Configuring customized ldap ports on cisco load balancer

Similar Messages

• CISCO Load Balancer with SAP on Unix and Oracle

  Hello Experts,
  Explain me the steps How CISCO Load balancing Mechanism works with SAP Enterprise Portal?
  If anyone implemented and achieved the same,please explain me the steps to follow from Initial Stage to end of implementation.
  Or If you have any documentation on this just share with me or point me to the particular link.
  I have seen the below SAP help which is somewhat helpful.
  http://help.sap.com/saphelp_nw04s/helpdata/en/d3/e12840d89d185de10000000a1550b0/frameset.htm
  I would like to know how CISCO will connect to M/essage Server /Java Dispatcher.
  And explain me the steps to follow to implement External Facing Portal using Cisco Loadbalancer.
  This should be achieved in Unix environment.
  Any help would be greatly appreciated.
  Regards,
  Karthick Eswaran
  *Points will be rewarded for helpful suggestions

  We use F5 for loadbalancing, but all hardware loadbalancing solutions should similar. They offer multiple algorithms, we use simple round robin (SAP's webdispatcher has better options for load balancing). You create virtual IP to your CISCO loadbalancer. You then configure Cisco to route traffic to each portal application server. If you have CI + 2 appservers, you configure the loadbalancer to send traffic to cihost:port, appserver1:port, appserver2:port. You also create a DNS alias to the virtual IP of the loadbalancer. End users will use the DNS alias to connect your portal. Typically you use standard ports (80 & 443) on Cisco, so that end user URL does not contain any ports (so http traffic goes to port 80, https goes to port 443). You also need to enable cookie persistence on the load balancer for session persistence.
  For external facing portal, you need to have your loadbalancer in DMZ and you want to use SSL. You also need to setup firewall rules for your portal and backend servers.
  -RK

• Cisco load balancer?

  Just curious if anybody has tried using a Cisco load balancer with Directory Server (5.x.) Specifically:
  http://www.cisco.com/warp/public/cc/pd/si/11000/prodlit/cs105_ds.htm
  (They start out talking about web, but if you look further down you'll see they also support LDAP.)
  Here's my thought: get two 5.x servers in multi-master configuration behind one of these Cisco products. That way applications that like to cache DNS info on the LDAP server they should be using won't get confused if one of the hosts is taken down for upgrades/whatever. Thoughts?
  I guess the other way to handle this would be to run Sun Cluster + necessary stuff for LDAP. Any unbiased opinions as to which approach might be better? ;-)

  Or use the Directory Proxy (aka iDAR)...
  We have customers using the Cisco load balancer with Directory server 5. Others are using iDAR, others use Sun Cluster... Can't tell which approach is better.
  The only issue I forsee with a load balancer in front of 2 masters, is that it may increase the risks of conflicts if the servers are not fully synchronized (such as under heavy load).
  Regards,
  Ludovic.

• Cisco Load balancer and Web Dispatcher to the same portal

  Hello Experts,
  We have implemented intranet portal with Cisco as the load balancer. Now we need to expose this intranet to the outside world as an extranet portal. So the same portal will be accessed from both intranet and from outside. We are thinking of installing a web dispatcher in the DMZ so that outside users can access the Web Dispatcher URL to access the intranet portal. In effect intranet users will use load balancer and extranet users will use Web Dispatcher to access the same portal. Now my question is if we configure Load Balancer and Web Dispatcher to the same portal, will the portal be able to load balance properly? Is this the right approach?
  Thank You,
  mansooralip1

  Dear Andrew,
  We need to provide access to our intranet to some outside companies for them to also use some of our portal applications. As per your answer, I understand that I can configure Web Disptacher to talk to the Cisco Load Balancer of our portal. In this case Web Dispatcher will work just as a reverse proxy. But when I discussed this with one of our basis resource, he told me that when we install and configure Web Dispatcher, it always ask for the Message Server URL and Port number, even if I just want to use Web Dispatcher as a Reverse Proxy. If his concerns are valid, I do not think I will be able to configure Web Dispatcher to access the cisco Load Balancer because I cannot put Cisco load banacer URL and port instead of the Message Server URL and Post Number. Can you kindly share your comment on the same?
  Now the second part of my question, if Web Dispatcher cannot be configured to talk to Load Balancer(as mentioned by our basis resource), I will have to use two load balancers. One web Dispatcher in DMZ as a Load Balancer *** Reverse Proxy for the external users. Second the internal Cisco Load Balancer for the intranet users. So the same portal will be accessed by two load balancers. My question here is, in this set up, can the portal work efficieintly here by distributing equal loads two both the server instances?
  Thank You,
  mansooralip1

• CISCO Load Balancing Mechanism with SAP

  Hello Experts,
  Explain me the steps How CISCO Load balancing Mechanism works with SAP Enterprise Portal?
  If anyone implemented and achieved the same,please explain me the steps to follow from Initial Stage to end of implementation.
  Or If you have any documentation on this just share with me to my google id kekarthick or point me to the particular link.
  I have seen the below SAP help which is somewhat helpful.
  http://help.sap.com/saphelp_nw04s/helpdata/en/d3/e12840d89d185de10000000a1550b0/frameset.htm
  I would like to know how CISCO will connect to Java Dispatcher.
  And explain me the steps to follow to implement External Facing Portal using Cisco Loadbalancer.
  This should be achieved in Unix and Windows 2003 environment.
  Any idea?
  Regards,
  Karthick Eswaran
  Edited by: Karthick Eswaran on May 21, 2008 12:40 AM

  Hello Karthick,
  let's say you have 2 servers for your portal:
  host1 -> e.g. DB, SCS + CI --> http://host1.my.company:50000/irj/portal
  host2 -> DI --> http://host2.my.company:50000/irj/portal
  Now you can implement an CISCO hardware load balancer. You have to connect it to your network and reserve one port and another ip adress of it for the portal.
  After that you have to add the ip adress of the both servers (host1+host2) to this port, so that the CISCO load balancer knows to which servers it has to forward the incoming connections.
  If you use DNS in your company you can now map a more user-friendly name to the CISCO port (e.g. http://portal.my.company:50000/irj/portal) and distribute this link to the users of the portal.
  When they connect to the portal via this link the CISCO load balancer will forward the request to one of the configured servers (host1 or host2) depending which one is online and/or the load of them.
  I hope I understood your question right and my answer helps a little.
  Regards,
  Norman Schröder

• Iview contents missing when using FQDN Cisco Load Balancer

  Hello Experts,
  We are using Cisco load balancer to distribute the load across the portal servers. Everything was working fine, but after upgrades to the latest support package stack SP18, we ran into some odd behavior. Some of the contents on the iview are blank when using FQDN load balancer URL e.g. http://sap1234.corp.com/irj/portal .  But those blank contents does show up if we donu2019t use FQDN e.g. http://sap1234./irj/portal .  At this point we are not sure where to start troubleshooting?
  Any helps would be appreciated,
  Dave
  Edited by: davidn on Feb 27, 2009 11:50 AM

  Isn't this the same as your other post? I'm locking this one...

• Configuring 2 css11503s for multiple service load-balancing

  first here's my present config on one of my CSS11503:
  !************************** CIRCUIT **************************
  circuit VLAN33
  ip address 19.10.28.211 255.255.255.0
  ip virtual-router 2 priority 110 preempt
  ip redundant-vip 2 19.10.28.210
  ip critical-service 2 UpstreamRouter
  circuit VLAN200
  ip address 10.15.15.251 255.255.255.0
  ip virtual-router 1 priority 110 preempt
  ip redundant-interface 1 10.15.15.1
  ip critical-service 1 UpstreamRouter
  !************************** SERVICE **************************
  service BrowServ-1
  ip address 10.15.15.21
  redundant-index 1
  protocol tcp
  port 80
  active
  service BrowServ-2
  ip address 10.15.15.22
  redundant-index 2
  protocol tcp
  port 80
  active
  service UpstreamRouter
  ip address 19.10.28.1
  active
  !*************************** OWNER ***************************
  owner BrowServ_Owner
  content BrowServ_Rule
  add service BrowServ-1
  add service BrowServ-2
  vip address 19.10.28.210
  redundant-index 1
  active
  !*************************** GROUP ***************************
  group BrowServ_Group
  vip address 19.10.28.210
  add service BrowServ-1
  add service BrowServ-2
  redundant-index 1
  active
  here are my questions:
  1) how do I configure an additional vip address? e.g. I'd like to configure a vip - 19.10.28.215 to load-balance http traffic to 10.15.15.25 and 10.15.15.26?
  2) I presently have a static route in my core router "ip route 10.15.15.0 255.255.255.0 19.10.28.210". (this enables the load-balanced servers to connect to Oracle servers on the Core network). do I need to configure a new route on my core router when I add the additional vip 19.10.28.215?
  relevant references and/or examples will be much appreciated.
  dayo

  1/ configure the following :
  service web1
  ip address 10.15.15.25
  active
  service web
  ip address 10.15.15.26
  active
  content WEB
  vip address 19.10.28.215
  proto tcp
  port 80
  add service web1
  add service web2
  active
  2/ I would create a redundant-interface and point your static route to this redundant ip address.
  you should not use vip address in static route.
  VIP address should only be used when you want to reach the vip address not a when you want a direct connection to the real server.
  Gilles.

• NW04 Portal and Cisco Load balancer

  Hi everybody,
  does anyone have a similar landscape as I have?
  Reverse Proxy - Cisco Content Switch Module for Load Balancing - two NW04 Portal Servers.
  How did you configure the stickyness / Load balancing mechanism on the load balancer in order to get it running?
  Cheers
  Jochen

  Hi,
  Web AS Java issues a cookie called saplb.
  You can check its value by connecting to the portal and then launching the command
  "javascript:alert(document.cookie)"
  within the browser. You will get a cookie value like
  saplb_*=(J2EE6202500)6202551          
  The value in brackets determines the Instance; the second number equals the actual ClusterID (can also be found in the VisualAdmin. Usually 50 indicates the 1st server node, 51 the second one etc.
  The saplb_*-cookie can be checked by the cisco see Cisco-Link above. Just configure the Cisco to be sticky on the  instance number (value in the first brackets, in the example 6202500).
  Several Customers do it like this, and actually the SAP Webdispatcher is also using this cookie to determine the instance to distribute the request to.
  Good luck Bernhard

• Shared public IP with same tcp port (round robin/load balance)

  Hi all,
  I want to know if I can do that with my ASA5515-X, I have two servers that can do the same thing, there are SSO servers, What I want to do is to publish the 2 servers on Internet with the same public IP address and on TCP 443.
  Is it supported ? will it works like load balancing per sessions ?
  or do I need to add an HLB between ASA and my SSO servers ?
  Thanks

  Hi Yann,
  You can configure the ASA to allow traffic to your SSO server from outside on two public IP's. Users can hit either of the IP to reach the inside server. Now, load balancing would be achieved based on source devices sending request to public IP's. If source machine son internet use one public IP more to access the server, ASA can't do anything to load balance in such scenario. Here is how you can accomplish this:
  Assuming SSO server on inside is 192.168.16.110 and two public IP's are 192.168.17.110 and 192.168.17.111
  object network SSO_1
  host 192.168.17.110
  object network SSO_2
  host 192.168.17.111
  object network SSO
  host 192.168.16.110
  object service https
  service tcp source eq https
  nat (inside,outside) source static SSO SSO_1 service https https
  nat (inside,outside) source static SSO SSO_2 service https https
  Hostname(config)# sh xl
  2 in use, 6 most used
  Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
  TCP PAT from inside:192.168.16.110 443-443 to outside:192.168.17.110 443-443
      flags sr idle 0:00:06 timeout 0:00:00
  TCP PAT from inside:192.168.16.110 443-443 to outside:192.168.17.111 443-443
      flags sr idle 0:00:08 timeout 0:00:00
  Verification:
  Hostname(config)#    packet-tracer input outside tcp 4.4.4.4 discard 192.168.17.110 443
  Phase: 1
  Type: UN-NAT
  Subtype: static
  Result: ALLOW
  Config:
  nat (inside,outside) source static SSO SSO_1 service https https
  Additional Information:
  NAT divert to egress interface inside
  Untranslate 192.168.17.110/443 to 192.168.16.110/443
  Phase: 2
  Type: ACCESS-LIST
  Subtype: log
  Result: ALLOW
  Config:
  access-group outside in interface outside
  access-list outside extended permit ip any any
  Additional Information:
  Phase: 3
  Type: CONN-SETTINGS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 4
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 5
  Type: NAT
  Subtype: rpf-check
  Result: ALLOW
  Config:
  nat (inside,outside) source static SSO SSO_1 service https https
  Additional Information:
  Phase: 6
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 7
  Type: FLOW-CREATION
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  New flow created with id 3670, packet dispatched to next module
  Result:
  input-interface: outside
  input-status: up
  input-line-status: up
  output-interface: inside
  output-status: up
  output-line-status: up
  Action: allow
  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  Hostname(config)#    packet-tracer input outside tcp 4.4.4.4 discard 192.168.17.111 443
  Phase: 1
  Type: UN-NAT
  Subtype: static
  Result: ALLOW
  Config:
  nat (inside,outside) source static SSO SSO_2 service https https
  Additional Information:
  NAT divert to egress interface inside
  Untranslate 192.168.17.111/443 to 192.168.16.110/443
  Phase: 2
  Type: ACCESS-LIST
  Subtype: log
  Result: ALLOW
  Config:
  access-group outside in interface outside
  access-list outside extended permit ip any any
  Additional Information:
  Phase: 3
  Type: CONN-SETTINGS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 4
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 5
  Type: NAT
  Subtype: rpf-check
  Result: ALLOW
  Config:
  nat (inside,outside) source static SSO SSO_1 service https https
  Additional Information:
  Phase: 6
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 7
  Type: FLOW-CREATION
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  New flow created with id 3671, packet dispatched to next module
  Result:
  input-interface: outside
  input-status: up
  input-line-status: up
  output-interface: inside
  output-status: up
  output-line-status: up
  Action: allow
  Sourav

• Terminate SSL on Cisco Load Balancer

  Hi,
  We have a rights Management server that will be behind a load balancer. I would like to terminate the SSL on the Load balancer instead of terminating it on the LC server. is there any settings need to be set on the LC server. I will appreciate any help on this topic.

  Check the following basic ssl config
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Configuration_Examples_--_SSL_Configuration_Examples
  I think you do get a little of ssl resource without a license.
  Gilles.

• Cisco load balancer with Real to VIP mapping ?

  Hi ,
  brief about the setup -
  Client IP x  - Virtual server IP y = Real server IP's A , B ,C 
  I know that by SLB we can map traffic originating from Client IP x to VIP y towards any of real server IP's (A,B,C).
  I want to know how we can map traffic originating from Real server IP's(A,B,C) so that when it reaches Client IP x the source IP should be VIP y.  
  Please can some body help with this query !!!!

  If the real server's default gateway is to the load balancer, whatever that object may be, you could be able to source NAT to the VIP address.  With real load balancer I.e. F5's / ACE / netscaler, it's very easy to manipulate the packets and traffic flow

• How to configure SSL on Cisco Load Balancer

  I want to configure SSL termination on cisco LB. i just want to know is there any license required for this deployment ? please share me some configuration steps to deploy the SSL.
  Thanks
  Irfan Hussain

  Check the following basic ssl config
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Configuration_Examples_--_SSL_Configuration_Examples
  I think you do get a little of ssl resource without a license.
  Gilles.

• Nexus port channel load balance

  Hi
  I just want to clarify one setting for the port channel load balance on Nexus 6k switch. If I use the load balance option source-dest-ip-only, will following four converstions be load balanced?
  10.10.10.1 -> 192.168.1.1
  10.10.10.2 -> 192.168.1.1
  10.10.10.1 -> 192.168.1.1
  10.10.10.1 -> 192.168.1.2
  Thanks. Leo

  Hi Leo,
  I think there may be typo in your question as I only see three conversations and not four. That aside I've not seen the Nexus port-channel load balancing sufficiently well documented to be able to give you the exact answer.
  In their configuration guides Cisco only include the following statement:
  Cisco NX-OS load balances traffic across all operational interfaces in a port channel by reducing part of the binary pattern formed from the addresses in the frame to a numerical value that selects one of the links in the channel.
  There is other documentation that states the load balancing algorithm uses a CRC-8 based polynomial, but as we don't know exactly which parts of the frame are used in the calculation, I don't see it's possible to calculate the answer and so derive the link that will be used for a given conversation.
  While I've not seen full documentation regarding the science used in the calculation, what Cisco have done is provide a command on the switch CLI that will allow you to determine which link of a port-channel will be used.
  If you run the command show port-channel load-balance forwarding-path interface port-channel vlan src-ip dst-ip then one of the parts of the output is the member link of the port-channel that will be used for that flow.
  You can find full details of the options for the show port-channel load-balance command in the command reference.
  One other point to remember is that the load balancing across a port-channel is unidirectional, and the hashing might be completely different for the return flow of a conversation. For example it is entirely possible that traffic from A to B could use one link of a port-channel, while the return traffic from B to A for the same conversation could use a different link.
  In general I would use the source-dest-port option for load balancing on the Nexus switches as this will obviously include the Layer-4 port numbers in the calculation, and so give you a better distribution of flows across all member links.
  Regards

• Office Web Apps Load Balancing Configuration Issue for SharePoint 2013

  I have load balanced servers dedicated for Office Web Apps with name “md1xxxwfe1” and “md1xxxwfe2” 
  , both this servers are load balanced by CISCO Load balancer. And I have mapped Load Balancer Virutal IP with host name officeapps.jda.corp.local in the DNS records.
   Things are working fine if I add new farm by using New-OfficeWebAppsFarm
   with server name as internalurl in PowerShell console
   as like “  -internalurl http://
  md1xxxwfe1  but when I use –internalurl officeapps.jda.corp.local it is not working at all. I’m not getting what to do at this point.
  I have gone through following blogs but no luck.
  http://blogs.technet.com/b/meamcs/archive/2013/03/27/office-web-apps-2013-multi-servers-nlb-installation-and-deployment-for-sharepoint-2013-step-by-step-guide.aspx
  http://blogs.technet.com/b/office_resource_kit/archive/2012/09/11/introducing-office-web-apps-server.aspx
  http://davidlimsharepoint.blogspot.in/2013/02/installing-and-configuring-office-web.html 
  http://sps2013.blogspot.in/2013/09/office-web-apps-with-sharepoint-2013.html
  The output of the wfe1 server is attached with this. When I open http:// /hosting/discovery in wfe1 I’m getting following result (attached
  screenshot) but it should show hostname rather than server name.
  Please help me
  Thanks, Ram Ch

  Hi  Ram ,
  For  troubleshooting your issue, please take steps as below:
  Just about any load balancing solution will work, including a server that runs the Web Server (IIS) role running Application Request Routing (ARR):Install
  Application Request Routing
  Install the certificate on the load balancer as described under Securing Office Web Apps Server communications by using
  HTTPS.
  Make sure you have configured the cluster correctly for full internet name:
  Reference:
  http://technet.microsoft.com/en-us/library/jj219435.aspx#loadbalancer
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
  contact [email protected]
  Eric Tao
  TechNet Community Support

• Issue with Site Configuration / Load Balancing

  We’re noticing strange behavior with our servers that are configured behind a load balancer. We’ve got two servers with different ports and a load balancer:
  Server1: https://host1:30003/opensso
  Server2: https://host2:30103/opensso
  Load Balancer: https://loadbalancer:30003/opensso
  When we go to the admin console, we can access Server1 without a problem, but the second time we go the load balancer sends us to Server2, and our browser returns a page not found error. We’ve traced the HTTP traffic and discovered that every other time we go to the admin console (the load balancers are configured round robin), Server2 always returns a bogus HTTP found URL. The response it provides is something like https://loadbalancer:*30103*/opensso/UI/Login (just an example).
  The issue here is that it is properly directing the end user’s browser to the load balancer DNS entry. It is not however directing the end user’s browser to the proper port. It seems to sends its own port value to the browser. Obviously when the browser tries to access this URL the Load Balancer rejects the request because it is not listening on port 30103.
  Can Multiple OpenSSO application servers (configured as a site) run from behind a load balancer when they are listening on different ports? If so, why is the application server responding to the user request with its own port, rather than that of the load balancer, yet still providing the DNS hostname entry for the load balancer the whole time.

  Major updates of Muse are targeted to release roughly every quarter. The 1.0 release was in mid-May. The 2.0 release was in mid-August. A fundamental change to image loading would only appear as part of a major update due to the engineering and testing efforts required.
  As provided in your previous thread http://forums.adobe.com/message/4659347#4659347 the only workaround until then is to reduce the number of images in the slideshow.