Cisco CSM: Duplication of udp packets possible instead of load balancing?

Similar Messages

• CSM for enabling hot spare instead of load balancing

  We have a server at a remote site that we want the remote clients to use. We only want them to use the central server if the remote one fails. Is there a way I can use "weight" or some other method to accomplish this. Thanks.

  what device are you talking about ?
  There is a solution but it is different depending of the machine you are using.
  Gilles.

• CISCO CSM- IP transparency

  Hi,
  I work for a software development company. Our application clients (Typically different TCP/IP devices) connect to the server a over custom port (44XX).
  Now we want to support server farms, load balancing using CISCO CSM to fulfill a customer need.
  Our application requires knowing the IP address of the client connecting. If load balancer is in between client and server, when client connected to our server port, Do we (Server) see the IP address of load balancer or IP address of the client when opening the socket or sending the data ?
  If Server sees load balancer IP, is there any thing we can configure in load balancer so that Server/port sees the IP address of client instead of load balancer IP ?
  Thanks for your help.

  Hi,
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  All depends on your logical/physical topology between your 6500/CSM/Servers.
  Iif the CSM is configured on bridging mode meaning that your servers are on a L2 VLAN on the MSFC and pointing their default gateway to the CSM then you won't require source NAT on your set up. In this case the backend servers will be able to see/log the real IP address of your clients as the CSM does not modify anything at L3.
  On the other hand if you have a "routed" mode where your servers are sitting on a L3 VLAN on the MSFC and their default gateway usually points to the SVI they belong to then most likely you'll face asymmetric routing issues where the response from a load balance connection will bypass the CSM as the servers are able to respond to the client directly. In this case you do implement source NAT on your SF's which will overwrite the source IP address of the client with the IP address that you configure on the Natpool in question.
  In the second case for HTTP traffic you can always perform the header-insert function on the CSM so that the real IP address of the client will be appended to a new HTTP header, the configuration will look like this:
  map HEADER-INSERT header
    insert protocol http header X-Forwarder-For header-value %is
  policy INSERT
  header-map HEADER-INSERT
  serverfarm WEBFARM
  vserver Webfarm               
    virtual 10.44.60.160 any
    slb-policy INSERT <--- Policy
    advertise
    persistent rebalance
    inservice
  You will see the following in the HTTP header:
  Hypertext Transfer Protocol
      GET / HTTP/1.1\r\n
          Request Method: GET
          Request URI: /
          Request Version: HTTP/1.1
             X-Forwarder-For: 161.44.77.112\r\n
  Hope this helps.
  Pablo
  Cisco TAC

• CSM Load Balancer Help

  Hey,
  Just a quick question....
  Does anyone know a) if it's possible and b) how to have two servers off the CSM but instead of load-balancing between them make them a failover pair i.e. if server A goes down server B will take over - done using the same VIP?? It's needed because the application on the servers can't do load-balancing yet but can work in a failover way.
  I'm reading the book trying to work it out but if someone has done this before that would be great!
  Thanks
  Anthony

  Thanks for the responses.
  I'm using CSM 4.6(6) and have given what you suggested a go but have run into problems.
  When I disconnect the primary server I see that go out of service but that also knocks out the VIP and it never fails over to the second server. Am I missing something? I've attached the relevant parts of the config and would be greatful for any advice.
  serverfarm FARM1
  nat server
  nat client WEB
  real 10.2.250.10
  inservice
  probe HTTP
  serverfarm FARM2
  nat server
  nat client WEB
  real 10.2.250.11
  inservice
  probe HTTP
  vserver WEBTRAFFIC
  virtual 10.2.250.100 tcp www
  vlan 250
  serverfarm FARM1 backup FARM2
  persistent rebalance
  inservice
  I also had a go at creating that variable but it wouldn't let me...just said variable not configurable - but I'll play with that and see if I can work it out...I'm not so bothered as long as the backup part works.
  Thanks guys...
  Anthony

• CISCO 3945 Router - ARE POWER SUPPLIES LOAD BALANCED?

  CISCO 3945 Routers - Are the 3945 Router power supplies load balanced by default?  
  We are trying to determine if our switch/server rack at our remote location has maxed out it's power load requirements.  I just need to know if the 3945 power supplies load balance by default or if the redundant power supply is ON but not really providing the router with power and is just there incase the other power supply fails - Thank you.

  Thank you for your reply. I had read that the "Cisco 3845 and 3845-NOVPN router accommodates two hot-swappable power supplies and a single power supply meets router requirements. The second power supply provides redundancy, load sharing, and increased router availability. Either power supply can be removed without affecting router operation. Any combination of two power supplies is permitted."
  Unfortunately, I couldn't find any specific information for the 3900 series routers that stated it also load balanced power.
  Follow-up question: Do you know if the 3800 series routers load share by default? I know it is capable of power load sharing based on the above description but do they load share equally by default? If that's the case for the 3800's then hopefully that's the case for the 3900'S series routers. Which means, we have not maxed out our power requirements in our racks.

• How cisco CSM parses packets?

  Hi all, Some days ago i had a problem with a Cisco CSM configuration. The short history is that i had to change the parse-length (virtual server submode) command to the max. 4000 bytes value for this implementation to work, if i dont do this the CSM sends resets to the client. what i would like to know is if someone knows how the CSM parses packets when it is "searching" for a string,cookie,etc, i am having some difficulties finding info about this.

  The parse length on the CSM is the amount of bytes we can store to find the needed information (ie: cookie).
  So when we get an HTTP request or response the CSM will buffer everything it received up to max parse-len or header limit (\r\n\r\n).
  Once we reached the end of the HTTP header we stop buffering.
  While buffering we also start looking for the info that we need.
  If we do find it we also stop buffering.
  There is nothing magic here.
  If the HTTP header gets so big that the info we are looking for goes beyond the max-parse-len when we start buffering looking for the info, we endup using all the buffer space allocated to the connection and decide to drop the connections as we don't know if the info is just not there, or somewhere further in the header but we don't have space to buffer more.
  When the CSM was created a long time ago, 2000bytes for the header was normal.
  Nowadays, http header tends to be bigger and it is very often require to bump the parse length even further than 4000 bytes.
  This can be done with a variable.
  Gilles.

• ASA 5510 'bounces' UDP packets. Why?

  Hi. I hope to find someone who can shed a light on something that is bugging me for days now. We have an ASA (5510, running 7.2(2)) to connect our subnets to the backbone of the ISP. I received complaints about one specific connection, which I'll "draw" here:
  [ remote host 192.87.x.y (A) ] -- {"Internet"} -- [ Telecity Router ] -- [ Our ASA ] -- [ switch ] -- [ fibre ] -- [ switch ] -- [ our host 82.199.c.d (B) ]
  What happens is the following: I can successfully ping from A to B and back. I can also traceroute (UDP) from A to B and back. But a specific UDP packet sent by A (port 9001) to B (port 5432) is causing a problem. "Our ASA" does not route the packet to the correct interface, but sends it back to the Telecity router instead. Which in turn sends it back to "Our ASA" (since it is destined for our subnet). This goes back and forth for 60 times and then the TTL is expired.
  I have no idear what is happening here. The access-lists are correctly configured (as far as I know), but even if they weren't I would expect the packets to get dropped rather than put back on the sending interface. This packet is bounced (on ethernetlevel, the IP part remains the same apart from the TTL) to the sending router.
  Any pointers as to where to look for what is causing this and how to investigate this further are highly appreciated.
  Frank

  Hi Frederico. Of course I tried the packet tracer as one of the first tools :-). It showed a complete path (I used ASDM). Now I retried it (via the CLI) and something strange happens. This is a packet trace A to B with udp from port 9001 to 5431 (not 5432):
  Phase: 1
  Type: FLOW-LOOKUP / ALLOW / Found no matching flow, creating a new flow
  Phase: 2
  Type: ROUTE-LOOKUP / ALLOW / in   my_DMZ    255.255.255.240 my_DMZ
  Phase: 3
  Type: ACCESS-LIST / ALLOW / access-group my_backbone_access_in in interface my_backbone
                                                  access-list my_backbone_access_in extended permit ip any my_DMZ 255.255.255.240
  Phase: 4
  Type: IP-OPTIONS / ALLOW
  Phase: 5
  Type: ACCESS-LIST / ALLOW / access-group my_DMZ_access_out out interface my_DMZ
                                                  access-list my_DMZ_access_out extended permit ip any object-group host_group
                                                  object-group network host_group
                                                  network-object host myHost
  Phase: 6
  Type: IP-OPTIONS / ALLOW
  Phase: 7
  Type: FLOW-CREATION / ALLOW / New flow created with id 7342770, packet dispatched to next module
  Phase: 8
  Type: ROUTE-LOOKUP / ALLOW / found next-hop myHost using egress ifc my_DMZ
                                                      adjacency Active
                                                      next-hop mac address 00bb.ccdd.eeff hits 1
  Result:
  input-interface:   my_backbone / input-status: up / input-line-status: up
  output-interface: my_DMZ / output-status: up / output-line-status: up
  Action: allow
  As you can see it is a complete path. But this is what happens if I try it for A/9001 to B/5432:
  Phase: 1
  Type: FLOW-LOOKUP / ALLOW / Found flow with id 12, using existing flow
  Module information for forward flow: snp_fp_inspect_ip_options, snp_fp_adjacency, snp_fp_fragment, snp_ifc_stat
  Module information for reverse flow: snp_fp_inspect_ip_options, snp_fp_adjacency, snp_fp_fragment, snp_ifc_stat
  Result:
  input-interface: my_backbone / input-status: up / input-line-status: up / Action: allow
  Apparently the packet is send into an existing flow (is there a command to see what this flow is?) and that is where it ends. Now I need to find out why this is happening... This firewall has been reloaded a few times, but that did not solve the problem. Any pointers are highly appreciated as was this hint.
  Frank

• Cisco CSM and WCS on same server

  Hi,
  Currently we are running Cisco CSM and Cisco WCS applications on different servers.
  Please let me know can it possible to install Cisco CSM and Cisco WCS on one server.
  Regards,

  As per their datasheet, both CSM and WCS support VMware or can run as virtual servers. So it should be possible to implement both as virtual servers and run on the same physical server.

• NTP protocol support in Cisco CSM module

  Can anyone plz advice if CSM module will support load balancing NTP traffic on the server ?

  Here is what i see in CSM with ntp traffic reaching real servers
  prot vlan source destination state
  In UDP 45 10.200.210.20:123 172.20.95.39:123 ESTAB
  Out UDP 39 172.20.88.101:123 10.200.210.20:123 ESTAB
  vs = NFTBZTKVIP, ftp = No, csrp = True
  real = (n/a)
  Could it be that..real servers not replying back to these ntp based packets or from your point what could be holding them back.
  I will send you the trace once i pick them up.
  Kashi

• Sending udp packets using java and receiving it using c

  hi,
  Is it possible to send udp packets using java and receive the same using c??????? if yes.... plz help immediately.

  The biggest issue is data format. The JVM is big endian, with 16-bit characters. The machine running 'C' could be almost anything. A (signed!) byte array is probably the easiest unit of exchange.
  The Java program has its own techniques for storing/retrieving data to/from the byte array - and the C program has its own techniques. ASCII Strings are often the easiest to exchange - just convert the java String objects to byte array and send them.
  apaliwal1 has already given the UDP calls to send/receive the data.

• UDP Packet Basic

  Now i'm doing socket programming using UDP and TCP/IP and now again i
  need your help.
  1. Can UDP packet in Java put into data structure like C? or packet map to a java object but sender is not using Java program or serialize object.
  2. What is the easiest way to extract the UDP packet in Java?
  assume the structure like this.
  sampleMessageHeader
  MessageCode UInt 16
  TimeStamp UInt 32
  Message Char(12)

  1. Serialisation - no problem. However, if the other end doesn't have a Java serialisation library (i.e. isn't using Java) then you'll have to serialise manually. (Well - it may be possible to find documentation on the serialisation format and strip the headers before you put the bytes into a UDP packet, but such a mechanism would be a mess and a headache).
  2. packet.getData() gives you a byte[]. Wrap a ByteArrayInputStream round it, and a DataInputStream around that. Then assuming appropriate byte-ordering you'll be able to read ints and shorts. Of course, Java doesn't have a UInt type, and the meaning of Char depends on your C header files.

• How can i attach a user-speci​fied header to each UDP packet?

  Hello,
  i have here a question about UDP:
  i want to stream live-videos using UDP. To avoid/observe some possible problems that could occur (e.g. wrong packet-order, packet loss etc.) i am planning to add a header to each UDP packet with e.g. frame-nr. , frame-size, packet-nr...
  Question:
  1. (How) Can i control the UDP packet size in LabVIEW?
  2. If possible, how can i add a user specified header to each/certain (e.g. the first or the last packet of the frame) packet?
  Thanks!
  WLAN
  Message Edited by wlan on 01-26-2007 03:02 AM

  WLAN,
  i just copied the help regarding the max size-terminal from the LV-help:
  "max size is the maximum number of bytes to read. The default is 548. Windows If you wire a value other than 548 to this input, Windows might return an error because the function cannot read fewer bytes than are in a packet"
  So, please do not change this value....
  UDP creates packets from the data you transmitt. Each packet in Windows should have a size of 548 bytes or less. So this should read one whole packet at a time.... Decreasing this could lead to problems if the packet is larger.... Increasing this value changes nothing since the packets themselfs do not get larger only by trying to read more bytes..... Since you cannot alter the packetsize from LV, you shouldnt bother about that anymore.
  And to add (again): UDP does not garantuee ANY correct transission. So you will never get any note if the first packet of a frame was lost. If you need some kind of garantuee for this, you have to use TCP (btw. infact, the TCP header uses 192 bytes, containing the infos like seen in the attached gif).
  regards,
  NorbertMessage Edited by Norbert B on 01-31-2007 11:12 AM
  CEO: What exactly is stopping us from doing this?
  Expert: Geometry
  Marketing Manager: Just ignore it.
  Attachments:
  tcp_header.gif ‏9 KB

• CISCO  Gigabit switch / Java UDP datagram

  Hi,
  1. I experience flooding of UDP packets and machine freeze when put rate is high. Using java MulticastSocket and Datagrams.
  2. Tested with 2 machines to be in same multicast group, observerd that packets go to all other machines also which are not in multicast group.
  Enabled IGMP snooping on CISCO switch but same problem. Looks like IGMP forwarding table is not correct.
  Any help?
  Thanks

  1. I experience flooding of UDP packets and machine freeze when put rate is high. Using java MulticastSocket and Datagrams. Freeze at the sender or the receiver?
  2. Tested with 2 machines to be in same multicast group, observerd that packets go to all other machines also which are not in multicast group.That's correct. Multicasts will go to all hosts behind a given router. What they won't do is go through the router, unless the router thinks there's a member on the other side.

• Cisco CSM - reals / VIP seperated by a firewall

  Hi,
  Briefly, for various reasons, we are locating a pair of applicances on a DMZ frontended by a firewall. We intend to configure inbound traffic via a Cisco CSM located infront of that firewall.
  My question  is what interface would send the health probes from the CSM ? We are using a source NAT client pool so I`m assuming it would be the interface of the CSM in that vlan...is this correct ?
  Many Thanks

  Hello!
  The CSM will send the probe with the source IP of the packet that the probe leaves based on the best route to it.
  i.e
  If the destination IP on the probe matches a layer 2 segment, then we arp for the MAC, then send the packet with the source ip of the interface vlan the arp was responded to.
  If the IP is not layer 2 adjacent, the CSM will send the probe out of the interface vlan based on its routing table. The source ip of the packet is the vlan ip on the chosen outbound interface.
  Please let me know if that clarifies what you were asking for.
  Regards,
  Chris

• Cisco CSM 4.1: delete unused networks/hosts objects

  I will delete all unused networks/hosts objects in Cisco CSM 4.2 befor I compare the objects with the entries in our IPAM. Does somebody know how this is possible?
  Many thanks for your support.

  Yep
  I had this issue with the service objects. When I created the fliter for the service objects also the CSM predefined objects are displayed. I selected all these objects and choose to delete them. During the delete process CSM stopped to delete the objects by the first CSM predefined object.
  I think you have the same issue (for example with the predefined "any" object, if not referenced in your polocies).
  Workaround:
  - apply filter again and delete the displayed objects (deselect the predefined objects before).