Cisco CSS 11503 ntp keepalive script
Have setup a new Owner/Service/Group for loadbalancing NTP traffic to 2 NTP servers. It all appears to work fine apart from failure of one of the servers NTP service. I've currently set up a simple ping keepalive which works fine if one of the servers fail but this keepalive won't detect if the servers NTP service fails. I'm running 8.20 code. My question is has anybody created a working keepalive script for NTP traffic for the CSS?
Hi Daniel,
I had looked at that script but it doesn't suit my needs. The script uses TCP port 37 for its keepalives whereas our NTP servers use UDP port 123.
Regards
Noel
Similar Messages
-
CSS - Executing a Keepalive Script
Hi,
I am trying to execute the following script, this script is testing connectivity on multiple hosts and TCP ports to define a service as 'up'
#!name = CHECKPORT_STD_SCRIPT
# Scriptname : CheckPortsTask.tcl
# Pamapaters : <list of hosts ip >
# <list of ports >
# [verbose] optional verbose debug flag.
# Description :
# This is an example of standalone script. The script is given a list of hosts
# and a list of posrts for each host. The script then checks to see if the host:port
# is available and listening.
# Example execution:
# script task 1 "10.2.0.12 10.2.0.14 10.5.0.15" " 21 23 80 2048"
proc ck_puts { msg } {
puts "[ info script ] : $msg"
# main
# parse cmd line args and setup ip , port
if { $argc != 2 } {
ck_puts "paramaters: script task <id> [ info script ] <hostList> <portList>"
exit -1
set hostList [ lindex $argv 0 ]
set portList [ lindex $argv 1 ]
ck_puts "================= test start========================="
foreach ip $hostList {
ck_puts "----------------- host $ip-------------------------"
foreach port $portList {
ck_puts "testing $ip:$port"
if { [catch { socket $ip $port } sock ] } {
ck_puts "\t$ip:$port ERR : $sock"
if { [ regexp "connection timed out" $sock ] } {
## erro due to connection timeout, skip to next ip
break;
## other error, don't break, keep test next port for the same ip
} else {
ck_puts "\t$ip:$port OK"
close $sock
ck_puts "================= test end========================="
My issue is that the comments suggest the arguements are put into 2 sections of quotations but the CSS will not allow this input....
CSS11503(config-service[TEST-SERVICE])# keepalive type script checkportstask ?
<cr> Execute command
use-output Allow tools such as grep to parse script output
<Quoted text> Script Arguments (Len: 0-128)
CSS11503(config-service[TEST-SERVICE])# keepalive type script checkportstask
CSS11503(config-service[TEST-SERVICE])# keepalive type script checkportstask "10.1.1.1 10.2.2.2" "80 443"
^
%% Invalid input detected at '^' marker.
CSS11503(config-service[TEST-SERVICE])#
Can anyone shed some light on how this script is executed.
Thanks,
Brianwhat you show is a CSM/ACE TCL script.
The CSS uses its own scripting language.
More info @
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080327ff9.html
BTW, what you need already exists.
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_tech_note09186a00801e1e14.shtml
Gilles. -
Cisco CSS 11503 Arrowpoint/Load Balance question
I am troubleshooting an issue with my 11503. I am running version 07.40.0.04. I have it configured as follows:
content upcadtoa-rule
add service cadtoa-wls1-e0
add service cadtoa-wls1-e1
add service cadtoa-wls2-e0
add service cadtoa-wls2-e1
add service cadtoa-wls3-e0
add service cadtoa-wls3-e1
add service cadtoa-wls4-e0
add service cadtoa-wls4-e1
add service cadtoa-wls5-e0
add service cadtoa-wls5-e1
add service cadtoa-wls6-e0
add service cadtoa-wls6-e1
arrowpoint-cookie expiration 00:00:15:00
protocol tcp
port 8001
advanced-balance arrowpoint-cookie
redundant-index 2
vip address 172.30.194.195 range 2
arrowpoint-cookie name TOA
active
However, the load-balancing across the servers does not seem to be doing much balancing. One of those servers is getting hit with 5 times as much traffic as another and another server is lucky to get a connection at all. With the cookie expiration set, one would think that this would all balance out over time.
I just came across this information from Cisco and I am wondering if it is relevant:
If you configure a balance or advanced-balance method on a content rule that requires the TCP protocol for Layer 5 (L5) spoofing, you should configure a default URL string, such as url "/*". The addition of the URL string forces the content rule to become an L5 rule and ensures L5 load balancing or stickiness. If you do not configure a default URL string, unexpected results can occur.
In the following configuration example, if you configure a Layer 3 (L3) content rule with an L5 balance method, the CSS performs L5 load balancing, but will reject UDP packets.
content testing
vip address 192.168.128.131
add service s1
balance url
active
The balance url method is an L5 load-balancing method in which the CSS must spoof the connection and examine the HTTP GET content request to perform load balancing. The CSS rejects the UDP packet sent to this rule because a UDP connection cannot be L5. Though the CSS allows this rule configuration, its expected behavior would be more clear if you promote the rule to L5 by configuring the url "/*" command.
In the next example, if you configure an L3 content rule with an L5 advanced-balance method, L5 stickiness will not work as expected.
content testing
vip address 192.168.128.131
add service s1
advanced-balance arrowpoint-cookie
active
The advanced-balance arrowpoint-cookie method causes the CSS to spoof the connection, however, the CSS still marks it as an L3 rule. Thus, the CSS does not insert the generated cookie and the rule defaults to L3 stickiness (sticky-srcip). You must configure a URL like url "/*" to promote this rule to L5, ensuring that L5 stickiness works as expected.
Thanks in advance for any help you can give. The thing is not down, it is just balancing strangely causing application performance issues.
JamesHey James,
You will need to suspend the content rule in order to add the url statement. This will cause a quick downtime until the content rule is activated again. I have shown below the commands to add the statement. Perhaps you can create your commands in a Notepad file, then paste them all in so they execute quickly to minimize your downtime:
content MY-SITE
vip address 10.201.130.140
port 80
protocol tcp
add service MY-SERVER
active
CSS11503# config t
CSS11503(config)# owner TEST
CSS11503(config-owner[TEST])# content MY-SITE
CSS11503(config-owner-content[TEST-MY-SITE])# url "/*"
%% Attribute may not be modified on active rule
CSS11503(config-owner-content[TEST-MY-SITE])# suspend
CSS11503(config-owner-content[TEST-MY-SITE])# url "/*"
CSS11503(config-owner-content[TEST-MY-SITE])# active
CSS11503(config-owner-content[TEST-MY-SITE])# exit
CSS11503(config-owner[TEST])# exit
CSS11503(config)# exit
CSS11503# show run
content MY-SITE
vip address 10.201.130.140
add service MY-SERVER
port 80
protocol tcp
url "/*" <--------
active
Hope this helps,
Sean -
CISCO CSS 11503: Adaptive Session Redundancy + Resets
Hi
we have release 7.10.206a configured with SourceGroup and ASR. I made a sniffer trace and experienced that the CSS sends a lot of RST. As well I saw that it use only 1984 source ports for the connections to the server. How can I increase the number of source Ports? .In the attachments you will find the sniffer trace with the incorrect behaviour and the configuration.
Any suggestion, idea ?the problem of the RST seems to be the frequent reuse of the same source port.
The destination of this connection seems to be confused and ACK the new SYN with the ack number of the previous connection. This ack number is out of range from the syn sequence number so the result if a RST.
ie:
Flow1 - Syn -> packet 1
Flow1 - Last ACK -> packet 33
Flow 2 - syn -> packet 34
Flow 2 - ack (instead of syn/ack) with acknumber same is packet 33.
This triggers a RESET -> packet 36
Flow 3 - syn -> packet 55
Flow 3 - same as flow 2 issue, ack with old ack number. This triggers a RST (packet 57).
Now the 2nd issue, the CSS (I believe tpkg0x.post.ch is the CSS) sends packet for flow 2 but the end station believes flow 2 was killed with the RESET of flow 3 and the host sends a RST to the CSS (packet 59) because its connection does not exist anymore.
So the all issue is the fact that ports are being reused to quickly.
You will need to involve more people to find a workaround to the 1984 ports available [and be aware they are available but not all usable].
Work with Marco K., your sale support.
Regards,
Gilles. -
Is it possible to configure a keepalive script to detect the text returned from a cold fusion web page - eg "server available". Not the header but actual content of the page.
Gilles:
I know this is a two years old, but need some help with the issue regarding this post. I need to have a script keepalive to verify the content of a page. I tried what you mentioned here, but my service won't come up. My set up is this:
SERVICE
service serbancasawebback
type ssl-accel-backend
add ssl-proxy-list bhdssl
keepalive type script ap-kal-httptagban
protocol tcp
port 80
ip address 192.168.249.23
active
The script I used is as follows:
!no echo
! Filename: ap-kal-httptagban
! Parameters: HostName WebPage HostTag
! Description:
! This script will connect to the remote host and do an HTTP
! GET method upon the web page that the user has asked for.
! This script also adds a host tag to the GET request.
! Failure Upon:
! 1. Not establishing a connection with the host.
! 2. Not receiving an HTTP status â200 OKâ
if ${ARGS}[#] âNEQâ â3â
echo âUsage: ap-kal-httptagban \'192.168.249.23 /bancasa/start.swe?SWECmd=Logoff www2.bhd.com.do\'â
exit script 1
endbranch
! Defines:
set HostName â${ARGS}[1]â
set WebPage â${ARGS}[2]â
set HostTag â${ARGS}[3]â
! Connect to the remote Host
set EXIT_MSG âConnection Failureâ
socket connect host ${HostName} port 80 tcp
! Send the GET request for the web page
set EXIT_MSG âSend: Failedâ
socket send ${SOCKET} âGET ${WebPage} HTTP/1.0\nHost: ${HostTag}\n\nâ
! Wait for a good status code
set EXIT_MSG âWaitfor: Failedâ
socket waitfor ${SOCKET} âSWE Internal Errorâ 2000
no set EXIT_MSG
socket disconnect ${SOCKET}
exit script 0
Notice this is an SSL back-end service. The web page the user should request is:
https://www2.bhd.com.do/bancasa/start.swe?SWECmd=Logoff
If it returs the page with the error, then is down.
I'm not sure I have all arguments OK or in the correct format. Also,I'm a little confused regarding whta the Hostag should be.
Can you please verify what I have wrong ?
Thanks -
CSS: How does DNS Scripted Keepalive (ap-kal-dns) work?
Hello everyone,
I have a question about how does DNS Scripted Keepalive (ap-kal-dns) work on CSS 11503.
According to the "Using the CSS Scripting Language",
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/css11500series/v7.50/configuration/administration/guide/Scripts.html
it says
Since we just want to see if the DNS server is alive we will send a simple DNS Query. This query is hard coded in hexadecimal and sent raw to the DNS server.
and
Receive some unexplained response. We don't care what it is because an unstable DNS server or a non-existent one would probably not send ! us any data back at all.
but it also says
Failure Upon: 1. Not resolving the host's IP from the domain name
And according to the "How to Configure the CSS to Load Balance DNS Servers and Use the DNS Scripted Keepalives",
http://www.cisco.com/en/US/partner/products/hw/contnetw/ps789/products_configuration_example09186a00801d015a.shtml
it says
The script is hard-coded to resolve www.cisco.com. It does not matter if the DNS server can resolve this address or not, as long as a DNS response comes back that the service is alive. This keepalive is only testing if a DNS server can respond to a query, not if it can resolve a specific name. The script queries from the CSS to DNS internal servers keep track of the availability of the DNS servers.
but it also says
Access to Internet Domain Name System Root Servers is required for successful implementation of DNS scripted keepalives.
So I am confused whether DNS server has to resolve the host's IP address correctly for DNS query received from CSS or just needs to reply any response but not need to resolve it.
I would like to recap about my question.
Q1: Does DNS Scripted Keepalive (ap-kal-dns) send DNS query with cisco.com as DNS name by default?
Q2: Does DNS server has to resolve IP address of cisco.com or just need to respond for DNS query with any response but not need to resolve IP address of cisco.com?
I understand I should get capture data and see how DNS scripted keepalive works, but I can not prepare lab environment to do it at the present.
Your information would be appreciated.
Best regards,
Shinichiyes the query is for www.cisco.com and the script expect a reponse that contains the word cisco.
Gilles. -
Cisco css http keepalive is not working with GET command
Dear all
i have Cisco Css connected to Dell Server (via switch)
Cisco CSS - 192.168.1.3 and Dell Server - 192.168.1.5
Dell server is setup with windows 2009R2 and Apache HTTPD is version 2.2
This server is dedicated to host multiple doamins with Apache lik
www.abc.co.uk
www.xyz.co.uk
Now the clinet wants to setup the http keepalive with specfic web page like /testpage.html for all these domains. i have teseed with single URI. it is working the comamnds are
config)# service serv1
(config-service[serv1])# ip address 192.168.1.5
(config-service[serv1])# keepalive type http
(config-service[serv1])# keepalive method head ( get i have not used due to hash mismatch with apche server, if i use GET it is not working)
(config-service[serv1])# keepalive uri "/testpage.html"
(config-service[serv1])# active
It is working with single URI. but how can i do the same thing for multiple doamins ?
for multiple doamins do i need use script ? or can i use with commands ?
if i need to use script the script is
!no echo
! Filename: httptag-test
! Parameters: HostName WebPage HostTag
! Description:
! This script will connect to the remote host and do an HTTP
! GET method upon the web page that the user has asked for.
! This script also adds a host tag to the GET request.
! Failure Upon:
! 1. Not establishing a connection with the host.
! 2. Not receiving an HTTP status "200 OK"
if ${ARGS}[#] "NEQ" "3"
echo "Usage: httptag-test \'Hostname WebPage HostTag\'"
exit script 1
endbranch
! Defines:
set HostName "${ARGS}[1]"
set WebPage "${ARGS}[2]"
set HostTag "${ARGS}[3]"
! Connect to the remote Host
set EXIT_MSG "Connection Failure"
socket connect host ${HostName} port 80 tcp
! Send the GET request for the web page
set EXIT_MSG "Send: Failed"
socket send ${SOCKET} "GET ${WebPage} HTTP/1.1\nHost: ${HostTag}\n\n"
! Send the HEAD request for the web page
set EXIT_MSG "Send: Failed"
socket send ${SOCKET} "HEAD ${WebPage} HTTP/1.1\nHost: ${HostTag}\n\n"
! Wait for a good status code
set EXIT_MSG "Waitfor: Failed"
socket waitfor ${SOCKET} "200 OK"
no set EXIT_MSG
socket disconnect ${SOCKET}sh w
exit script 0
in the script i have not used GET becasue, when CSS send GET request to apache it use hash, but apache is not able to respond with same hash and it shows that website is down. more information- click below url
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/command/reference/CmdKeepC.html#wp1139668
(config-keepalive) method
I have uploaded in CSS with httptag-test file and applied these commands
service comp.brit.co.uk-80
keepalive port 80
ip address 192.168.1.5
keepalive frequency 10
keepalive maxfailure 2
keepalive retryperiod 10
keepalive type script httptag-test "192.168.1.5 /testpage.html www.abc.co.uk
keepalive type script httptag-test "192.168.1.5 /testpage.html www.xyz.co.uk
but this script is not working
my question is:
1.do i need use script only to setup http keepalvie with webpage for multiple domains ?
2.with out using script is there any solution like CICSCO CSS commands to setup http uril for multiple domains which are on 1 singl server.
please help me asapHello Muhammad,
If you wish to use multiple domains for a URI keep-alive check, and perform a HEAD request what Daniel mentioned is correct. You have to use a scripted keep-alive check on the service. However, you should not use the default "ap-kal-httptag" script to do so as it's limited to only 1 website (unless you modify the script). You're best bet would be using the "ap-kal-httplist" script on the CSS as it allows the checking of 2 different websites along with a webpage to check for each site using HTTP HEAD method.
!no echo
! Filename: ap-kal-httplist
! Parameters: Site1 WebPage1 Site2 WebPage2 [...]
! Description:
! This script will connect a list of sites/webpage pairs. The
! user must simply supply the site, and then the webpage and
! we'll attempt to do an HTTP HEAD on that page.
! Failure Upon:
! 1. Not establishing a connection with the host.
! 2. Not receiving a status code 200 on the HEAD request on any
! one site. If one fails, the script fails.
! Make sure the user has a qualified number of arguments
if ${ARGS}[#] "LT" "2"
echo "Usage: ap-kal-httplist \'WebSite1 WebPage1 WebSite2 WebPage2 ...'"
exit script 1
endbranch
while ${ARGS}[#] "GT" "0"
set Site "${ARGS}[1]"
var-shift ARGS
if ${ARGS}[#] "==" "0"
set EXIT_MSG "Parameter mismatch: hostname present but webpage was not"
exit script 1
endbranch
set Page "${ARGS}[1]"
var-shift ARGS
no set EXIT_MSG
function HeadUrl call "${Site} ${Page}"
endbranch
exit script 0
function HeadUrl begin
! Connect to the remote Host
set EXIT_MSG "Connect: Failed to connect to ${ARGS}[1]"
socket connect host ${ARGS}[1] port 80 tcp 2000
! Send the head request
set EXIT_MSG "Send: Failed to send to ${ARGS}[1]"
socket send ${SOCKET} "HEAD ${ARGS}[2] HTTP/1.0\n\n"
! Wait for the status code 200 to be given to us
set EXIT_MSG "Waitfor: Failed to wait for '200' on ${ARGS}[1]"
socket waitfor ${SOCKET} " 200 " 2000
no set EXIT_MSG
socket disconnect ${SOCKET}
function HeadUrl end
Rather then modify the default "ap-kal-httplist" script on the CSS I would simply define the arguments within the service configuration itself. Something like the following (using your service example):
service dell-192.168.1.5
ip address 192.168.1.5
keepalive type script ap-kal-httplist "www.abc.co.uk /testpage.html www.xyz.co.uk /testpage.html"
active
As long as the server is configured to reply to host headers, and the page is configured to retuen a "200 OK" the above service configuration should work. If there are any errors simply run "show service " to view why there was a failure. If there is a failure, and the output from the command specified shows a line number run the following command against the script to view at what point (line) did the failure occur:
show script ap-kal-httplist line-numbers
Hope this helps!
- Jason Espino -
CSS keepalive script for LDAP (Novell)
I need an advanced script for Cisco CSS11000 for LDAP keepalive. The problem is the built-in script is too rudimental, what it does is just check the tcp 389 connection to the servers plus some expected bind response code "0A, 01, 00". But what happened for us is when the LDAP server (Novell) is doing DS repair, in which the server is too busy to handle the real LDAP call but still reply the tcp 389 request, CSS think it is still alive.
We want a smart script that can handle real LDAP call (like a LDAP client) and send a real LDAP request instead of a simple tcp 389 request. Does anyone have any idea?
Thanks in advance,
Thanks in advance,
Davewith the CSS script language you can send binary data and receive binary response.
If you know what port to send the request to, what are the binary data and what is the expected binary response, we can easily do a script for you.
The easiest way to get the binary info is to make a LDAP query and capture it with sniffer.
Also capture the response.
Make sure to do a query that will always result in the same response.
Once you have this data, you can try to update the ldap script yourself [hint: use the raw keyword when sending the data].
Or post the info here and will try to make a script for you.
Gilles. -
I am trying to write a script for detecting the status of an LDAP server on a CSS. I figured out that I should capture the binary send and receive data of the LDAP query. I captured the request and response packets. But I have no idea of which part of the binary data (and how) I should put into the stock LDAP keepalive script. Could someone put me in the right direction?
Thanks a lot.
DanielJust look at the existing ldap script
CSS11503-2# sho script ap-kal-ldap
!no echo
! Filename: ap-kal-ldap
! Parameters: HostName
! Description: "Lightweight Directory Access Protocol v3"
! This script will connect to an LDAP server and attempt to
! "bind request" to the server. Once the server gives a
! positive response we will disconnect (RFC-2251).
! Bind Response Code we will search for is: 0x0a 0x01 0x00
! Failure Upon:
! 1. Not establishing a connection with the host.
! 2. Failure to receive the above response code.
! Make sure the user has a qualified number of arguments
if ${ARGS}[#] "NEQ" "1"
echo "Usage: ap-kal-ldap \'Hostname\'"
exit script 1
endbranch
! Defines:
set HostName "${ARGS}[1]"
set EXIT_MSG "Connection Failed"
! Connect to the remote host (use default timeout)
socket connect host ${HostName} port 389 tcp 2000
set EXIT_MSG "Send: Failure"
! Send a Bind Request to the remote host. This is simply a standard
! "capture" of a bind request in hex. This should work for all standard
! version 3 LDAP servers.
socket send ${SOCKET} "300c020102600702010204008000" raw
set EXIT_MSG "Recieve: Failure"
! Expect to receive a standard response from the host. This should
! be equal to a SUCCESS response code:
socket waitfor ${SOCKET} "0a0100" 2000 raw
set EXIT_MSG "Send: Failure"
! Send an exit "Unbind Request" to the remote host so that they
! are not left hanging.
socket send ${SOCKET} "30050201034200" raw
no set EXIT_MSG
socket disconnect ${SOCKET}
exit script 0
CSS11503-2#
In red, you see the command to send the binary (this includes everything inside the tcp payload - after the tcp header).
In blue, you see the command to inspect received data and consider the response valid if the sequence is seens somewhere in the tcp payload of the response.
Gilles. -
Hi,
I am writing a keepalive script, which put the service in active mode or in suspended mode, depending on a web page content, requested by the script. It works very good from active to suspended, but once in suspended mode, the keepalive script is not run anymore and therefore cannot detect the page, which should put the service back online! Is there a way for the keepalive to continue, even if a service is suspended ?
Thank you
Yves HaemmerliYes, I traced what the script does and it is clear to me that the keepalive stops if the service is put in suspended mode. I agree with you, if the service is down, the keepalive continue every retryperiod.
But I solved my problem in the following way : I created a second service, which uses another script (actually a subset of the first script), which also monitors the test pages on the server. This second script always exits with return code 0 (sucessful) and therefore never stops working. As soon the second script recognizes the character string "PORTALUP" in the test page, it sets the first service in active mode, which restarts the keepalive scheduling. It works perfectly and this allows to put a server in maintenance mode (suspend) from the server itself, without to stop existing user flows.
As this is a workaround solution, it would be better if the CSS would continue to keepalive in suspend mode...
Yves Haemmerli -
Remove Health Care (keepalives) CSS 11503
Hi,
We normally distribute the load between two servers by checking if the server its active (using TCP 80), yesterday, we want to remove the Health Care (keepalives) due to a maintenance test, to sent the traffic direct to the server, but the service stop working.
We think we didn’t remove the health care properly, could anybody please help me to know hoe to remove it?
We are using CSS 11503, I’m adding the config.
ThanksCSS11503-2(config)# service Linux2
CSS11503-2(config-service[Linux2])# ip add 192.168.20.41
CSS11503-2(config-service[Linux2])# active
CSS11503-2(config-service[Linux2])# show service Linux2
Name: Linux2 Index: 33
Type: Local State: Alive
Rule ( 192.168.20.41 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Keepalive Encryption: Disabled
Last Clearing of Stats Counters: 08/12/2009 05:29:24
Mtu: 1500 State Transitions: 0
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
Weight Reporting: None
CSS11503-2(config-service[Linux2])# keepalive type none
CSS11503-2(config-service[Linux2])# show service Linux2
Name: Linux2 Index: 33
Type: Local State: Alive
Rule ( 192.168.20.41 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (NONE 5 3 5 )
Keepalive Encryption: Disabled
Last Clearing of Stats Counters: 08/12/2009 05:29:24
Mtu: 1500 State Transitions: 1
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
Weight Reporting: None
CSS11503-2(config-service[Linux2])#
Same if the service is down before disabling the keepalive.
CSS11503-2(config-service[Linux2])# keepalive type icmp
CSS11503-2(config-service[Linux2])# show service Linux2
Name: Linux2 Index: 33
Type: Local State: Down
Rule ( 192.168.20.41 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Keepalive Encryption: Disabled
Last Clearing of Stats Counters: 08/12/2009 05:31:42
Mtu: 1500 State Transitions: 4
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 255
Weight Reporting: None
CSS11503-2(config-service[Linux2])# keepalive type none
CSS11503-2(config-service[Linux2])# show service Linux2
Name: Linux2 Index: 33
Type: Local State: Alive
Rule ( 192.168.20.41 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (NONE 5 3 5 )
Keepalive Encryption: Disabled
Last Clearing of Stats Counters: 08/12/2009 05:36:08
Mtu: 1500 State Transitions: 5
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
Weight Reporting: None
Gilles. -
The senerio contains a PIX 515 E firewall,4507R Chassis switch and a CSS 11503. The servers in inside zone of the PIX is load balanced using a vip with default route specified in the CSS is the inside zone interface IP of the PIX
Now I would like to load balance the servers in the DMZ zone of the PIX with a separate vip(from DMZ zone) in the same CSS. Since the default route in CSS is towards the inside zone of the PIX, I am unable to see the load blanced pages from dmz. Is there any solution to load balance the servers of the 2 zones with 2 different vip's using a single css ?The default behavior is to use the calling device's CSS for the redirected calls. In your case it sounds like you want to use the redirecting device's CSS. I haven't tried this myself but I believe you will need to change the following registry entry on your PGs. You will want to use option 2 (ROUTEADDRESS_SEARCH_SPACE).
HKEY_LOCAL_MACHINE\SOFTWARE\Cisco
Systems,Inc.\ICM\IPCCL\PG1B\PG\CurrentVersion\JGWS\jgw1\JGWData\Dynamic
"UseRouteAddressSearchSpace"=dword:00000000
- Used to control behavior on CTI Route Points for Route Selects.
UseRouteAddressSearchSpace can be to set 0, 1, or 2 where :
DEFAULT_SEARCH_SPACE = 0
CALLINGADDRESS_SEARCH_SPACE = 1
ROUTEADDRESS_SEARCH_SPACE = 2 -
CSS11503 Keepalive Script Issue
I had an issue today where I sent my config via ftp to my CSS11503 (sg0810401) and on several of my keepalives I have a script configure to test connectivity for the LDAP ports. At the time that I sent my config to my CSS i had not yet loaded the script into the /script directory. After I loaded my config I restarted my CSS and everything looked good, then I uploaded my script file (ap-kal-ldap-cto). I checked my services and all of them said they could not find the script in the directory, but I was able to run the script to the IP of one of my services without any issues. I verify the script by issueing the show script ap-kal-ldap-cto command and it displayed my script just as it had been written. Another thing I noticed was that when I tried to remove the keepalive from one of the services I was unable to issue the command "no keepalive type script" as the command syntax of "type" was not available. I did see the other keepalive command syntax of "frequency, hash, http-rspcode, maxfailure, uri and a few others, but no "type" command.
I change all my keepalives to a ping for now, but does anyone know whats going on with this thing??? I think if I reboot the issue will be resolved, but I really think it should have worked without any issue.Good morning,
There are two different points to be discussed here.
First of all, why did the CSS complain that the script couldn't be found? The answer is simple, as you said, when the configuration was applied the script was not present on the device. Even if the script is uploaded later, it will not be detected properly. Either a reload or re-applying the keepalive confiugration should fix this.
This brings me to the second point. To remove a keepalive, the command you need to use is "keepalive type none" instead of "no keepalive type script"
Regards
Daniel -
CSS 11503 - question on version
We're about to do an annual OS update to our CSS 11503, and I noticed that there are two current versions of WebNS, both released in the same month: 8.10.4.01 and 8.20.2.01. Could anyone outline for me the differences between the two (or point me to the right release notes)? I usually upgrade to the latest release, but having two at the same time is awfully confusing.
Thank you!They are essentially the same.
We always port all fix to both of them.
Release notes are here :
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/release/note/RN810_X.html
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/release/note/RN820_X.html
Gilles. -
CSS 11503 in Active Active mode
Can we configure CSS 11503 in Active/Active mode, means can multiple context would be configured?
Thanks & Regards,
Shahzad.Here you go
Assumptions:
VIP 10.10.10.100 is Master on the CSS 2 and backup on the CSS1
VIP 10.10.10.101 is Master on the CSS1 and backup on the CSS1
Vlan 10 is the Server Vlan (Redundant Interfaces here)
Vlan 20 is the Client vlan (Redundant Vips here)
Services for VIP 10.10.10.100 (real server) have default gateway pointing to redundant interface 172.20.40.253
Services for VIP 10.10.10.101 (real server) have default gateway pointing to redundant interface 172.20.40.254
CSS #1
circuit VLAN10
ip address 172.20.40.1 255.255.255.0
ip virtual-router 1 priority 101 preempt
ip virtual-router 2
ip-redundant-interface 1 172.20.40.253
ip-redundant-interface 2 172.20.40.254
Circuit VLAN20
ip address 10.10.10.1 255.255.255.0
ip virtual-router 3 priority 101 preempt
ip virtual-router 4
ip redundant-vip 3 10.10.10.101
ip redundant-vip 4 10.10.10.100
CSS #2
circuit VLAN10
ip address 172.20.40.2 255.255.255.0
ip virtual-router 1
ip virtual-router 2 priority 101 preempt
ip-redundant-interface 1 172.20.40.253
ip-redundant-interface 2 172.20.40.254
Circuit VLAN20
ip address 10.10.10.2 255.255.255.0
ip virtual-router 3
ip virtual-router 4 priority 101 preempt
ip redundant-vip 3 10.10.10.101
ip redundant-vip 4 10.10.10.100
More details at
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/redundancy/guide/VIPRedun.html#wp1112245
Syed Iftekhar Ahmed
Maybe you are looking for
-
MIRO CENVAT CLEARING a/c debit not simulating
PO created for an item. Excise taxes entered. Multiple GR taken place for the same item, with Exise Part I and Part II posted correctly. During MIRO simulation, only one GR based entry is not simulating cenvat clearing debit entry. Nothing in customi
-
Why do my pictures revert to HORIZONTAL-- Help!
I have the Photoshop Album Starter Edition 3.0. When I downloaded photos with my old 3.2 MP I could rotate my pictures to vertical, no problem. Now...with my new 10.2 MP camera, I can rotate the photos, and when clicked/viewed they are vertical. But,
-
Once i Plug in my ipod my name is not shown where it is somewhere near genius on itunes and then their is something else that pops out that supposed to say "my name device" etc.... but it says someone else's.
-
I am editing a DVCPRO 16x9 sequence. What size or dimensions should the Photoshop files (photos and graphics) be? My thought is 720 x 486 at 125 resolution. Any help would be great.
-
Memory reference error with Net8 easy config
I've installed the Oracle 9iDS in the Windos 2000 professional. This i have installed in ORAIDS sepate directory with oracle home as ORAIDS. Using Net8 easy config i can establish the connection with oracle server. Then after, I've also installed the