Cisco CSS 11503 ntp keepalive script

Similar Messages

• CSS - Executing a Keepalive Script

  Hi,
  I am trying to execute the following script, this script is testing connectivity on multiple hosts and TCP ports to define a service as 'up'
  #!name = CHECKPORT_STD_SCRIPT
  # Scriptname : CheckPortsTask.tcl
  # Pamapaters : <list of hosts ip >
  # <list of ports >
  # [verbose] optional verbose debug flag.
  # Description :
  # This is an example of standalone script. The script is given a list of hosts
  # and a list of posrts for each host. The script then checks to see if the host:port
  # is available and listening.
  # Example execution:
  # script task 1 "10.2.0.12 10.2.0.14 10.5.0.15" " 21 23 80 2048"
  proc ck_puts { msg } {
  puts "[ info script ] : $msg"
  # main
  # parse cmd line args and setup ip , port
  if { $argc != 2 } {
  ck_puts "paramaters: script task <id> [ info script ] <hostList> <portList>"
  exit -1
  set hostList [ lindex $argv 0 ]
  set portList [ lindex $argv 1 ]
  ck_puts "================= test start========================="
  foreach ip $hostList {
  ck_puts "----------------- host $ip-------------------------"
  foreach port $portList {
  ck_puts "testing $ip:$port"
  if { [catch { socket $ip $port } sock ] } {
  ck_puts "\t$ip:$port ERR : $sock"
  if { [ regexp "connection timed out" $sock ] } {
  ## erro due to connection timeout, skip to next ip
  break;
  ## other error, don't break, keep test next port for the same ip
  } else {
  ck_puts "\t$ip:$port OK"
  close $sock
  ck_puts "================= test end========================="
  My issue is that the comments suggest the arguements are put into 2 sections of quotations but the CSS will not allow this input....
  CSS11503(config-service[TEST-SERVICE])# keepalive type script checkportstask ?
  <cr> Execute command
  use-output Allow tools such as grep to parse script output
  <Quoted text> Script Arguments (Len: 0-128)
  CSS11503(config-service[TEST-SERVICE])# keepalive type script checkportstask
  CSS11503(config-service[TEST-SERVICE])# keepalive type script checkportstask "10.1.1.1 10.2.2.2" "80 443"
  ^
  %% Invalid input detected at '^' marker.
  CSS11503(config-service[TEST-SERVICE])#
  Can anyone shed some light on how this script is executed.
  Thanks,
  Brian

  what you show is a CSM/ACE TCL script.
  The CSS uses its own scripting language.
  More info @
  http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080327ff9.html
  BTW, what you need already exists.
  http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_tech_note09186a00801e1e14.shtml
  Gilles.

• Cisco CSS 11503 Arrowpoint/Load Balance question

  I am troubleshooting an issue with my 11503.  I am running version 07.40.0.04. I have it configured as follows:
    content upcadtoa-rule
      add service cadtoa-wls1-e0
      add service cadtoa-wls1-e1
      add service cadtoa-wls2-e0
      add service cadtoa-wls2-e1
      add service cadtoa-wls3-e0
      add service cadtoa-wls3-e1
      add service cadtoa-wls4-e0
      add service cadtoa-wls4-e1
      add service cadtoa-wls5-e0
      add service cadtoa-wls5-e1
      add service cadtoa-wls6-e0
      add service cadtoa-wls6-e1
      arrowpoint-cookie expiration 00:00:15:00
      protocol tcp
      port 8001
      advanced-balance arrowpoint-cookie
      redundant-index 2
      vip address 172.30.194.195 range 2
      arrowpoint-cookie name TOA
      active
  However, the load-balancing across the servers does not seem to be doing much balancing.  One of those servers is getting hit with 5 times as much traffic as another and another server is lucky to get a connection at all.  With the cookie expiration set, one would think that this would all balance out over time.
  I just came across this information from Cisco and I am wondering if it is relevant:
  If you configure a balance or advanced-balance method on a content rule that requires the TCP protocol for Layer 5 (L5) spoofing, you should configure a default URL string, such as url "/*". The addition of the URL string forces the content rule to become an L5 rule and ensures L5 load balancing or stickiness. If you do not configure a default URL string, unexpected results can occur.
  In the following configuration example, if you configure a Layer 3 (L3) content rule with an L5 balance method, the CSS performs L5 load balancing, but will reject UDP packets.
  content testing
  vip address 192.168.128.131
  add service s1
  balance url
  active
  The balance url method is an L5 load-balancing method in which the CSS must spoof the connection and examine the HTTP GET content request to perform load balancing. The CSS rejects the UDP packet sent to this rule because a UDP connection cannot be L5. Though the CSS allows this rule configuration, its expected behavior would be more clear if you promote the rule to L5 by configuring the url "/*" command.
  In the next example, if you configure an L3 content rule with an L5 advanced-balance method, L5 stickiness will not work as expected.
  content testing
  vip address 192.168.128.131
  add service s1
  advanced-balance arrowpoint-cookie
  active
  The advanced-balance arrowpoint-cookie method causes the CSS to spoof the connection, however, the CSS still marks it as an L3 rule. Thus, the CSS does not insert the generated cookie and the rule defaults to L3 stickiness (sticky-srcip). You must configure a URL like url "/*" to promote this rule to L5, ensuring that L5 stickiness works as expected.
  Thanks in advance for any help you can give.  The thing is not down, it is just balancing strangely causing application performance issues.
  James

  Hey James,
  You will need to suspend the content rule in order to add the url statement.  This will cause a quick downtime until the content rule is activated again.  I have shown below the commands to add the statement.  Perhaps you can create your commands in a Notepad file, then paste them all in so they execute quickly to minimize your downtime:
    content MY-SITE
      vip address 10.201.130.140
      port 80
      protocol tcp
      add service MY-SERVER
      active
  CSS11503# config t
  CSS11503(config)# owner TEST
  CSS11503(config-owner[TEST])# content MY-SITE
  CSS11503(config-owner-content[TEST-MY-SITE])# url "/*"
  %% Attribute may not be modified on active rule
  CSS11503(config-owner-content[TEST-MY-SITE])# suspend
  CSS11503(config-owner-content[TEST-MY-SITE])# url "/*"
  CSS11503(config-owner-content[TEST-MY-SITE])# active
  CSS11503(config-owner-content[TEST-MY-SITE])# exit
  CSS11503(config-owner[TEST])# exit
  CSS11503(config)# exit
  CSS11503# show run
    content MY-SITE
      vip address 10.201.130.140
      add service MY-SERVER
      port 80
      protocol tcp
     url "/*"       <--------
      active
  Hope this helps,
  Sean

• CISCO CSS 11503: Adaptive Session Redundancy + Resets

  Hi
  we have release 7.10.206a configured with SourceGroup and ASR. I made a sniffer trace and experienced that the CSS sends a lot of RST. As well I saw that it use only 1984 source ports for the connections to the server. How can I increase the number of source Ports? .In the attachments you will find the sniffer trace with the incorrect behaviour and the configuration.
  Any suggestion, idea ?

  the problem of the RST seems to be the frequent reuse of the same source port.
  The destination of this connection seems to be confused and ACK the new SYN with the ack number of the previous connection. This ack number is out of range from the syn sequence number so the result if a RST.
  ie:
  Flow1 - Syn -> packet 1
  Flow1 - Last ACK -> packet 33
  Flow 2 - syn -> packet 34
  Flow 2 - ack (instead of syn/ack) with acknumber same is packet 33.
  This triggers a RESET -> packet 36
  Flow 3 - syn -> packet 55
  Flow 3 - same as flow 2 issue, ack with old ack number. This triggers a RST (packet 57).
  Now the 2nd issue, the CSS (I believe tpkg0x.post.ch is the CSS) sends packet for flow 2 but the end station believes flow 2 was killed with the RESET of flow 3 and the host sends a RST to the CSS (packet 59) because its connection does not exist anymore.
  So the all issue is the fact that ports are being reused to quickly.
  You will need to involve more people to find a workaround to the 1984 ports available [and be aware they are available but not all usable].
  Work with Marco K., your sale support.
  Regards,
  Gilles.

• CSS 11503 keepalive scripts

  Is it possible to configure a keepalive script to detect the text returned from a cold fusion web page - eg "server available". Not the header but actual content of the page.

  Gilles:
  I know this is a two years old, but need some help with the issue regarding this post. I need to have a script keepalive to verify the content of a page. I tried what you mentioned here, but my service won't come up. My set up is this:
  SERVICE
  service serbancasawebback
  type ssl-accel-backend
  add ssl-proxy-list bhdssl
  keepalive type script ap-kal-httptagban
  protocol tcp
  port 80
  ip address 192.168.249.23
  active
  The script I used is as follows:
  !no echo
  ! Filename: ap-kal-httptagban
  ! Parameters: HostName WebPage HostTag
  ! Description:
  ! This script will connect to the remote host and do an HTTP
  ! GET method upon the web page that the user has asked for.
  ! This script also adds a host tag to the GET request.
  ! Failure Upon:
  ! 1. Not establishing a connection with the host.
  ! 2. Not receiving an HTTP status “200 OK”
  if ${ARGS}[#] “NEQ” “3”
  echo “Usage: ap-kal-httptagban \'192.168.249.23 /bancasa/start.swe?SWECmd=Logoff www2.bhd.com.do\'”
  exit script 1
  endbranch
  ! Defines:
  set HostName “${ARGS}[1]”
  set WebPage “${ARGS}[2]”
  set HostTag “${ARGS}[3]”
  ! Connect to the remote Host
  set EXIT_MSG “Connection Failure”
  socket connect host ${HostName} port 80 tcp
  ! Send the GET request for the web page
  set EXIT_MSG “Send: Failed”
  socket send ${SOCKET} “GET ${WebPage} HTTP/1.0\nHost: ${HostTag}\n\n”
  ! Wait for a good status code
  set EXIT_MSG “Waitfor: Failed”
  socket waitfor ${SOCKET} “SWE Internal Error” 2000
  no set EXIT_MSG
  socket disconnect ${SOCKET}
  exit script 0
  Notice this is an SSL back-end service. The web page the user should request is:
  https://www2.bhd.com.do/bancasa/start.swe?SWECmd=Logoff
  If it returs the page with the error, then is down.
  I'm not sure I have all arguments OK or in the correct format. Also,I'm a little confused regarding whta the Hostag should be.
  Can you please verify what I have wrong ?
  Thanks

• CSS: How does DNS Scripted Keepalive (ap-kal-dns) work?

  Hello everyone,
  I have a question about how does DNS Scripted Keepalive (ap-kal-dns) work on CSS 11503.
  According to the "Using the CSS Scripting Language",
  http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/css11500series/v7.50/configuration/administration/guide/Scripts.html
  it says
  Since we just want to see if the DNS server is alive we will send a simple DNS Query.  This query is hard coded in hexadecimal and sent raw to the DNS server.
  and
  Receive some unexplained response. We don't care what it is because an unstable DNS server or a non-existent one would probably not send ! us any data back at all.
  but it also says
  Failure Upon: 1. Not resolving the host's IP from the domain name
  And according to the "How to Configure the CSS to Load Balance DNS Servers and Use the DNS Scripted Keepalives",
  http://www.cisco.com/en/US/partner/products/hw/contnetw/ps789/products_configuration_example09186a00801d015a.shtml
  it says
  The script is hard-coded to resolve www.cisco.com.  It does not matter if the DNS server can resolve this address or not, as long as a DNS response comes back that the service is alive. This keepalive is only testing if a DNS server can respond to a query, not if it can resolve a specific name. The script queries from the CSS to DNS internal servers keep track of the availability of the DNS servers.
  but it also says
  Access to Internet Domain Name System Root Servers is required for successful implementation of DNS scripted keepalives.
  So I am confused whether DNS server has to resolve the host's IP address correctly for DNS query received from CSS or just needs to reply any response but not need to resolve it.
  I would like to recap about my question.
  Q1: Does DNS Scripted Keepalive (ap-kal-dns) send DNS query with cisco.com as DNS name by default?
  Q2: Does DNS server has to resolve IP address of  cisco.com or just need to respond for DNS query with any response but not need to resolve IP address of cisco.com?
  I understand I should get capture data and see how DNS scripted keepalive works, but I can not prepare lab environment to do it at the present.
  Your information would be appreciated.
  Best regards,
  Shinichi

  yes the query is for www.cisco.com and the script expect a reponse that contains the word cisco.
  Gilles.

• Cisco css http keepalive is not working with GET command

  Dear all
  i have Cisco Css connected to Dell Server (via switch)
  Cisco CSS - 192.168.1.3 and Dell Server - 192.168.1.5
  Dell server is setup with windows 2009R2 and Apache HTTPD is version 2.2
  This server is dedicated to host multiple doamins with Apache lik
  www.abc.co.uk
  www.xyz.co.uk
  Now the clinet wants to setup the http keepalive  with specfic web page like /testpage.html  for all these domains. i have teseed with single URI. it is working the comamnds are
  config)# service serv1
  (config-service[serv1])# ip address 192.168.1.5
  (config-service[serv1])# keepalive type http
  (config-service[serv1])# keepalive method head    ( get i have not used due to hash mismatch with apche server, if i use GET it is not working)
  (config-service[serv1])# keepalive uri "/testpage.html"
  (config-service[serv1])# active
  It is working with single URI.  but how can i do the same thing for multiple doamins ?
  for multiple doamins do i need use script ? or can i use with commands ?
  if i need to use script the script is
  !no echo
  ! Filename: httptag-test
  ! Parameters: HostName WebPage HostTag
  ! Description:
  !       This script will connect to the remote host and do an HTTP
  !   GET method upon the web page that the user has asked for.
  !   This script also adds a host tag to the GET request.
  ! Failure Upon:
  !   1. Not establishing a connection with the host.
  !       2. Not receiving an HTTP status "200 OK"
  if ${ARGS}[#] "NEQ" "3"
          echo "Usage: httptag-test \'Hostname WebPage HostTag\'"
          exit script 1
  endbranch
  ! Defines:
  set HostName "${ARGS}[1]"
  set WebPage "${ARGS}[2]"
  set HostTag "${ARGS}[3]"
  ! Connect to the remote Host
  set EXIT_MSG "Connection Failure"
  socket connect host ${HostName} port 80 tcp
  ! Send the GET request for the web page
  set EXIT_MSG "Send: Failed"
  socket send ${SOCKET} "GET ${WebPage} HTTP/1.1\nHost: ${HostTag}\n\n"
  ! Send the HEAD request for the web page
  set EXIT_MSG "Send: Failed"
  socket send ${SOCKET} "HEAD ${WebPage} HTTP/1.1\nHost: ${HostTag}\n\n"
  ! Wait for a good status code
  set EXIT_MSG "Waitfor: Failed"
  socket waitfor ${SOCKET} "200 OK"
  no set EXIT_MSG
  socket disconnect ${SOCKET}sh w
  exit script 0
  in the script i have not used GET becasue, when CSS send GET request to apache it use hash, but apache is not able to respond with same hash and it shows that website is down. more information- click below url
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/command/reference/CmdKeepC.html#wp1139668
  (config-keepalive) method
  I have uploaded in CSS with httptag-test file and applied these commands
  service comp.brit.co.uk-80
    keepalive port 80
    ip address 192.168.1.5
    keepalive frequency 10
  keepalive maxfailure 2
  keepalive retryperiod 10
  keepalive type script httptag-test "192.168.1.5 /testpage.html  www.abc.co.uk
  keepalive type script httptag-test "192.168.1.5 /testpage.html  www.xyz.co.uk
  but this script is not working
  my question is:
  1.do i need use script only to setup http keepalvie with webpage for multiple domains ?
  2.with out using script is there any solution like CICSCO  CSS commands  to setup http uril for multiple domains which are on 1 singl server.
  please help me asap

  Hello Muhammad,
  If you wish to use multiple domains for a URI  keep-alive check, and perform a HEAD request what Daniel mentioned is  correct.  You have to use a scripted keep-alive check on the service.  However, you should not use the default "ap-kal-httptag" script to do so  as it's limited to only 1 website (unless you modify the script).  You're best bet would be using the "ap-kal-httplist" script on the CSS  as it allows the checking of 2 different websites along with a webpage  to check for each site using HTTP HEAD method.
  !no echo
  ! Filename: ap-kal-httplist
  ! Parameters: Site1 WebPage1 Site2 WebPage2 [...]
  ! Description:
  !    This script will connect a list of sites/webpage pairs.  The
  !   user must simply supply the site, and then the webpage and
  !   we'll attempt to do an HTTP HEAD on that page.
  ! Failure Upon:
  !   1. Not establishing a connection with the host.
  !   2. Not receiving a status code 200 on the HEAD request on any
  !      one site.  If one fails, the script fails.
  ! Make sure the user has a qualified number of arguments
  if ${ARGS}[#] "LT" "2"
          echo "Usage: ap-kal-httplist \'WebSite1 WebPage1 WebSite2 WebPage2 ...'"
          exit script 1
  endbranch
  while ${ARGS}[#] "GT" "0"
          set Site "${ARGS}[1]"
      var-shift ARGS
      if ${ARGS}[#] "==" "0"
          set EXIT_MSG "Parameter mismatch: hostname present but webpage was not"
          exit script 1
      endbranch
      set Page "${ARGS}[1]"
      var-shift ARGS
      no set EXIT_MSG
      function HeadUrl call "${Site} ${Page}"
  endbranch
  exit script 0
  function HeadUrl begin
  ! Connect to the remote Host
  set EXIT_MSG "Connect: Failed to connect to ${ARGS}[1]"
  socket connect host ${ARGS}[1] port 80 tcp 2000
  ! Send the head request
  set EXIT_MSG "Send: Failed to send to ${ARGS}[1]"
  socket send ${SOCKET} "HEAD ${ARGS}[2] HTTP/1.0\n\n"
  ! Wait for the status code 200 to be given to us
  set EXIT_MSG "Waitfor: Failed to wait for '200' on ${ARGS}[1]"
  socket waitfor ${SOCKET} " 200 " 2000
  no set EXIT_MSG
  socket disconnect ${SOCKET}
  function HeadUrl end
  Rather  then modify the default "ap-kal-httplist" script on the CSS I would  simply define the arguments within the service configuration itself.   Something like the following (using your service example):
  service dell-192.168.1.5
  ip address 192.168.1.5
  keepalive type script ap-kal-httplist "www.abc.co.uk /testpage.html www.xyz.co.uk /testpage.html"
  active
  As  long as the server is configured to reply to host headers, and the page  is configured to retuen a "200 OK" the above service configuration  should work. If there are any errors simply run "show service  " to view why there was a failure. If there is a  failure, and the output from the command specified shows a line number  run the following command against the script to view at what point  (line) did the failure occur:
  show script ap-kal-httplist line-numbers
  Hope this helps!
  - Jason Espino

• CSS keepalive script for LDAP (Novell)

  I need an advanced script for Cisco CSS11000 for LDAP keepalive. The problem is the built-in script is too rudimental, what it does is just check the tcp 389 connection to the servers plus some expected bind response code "0A, 01, 00". But what happened for us is when the LDAP server (Novell) is doing DS repair, in which the server is too busy to handle the real LDAP call but still reply the tcp 389 request, CSS think it is still alive.
  We want a smart script that can handle real LDAP call (like a LDAP client) and send a real LDAP request instead of a simple tcp 389 request. Does anyone have any idea?
  Thanks in advance,
  Thanks in advance,
  Dave

  with the CSS script language you can send binary data and receive binary response.
  If you know what port to send the request to, what are the binary data and what is the expected binary response, we can easily do a script for you.
  The easiest way to get the binary info is to make a LDAP query and capture it with sniffer.
  Also capture the response.
  Make sure to do a query that will always result in the same response.
  Once you have this data, you can try to update the ldap script yourself [hint: use the raw keyword when sending the data].
  Or post the info here and will try to make a script for you.
  Gilles.

• CSS keepalive script for LDAP

  I am trying to write a script for detecting the status of an LDAP server on a CSS. I figured out that I should capture the binary send and receive data of the LDAP query. I captured the request and response packets. But I have no idea of which part of the binary data (and how) I should put into the stock LDAP keepalive script. Could someone put me in the right direction?
  Thanks a lot.
  Daniel

  Just look at the existing ldap script
  CSS11503-2# sho script ap-kal-ldap
  !no echo
  ! Filename: ap-kal-ldap
  ! Parameters: HostName
  ! Description:    "Lightweight Directory Access Protocol v3"
  !   This script will connect to an LDAP server and attempt to
  !   "bind request" to the server.  Once the server gives a
  !   positive response we will disconnect (RFC-2251).
  ! Bind Response Code we will search for is: 0x0a 0x01 0x00
  ! Failure Upon:
  !   1. Not establishing a connection with the host.
  !       2. Failure to receive the above response code.
  ! Make sure the user has a qualified number of arguments
  if ${ARGS}[#] "NEQ" "1"
          echo "Usage: ap-kal-ldap \'Hostname\'"
          exit script 1
  endbranch
  ! Defines:
  set HostName "${ARGS}[1]"
  set EXIT_MSG "Connection Failed"
  ! Connect to the remote host (use default timeout)
  socket connect host ${HostName} port 389 tcp 2000
  set EXIT_MSG "Send: Failure"
  ! Send a Bind Request to the remote host.  This is simply a standard
  ! "capture" of a bind request in hex.  This should work for all standard
  ! version 3 LDAP servers.
  socket send ${SOCKET} "300c020102600702010204008000" raw
  set EXIT_MSG "Recieve: Failure"
  ! Expect to receive a standard response from the host.  This should
  ! be equal to a SUCCESS response code:
  socket waitfor ${SOCKET} "0a0100" 2000 raw
  set EXIT_MSG "Send: Failure"
  ! Send an exit "Unbind Request" to the remote host so that they
  ! are not left hanging.
  socket send ${SOCKET} "30050201034200" raw
  no set EXIT_MSG
  socket disconnect ${SOCKET}
  exit script 0
  CSS11503-2#
  In red, you see the command to send the binary (this includes everything inside the tcp payload - after the tcp header).
  In blue, you see the command to inspect received data and consider the response valid if the sequence is seens somewhere in the tcp payload of the response.
  Gilles.

• CSS Keepalive Script

  Hi,
  I am writing a keepalive script, which put the service in active mode or in suspended mode, depending on a web page content, requested by the script. It works very good from active to suspended, but once in suspended mode, the keepalive script is not run anymore and therefore cannot detect the page, which should put the service back online! Is there a way for the keepalive to continue, even if a service is suspended ?
  Thank you
  Yves Haemmerli

  Yes, I traced what the script does and it is clear to me that the keepalive stops if the service is put in suspended mode. I agree with you, if the service is down, the keepalive continue every retryperiod.
  But I solved my problem in the following way : I created a second service, which uses another script (actually a subset of the first script), which also monitors the test pages on the server. This second script always exits with return code 0 (sucessful) and therefore never stops working. As soon the second script recognizes the character string "PORTALUP" in the test page, it sets the first service in active mode, which restarts the keepalive scheduling. It works perfectly and this allows to put a server in maintenance mode (suspend) from the server itself, without to stop existing user flows.
  As this is a workaround solution, it would be better if the CSS would continue to keepalive in suspend mode...
  Yves Haemmerli

• Remove Health Care (keepalives) CSS 11503

  Hi,
  We normally distribute the load between two servers by checking if the server its active (using TCP 80), yesterday, we want to remove the Health Care (keepalives) due to a maintenance test, to sent the traffic direct to the server, but the service stop working.
  We think we didn’t remove the health care properly, could anybody please help me to know hoe to remove it?
  We are using CSS 11503, I’m adding the config.
  Thanks

  CSS11503-2(config)# service Linux2
  CSS11503-2(config-service[Linux2])# ip add 192.168.20.41
  CSS11503-2(config-service[Linux2])# active
  CSS11503-2(config-service[Linux2])# show service Linux2
  Name: Linux2            Index: 33
    Type: Local            State: Alive
    Rule ( 192.168.20.41  ANY  ANY )
    Session Redundancy: Disabled
    Redirect Domain:
    Redirect String:
    Keepalive: (ICMP   5   3   5 )
    Keepalive Encryption:      Disabled
    Last Clearing of Stats Counters: 08/12/2009 05:29:24
    Mtu:                       1500        State Transitions:            0
    Total Local Connections:   0           Total Backup Connections:     0
    Current Local Connections: 0           Current Backup Connections:   0
    Total Connections:         0           Max Connections:              65534
    Total Reused Conns:        0
    Weight:                    1           Load:                         2
    Weight Reporting:          None
  CSS11503-2(config-service[Linux2])# keepalive type none
  CSS11503-2(config-service[Linux2])# show service Linux2
  Name: Linux2            Index: 33
    Type: Local            State: Alive
    Rule ( 192.168.20.41  ANY  ANY )
    Session Redundancy: Disabled
    Redirect Domain:
    Redirect String:
    Keepalive: (NONE   5   3   5 )
    Keepalive Encryption:      Disabled
    Last Clearing of Stats Counters: 08/12/2009 05:29:24
    Mtu:                       1500        State Transitions:            1
    Total Local Connections:   0           Total Backup Connections:     0
    Current Local Connections: 0           Current Backup Connections:   0
    Total Connections:         0           Max Connections:              65534
    Total Reused Conns:        0
    Weight:                    1           Load:                         2
    Weight Reporting:          None
  CSS11503-2(config-service[Linux2])#
  Same if the service is down before disabling the keepalive.
  CSS11503-2(config-service[Linux2])# keepalive type icmp
  CSS11503-2(config-service[Linux2])# show service Linux2
  Name: Linux2            Index: 33
    Type: Local            State: Down
    Rule ( 192.168.20.41  ANY  ANY )
    Session Redundancy: Disabled
    Redirect Domain:
    Redirect String:
    Keepalive: (ICMP   5   3   5 )
    Keepalive Encryption:      Disabled
    Last Clearing of Stats Counters: 08/12/2009 05:31:42
    Mtu:                       1500        State Transitions:            4
    Total Local Connections:   0           Total Backup Connections:     0
    Current Local Connections: 0           Current Backup Connections:   0
    Total Connections:         0           Max Connections:              65534
    Total Reused Conns:        0
    Weight:                    1           Load:                         255
    Weight Reporting:          None
  CSS11503-2(config-service[Linux2])# keepalive type none
  CSS11503-2(config-service[Linux2])# show service Linux2
  Name: Linux2            Index: 33
    Type: Local            State: Alive
    Rule ( 192.168.20.41  ANY  ANY )
    Session Redundancy: Disabled
    Redirect Domain:
    Redirect String:
    Keepalive: (NONE   5   3   5 )
    Keepalive Encryption:      Disabled
    Last Clearing of Stats Counters: 08/12/2009 05:36:08
    Mtu:                       1500        State Transitions:            5
    Total Local Connections:   0           Total Backup Connections:     0
    Current Local Connections: 0           Current Backup Connections:   0
    Total Connections:         0           Max Connections:              65534
    Total Reused Conns:        0
    Weight:                    1           Load:                         2
    Weight Reporting:          None
  Gilles.

• Routing issue with CSS 11503

  The senerio contains a PIX 515 E firewall,4507R Chassis switch and a CSS 11503. The servers in inside zone of the PIX is load balanced using a vip with default route specified in the CSS is the inside zone interface IP of the PIX
  Now I would like to load balance the servers in the DMZ zone of the PIX with a separate vip(from DMZ zone) in the same CSS. Since the default route in CSS is towards the inside zone of the PIX, I am unable to see the load blanced pages from dmz. Is there any solution to load balance the servers of the 2 zones with 2 different vip's using a single css ?

  The default behavior is to use the calling device's CSS for the redirected calls. In your case it sounds like you want to use the redirecting device's CSS. I haven't tried this myself but I believe you will need to change the following registry entry on your PGs. You will want to use option 2 (ROUTEADDRESS_SEARCH_SPACE).
  HKEY_LOCAL_MACHINE\SOFTWARE\Cisco
  Systems,Inc.\ICM\IPCCL\PG1B\PG\CurrentVersion\JGWS\jgw1\JGWData\Dynamic
  "UseRouteAddressSearchSpace"=dword:00000000
  - Used to control behavior on CTI Route Points for Route Selects.
  UseRouteAddressSearchSpace can be to set 0, 1, or 2 where :
  DEFAULT_SEARCH_SPACE = 0
  CALLINGADDRESS_SEARCH_SPACE = 1
  ROUTEADDRESS_SEARCH_SPACE = 2

• CSS11503 Keepalive Script Issue

  I had an issue today where I sent my config via ftp to my CSS11503 (sg0810401) and on several of my keepalives I have a script configure to test connectivity for the LDAP ports.  At the time that I sent my config to my CSS i had not yet loaded the script into the /script directory.  After I loaded my config I restarted my CSS and everything looked good, then I uploaded my script file (ap-kal-ldap-cto).  I checked my services and all of them said they could not find the script in the directory, but I was able to run the script to the IP of one of my services without any issues.  I verify the script by issueing the show script ap-kal-ldap-cto command and it displayed my script just as it had been written.  Another thing I noticed was that when I tried to remove the keepalive from one of the services I was unable to issue the command "no keepalive type script" as the command syntax of "type" was not available.  I did see the other keepalive command syntax of "frequency, hash, http-rspcode, maxfailure, uri and a few others, but no "type" command.
  I change all my keepalives to a ping for now, but does anyone know whats going on with this thing???   I think if I reboot the issue will be resolved, but I really think it should have worked without any issue.

  Good morning,
  There are two different points to be discussed here.
  First of all, why did the CSS complain that the script couldn't be found? The answer is simple, as you said, when the configuration was applied the script was not present on the device. Even if the script is uploaded later, it will not be detected properly. Either a reload or re-applying the keepalive confiugration should fix this.
  This brings me to the second point. To remove a keepalive, the command you need to use is "keepalive type none" instead of "no keepalive type script"
  Regards
  Daniel

• CSS 11503 - question on version

  We're about to do an annual OS update to our CSS 11503, and I noticed that there are two current versions of WebNS, both released in the same month: 8.10.4.01 and 8.20.2.01. Could anyone outline for me the differences between the two (or point me to the right release notes)? I usually upgrade to the latest release, but having two at the same time is awfully confusing.
  Thank you!

  They are essentially the same.
  We always port all fix to both of them.
  Release notes are here :
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/release/note/RN810_X.html
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/release/note/RN820_X.html
  Gilles.

• CSS 11503 in Active Active mode

  Can we configure CSS 11503 in Active/Active mode, means can multiple context would be configured?
  Thanks & Regards,
  Shahzad.

  Here you go
  Assumptions:
  VIP 10.10.10.100 is Master on the CSS 2 and backup on the CSS1
  VIP 10.10.10.101 is Master on the CSS1 and backup on the CSS1
  Vlan 10 is the Server Vlan (Redundant Interfaces here)
  Vlan 20 is the Client vlan (Redundant Vips here)
  Services for VIP 10.10.10.100 (real server) have default gateway pointing to redundant interface 172.20.40.253
  Services for VIP 10.10.10.101 (real server) have default gateway pointing to redundant interface 172.20.40.254
  CSS #1
  circuit VLAN10
  ip address 172.20.40.1 255.255.255.0
  ip virtual-router 1 priority 101 preempt
  ip virtual-router 2
  ip-redundant-interface 1 172.20.40.253
  ip-redundant-interface 2 172.20.40.254
  Circuit VLAN20
  ip address 10.10.10.1 255.255.255.0
  ip virtual-router 3 priority 101 preempt
  ip virtual-router 4
  ip redundant-vip 3 10.10.10.101
  ip redundant-vip 4 10.10.10.100
  CSS #2
  circuit VLAN10
  ip address 172.20.40.2 255.255.255.0
  ip virtual-router 1
  ip virtual-router 2 priority 101 preempt
  ip-redundant-interface 1 172.20.40.253
  ip-redundant-interface 2 172.20.40.254
  Circuit VLAN20
  ip address 10.10.10.2 255.255.255.0
  ip virtual-router 3
  ip virtual-router 4 priority 101 preempt
  ip redundant-vip 3 10.10.10.101
  ip redundant-vip 4 10.10.10.100
  More details at
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/redundancy/guide/VIPRedun.html#wp1112245
  Syed Iftekhar Ahmed