Connecting redundant servers to redundant CSS

Similar Messages

• Two servers with redundant connections for Sun StorEdge 3320 SCSI arrays

  Hello All,
  I read in the "Sun StorEdge 3000 Family Installation, Operation and Service Manual" that it's possible to setup "two servers with redundant connections" but I never see a detailed schema to do this. I read also the "Best Pratices Guide" but this case is not mentioned. Is it really possible ?
  My objective is to split a Sun StoreEdge 3320 SCSI array between two hosts with dual redundant scsi connection.
  Thanks in advance for your answers.
  Francois.

  At first this sounded easy, but looking at the parts listing for the 3320 seems to indicate otherwise. They're listing different part numbers for the chassis and midplane...
  371-0105 chassis & midplane for JBOD
  371-0106 chassis & midplane for RAID array
  There are also different part numbers for the I/O boards....
  370-7655 RAID SCSI I/O module
  370-7713 JBOD SCSI I/O module
  I can see what the difference is between the I/O modules, but am unsure of what differences if any are in the chassis and midplane. Seems like there's more involved here than what it would be worth to try and make it work. Perhaps the cost of a second HBA would be the lesser of two evils..........

• Configuring Dual-homed servers for redundancy to 6509s

  I am looking for assitance in properly configuring dual-homed servers for redundancy to two CatOS based 6509s. My search for information on how to do this has been unsuccessful to date, so any help you can provide would be most appreciated.
  Do I need any special hardware/software on the 6509s and/or on the servers?
  Thanks, in advance.
  John

  A lot depends on the kind of servers you have and the NIC teaming algorithms they support. Usually two or more NICs can be teamed in either a fault tolerant configuration (with one primary NIC) or in transmit load balancing configuration. Both these configurations allow the NICs to be connected to separate L2 switches so in case your servers do support such kind of teaming all you need is to have both NICs in the same VLAN and ensure L2 connectivity between the Catalyst 6509s. I recommend you research this from the server perspective also and like everything else test it before production deployment.

• Connections between servers using CSS VIP?

  In our new pre-production environment we have several servers connected to a 3750 switch, which is then connected to a CSS 11503. Upstream the CSS is then connected to an ASA firewall pair. The CSS VIPs are 10.22.1.0/24 on the "outside" and the servers have 10.21.1.0/24 addresses on the inside. The CSS inside & server 3750 switchports are all on the same VLAN. There is no PAT/NAT configured (except for the VIP being translated to a chosen server IP I suppose).
  Whilst the clients will connect to the servers via the VIPs what we want is for each server to also be able to talk to other servers via a VIP. This is because some of the servers provide a service (LDAP actually) that we would like to be load balanced.
  Now, what is curious, is that *this works* in our production environment where the servers are *directly* attached to the 8 port switch module in the CSS. However in this new environment, where the 3750 is between the servers and the CSS, it doesn't (actually you can ping the VIP sucessfully but nothing else works).
  I have seen other postings on NetPro where people are trying similar things, like: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Networking%20Solutions&topic=Application%20Networking&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd81312 and http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Emerging%20Technologies&topic=Content%20Networking&CommCmd=MB?cmd=display_location&location=.1dd72fd0
  The relevant CSS config I think (there are lots more services etc but they are all similar) is:
  circuit VLAN1
  ip address 10.21.1.100 255.255.255.0
  circuit VLAN2
  ip address 10.22.1.1 255.255.255.0
  keep alive ssokeepalive
  type http
  keepalive port 7777
  uri "/sso/status"
  keepalive frequency 10
  keepalive maxfailure 2
  tcp-close fin
  active
  service pulpldp001sso
  ip address 10.21.1.6
  keepalive type named ssokeepalive
  active
  content SSO
  vip address 10.22.1.12
  protocol tcp
  port 7777
  application http
  url "/*"
  advanced-balance cookie
  add service pulldp001
  active
  i.e. VIP 10.22.1.12 will be directed to the server 10.21.1.6 (only the one shown above).
  Q1) My first question is: is server to server communication via an outside VIP possible?!
  Q2) Given that this seems to work our production environment without the 3750s any idea what areas of config could be wrong on the 3750 or the servers? (we've tried default routes of both the 3750 and the ISS inside address but that hasn't worked). Note the ping from a server works but when we try, say, "telnet 10.22.1.12 7777" that doesn't connect.
  Q3) Let's assume that the servers run more than one service, e.g. an HTTP and an LDAP service. If a server can communicate with another server using its VIP, will it work from one server up to the CSS/VIP and back to itself? (of course it may or may not actually return to itself depending on the load etc)
  I can provide full configs on Monday if required.
  Hope these aren't dumb questions! Many thanks!
  Simon
  PS. the CSS is running 7.50 at the moment but could upgrade to 8.2 if required

  Thank you Adedayo - that appears to have done the trick! I can't believe it: one little keyword!
  I have to say, even once you told me the answer I still didn't find the Cisco content config manual very helpful on this point (perhaps I'm looking in the wrong place?).
  Note: we're not currently doing any PAT on the CSS so don't have any source groups set up - perhaps most people do and so don't have the same problem.
  I'll get chance to report back on some proper testing next week and promise to update this conversation.
  Adedayo: sorry, I wanted to flag your post as solving my problem once I was sure next week but now the tick box has gone - if you reply again I'll flag that! I appreciate you taking the trouble to post.
  One final question: do you have a situation where you use a VIP from a server to potentially connect back to itself? If so, does it work OK? (e.g. if you have a webserver can you connect to the content VIP that it belongs to?)
  Simon

• Connecting JMS servers together into a cluster

            Hi
            I am just wondering if anyone tried (or is it even possible) to connect JMS servers
            from different providers (say BEA and Sonic) together in a cluster of some sorts?
            Thanks
            

  Integrating foreign vendors with WL has come up many times in this newsgroup.
            Search for "MQ" (MQSeries) and "Sonic".
            Tom
            Alex wrote:
            > Hi
            >
            > I am just wondering if anyone tried (or is it even possible) to connect JMS servers
            > from different providers (say BEA and Sonic) together in a cluster of some sorts?
            >
            > Thanks
            

• How to connect different servers with different Hyperion product

  Hi Guru,
  I am very new in the field of Hyperion installation and configuration... We need install 3 Hyperion product i.e. HFM, FDM and EssBase version 11.1.2.2 in their individual servers/machine. Now I do not have any idea how do I connect these servers so that they could talk to each other.
  I need some expert advice on the above if need any other info do let me know.
  Regards
  GJ
  Edited by: 1006305 on May 16, 2013 2:53 AM

  I am not an infrastructure expert, but if you are new to Hyperion, I would definitely look for some external help (Consultants). Hyperion Installation and Configurations are extremely complicated.
  This is a good starting point: http://docs.oracle.com/cd/E17236_01/nav/portal_1.htm
  Cheers,
  Mehmet

• Can't connect to servers in enemy-territory

  Hi, i installed et and i can't connect to servers, when i search for servers i see only 20 servers and if i try to connect
  it just stucks at "Awaiting gamestat"

  One big clue is that Safari uses DNS & Proxy settings from the Network CP/System settings, while Firefox uses it's own settings.
  Might try making a new Admin User to try as a test.
  Searching for which file(s) hold those at the moment, though right now I'd try dragging these files to the Desktop & reboot, resetup Networking...
  /Users/nnnn/Library/Preferences/com.apple.internetconnect.plist
  /Library/Preferences/SystemConfiguration/preferences.plist
  /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist
  And, since it's a secure connection, might look for some of these files...
  ~/Library/Preferences/ByHost/com.apple.networkConnect.<ethernet MAC address>.plist
  Looks like the Proxies are stored in...
  /Library/Preferences/SystemConfiguration/preferences.plist
  But that doesn't ensure that it's the only place on your machine.

• Select Volume when connecting to servers

  I have a workflow I've been running as a start up item to update an excel file on my HD to a server everyday. It works pretty well, I just have one gripe. I have to manually select the server volume when the workflow runs. I also have to click an okay button for the "Save Excel Workbook" step to overwrite the the existing file (this is a 3-rd action, and does not have an overwrite file check box). Like I said, it works pretty well, but I would prefer not to have to do anything when it runs.
  Here are the steps of the workflow.
  1. Get Specified Servers
  2. Connect to Servers
  3. Get Specified Finder Items (excel document)
  4. Open Finder Items
  5. Save Excel Workbook (I have it open and save the file first to update pivot tables)
  6. Get Specified Finder Items
  7. Copy Finder Items (to server)

  Save the workflow as an application then add it to your login items, which can be found under accounts in system preferences.

• Cc install stop at connecting to servers

  So recently I built myself a computer and decided to give photoshop a try. I went to the trial download link and clicked on "download trial", which it downloaded the creative cloud setup application for me. Upon running it, it would be stuck at "trying to connect to servers", and unable to move on. Is there any fix to this? Or is this a temporary server problem/maintenance from adobe?

  Aljoschakersna please see Sign in, activation, or connection errors | CC, CS6, CS5.5 - http://helpx.adobe.com/x-productkb/policy-pricing/activation-network-issues.html for information on how to resolve the connection error.

• Went 10.3.9 to 10.4.8 & now MacOS won't connect to Servers using afp! HELP!

  I did an upgrade installation of Mac OS 10.4.3 ontop of Mac OS 10.3.9 on a G4 AlBook. I then did the downloadable combo updater to take it 10.4.8.
  However now when I try to connect to any servers using Go - > Connect to Server I get no response.
  When I try to navigate to the Servers using the Finder and click connect I am told that the alias is broken.
  I thought his might have had to do with an installation of Netware for Mac OSX so I used the Netware install file to step through and remove all Netware files & I stil can't connect to Servers.
  Any help with this problem would be greatly appreciated.
  I have yet to run any of the software updates on top of 10.4.8 perhaps one of these improves 10.4.8 afp compatibility?
  Thanks in advance,
  Neil.

  James,
  thanks very much for this. I'd hoped not to have to go to 10.4.9 but it sounds as though your solution may well work with 10.4.8 as well? I.e. it sounds as though a component of the old system left behind by the incremental upgrade has broken the servers.
  I should have also mentioned that it is Netware boxes that I am trying to access. so it appears as though all manner of server is broken in this situation.
  This is so inconvenient (esp with regard to software authorised to hardrives, how does that behave with an archival install?).
  But once again many thanks for your help,
  Neil.

• Connect To Servers Action Not Working?

  Hello
  I've just started with Automator today. I've successfully made a couple of actions and other threads helped me with my initial difficulties.
  I decided that I wanted to make an action to connect all my shares and put it into my startup folder.
  I used the action Get Specified Servers and put the URL of an smb share that I know works into it. I then connected that to Connect To Servers. I get all green ticks when I run my action but the server doesn't appear in the Finder sidebar or on my desktop.
  What am I doing wrong?
  I've seen another thread talking about this where appletalk was proposed as a workaround but I don't want to get into Applescript just yet if I can avoid it.

  Hello
  I've just started with Automator today. I've successfully made a couple of actions and other threads helped me with my initial difficulties.
  I decided that I wanted to make an action to connect all my shares and put it into my startup folder.
  I used the action Get Specified Servers and put the URL of an smb share that I know works into it. I then connected that to Connect To Servers. I get all green ticks when I run my action but the server doesn't appear in the Finder sidebar or on my desktop.
  What am I doing wrong?
  I've seen another thread talking about this where appletalk was proposed as a workaround but I don't want to get into Applescript just yet if I can avoid it.

• CSS 11151 VIP Redundancy - Link State Redundancy/Keepalive

  I have a pair of CSS 11151 each connected to a pair of cross-connected 3550 switches,I've configured VIP & Interface Redundacy,either VLAN1 interface or VLAN2 interface is shut down will cause the virtual router switchover. Recently I met some problem with CSS switchover when just one VLAN1 interface shutdown, and I was told that "type redundancy-up" should not work with VIP redundant mode, so I am trying to configure a critical service with a keepalive ap-kal-pinglist and ping all the circuit vlan's ip address on the CSS itself. but I am still confuse with some aspects.
  1. Should I configure two separate virtual router for two circuit VLANs?
  2. How to configure the service IP address? Because two 3550 have separate vlan ip address, and did not configured HSRP.
  3. The script on my CSS is different with document, can I edit a new ap-kal-pinglist script to replace it?
  Here's my config...
  !************ INTERFACE *********************
  interface 2
  bridge vlan 2
  !**************** CIRCUIT **************************
  circuit VLAN1
  ip address 10.0.2.33 255.255.255.128
  ip virtual-router 1 priority 100
  ip redundant-interface 1 10.0.2.29
  ip critical-service 1 sw1-up-down
  ip critical-service 1 sw2-up-down
  circuit VLAN2
  ip address 10.0.2.133 255.255.255.240
  ip virtual-router 1 priority 100
  ip redundant-interface 1 10.0.2.129
  ip redundant-vip 1 10.0.2.132
  ip critical-service 1 gateway
  !************************** SERVICE
  service gateway
  ip address 10.0.2.130
  type redundancy-up
  active
  service sw1-up-down
  ip address 10.0.2.30
  type redundancy-up
  active
  service sw2-up-down
  ip address 10.0.2.31
  type redundancy-up
  active

  I would recommend an upgrade to version 7.40 in order to get the 'reporter' functionality.
  http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_command_reference_chapter09186a008028fe6c.html
  A reporter let you define which ports you want to monitor and when to failover [all ports down or any port down].
  If you can't use 7.40, here is an answer to your question :
  1. it does not matter. The vrid is used to differentiate other instances of VRRP that could exist on the same VLAN.
  2. if you plan to use an ap-kal-pinglist, the service ip address really does not matter. The keepalive will use the ip addresses that you will pass to the ap-kal-pinglist function
  3. you can modify the script and upload it back to the CSS. However, I would recommend using a different name in case you need the original script in the future.
  Regards,
  Gilles.

• What is the best design to connect redundant Firewalls to redundant switches?

  Hi All,
  I would like to know the best possible design to connect redundant Firewalls(Netscreen,FortiGate etc) to redundant switches.I have dealt with Cisco FWSM's in which both the Firewall and switch is in the same chassis. So for the Vlan's behind the Firewall, we just create the L3 interface on the fwsm and do a static route in the switch. The Gateway IP will be tied to the primary fwsm and the failover happens through the network. But now i need to know the best possible design when i am connecting to a different vendor firewall.
  Let's say i have 5 vlans and all these vlan's are behind the Firewall. The redundant switches will have the L2 vlan's created and have a static route to the Firewall. I am proposing the attached design in which i will have L2 vlan's created on the switch and L3 on the Firewall. The Firewall's and the switch will be connected with one trunk port and an access port for uplink and downlink traffic. The two switches will be connected each other using a vlan trunk.The two firewalls will be connected using a redundancy vlan.
  I am not so sure about the working of other firewalls such as Netscreen and FortiGate. I am also confused with the traffic path that the frames will take by having this design.Please advice if you have any suggestions.
  Appreciate your help and advice.
  regards
  dathan

  subhash007 wrote:It's not 802.3ad link aggreagated interface. In the switch side, the ports will be configured as normal access ports and the bonding config will be done on the server side.
  To be honest, I don't understand how the Linux bonding mode can work without anything configured the other end.
  My understanding of 'bonding' comes from Multilink PPP (MLP) where the data stream is chopped up and split across two (or more) circuits. At the other end, a similar MLP-enabled device reforms the data stream from the multiple circuits, maintaining packet order. But this requires MLP-enabled 'bonding' devices at each end.
  Perhaps you could help me better understand the Linux bonding...
  subhash007 wrote:If any single homed server is connected to Switch 2, what will be traffic path for its data packets?Switch 2 ------------------> Switch 1 ----------------------> Active firewall                                   ORSwitch 2 ------------------> Passive Firewall -----------> Active Firewall
  If the firewalls operate in the same fashion as Cisco ASAs, then the inter-firewall link doesn't carry traffic. It's for failover detection and HTTP replication only. But like I said, I'm not familiar with this vendor's products.
  subhash007 wrote:Also will there be any change in traffic path if the trunk between Switch 1 & Switch 2 is converted to L3 routed interface? Since there is no VRRP, i can convert the trunk to L3 right?
  Same as above.

• Unable to issue "redundancy-protocol" command on CSS

  This is really weird. I've done box-2-box redundancy on CSSs half a dozen times. I have a CSS 11050 on 5.0(33) code that does not recognize "redundancy-protocol" as a valid command on the VRRP interface.
  Config of the CSS is really basic:
  !Generated on 01/01/1980 00:00:11
  !Active version: ap0500033
  configure
  !*************************** GLOBAL ***************************
  bridge spanning-tree disabled
  persistence reset remap
  acl enable
  ip redundancy
  app
  app session 192.168.1.2
  ip route 0.0.0.0 0.0.0.0 14.60.64.1 1
  !************************* INTERFACE *************************
  interface e1
  phy 100Mbits-FD
  interface e2
  bridge vlan 2
  phy 100Mbits-FD
  interface e3
  phy 100Mbits-FD
  interface e4
  phy 100Mbits-FD
  interface e5
  phy 100Mbits-FD
  interface e6
  phy 100Mbits-FD
  interface e8
  phy 100Mbits-FD
  bridge vlan 10
  !************************** CIRCUIT **************************
  circuit VLAN1
  redundancy
  ip address 14.218.74.110 255.255.254.0
  circuit VLAN2
  redundancy
  ip address 14.60.64.211 255.255.248.0
  circuit VLAN10
  ip address 192.168.1.1 255.255.255.0
  !************************** SERVICE **************************
  service tempest
  ip address 14.218.74.127
  keepalive type http
  keepalive uri "/checkServerStatus.html"
  active
  service tempest-ping
  ip address 14.218.74.127
  active
  service zephyr
  ip address 14.218.74.128
  keepalive type http
  keepalive uri "/checkServerStatus.html"
  active
  service zephyr-ping
  ip address 14.218.74.128
  active
  !*************************** OWNER ***************************
  owner HPS
  content layer3
  vip address 14.60.64.210
  no persistent
  add service tempest
  primarySorryServer zephyr
  active
  !*************************** GROUP ***************************
  group SOURCE-IP-NAT
  vip address 14.218.74.112
  active
  !**************************** ACL ****************************
  acl 10
  clause 10 permit any any destination any
  apply circuit-(VLAN10)
  acl 20
  clause 10 permit any any destination any
  apply circuit-(VLAN1)
  acl 30
  clause 10 permit any any destination content HPS/layer3 sourcegroup SOURCE-IP-
  NAT
  clause 90 permit any any destination any
  apply circuit-(VLAN2)
  ~~~~~~~~~~~~~~~~~~~~~~
  Pretty simple, but when I go to configure VLAN10 as the interface to run VRRP on:
  scc-lb1(config)# circuit VLAN10
  scc-lb1(config-circuit[VLAN10])# redundancy-protocol
  ^
  %% Invalid input detected at '^' marker.
  scc-lb1(config-circuit[VLAN10])# re?
  redundancy Configure this circuit for redundancy
  restore Restore commands
  *** Aliases ***
  reboot_diags @configure;boot;rebo diags
  reboot @configure;boot;rebo
  scc-lb1(config-circuit[VLAN10])#
  The "redundancy" command is the only command it will recognize.
  Anybody have any clue what is happening here?
  Thanks!

  Hi,
  In order to add "redundancy-protocol" to the circuit, you need to go into the ip address section after going into the circuit section and then it will be an available option.
  Like this:
  scc-lb1(config)# circuit VLAN10
  once in the circuit section, type in the ip address of the circuit.
  Then you will be in the ip address part of the config and type in "redundancy-protocol"
  Regards
  Pete Knoops
  Cisco Systems

• Failover to redundant box shows Redundancy Protocol: Not Running on CSS

  After failover to redundant (backup) BOX, the backup BOX becomes Master but output of “sh redundancy” shows Redundancy Protocol: Not Running and shows intermittent packet drops.

  Here is the URL for the configuration for the Configuring VIP and Virtual IP Interface Redundancy follow the configuration guide which may help you http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.10/configuration/advanced/guide/VIPRedun.html