo protocol ipicmpecho x.x.x.x interface outside-primary
frequency 5
exit
sla monitor schedule 10 life forever start-time now
track 1 rtr 10 reachability
route outside-primary 0 0 x.x.x.x 1 track 1
route outside-backup 0 0 y.y.y.y 2
nat (inside,outside-primary) after-auto source dynamic any interface
nat (inside,outside-backup) after-auto source dynamic any interface
Have I missed anything? Is there a better way to set this up? I noticed in the ADSM if you edit an interface there seems to be the ability to set tracker IDs, SLA IDs, etc - but couldn't really find anything on google that helped.
Any assistance would be greatly appreciated.
Thanks!
Robert

Hi Robert,
you need this command:
no ip verify reverse-path interface outside_primary
Problem:
SLA monitoring does not work after the ASA is upgrade to version 8.0.
Solution:
The problem is possibly be due to the IP Reverse-Path command configured in the OUTSIDE interface. Remove the command in ASA and try to check the SLA Monitoring.
For reference:
http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/70559-pix-dual-isp.html
https://supportforums.cisco.com/blog/150001
HTH
"Plz don't forget to choose correct answer and rate help full answer "

Best practice for ASA Active/Standby failover

Hi,
I have configured a pair of Cisco ASA in Active/ Standby mode (see attached). What can be done to allow traffic to go from R1 to R2 via ASA2 when ASA1 inside or outside interface is down?
Currently this happens only when ASA1 is down (shutdown). Is there any recommended best practice for such network redundancy? Thanks in advanced!

Hi Vibhor,
I test ping from R1 to R2 and ping drop when I shutdown either inside (g1) or outside (g0) interface of the Active ASA. Below is the ASA 'show' failover' and 'show run',
ASSA1# conf t
ASSA1(config)# int g1
ASSA1(config-if)# shut
ASSA1(config-if)# show failover
Failover On
Failover unit Primary
Failover LAN Interface: FAILOVER GigabitEthernet2 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 60 maximum
Version: Ours 8.4(2), Mate 8.4(2)
Last Failover at: 14:20:00 SGT Nov 18 2014
This host: Primary - Active
Active time: 7862 (sec)
Interface outside (100.100.100.1): Normal (Monitored)
Interface inside (192.168.1.1): Link Down (Monitored)
Interface mgmt (10.101.50.100): Normal (Waiting)
Other host: Secondary - Standby Ready
Active time: 0 (sec)
Interface outside (100.100.100.2): Normal (Monitored)
Interface inside (192.168.1.2): Link Down (Monitored)
Interface mgmt (0.0.0.0): Normal (Waiting)
Stateful Failover Logical Update Statistics
Link : FAILOVER GigabitEthernet2 (up)
Stateful Obj xmit xerr rcv rerr
General 1053 0 1045 0
sys cmd 1045 0 1045 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 2 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
Route Session 5 0 0 0
User-Identity 1 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 9 1045
Xmit Q: 0 30 10226
ASSA1(config-if)#
ASSA1# sh run
: Saved
ASA Version 8.4(2)
hostname ASSA1
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface GigabitEthernet0
nameif outside
security-level 0
ip address 100.100.100.1 255.255.255.0 standby 100.100.100.2
ospf message-digest-key 20 md5 *****
ospf authentication message-digest
interface GigabitEthernet1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
ospf message-digest-key 20 md5 *****
ospf authentication message-digest
interface GigabitEthernet2
description LAN/STATE Failover Interface
interface GigabitEthernet3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet4
nameif mgmt
security-level 0
ip address 10.101.50.100 255.255.255.0
interface GigabitEthernet5
shutdown
no nameif
no security-level
no ip address
ftp mode passive
clock timezone SGT 8
access-list OUTSIDE_ACCESS_IN extended permit icmp any any
pager lines 24
logging timestamp
logging console debugging
logging monitor debugging
mtu outside 1500
mtu inside 1500
mtu mgmt 1500
failover
failover lan unit primary
failover lan interface FAILOVER GigabitEthernet2
failover link FAILOVER GigabitEthernet2
failover interface ip FAILOVER 192.168.99.1 255.255.255.0 standby 192.168.99.2
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-715-100.bin
no asdm history enable
arp timeout 14400
access-group OUTSIDE_ACCESS_IN in interface outside
router ospf 10
network 100.100.100.0 255.255.255.0 area 1
network 192.168.1.0 255.255.255.0 area 0
area 0 authentication message-digest
area 1 authentication message-digest
log-adj-changes
default-information originate always
route outside 0.0.0.0 0.0.0.0 100.100.100.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.101.50.0 255.255.255.0 mgmt
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 10.101.50.0 255.255.255.0 mgmt
ssh timeout 5
console timeout 0
tls-proxy maximum-session 10000
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username cisco password 3USUcOPFUiMCO4Jk encrypted
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
crashinfo save disable
Cryptochecksum:fafd8a885033aeac12a2f682260f57e9
: end
ASSA1#

Help needed in ASA 5540 Cluster/Failover setup

Hello expert,
                    Currently we have two asa in our Datacenter setup as a Active/Standby failover setup and tested ie failover is working,(if one FW goes down), but what if a the uplink switches/links or backend switches go down, how does the active fw knows to failover ?
Current setup
          |                                        |
    ___|___                              __|___
---| SW 1 |------------------------ | Sw2   |
          |                                        |
    ___|___                              __|___
---| FW 1 |------------------------ | FW-2 |
          |                                        |
    ___|___                              __|___
---| SW 1 |------------------------ | Sw2   |
In the above figure, FW1 is active and I have powerd off the uplink SW1, but the FW2 did not take over, and the same for backend switches, So how do I configure my FW's so that any of the uplink or back end switches go down, the Active should give its role to standby to forward the traffice from a different switch ie sw2 in case sw1 goes down.
Or Is there any mechanisim where I can monitor the interfaces ie uplinks or back end links etc ?
Your help is appreciated.
Regards

It seems that you have LAN link directly connected between the boxes, so the unit will determine that Primary/Active has interfaces that are inactive and failover. You should read:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml
This link gives you the failover triggers and failover actions.

IE 9.0 proxy failover not working correctly - Is there a bug fix or IE setting to correct this behavior

I am testing proxy pac file failover using IE 9.0.8112 and testing three choices using an automatic configuration file. I shut down the first proxy to test the fail over to the second. Firefox 20.0.1 and chrome work correctly, but IE 9.0 does
not. My snip-it is as follows:
return "PROXY 192.168.11.12:8080; PROXY 192.168.11.195:8080; DIRECT";
With ie8, firefox and chrome the fail over to the next proxy entry during a PROXY 192.168.11.12 fail over works correct and as follows:
Proxy 192.168.11.12 times out after about 25-30 seconds and then proxy 192.168.11.195 is attempted and the web page is displayed.
Then all url lookups after this time are made through proxy 192.168.11.195 and are quick. This is how proxy fail over should work.
When I test with ie9 it works as follows:
Proxy 192.168.11.12 times out after about 25-30 seconds and then proxy 192.168.11.195 is attempted and the web page is displayed.
Then all following url lookups take 30 -45 seconds because it always tries the first PROXY 192.168.11.12 first before attempting proxy 192.168.11.195
because it does not remember first Proxy 192.168.11.12 is not available.
Is there a setting or bug opened on this behavior????

Not to be pedantic, but the proxy.pac file is JavaScript... :)
You might be experiencing an issue with IE's automatic proxy caching, described here: http://support.microsoft.com/kb/271361 . Basically, the choice of which proxy to use is decided once per requested host, and the decision is cached. So, if you
are testing failover by accessing resources on the same host before and after shutting off the first proxy, IE will still insist on using that proxy address for subsequent requests. If you test a second host and get a more timely response, then I would say
this is what you are seeing.
You can experimentally disable this feature by setting...
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"EnableAutoProxyResultCache"=dword:00000000"
...in the registry for your test user. I imagine a reboot will be required.

How to easily bring Cisco ASA back into failover.

We had two asa's that were never upgraded so I decided to upgrade them. However the failover was never turned off. If I copy the config off the one asa to the other and bring both back online will this take care of the issue or will I need to re-do the config on both the the primary unit and the secondary unit?

Hello,
1) First thing is to keep up to date with the Cisco vulnerabilities announcements to check whether your box is not compliant, etc.
Use Scanning tools like NMAP,ZEN-MAP, Veracode, etc.
Use Dictionary attacks to determie whether you can hack into the Device.
Etc,etc.
2) To audit the ASA well
Check the ACLs (make sure they are as specific as possible) Show run access-list
Make sure a failover cluster is in place (show failover)
Make sure traffic not desired is denied (packet-tracer tool)
Make sure you are sending logs to a syslog server for further audit stuff.( show run logging)
Check the Authentication ,Authorization and Accounting variables (show run aaa)
Etc
3) Change the ACLs to satisfy your needs. Being more specific is always more secure.
access-list outside_inside permit tcp any host 4.2.2.2
to
access-list outside_inside permit tcp any host 4.2.2.2 eq 80 (In the case of a HTTP server)
4) Always check release-notes and Cisco vulnerabilities announcements
Looking for some Networking Assistance?
Contact me directly at [email protected]
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com

ASA Active/Active Failover with Redundant Guest Anchors

Does anyone know how an ASA and a guest anchor 5508 will interact if I setup an Active/Active failover pair with physical interface redundancy? I see from documentation that I can create a logical group in the ASA to bond physical interfaces together, but it doesn't describe what protocol is being used to manage that bundle. Do I assume etherchannel? If I were to create this scenario, can I run the 5508 in LAG mode?
The current failover configuration example is for PIX, and old code at that. I'm referencing an ASA/PIX guide ISBN:1-58705-819-7 beginning on page 531.
Regards,
Scott

In addition to what you have, you should add to each unit the global configuration command "failover".
We generally don't manually configure the MAC addresses in single context mode since the ASA ill automatically assign virtual MAC addresses and manage their moving to the newly active unit in the event of a failover event. Reference.

Automatic Proxy Failover for Extend Client Connections

Hi
I looked at the documentation but this is a still unclear to me. We have a C++ application doing continuous puts/putAlls on a Coherence cluster through a set of storage disabled Proxy nodes. (I am guessing this is referred to as 'active' client?)
Clients:
Multiple C++ processes doing puts and putAlls via multiple proxy nodes
Proxies:
6 nodes acting purely as proxies without storage
Servers:
6 Storage nodes
Each client has the addresses of all proxy nodes and ports. We are running a failover test where we kill a proxy node and see if the client fails over to next proxy that is alive. From what we see, this is not happening. Can someone explain what happens when a proxy server fails? I read in one of the forum responses that
"For active client, when a request to proxy failed, the client will automatically connect to the next proxy server. But the reconnection only occurs the next request to proxy. It’s up to the client to retry the failed request."
What does "retry the failed request" mean? - Is it - retry the PUT or PUTALL() that failed or retry getting the instance of the cache in C++ once I catch the socket failure exception in my code?
Any pseudo code you can furnish would be very helpful
Thank you
Sairam

As soon as we kill the proxy server that the client is connected to, we are getting the following socket disconnect exception, although other proxy nodes are up and running. What am I missing?
terminate called after throwing an instance of 'coherence::lang::throwable_spec<coherence::net::messaging::ConnectionException, coherence::lang::extends<coherence::io::pof::PortableException, std::runtime_error>, coherence::lang::implements<void, void, void, void, void, void, void, void, void, void, void, void, void, void, void, void>, coherence::lang::throwable_spec<coherence::io::pof::PortableException, coherence::lang::extends<coherence::lang::RuntimeException, std::runtime_error>, coherence::lang::implements<coherence::io::pof::PortableObject, void, void, void, void, void, void, void, void, void, void, void, void, void, void, void>, coherence::lang::throwable_spec<coherence::lang::RuntimeException, coherence::lang::extends<coherence::lang::Exception, std::runtime_error>, coherence::lang::implements<void, void, void, void, void, void, void, void, void, void, void, void, void, void, void, void>, coherence::lang::throwable_spec<coherence::lang::Exception, coherence::lang::extends<coherence::lang::Object, std::exception>, coherence::lang::implements<void, void, void, void, void, void, void, void, void, void, void, void, void, void, void, void>, coherence::lang::TypedHandle<coherence::lang::Object const> >::hierarchy>::hierarchy>::hierarchy>::bridge'
what(): coherence::net::messaging::ConnectionException: coherence::component::util::TcpInitiator::TcpConnection@0xf511730{Id=0x0000012D76A6F7DB0A9869A922AC93E0ABB1489FC9E126BAC29CF570C15A218E, Open=1, LocalAddress=NULL, RemoteAddress=PosixRawSocketAddress[family=2]}: socket disconnect
    at virtual coherence::lang::TypedHandle<coherence::net::messaging::Response> coherence::component::net::extend::AbstractPofRequest::Status::getResponse()(AbstractPofRequest.cpp:189)
    at coherence::component::net::extend::AbstractPofRequest::Status::getResponse()
    at coherence::component::net::extend::AbstractPofRequest::Status::waitForResponse(long)
    at coherence::component::net::extend::PofChannel::request(coherence::lang::TypedHandle<coherence::net::messaging::Request>, long)
    at coherence::component::net::extend::PofChannel::request(coherence::lang::TypedHandle<coherence::net::messaging::Request>)
    at coherence::component::net::extend::RemoteNamedCache::BinaryCache::put(coherence::lang::TypedHandle<coherence::lang::Object const>, coherence::lang::TypedHolder<coherence::lang::Object>, long, bool)
    at coherence::component::net::extend::RemoteNamedCache::BinaryCache::put(coherence::lang::TypedHandle<coherence::lang::Object const>, coherence::lang::TypedHolder<coherence::lang::Object>)
    at coherence::util::WrapperCollections::AbstractWrapperMap::put(coherence::lang::TypedHandle<coherence::lang::Object const>, coherence::lang::TypedHolder<coherence::lang::Object>)
    at coherence::util::ConverterCollections::ConverterMap::put(coherence::lang::TypedHandle<coherence::lang::Object const>, coherence::lang::TypedHolder<coherence::lang::Object>)
    at coherence::component::net::extend::RemoteNamedCache::put(coherence::lang::TypedHandle<coherence::lang::Object const>, coherence::lang::TypedHolder<coherence::lang::Object>)
    at coherence::component::util::SafeNamedCache::put(coherence::lang::TypedHandle<coherence::lang::Object const>, coherence::lang::TypedHolder<coherence::lang::Object>)
    at CoherenceCache::insertData(std::string const&, std::string const&, std::string const&, unsigned long)
    at SessionManager::executeCacheOperation(int, std::string const&, std::string const&)
    at KeyPublisher::publishCycle()
    at VECLFunctor<KeyPublisher>::operator()()
    at VEThread::_run(void*)
    <stack frame symbol unavailable>
    on thread "Thread-1"
Caused by: coherence::io::IOException: socket disconnect
    at virtual coherence::lang::size32_t coherence::net::Socket::readInternal(coherence::lang::octet_t*, coherence::lang::size32_t)(Socket.cpp:333)
    at coherence::net::Socket::readInternal(unsigned char*, unsigned int)
    at coherence::net::Socket::SocketInput::read(coherence::lang::SubscriptHandle<coherence::lang::Array<unsigned char>, unsigned char, unsigned int>, unsigned int, unsigned int)
    at coherence::io::BufferedInputStream::fillBuffer()
    at coherence::io::BufferedInputStream::read()
    at coherence::component::util::TcpInitiator::readMessageLength(coherence::lang::TypedHandle<coherence::io::InputStream>)
    at coherence::component::util::TcpInitiator::TcpConnection::TcpReader::onNotify()
    at coherence::component::util::Daemon::run()
    at coherence::lang::Thread::run()
    on thread "ExtendTcpCacheService:coherence::component::util::TcpInitiator:coherence::component::util::TcpInitiator::TcpConnection::TcpReader"See below our proxy and client configs
Client:
<remote-cache-scheme>
      <scheme-name>extend-dist</scheme-name>
      <service-name>ExtendTcpCacheService</service-name>
      <initiator-config>
        <tcp-initiator>
          <remote-addresses>
            <socket-address>
              <address system-property="tangosol.coherence.proxy.address">10.152.105.169</address>
              <port system-property="tangosol.coherence.proxy.port">9099</port>
            </socket-address>
          </remote-addresses>
         <remote-addresses>
            <socket-address>
              <address system-property="tangosol.coherence.proxy.address">10.152.105.171</address>
              <port system-property="tangosol.coherence.proxy.port">9099</port>
            </socket-address>
          </remote-addresses>
         <remote-addresses>
            <socket-address>
              <address system-property="tangosol.coherence.proxy.address">10.152.105.170</address>
              <port system-property="tangosol.coherence.proxy.port">9099</port>
            </socket-address>
          </remote-addresses>
         <remote-addresses>
            <socket-address>
              <address system-property="tangosol.coherence.proxy.address">10.152.105.172</address>
              <port system-property="tangosol.coherence.proxy.port">9099</port>
            </socket-address>
          </remote-addresses>
         <remote-addresses>
            <socket-address>
              <address system-property="tangosol.coherence.proxy.address">10.152.105.173</address>
              <port system-property="tangosol.coherence.proxy.port">9099</port>
            </socket-address>
          </remote-addresses>
          <connect-timeout>10s</connect-timeout>
        </tcp-initiator>
        <outgoing-message-handler>
          <request-timeout>5s</request-timeout>
        </outgoing-message-handler>
      </initiator-config>
    </remote-cache-scheme>
Proxy:

    <proxy-scheme>
      <service-name>ExtendTcpProxyService</service-name>
      <thread-count system-property="tangosol.coherence.extend.threads">25</thread-count>
      <acceptor-config>
        <tcp-acceptor>
          <local-address>
            <address system-property="tangosol.coherence.extend.address">localhost</address>
            <port system-property="tangosol.coherence.extend.port">9099</port>
          </local-address>
        </tcp-acceptor>
        <outgoing-message-handler>
          <request-timeout>10s</request-timeout>
        </outgoing-message-handler>
      </acceptor-config>
      <autostart>true</autostart>
    </proxy-scheme>
...Thanks
Sairam
Edited by: SKR on Jan 12, 2011 3:09 PM

ASA UC proxy Failover Solution

Similar Messages

Maybe you are looking for