Cisco RV016 Failover & Load Balance Multi WAN Issue

Similar Messages

• Hot to do Failover/Load balance on CORBA C++ Client

  I have a corba C++ client using Bea/Tuxedo 8.0 ORB talking to stateless session beans
  on Weblogic Server 6.1/sp2.
  Question:
  If the wls server(s) is a cluster, how do I use this feature in my C++ client to
  provide the failover/load balance?
  Will the rmic generate idl which is cluster-aware if the EJBs are clustered?
  Any help is appreciated.
  Thanks,
  steve

  "steve" <[email protected]> writes:
  I have a corba C++ client using Bea/Tuxedo 8.0 ORB talking to stateless session beans
  on Weblogic Server 6.1/sp2.
  Question:
  If the wls server(s) is a cluster, how do I use this feature in my C++ client to
  provide the failover/load balance?Currently, although the information is available to the client it does
  not use it. This will probably change in a future release of Tuxedo,
  but you should talk to your sales rep for details.
  For now you can get some degree of failover by catching the
  COMM_FAILURE exception and re-looking up CosNaming and your bean.
  Will the rmic generate idl which is cluster-aware if the EJBs are clustered?The information is provided dynamically at runtime, so its independent
  of the IDL.
  andy

• Cisco ACE - Firewall load balancing

  I am using two sets of ACE load balancers for load balancing traffic across two firewalls (firewall load balancing).
  The solution works fine. I have a virtual address of 0.0.0.0 in either direction to match traffci going from the internal users to the internet and vice versa.
  The problem is that when I try to manage the load-balanced firewalls (either using SSH (or) HTTPS) from outside, then that connection also gets load balanced and when I try to connect to FW1 then sometimes this connection ends up on FW2 and vice versa and the connection gets dropped. I have a workaround in place where i am using a virtual address per firewall to connect to the real IP address of the firewall.
  Is there any other way of managing firewalls (which are defined as real-servers) in a FWLB setup.
  Attached is the configuration of the external ACE which has the two firewalls defined as the real-servers.
  access-list ALL line 8 extended permit ip any any
  probe icmp ICMP-Probe
    interval 15
    passdetect interval 60
  rserver host FW1-ASA
    ip address 10.11.71.10
    inservice
  rserver host FW2
    ip address 10.11.71.11
    inservice
  serverfarm host Firewalls
    transparent
    predictor leastconns
    rserver FW1-ASA
      inservice
    rserver FW2
      inservice
  serverfarm host Firewalls-NO-LB
    rserver FW1-ASA
      inservice
  serverfarm host Firewalls-NO-LB1
    rserver FW2
      inservice
  sticky ip-netmask 255.255.255.255 address source new-sticky
    timeout activeconns
    serverfarm Firewalls
  This is my workaround for connection to the IP address of the firewalls (for management)
  class-map match-any FW-Real
    2 match virtual-address 10.11.71.254 any
  class-map match-any FW-Real2
    2 match virtual-address 10.11.71.253 any
  class-map type management match-any Remote-Access
    201 match protocol telnet any
    202 match protocol http any
    203 match protocol https any
    204 match protocol ssh any
    205 match protocol snmp any
    206 match protocol icmp any
  class-map match-any fwlb
    2 match virtual-address 0.0.0.0 0.0.0.0 any
  policy-map type management first-match Remote-Management-Policy
    class Remote-Access
      permit
  policy-map type loadbalance first-match FWLB-No-LB
    class class-default
      serverfarm Firewalls-NO-LB
  policy-map type loadbalance first-match FWLB-No-LB1
    class class-default
      serverfarm Firewalls-NO-LB1
  policy-map type loadbalance first-match FWLB-l7slb
    class class-default
      serverfarm Firewalls
  policy-map multi-match Firewall-No-LB
    class FW-Real
      loadbalance vip inservice
      loadbalance policy FWLB-No-LB
  policy-map multi-match Firewall-No-LB1
    class FW-Real2
      loadbalance vip inservice
      loadbalance policy FWLB-No-LB1
  policy-map multi-match int70
    class fwlb
      loadbalance vip inservice
      loadbalance policy FWLB-l7slb
  interface vlan 70
    description "Client side"
    ip address 10.11.70.2 255.255.255.0
    no icmp-guard
    access-group input ALL
    access-group output ALL
    service-policy input Remote-Management-Policy
    service-policy input Firewall-No-LB --> connect to the real IP address of the firewall for management
    service-policy input Firewall-No-LB1  --> connect to the real IP address of the firewall for management
    service-policy input int70
    no shutdown
  interface vlan 71
    description "Firewall side"
    ip address 10.11.71.2 255.255.255.0
    mac-sticky enable
    no icmp-guard
    access-group input ALL
    access-group output ALL
    service-policy input Remote-Management-Policy
    no shutdown

  Hello,
  as i know, there is no others ways.
  You can only reduce your configuration by puting all your class undert the same policy-map:
  policy-map multi-match int70
    class FW-Real
      loadbalance vip inservice
      loadbalance policy FWLB-No-LB
    class FW-Real2
      loadbalance vip inservice
      loadbalance policy FWLB-No-LB1
    class fwlb
      loadbalance vip inservice
      loadbalance policy FWLB-l7slb
  interface vlan 70
    description "Client side"
    ip address 10.11.70.2 255.255.255.0
    no icmp-guard
    access-group input ALL
    access-group output ALL
    service-policy input Remote-Management-Policy
    service-policy input int70
    no shutdown

• IP failover, load balancing and notification...

  Pretend I have the following setup/hardware:
  Two intel xserves running 10.4. One is for http traffic the other https. The http server contains a static html website while the other server has a large dynamic database driven website and all of its pages require ssl encryption. I'll refer to the first as server 1 and server 2 for the other.
  Now I want to implement a solution for providing high availability and performance.
  If I wanted IP failover I would need two additional servers, one for the first webserver and the second for the other. Likewise if I wanted to address load balancing I would also need two additional servers, one for server 1 the other for server 2. Now my questions:
  1) It seems implementing load balancing as described on page 32 of Apples High Availability pdf that this would also provide high availability like IP failover does. If two additional servers were purchased to provide high availability via a load balancing strategy would there be any need to implement IP failover? Does load balancing provide the same benefits as IP failover when talking about high availability? When if ever would one need to implement both strategies?
  2) Can you somehow provide IP failover with only one server as the backup using the setup above (a third server to provide IP failover for both servers 1 and 2)? Assume the third server has all the data of both server 1 and server 2.
  3) Is it possible to have Server Admin or Raid admin notify you of a problem via calling your cell phone or sending you a text message as opposed to only email, maybe via a third party solution? I think (not 100% sure) APC offers this when the power left in their batteries reaches a certain level.
  Thanks.
  G5 xserve   Mac OS X (10.4.8)  

  1) There's generally no need to implement IP Failover at the server level if you're already using a separate load balancing solution. The load balancer should be able to take care of dealing with a failed server.
  2) Good question - it's not clear whether IPFailover will failover for one machine or more than one.
  3) Most cellphone providers offer an email-to-SMS gateway, allowing you to send an email to an email address that's forwarded to your phone as a text message. Check your cellphone provider for details on what that email address might be (e.g. Cingular uses <phonenumber>@cingularme.com, Verizon uses <phonenumber>@msg.myvzw.com, etc.

• Dynamic LBFO Load Balancing mode causing issues

  Hi,
  We`re running a couple of virtual machines with the
  BIG-IP Virtual Edition in a Windows Server 2012 R2 Hyper-V cluster.
  These virtual machines have had problems where traffic sent through the virtual machines doesn`t get through due to the MAC Addresses of the physical team NICs being replaced with the Mac Address from the team member actually used to transmit the
  packet.
  Reference:
  Windows Server 2012 R2 NIC Teaming (LBFO) Deployment and Management
  Blog post - Server 2012 Hyper-V / NIC Team Oddity
  One of the comments in the blog-post states what we are seeing:
  The reason for the MAC Address switching you’re seeing is that Server 2012 in some cases will replace the source MAC address on Ethernet frames with the MAC Address from the team member actually used to transmit the packet. The reason for this is that
  if it always kept the MAC Address intact, the switch would throw alarms for “MAC flapping”, i.e. seeing a given MAC Address bouncing back and forth between switch ports.
  When we changed the Load Balancing mode from Dynamic to Hyper-V port, the problem was resolved.
  Is it possible to solve this problem while still using Dynamic as the Load Balancing mode? Would LACP instead of Switch independent teaming mode solve the problem?

  @Rob Thanks, that`s useful information. Did they suggest any other solutions/workarounds? (such as LACP)
  @Alex I understand that I need to configure my switches if I`m going to use LACP, but will LACP cause a different behaviour regarding the replacement of the source MAC address on Ethernet frames? In other words: Will LACP be an alternate solution/workaround
  to using Hyper-V Port in Switch Independent mode?
  I can't answer this from experience because I've never had this problem.
  But, the basic issue with the switch-independent mode is that the physical switch is completely unaware that there is any team situation at all. It can only operate within the base rules of Ethernet, which say that a MAC address can only appear on one endpoint
  at a time. So, if you have built a switch-independent team that crosses 4 physical adapters and a Hyper-V virtual switch on top of that, what the physical switch "sees" is four distinct endpoints that are hosting multiple MAC addresses. When one
  of the virtual adapters transmits on a virtual switch, it could, depending on the load-balancing mode, use any of the four physical lines. If it uses the same source MAC address while communicating across all four lines, the switch might panic. It wants to
  know where the MAC really is for purposes of knowing where to deliver its inbound packets, and depending on security configuration, to be sure that there's not an unauthorized spoofing attempt in progress. That's why the dynamic mode uses MAC substitution.
  The Hyper-V port mode gets around this by locking each virtual adapter on to a single physical channel so that its MAC address doesn't move. This has a cost of not allowing traffic on any given virtual adapter to be load-balanced.
  In a LACP connection, the physical switch is fully aware of the team, and furthermore, it knows that it's not an endpoint. All the MAC addresses of the virtual adapters are associated with this single aggregated tunnel, not the individual physical adapters.
  When it comes down to deciding which of the physical adapters to use to carry any given transmission, that can be negotiated by the switches without the need to lock a MAC to a specific adapter. There isn't, or at least there shouldn't be, any need for the
  dynamic mode to perform MAC substitution.
  Again, I'm speaking from theory, not direct experience with what you're asking about. I do make regular use of the dynamic mode on LACP trunks, but I don't run any applications that would have this MAC sensitivity issue. For all I know, dynamic still performs
  this substitution and I just don't understand why. Also, there's a chance your symptoms just happen to point to this substitution as being a problem. But, I would say there's a good chance that using Dynamic/LACP will solve your issue.
  Eric Siron
  Altaro Hyper-V Blog
  I am an independent blog contributor, not an Altaro employee. I am solely responsible for the content of my posts.

• TMG load balance and publishing issues

  Dear Experts,
  I have some questions about publishing multiple services with TMG's ISP redundacny with load balancing:
  We are using a single TMG 2010 server to protect our network and providing Internet connection to them. We manage our own domain providing the name service with the DNS server component installed on the TMG box and published it outside. We are using Exchange
  for mail service, as well we publish web sites too and terminal services via RDP. There wasn't any problem till today, when we got an other, separate Internet connection via a new different ISP. When I set ISP Redundancy to Load Balance I faced to a problem.
  The Internet connection works fine, but the partner SMTP's drop our letters, because they can not complete the reverse DNS check.
  How can I set the TMG and/or the DNS to provide a correct mail publishing service? How should I set our DNS to provide access to our web sites and other services when one of the Internet connections brake down?
  Thank you in advance!
  Thomas

  Dear Quan,
  Yes, this is the problem.
  Would you tell me, how should I configure my DNS for working properly if I publish my services to all my IPs/Internet connections? Do I have to double all my A and MX records?
  Is it possible to publish services on all IPs/Internet connections or should I publish on only one an use NLB only for to provide Internet connection to our computers?
  What is the good solution to make a fail-safe internet-gateway which publishes multiple services fail-safe too?
  Thank you
  Thomas

• Is there any failover/load balancing among kjs engines on a single ias server?

  I guess the question pretty much says it all. To be more explicit, if a kjs engine crashes, would all requests in progress be re-attempted on a different kjs?
  Also, at what level is the user session information stored (kjs, kxs)?
  Thanks a lot

  hi Mihai,
  Yes, we do have a load balancing mechanism between the KJSs in a single instance of the appserver. Requests from the kxs engine will be load balanced in a round robin fashion to the KJS engines.
  Note that if a KJS engine crashes, then the requests will be directed to the other KJS engines, but if the KJS engine is 'hanging', then this redirection does not happen.
  If the sessions are distributed, then they are stored in the KXS, but if they are lite, then they are stored in the KJS engine.
  Hope that helps,
  Vasanth

• Failover, load balancing, band sharing - problem

  I would like to accomplish the following task:
  SW-A and SW-B two separate subnets, without any contact with each other.
  1. Router A would perform as a gateway for computers connected to SW-A
  2. Router B would perform as a gateway for computers connected to SW-B
  3. Router A transfer all of your unused band "gives" to Router B (office to run periodically and sometimes weeks or even months when it is not used, we do not want to band a wasted)
  4. Router A has a band of 8/8
  5. Router B has a band of 8/8 + unused band of router A
  6. In case of failure of Router A router B takes over as the gateway to SW-A giving him 50% of the total band
  7. In case of failure of Router B router A takes over as the gateway to SW-B giving him 75% of the total band
  Is this possible? problem is point 3. and points. 5, whether Cisco can manage and share transfer unused band ? on which devices can be done? (routers, firewalls ?)
  sorry for my english
  Thanks
  dk

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  It might be either the partners you've spoken to are incompetent to do what you're requesting, or they and/or myself don't fully understand what you're asking.  I will say I've done load sharing (outbound) using OER/PfR with HSRP/GLBP.  Works very nice, and although there's some learning required, not really too difficult.  PfR supports ingress sharing too, but ingress sharing can be very, very difficult to deal with.  Much depends on what's on the "outside".
  As to sizing a router, number of users often means little.  What's important is how much (and sometimes kind of) traffic will be passing through the router.  I've attached a Cisco document that will explain much about ISR performance for different traffic loads and kinds.

• JMS Failover & Load balancing.

  Hi,
  I have 4 Managed servers A,B,C,D on 4 physical boxes. We have one JMs server on Box D, All other Managed server uses this only JMS which is on D, if this goes down we loose all messages. I want to have JMS failover in my environment. I suggested to have 4 JMS servers and 4 File stores for each Managed server? my question is that Is weblogic that intellegent that if a client connects to box B JMS server and if the servers goes down, the message will be send top another JMS server?

  ravi tiwari wrote:
  Hi,
  I have 4 Managed servers A,B,C,D on 4 physical boxes. We have one JMs server on Box D, All other Managed server uses this only JMS which is on D, if this goes down we loose all messages. I want to have JMS failover in my environment. I suggested to have 4 JMS servers and 4 File stores for each Managed server? my question is that Is weblogic that intellegent that if a client connects to box B JMS server and if the servers goes down, the message will be send top another JMS server?You don't mention if you're running in a clustered environment or what
  version of WLS you're using, so I've assumed a cluster and WLS 8.1
  For resiliency, you should really have 4 JMS servers, one on each
  managed server. Then each JMS server has it's own filestore on the
  physical managed server machine.
  So, you have JMSA, JMSB, JMSC, JMSD with FileStoreA, FileStoreB,
  FileStoreC & FileStoreD.
  You should also look at using JMS distributed destinations as described
  in the documentation.
  In your current environment, if server D goes down, you not only lose
  your messages, your application would lose access to your JMS queues?
  If you use distributed destinations, and have 4 JMS servers, your JMS
  queues will still be available if a single server goes down.
  If a server does go down however, you have to follow the JMS migration
  procedures to migrate the JMS service from the failed server to a
  running one.
  There are conditions to this process, which are best found out from the
  migration documentation to be honest, rather than describe it here.
  We use this setup, and it works fine for us. We've never had to use JMS
  migration, as so far we haven't had anything serious to cause us to need
  to migrate. Our servers also boot from a SAN which makes our resilience
  processes simpler.
  Hope that helps,
  Pete

• How to achive failover & load balancing

  Hi ,
  I have installed WebLogic server 5.1,
  I followed one documentation for clustering.
  I don't know how to set up cluster configuration WebLogic.property file.
  If you have any sample property please
  send it to me,
  Thanks

  I think the best way is to follow the documentation.
  Attached is my startup script.
  Cheers - Wei
  Sanjay <[email protected]> wrote in message
  news:399959ba$[email protected]..
  Hi ,
  I have installed WebLogic server 5.1,
  I followed one documentation for clustering.
  I don't know how to set up cluster configuration WebLogic.property file.
  If you have any sample property please
  send it to me,
  Thanks[swc1.cmd]

• TCP SYNSEEN with load balancing Cisco ACE 4710

  I have a Cisco ACE 4710 load balancing the traffic to two proxy servers, the configuration is the same since December 2012,  but yesterday it stated to show SYNSEEN in the show conn command, and the hosts cannot browse. I think that means that the three-way-handshake is not complete.
  If I bypass the ACE the hosts can browse without problems. 
  I have tested with another ACE appliance and the same configuration but the behaviour is the same.
  I need help as soon as possible,
  thanks,
  I've attached the Show conn, show conn detail and show run.

  Hi Cesar,
  Thank you for your answer,
  The issue was solved,
  We were running an A3 software version, it seems to have a Bug so it doesn't show the NAT commands in the "show run", so when we made the configuration backup we didn't noticed it.
  The ACE reloaded because an electrical failure so it losted the NAT config.
  We just upgraded to an A4 version and also added a NAT/PAT to enable the communication between the Clients and the Proxy.
  Regards,

• Cisco Load balancer and Web Dispatcher to the same portal

  Hello Experts,
  We have implemented intranet portal with Cisco as the load balancer. Now we need to expose this intranet to the outside world as an extranet portal. So the same portal will be accessed from both intranet and from outside. We are thinking of installing a web dispatcher in the DMZ so that outside users can access the Web Dispatcher URL to access the intranet portal. In effect intranet users will use load balancer and extranet users will use Web Dispatcher to access the same portal. Now my question is if we configure Load Balancer and Web Dispatcher to the same portal, will the portal be able to load balance properly? Is this the right approach?
  Thank You,
  mansooralip1

  Dear Andrew,
  We need to provide access to our intranet to some outside companies for them to also use some of our portal applications. As per your answer, I understand that I can configure Web Disptacher to talk to the Cisco Load Balancer of our portal. In this case Web Dispatcher will work just as a reverse proxy. But when I discussed this with one of our basis resource, he told me that when we install and configure Web Dispatcher, it always ask for the Message Server URL and Port number, even if I just want to use Web Dispatcher as a Reverse Proxy. If his concerns are valid, I do not think I will be able to configure Web Dispatcher to access the cisco Load Balancer because I cannot put Cisco load banacer URL and port instead of the Message Server URL and Post Number. Can you kindly share your comment on the same?
  Now the second part of my question, if Web Dispatcher cannot be configured to talk to Load Balancer(as mentioned by our basis resource), I will have to use two load balancers. One web Dispatcher in DMZ as a Load Balancer *** Reverse Proxy for the external users. Second the internal Cisco Load Balancer for the intranet users. So the same portal will be accessed by two load balancers. My question here is, in this set up, can the portal work efficieintly here by distributing equal loads two both the server instances?
  Thank You,
  mansooralip1

• Load Balance TMG with Cisco CSS

  I am working with a Customer that is using Cisco CSS to load balance Microsoft TMG 2010.
  From the Microsoft TMG, I can see the https probes hitting the TMG Servers. The TMG 2010 recongnizes that the Cisco is trying to establish a 3-way handshake and is dropping every 3rd connection with the following error: "non-SYN packet was dropped because it was sent by a source that does not hane an established connection with the Forefron TMG computer." Since the Microsoft Forefront TMG 2010 Server is Stateful packet inspection firewall, what is the best load balance method for this service? TCP or even worst ICMP.
  Below is a snipet of the configuration:
  Thank You
  Avery
  CSS-A# show service Server1-ssl
  Name: Server1-ssl  Index: 70   
    Type: Local            State: Alive
    Rule ( x.x.x.x  TCP  443 )
    Session Redundancy: Enabled
    Redundancy Global Index: 206
    Redirect Domain: 
    Redirect String:
    Keepalive: (SSL-443   5   3   5 )
    Keepalive Encryption:      Disabled
    Last Clearing of Stats Counters: 03/05/2012 16:33:14
    Mtu:                       1500        State Transitions:            4
    Total Local Connections:   0           Total Backup Connections:     0
    Current Local Connections: 0           Current Backup Connections:   0
    Total Connections:         0           Max Connections:              65534
    Total Reused Conns:        0           Weight Reporting:             None
    Weight:                    1           Load:                         2
  CSS-A#
  CSS-A# show service Server2-ssl 
  Name: Server2-ssl  Index: 71   
    Type: Local            State: Alive
    Rule ( x.x.x.x  TCP  443 )
    Session Redundancy: Enabled
    Redundancy Global Index: 207
    Redirect Domain: 
    Redirect String:
    Keepalive: (SSL-443   5   3   5 )
    Keepalive Encryption:      Disabled
    Last Clearing of Stats Counters: 03/05/2012 16:53:49
    Mtu:                       1500        State Transitions:            6
    Total Local Connections:   0           Total Backup Connections:     0
    Current Local Connections: 0           Current Backup Connections:   0
    Total Connections:         0           Max Connections:              65534
    Total Reused Conns:        0           Weight Reporting:             None
    Weight:                    1           Load:                         2

  Hi,
  It would good to have a capture from the server itself, the TCP keepalive is really simple, as you explained, it is just a 3-way-handshake on port 443.
  The CSS is going to use it's vlan IP to generate this keepalive.
  So if the server is dropping the connection, it would be good to se the actual behavior of the keepalive.
  ICMP is just a ping, and lets say port 443 is not longer open on the server, at the point that the CSS gets the ICMP reply back from the server, the service is going to remain as alive, but the traffic is not going to work, so ICMP is not a good option.
  Thanks!

• Connection string in listener log file for loading balance/failover

  Hi Experts,
  I have 4 node RAC for oracle 10g2 in rad hate 5.0
  We creaed service dbsale ( sale1,2 as pr imary and sale3/4 as available) with loading balance/failover.
  The remote user created a local TNS as
  localmarket =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 155.206.xxx.xx)(PORT = 1521))
  (LOAD_BALANCE = OFF)
  (CONNECT_DATA = (SERVICE_NAME = dbsale))
  From server side, I saw that user send two request connection string. one fail and another is OK.
  It seems that fail connecting come from failover/loading balance from dbsale3?
  Why do we get two connection string in listener log file?
  Which difference is between two connection string?
  Where does system change these connection string?
  Thanks for your explaining.
  Jim
  ==============listener.log message
  [oracle@sale log]$ cat listener_sale.log|grep pmason
  15-SEP-2009 13:52:24 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54326)) * establish * dbsale * 0
  15-SEP-2009 13:52:25 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))(SERVER=dedicated)(INSTANCE_NAME=sale3)) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54327)) * establish * dbsale * 12520
  15-SEP-2009 13:52:30 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54329)) * establish * dbsale* 0
  15-SEP-2009 13:52:47 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54332)) * establish * dbsale * 0
  15-SEP-2009 13:52:47 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))(SERVER=dedicated)(INSTANCE_NAME=sale3)) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54333)) * establish dbsale 12520
  15-SEP-2009 13:52:49 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54334)) * establish * dbsale * 0
  Edited by: user589812 on Sep 16, 2009 7:21 AM

  Hi Jim,
  I think the best way on this case is create one service with one instance as primary and another 3 as available.
  Or use the connect string with two vip addresses, cause the service has two instances and the tnsnames.ora entry has only one.
  Cheers,
  Rodrigo Mufalani
  http://mufalani.blogspot.com

• ISA570-Load balancing and Losing packets

  I am load balancing two isp's.  One isp is fine, but the other I have very high packet loss when pinging the corresponding wan interface from any machine located outside our network.  During the packet loss, I cannot https to our firewall from outside our network, but I can rdp using a different address on that same isp and ping another machine located inside our network, it seems only the wan interface is having the issues.  Our isp uses icmp to our wan interface and they started noticing the loss the other day, again the other isp loses no packets.  I have no issues with clients losing connection from that isp so it looks like it is an issue from outside in only on that wan interface.  
  I have a spare ISA and that is experiencing no packet loss when using another ip from the problem isp on it's wan interface.  The isa's have the same configuration and when I tried moving completely to the backup isa it continued with the same issue.  Upgraded to a later firmware, still the same issue.  I even took a laptop and put it on our switch that is before the isa and gave it a static public address and I can ping it with no problem from the outside.  I can also ping from the laptop to the wan port of the prod isa that is losing packets and it replies as it should, which I assumed would lose packets if it were the isa having issues, but it didn't.
  I know this has nothing to do with Cisco security services as on the backup firewall it was still losing packets when we moved the connections over to it.  
  I can ping from inside my network to the public wan address with no loss when outside machines are having problems.
  I can ping the problem wan address from a laptop or from isa(IP = 64.x.x.42) to isa(IP = 64.x.x.45) with no packet loss.  
  This is a head scratcher and I need some real help here.

  Never figured this one out.  However,  I was able to figure out how this starts. A couple of weeks ago we had an issue with an ISP and we disabled that interface during the day and re-enabled at the end of the day and thats when we noticed ICMP breaks to other ISP..  I don't know why but the ISP we renabled we can ping just fine, but the other one always has issues.  The only fix is to enable link failover detection and both WAN interfaces become pingable again.
  Now, we use load balancing and one issue we are experiencing is that randomly both WAN interfaces go down and I can confirm this with a ping utility we use off site that pings both WAN interfaces and also each ISP gateway they are connected to.  When this happens the ISP's gateways are reachable and neither WAN interface on the ISA are.  I am still on .15 version of the firmware, because there were too many issues with newer releases.  Is this a known issue?