Cisco Global Site Selector

Similar Messages

• Cisco Global Site selector Issue

  Hi all ,
     I have  a cisco GSS-4492R-K9 in my network . Currently when I am trying to do any changes it is giving me a following error .
  Couls anybody pls let me know why it is happening
  GSS#copy run sta
  can't create lock file /etc/mtab~12368: No space left on device (use -n flag
  to override)
  Jul 24 07:09:30 SYS-4-LIB_UTIL_64[12369] Unable to 'unlock' safe-state:
  Read-only file system
  can't create lock file /etc/mtab~12412: No space left on device (use -n flag
  to override)
  Jul 24 07:09:31 SYS-3-LOCKSTATE[12413] Cannot remount
  /cisco/merlot/safe-state
  your help is highly appreciable .
  Rgds,

  Most likely the storage device has become corrupted thus you see the filesystem working in read only mode.
  There was a similar thread posted in the Application Networking forum about a year ago which suggested some remedies. Please see this link.
  (You can also recategorize your question into that forum by using the widget that should appear in the top right of your screen.)

• Ask the Expert: Global Site Selector Configuration and Troubleshooting

  Welcome to this Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about configuring and troubleshooting the Global Site Selector (GSS) with expert Swati Chopra.
  GSS devices represent the next generation of application switches and global server load balancing (GSLB) appliances. Working together with the Cisco ACE Module and Cisco ACE 4710 appliance, these devices form an application-fluent networking solution that improves availability, acceleration, and security for data center applications.
  The primary role of Cisco GSS is to implement the business continuance and disaster recovery policies of a business by optimizing and securing the Domain Name System (DNS) infrastructure of the data center. It does this by integrating with the DNS infrastructure and responding to the client DNS requests, thereby directing the client to the site that is best able to serve its needs.
  Swati Chopra is a CCNA, CCNP, and VCP certified customer support engineer for content switching, covering technologies such as Cisco Application Control Engine, Cisco Wide Area Application Services, Global Site Selector, Cisco Content Services Switches, and Digital Media Suite. She has been with Cisco for more than three years and has worked with most of the high-end customers on content-related complex cases. She completed her master’s degree in finance, was heading an online education project in collaboration with e-Sylvan, and later moved to technical services because of her love for technology. She is actively involved with diverse Cisco initiatives such as Connected Women, WISE, and Cisco Career Connections and recently hosted a “Birds of Feather” table at Cisco’s Women of Impact conference.
  Remember to use the rating system to let Swati know if you have received an adequate response. 
  Because of the volume expected during this event, Swati might not be able to answer every question. Remember that you can continue the conversation in the Data Center community under subcommunity Application Networking shortly after the event. This event lasts through April 25, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hi Sarah,
  The load balancing mechanism for GSS requests is done via different methods. We can use these methods to define how the load is shared for different balance clauses within the same rule. The 6 methods we use are:
  –round-robin—The GSS cycles through the list of answers that are available as requests are received. Each resource within an answer group is tried in turn. The GSS cycles through the list of answers, selecting the next answer in line for each request. This is the default.
  eg: if we have 2 answers in answer group then GSS will provide them alternatively.
  –least-loaded—The GSS selects an answer based on the load reported by each VIP in the answer group. The answer reporting the lightest load is chosen to respond to the request.The least-loaded option is available only for VIP-type answer groups that use a KAL-AP or Scripted keepalive, as they provide the GSS with detailed information on the SLB load and availability.
  eg: if one answer has higher load than the other, than first answer will not be provided until its load goes down the other answers
  –ordered—The GSS selects an answer from the list based on precedence; answers with a lower order number are tried first, while answers further down the list are tried only if preceding answers are unavailable to respond to the request.
  for eg: answer with ordered number 1 will be provided first till it becomes unavailable. Once it is unavailable then answer with ordered list number 2 will be provided
  –weighted-round-robin—The GSS cycles through the list of answers that are available as the requests are received, but sends requests to favored answers in a ratio determined by the weight value assigned to that resource.
  eg: if one answer has more weight(80%) than the other answer(20%), then it will be used 8 times out of 10.
  –hashed— When the GSS uses the hashed balance method, elements of the client's DNS proxy IP address and the requesting client's domain are extracted to create a unique value, referred to as a hash value. The unique hash value is attached to and used to identify a VIP that is chosen to serve the DNS query.
  The use of hash values makes it possible to "stick" traffic from a particular requesting client to a specific VIP, ensuring that future requests from that client are routed to the same VIP. This type of continuity can be used to facilitate features, such as online shopping baskets, in which client-specific data is expected to persist even when client connectivity to a site is terminated or interrupted.
  The GSS supports the following two hashed balance methods. You can apply one or both hashed balance methods to the specified answer group.
  • By Source Address—The GSS selects the answer based on a hash value created from the source address of the request.
  • By Domain Name—The GSS selects the answer based on a hash value created from the requested domain name.
  for eg: a user using same source ip will get the same answer from GSS if we do source address hashing.
  -DNS Race (Boomerang) Method-The GSS supports the DNS race (boomerang) method of proximity routing, which is a type of DNS resolution initiated by the GSS to load balance 2 to 20 sites.
  The boomerang method is based on the concept that instantaneous proximity can be determined if a CRA within each data center sends an A-record (IP address) at the exact same time to the client's D-proxy. The DNS race method of DNS resolution gives all CRAs (Cisco content engines or content services switches) a chance at resolving a client request and allows for proximity to be determined without probing the client's D-proxy. The first A-record received by the D-proxy is, by default, considered to be the most proximate.
  Use case is mainly with CRA's.
  Hope this helps. Please feel free to revert if you have follow-up questions.
  Thanks,
  Swati

• SAP LDAP Connector / UME LDAP and Global Site Selector (GSS)

  Hi,
  I'm wondering if SAP LDAP Connector / UME LDAP will work with Global Site Selector service, such as  CISCO GSS 4400 Series, so that GSS can provide load-balancing for LDAP access.
  If it works, is there a specific configuration on the SAP side?
  Thanks in advance.
  -denny-

  Hey Denny,
    Wondering if you ever sorted this out. I'm trying the same thing right now and UME is failing (and portal won't start) when I use the FQDN of the GSS. Behavior is strikingly similar to using the FQDN of the Active Directory domain. The only way I found to use AD as an LDAP source is to list individual DCs in the UME config. I'm hoping to use GSS instead.
  -Kevin

• Global Site Selector(GSS)

  Hi all,
  This is regarding new cisco applience called GSS,can anyone share how to config the GSS in real time with example,I hope I will get the responce soon,coz I have to do one installation soon.
  Thankx@Regds
  saji k.s
  DOHA

  try here...
  http://cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_support_series_home.html

• Global Site Selector (GSS) support DNSSEC ?

  Hi all,
  When will GSS support DNSSEC ?
  Thanks
  Eric

  Last I heard  GSS currently does not support DNSSEC. It is a feature that is being
  discussed for inclusion in a future release.
  You should contact your sales contact at Cisco to get more information and/or express your need for this feature.
  Gilles.

• Anyone used the Global Site Selector yet ?

  I believe it came out a couple of months ago. I'm looking at one versus the F5 3DNS boxes. Any thoughts ?

  I haven't used it yet, but I am also interested if anyone else has some info on it.
  I guess it would be a good idea to use if Cisco devices such as CSS 11000,Local directors, CSM etc. are deployed in the network.

• On GSS(global site selector)network max configurable the number of backup?

  HI..
  I would like to know the max backup gss number when we configure gss network.
  I did two gss when I configure gss topology. there are no problem when I configure two gss to active and the other standby.
  but I read the cco document that the gss cluster is being max up to 8 gss box.
  is it possible topology?
  when I configure two more gss on one cluster, I occered the err log on primary gss.

  HI..
  I would like to know the max backup gss number when we configure gss network.
  I did two gss when I configure gss topology. there are no problem when I configure two gss to active and the other standby.
  but I read the cco document that the gss cluster is being max up to 8 gss box.
  is it possible topology?
  when I configure two more gss on one cluster, I occered the err log on primary gss.

• ACE 4710- Global Site load-balancing

  Does the 4710 have a feature like global site load balancing like the CSS?
  We have a site that will have 2 ISPs but we don't have our own block of IP addresses to advertise so we would need to use the ISPs IP blocks.  We've had issues in the past advertising one ISPs IP block out another ISP so I was wondering if there was a way we could configure the ACE similar to the way the CSS did global site load balancing.  Basically have the ACE act as a DNS server and respond back with the IP address of whichever ISP we wanted the end user to come in on and use a probe to ping the ISPs remote WAN IP to verify the circuit is passing traffic and resolve the correct IP if it's not.
  Thanks

  ACE does not have DNS server functionality.
  And these methods are not supported on the CSS anymore.
  The solution we offer is to install a Cisco GSS (Global Site Selector) which can interact with the ACE or CSS or CSM to determine which vip is up or down.
  Gilles.

• Where can I download the scripts from cisco web site

  hello :
  I need some IVR scripts for my AS5350 but I cannot find them on cisco web site.
  anybody can tell me where and what files, thank you

  Hi,
  unfortunately the TCLWare pack is not available in public. It can be downloaded only through the CCO. So, you need a CCO account in order to login inside and download it.

• Module_data where clause using globals.site.dateNow

  I'm trying (and failing) to get a list of blog posts that are excluding the not yet released posts, here is what I have:
  {module_data resource="blogposts" version="v3" fields="id,siteId,blogId,postTitle,createBy,releaseDate,createDate,lastUpdateDate,enabled ,deleted,disableComments,slug,postUrl,metaBlogPostTitle,metaBlogPostDescription" skip="0" limit="10" where="\{'blog.releaseDate':\{'$lt':'{{globals.site.dateNow}}'\}\}" order="-id" collection="myData"}
  The "query" works but it ignores the globals.site.dateNow and displays everything (including posts greater than today).
  If I do a greater than (in testing), it doesn't display anything, it should have only displayed the unreleased blog posts.
  Bug? User error? Formatting incorrect? Any tips would be great.

  Hi Rich,
  In your 'where' filter above, you are using, 'blog.releaseDate', if you want to filter the data based on the blog posts' release date then use 'releaseDate' only. Like this -
  where="\{'releaseDate':\{'$lt':'{{globals.site.dateNow}}'\}\}"
  Let me know if you need more clarification on this.
  - Abhishek Maurya

• Issues Working with Results of GetWebAnalyticsReportData(Global.Site,Global.ReportLevel,"TopPageForPageReport",$B4,$B5)

  I created a custom Web Analytics Report in SharePoint. I went into the associated Excel file and tried to perform a vlookup to modify the report. No matter what I do, all references to any cell in the result ALWAYS end up as 0. I tried just doing a direct
  reference to a cell and the result is 0. I tried changing the value to TEXT and it still is a 0.
  So for example:
  The returned array covers A31 to D2030. If I go to some random cell in the workbook and enter "=A32" instead of returning the value in the cell (or even the formula), it returns 0. It doesn't matter what is in the cell, whether text or number.
  The formula in the cells are "=IFERROR(GetWebAnalyticsReportData(Global.Site,Global.ReportLevel,"TopPageForPageReport",$B4,$B5),$A31:$D2030)
  The value in A32 is the URL of a aspx page.
  I wanted to use a VLOOKUP to make the chart more readable since the URL is quite long and I wanted to strip out the common portion of the URL

  Hi,
  According to your description, Excel formula not working in the web analytics report.
  I tried to open a “Site Web Analytics Reports - Top Visitors” report in the desktop Office application, select an empty cell, input something like “=D4”, it is populated
  with the value of D4 cell immediately.
  By default, SharePoint Web Analytics Service produce the analytics data and save it in an Excel file, then we should be able to manipulate this Excel file with its
  data as what we do in a normal Excel file.
  To narrow down the issue, I would suggest you create a new Excel file with some data in your local machine or other machines, test some simple formulas on it to see
  if it is an issue of the desktop Office application.
  Feel free to reply if there any progress.
  Thanks
  Patrick Liang
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
  contact [email protected]
  Patrick Liang
  TechNet Community Support

• IOS 12.4(15)XW not available from Cisco Web site

  Can anyone please tell me why this version is not available from Cisco Web site as I am trying to download it to test on a cisco 2851 series router .The documnet below in page 7 & 10 describe  the requirement for this version. What is the replacement version for this if that is not available?

  Well, maybe I am missing something but I do not see a 12.4(15)XW release on CCO for the 2851 platform. I see references to it in documentation but I don't see actual release notes or a download link. So, where exactly did you see this particular version for this platform?
  Based on the PDF provided by the OP I think he is trying to add a fax module. In the PDF it is stated a few times that you can use 12.4(15)XW or 12.4(20)T. What this basically means is that these are minimum IOS version levels that you need to use that module. You would not want to run the minimum in most cases because software defects are abundant and seem to be endless. IOS release trains are somewhat over complicated in my opinion but here is my quick take. The XW is a early deployment release. These releases are "one offs". Usually added to incorporate a new piece of hardware. Sometime after these releases come out (again, to get the product to market) the code is incorporated in a T-train (in this case, 12.4(20)T). The idea is that the T-train code is used to introduce features/hardware/etc. that will be rolled into the next main-line release (in our world that is 15.0).
  Back to your issue. I can't find 12.4(15)XW but apparently p.bevilacqua has been able to find it. Maybe he would be willing to provide the link. If that doesn't pan out, I suggest that you look at releases after 12.4(20)T (including the latest service release for 12.4(20)T). They go up to 12.4(24)T. T-trains are touchy so you have to do your research and testing. I have had decent success with 12.4(20)T until recently (MGCP and T.38 fax, no joy). I have also used 12.4(24)T with OK success thus far. I know that p. bevilacqua doesn't like the 12.4T train "because its buggy". My opinion is all of this software is buggy. You have to identify the minimum release that will work with your hardware. Go to the latest minor/service release and research the bug toolkit. Oh, and always test.
  OK. Down the rabbit hole I go.
  HTH.
  Regards,
  Bill
  Please remember to rate helpful posts.

• Cisco ASA Site to Site VPN with routers on inside

  I have been asked to setup a site to site vpn to connect two remote offices.
  We have two ASA 5510's, one on each side.
  I can get the two ASA's setup and setup the VPN and have everything work like it is suppose to. Traffic passing from local network to remote network.
  However, I have been asked to add two secure routers to the setup. One secure router between the local network and the ASA, and the other the same on the other end, between the remote network and it's ASA
  Essentially, just like this:
  LAN---------------------Router-------------------------ASA----------------ISP-----------ASA-------------------------Router---------------------------LAN
  192.168.1.x   (inside 192.168.1.1)        (inside 10.0.1.1)               (inside 10.0.2.1)            (inside 192.168.2.1)          192.168.2.x
                            (outside 10.0.1.2)           (outside public ip)             (outside public ip)          (outside 10.0.2.2)
  I don't understand how this is suppose to work. I can get each side configured so that the clients on the inside can get out to the internet.
  A local client using the inside interface of the router as the gateway, the router then sends by route this traffic to the ASA's inside interface which then forwards the traffic to the default route/gateway of the ASA to the ISP gateway out to the internet.
  However, when I am thinking about the VPN I don't understand how it is suppose to work. Because the LAN address get's translated to the outside address of the Router which is 10.0.0.2, so that it goes to the ASA inside address 10.0.0.1. If I were to ping an ip address of the other LAN, it shows up as coming from 10.0.0.2 which wouldn't be part of the VPN traffic, since the VPN traffic is the local addresses as it was setup with just the two ASA's. I don't see changing the VPN traffic to the 10.0.0.0 network working because the clients on the remote network have 192.168.2.x addresses. While the ASA and router can translate from 192.168.1.x to 10.0.1.2 to the internet and back will work, I don't see requesting a connection to 192.168.2.x from 192.168.1.x working).
  If it matters, one router is a cisco 1841, and the other an hp 7102dl.
  I don't really understand why, but they just want to have the routers used in the setup. Whether it is on the inside or outside of the ASA, it doesn't matter.
  Can someone help me make sense of this please?

  Hi Julio,
  To set it up the way you mention would I keep the ip addresses the same or would I need to change them?
  Also, in response to everyone, would setting it up using gre tunnel allow for some clients to still just go straight out to the internet as well as to the "other side" remote lan?
  I appreciate everyones input very much.
  In response to Jouni, yes there is a big L2 switch behind the ASA's, which under the new setup there would be a router between the L2 switch and the ASA.
  This may be an important part I don't understand, but on the router, unless I nat the inside traffic to have the address of the outside interface on the router, then no traffic goes through. I just get messages from the router saying unable to determine destination route seemingly regardless of what static routes I put on the router, but maybe I am just not configuring the static routes correctly.

• Automatic update for IPS on Cisco`s site

  Hi all,
  with Cisco Service for IPS active my IPS that run in ASA module will be able to download the signatures on Cisco`s Web site and update them alone?
  thanks for your help. "Together we are even better"

  But please note that even tough its 'possible', its always better to do this manually. Sometimes some signatures generate a lot of false positives and its a good idea to check here on netpro and other places for any problems others are facing before applying signature updates (in production). However most signatures only produce alerts, so its just the noise that will worry ya and 'usually' signature updates don't break anything on the network.
  Regards
  Farrukh