CSM Load Balancer Help

Hey,
Just a quick question....
Does anyone know a) if it's possible and b) how to have two servers off the CSM but instead of load-balancing between them make them a failover pair i.e. if server A goes down server B will take over - done using the same VIP?? It's needed because the application on the servers can't do load-balancing yet but can work in a failover way.
I'm reading the book trying to work it out but if someone has done this before that would be great!
Thanks
Anthony

Thanks for the responses.
I'm using CSM 4.6(6) and have given what you suggested a go but have run into problems.
When I disconnect the primary server I see that go out of service but that also knocks out the VIP and it never fails over to the second server. Am I missing something? I've attached the relevant parts of the config and would be greatful for any advice.
serverfarm FARM1
nat server
nat client WEB
real 10.2.250.10
inservice
probe HTTP
serverfarm FARM2
nat server
nat client WEB
real 10.2.250.11
inservice
probe HTTP
vserver WEBTRAFFIC
virtual 10.2.250.100 tcp www
vlan 250
serverfarm FARM1 backup FARM2
persistent rebalance
inservice
I also had a go at creating that variable but it wouldn't let me...just said variable not configurable - but I'll play with that and see if I can work it out...I'm not so bothered as long as the backup part works.
Thanks guys...
Anthony

Similar Messages

  • CSM Load Balance redirect

    I have a request to do a redirect on a CSM load balance device and I am not sure how to go about doing it.
    The request is to send traffic destined for https://payments.domain.com to https://www.diffdomain.com/folder/folder/page.jsp. I already have a serverfarm created for www.diffdomain.com, I guess I could create a vserver with a unique IP address for payments.domain.com and point it at the same set of servers, but how would I append the "/folder/folder/page.jsp" on to the request?

    Hi,
    The only way you can do HTTPS to HTTPS redirection is if you have an SSL module or also if this module happens to be a CSM-S. To be able to redirect encrypted traffic the CSM needs to inspect first the L5 information contained on the HTTP header. Once the SSL card has decrypted the traffic you can configure a webhost relocation serverfarm to ask the client to send the request to https://www.diffdomain.com/folder/folder/page.jsp which will be sent to the 443 vserver that is already taking traffic for https://payments.domain.com
    Hope this helps.
    Pablo

  • Portal Landscape - With 2 CSM (load balance) related question

    Hi,
      We are currently having a portal landscape (Dev, QA -2 app servers, PRD - 4 app servers). The load balancing happens on Production Portal using CSM (load balancer) and it does SSL offloading for security encryption and it lands onto one of the application servers. When we try to login to portal it authenticates using the LDAP (OID). And we have some links which takes to backend R/3, BW etc (we use SAP load balance using SMLG logon group)
    Now due to another special project the following is what we are planning:
    1. Adding couple of more application servers for production portal or having seperate second portal landscape itself
    2. Adding couple of more application servers for R/3 production server (load balance can be done with special logon group for that)
    Questions are:
    1. When we land into current production portal page and click a iview link for the special project it should go only to those special portal app servers (planning to do through another CSM) and from their to backend R/3. In this scenario how the authentication (or sso ticket) happens when it goes from CSM to another CSM, will it ask for login again or any issue will happen with SSO ticket ?
    2. If we decide to go for second portal landscape and in the same scenario when login to current prod portal page and click a iview link for the special project it should go to that another production portal,in that case what will happen to the login authentication happened through the first portal and SSO ticket ?
    3. Suppose if we go to the second production portal directly through a website and if the user tries to login using the same id to first portal how portal will deal in terms of security (SSO) and also how backend R/3 will behave when same id comes as part of SSO.
    Or if anyone thinks of any other issue apart from SSO or encryption related things which i need to be aware of, kindly let me know.
    Thanks,
    Murali.

    I am not sure what CSM is, but I would expect it only does ssl offloading and a sort of "reverse proxy" against the cluster.
    >1. When we land into current production portal page and click a iview link for the special project it should go only to those special portal app servers (planning to do through another CSM) and from their to backend R/3. In this >scenario how the authentication (or sso ticket) happens when it goes from CSM to another CSM, will it ask for login again or any issue will happen with SSO ticket ?
    This depends on the host name you use for the two CSM clusters. If they have the same subdomain, there should be no problem as the SAP Logon Ticket (MYSAPSSO2) cookie is issued to the sub domain of the portal.
    If they do not have the same subdomain, the second CSM cluster will receive the request without the MYSAPSSO2 cookie, and will therefore trigger reauthentication.
    >2. If we decide to go for second portal landscape and in the same scenario when login to current prod portal page and click a iview link for the special project it should go to that another production portal,in that case what will >happen to the login authentication happened through the first portal and SSO ticket ?
    It will fail, as the MYSAPSSO2 cookie from the first portal is not recognized in the second. However, you can easily setup so that the second portal trusts the first and does a logon based on its credentials
    >3. Suppose if we go to the second production portal directly through a website and if the user tries to login using the same id to first portal how portal will deal in terms of security (SSO) and also how backend R/3 will behave >when same id comes as part of SSO.
    I assume both portal will be setup against the same LDAP/UME source. Therefore it will allow the logon. The backend systems should trust both the first and second portal (STRUSTSSO2 transaction)
    I think your architecture choice comes down to if the new project has special considerations with regards to versioning of portal. If it does, it would be sensible to separate it into a separate portal (and you can always integrate them with the first portal through portal federation if you have a relatively new version).
    Regards
    Dagfinn

  • CSM load balancing

    I have an interesting problem. I have a VIP with a two server, serverfarm. Originally the VIP and serverfarm were doing load balancing in the switch IOS and the vip was configured with a 27 bit subnet mask. I moved the configuration to our csm mod and removed the subnet mask. The original sticky was set to 120 and I reset the sticky to 30 as part of the move. Now the load balancing is extremely off kilter (200 connections to 7). Any ideas what could be amiss?

    Real servers are physical devices assigned to a server farm. Real servers provide the services that are load balanced. When the server receives a client request, it pulls matching information from a disk and sends it to the CSM for forwarding to the client.
    You configure the real server in the real server configuration mode by specifying the server IP address and port when you assign it to a server farm. You enter the real server configuration mode from the serverfarm mode where you are adding the real server.
    This URl should help me:
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_installation_and_configuration_guide09186a00801760d0.html#xtocid439743

  • Load Balancing help needed...

    I've been asked to research/implement load balancing on our Java only NW2004s EP (Unix) installation.
    I've read the help files here, but not sure I understand what I'm supposed to do, if anything at this point.
    http://help.sap.com/saphelp_nw2004s/helpdata/en/d3/e12840d89d185de10000000a1550b0/frameset.htm
    Right now we have only one system, so from what I can tell, implementing the SAP Web Dispatcher for load balancing isn't an option.
    I see there is also load balancing from the Java dispatcher. This I think is our only option at this point until we move to a production scenario with some other systems clustered.
    Nonetheless, I don't really see any implementation details on configuring the java dispatcher. Which gives me the impression that it's job is automatic.
    Could someone point me in the right direction so that we might might get some kind of load balancing implemented, or atleast get us moving in the right direction?
    Thanks alot.
    Beau

    I've been asked to research/implement load balancing on our Java only NW2004s EP (Unix) installation.
    I've read the help files here, but not sure I understand what I'm supposed to do, if anything at this point.
    http://help.sap.com/saphelp_nw2004s/helpdata/en/d3/e12840d89d185de10000000a1550b0/frameset.htm
    Right now we have only one system, so from what I can tell, implementing the SAP Web Dispatcher for load balancing isn't an option.
    I see there is also load balancing from the Java dispatcher. This I think is our only option at this point until we move to a production scenario with some other systems clustered.
    Nonetheless, I don't really see any implementation details on configuring the java dispatcher. Which gives me the impression that it's job is automatic.
    Could someone point me in the right direction so that we might might get some kind of load balancing implemented, or atleast get us moving in the right direction?
    Thanks alot.
    Beau

  • How to config CSM load balance of http combined https

    In this case,when I config CSM for load balance http and https service separately was ok.2 VIPs , 2 Serverfarms, One for http , and one for https .But I found that the https would referred to http information on IIS , because when the client first to access http is ok,and then login by https ,the information is not right.So,how to config CSM in this case,any reply will be very be appreciated.

    There are 2 different ways.
    You could combine the 2 vserver into a single one by not specifying the tcp port.
    Another solution would be to use the same sticky group for both vservers.
    For example, you could use sticky srcip.
    ie:
    sticky 10 netmask /32 address source
    vserver http
    sticky 60 group 10
    inservice
    vserver https
    sticky 60 group 10
    inservice
    Regards,
    Gilles.
    Thanks for rating this answer.

  • CSM - Load balance using Server CPU

    Hi
    I have a customer who requires the load-balancing prediction
    algorithm to be based on the CPU level of the Server. So the server with the least CPU is chosen at the laod-balancing stage.
    Is there a way to do this?
    Thanks James

    Hi James
    With CSM the only option is DFP (Dynamic feed back protocol). If your application vendor provides DFP agents (which is very unlikely) for the application then these agents can be installed on App servers for the desired purpose.
    Config details at
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/rsfarms.html#wp1039774')">http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/rsfarms.html#wp1039774
    With ACE you can use SNMP based probes to achieve what you are looking for.
    Syed Iftekhar Ahmed

  • FWSM and CSM (Load Balance) in the same chassi

    Folks,
    Is there any type of best practice (you ** must ** do like this) when you are going to implement the FWSM and the CSM modules on the same 6509 chassi ?
    PS: The CSM is not doing FW loadbalance, it is doing loadbalance to servers located in a DMZ
    PATH:
    (outside) FWSM (inside) -> MSFC -> (inside) PIX (dmz) -> CSM  , CSM -> (dmz) PIX (inside) -> MSFC -> (inside) FWSM
    My main doubts:
    1) FWSM using multi-context, Is there any integration problem with CSM ?
    2) FWSM and CSS in routed mode, Is there any integration problem with both modules ?
    3) Is it really necessary to operate the FWSM module in bus mode when using CSM in the same chassi (fabric switching-mode force bus) ?
    Cisco Says:
    "The CSM line card operates in bus mode. When using the CSM in conjunction with the FWSM line card,
    Cisco recommends forcing the FWSM to operate in bus mode using the
    fabric switching-mode force bus command. When service modules such as the CSM and the FWSM
    operate in bus mode, traffic from DFC-enabled line cards still use the fabric connection."
    In past it was a workaround due a bug, but I have found this recommendadon and know I am a little confused.
    Tks !!!

    Luis-
    You will want to used a routed mode on the CSM so that the Firewall contexts don't see eachothers MAC Addresses for any traffic not destine to to a VIP.  On the CSM VLANs, you will want to create alias IPs to use as the next hop destination between contexts for non-VIP traffic. Other than that, the CSM has no concept of contexts, so as long as the traffic is symetric when it flows through the CSM VLANs, it will be happy.
    Regards,
    Chris

  • CSS Load Balance Help

    Hi there,
    I need a help, and I have this following situation:
    *My Service is web and its listen TCP ports - 443 Https and 80 http
    *The port 443 is only used to login and after its login all web requisitions are by port 80 www
    *We have 02 services running and we want a VIP in order to serve the 02 ports mentioned.
    *The access persistency must occurs in the CSS. A same client requisition on port 80 or 443 must redirect the user to the same server already answered the login requisition in the https login
    Is tehre any configuration possible to do in order to accomplish that?
    Any help is welcome.
    Regards

    Message Addendum: Any cisco web site reference will be appreciated.
    CSS model and OS version:
    CSS_01# show ver
    Version: sg0730106 (07.30.1.06)
    Flash (Locked): 07.30.1.06
    Flash (Operational): 07.30.1.06
    Type: PRIMARY
    Licensed Cmd Set(s): Standard Feature Set
    CSS_01# show chassis
    Configuration for CSS11503-AC E0:
    Product Name: CSS11503-AC E0 SW Version: 07.30.1.06
    Serial Number: JAB0831L01G Base Mac Address: 00-11-92-d1-60-9f
    Slot Number Module Name Status
    1 CSS5-SCM-2GE primary
    2 CSS5-IOM-2GE primary
    3 empty slot
    4 CSS503-SM-INT powered-on
    Slot / Port Name Status
    1/1 SCM-2GE online
    1/2 SCM-2GE online
    2/1 IOM-2GE online
    2/2 IOM-2GE online
    CSS_01#

  • IPTABLES POSTROUTING Load balancing help

    Hi there,
    I have an interface with 5 IP addresses assigned to it (as virtual adapters) let's call them x1,x2,x3,x4 and x5.
    Currently I have SNAT POSTROUTING forwarding rules from local source range to specific public ip address. Below is an example for the current rule
    -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source x1.x1.x1.x1
    What I would like to achieve is that new established local connections will be postrouted and assigned to one of the IPs above (x1/x2/x3/x4/x5) randomly / round robin. I tired to look for a solution online but I didn't find any information for how to do so. I almost sure its feasible.
    Many thanks for your help guys!
    Amit

    fukawi2 wrote:
    I haven't tested, but this should do it:
    Alternatively, but this may lead to bias towards x5:
    I understand it differently: iptable rules are independent and traversed in order, so the unbiased chain should be
    iptables -t nat -N OUTPUT_LB
    iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 5 --packet 0 -j SNAT --to x1
    iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 4 --packet 0 -j SNAT --to x2
    iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 3 --packet 0 -j SNAT --to x3
    iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 2 --packet 0 -j SNAT --to x4
    iptables -t nat -A OUTPUT_LB -j SNAT --to x5
    iptables -t nat -A OUTPUT -m state --state NEW -j OUTPUT_LB
    iptables -t nat -N OUTPUT_LB
    iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.20000 -j SNAT --to x1
    iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.25000 -j SNAT --to x2
    iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.33333 -j SNAT --to x3
    iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.50000 -j SNAT --to x4
    iptables -t nat -A OUTPUT_LB -j SNAT --to x5
    iptables -t nat -A OUTPUT -m state --state NEW -j OUTPUT_LB

  • Linksys RV042 Dual Wan with Load Balancing Help?

    Good day,
    I'm a newbie to routers.  I have purchased a Linksys RV042 hoping I could connect my two modem and provide internet to my collegues in the camp.  My internet connection is running under EAP-TLS using a Motorola modem from Go Telecom here in Saudi Arabia.  Need help to configure the router to accept the two modem.
    Thanks for the reply.....

    Hello David,
    Glad you could spend some time with my problem.  Tried the solution you sent but still unsuccesful to connect to internet.  Is there something wrong with the WAN credentials I'm using?  Do I have to switch the mode from Gateway to Router?  Please take a look at my WAN1 values that I wrote in the RV042
    I am using a Motorola CPE outdoor Wimax modem from GO Telacom here in Saudi Arabia...

  • Server Load Balance in one network using CSM Cat6509

    I have 2 Web Servers with real IP address 10.1.12.61 and 10.1.12.62 (subnet mask 255.255.255.0). The virtual IP address configured on CSM is 10.1.12.100
    I also have 2 Application Servers with real IP address 10.1.12.81 and 10.1.12.82 (subnet mask 255.255.255.0). The virtual IP address is 10.1.12.120.
    Users will access Web server using the virtual IP address (10.1.12.100) so that the traffic will be load balanced.
    But there is also requirement that those Web Servers access Application Servers using IP address 10.1.12.120 so that the traffic will be load balanced as well.
    Is this requirement feasible?
    Can CSM load balance between servers in one network address?

    Budiman,
    I am building the same situatiuon here. But the most simple part seems not to be working. I have two webservers in the same subnet as my VIP.
    The clients can be everywhere in every subnet.
    This is what happens:
    btpebgw70#sh mod contentSwitchingModule 9 conns
    prot vlan source destination state
    In TCP 401 192.6.53.42:1901 151.183.58.196:80 ESTAB
    Out TCP 401 151.183.58.196:80 192.6.53.42:1901 ESTAB
    ok this is good but:
    btpebgw70#sh mod contentSwitchingModule 9 reals detail
    151.183.58.201, ORBIS, state = OPERATIONAL
    conns = 0, maxconns = 4294967295, minconns = 0
    weight = 8, weight(admin) = 8, metric = 0, remainder = 0
    total conns established = 58, total conn failures = 58
    the failures have the same value as the established. Can you send me your config part of the csm because I am getting tired of this. Please email to [email protected]
    Thanks in advance!

  • Load balance on CSM with both Firewalsl and Cache engines

    Hi,
    I'm come from VDC#3 ( Vietnam) , we have 2 CSM , 3 firewall , and 8 CE 7325. We configed dual CSMs load balance for 3 FW, and now we want to use one CSM to load balance for CEs. Can you hint me best topylogy network?
    Thanks

    your topology is correct.
    The problem is your config.
    If you need access to the CE ip addresses, you need to configure a vserver to allow this traffic.
    Something like
    serverfarm FORWARD
    no nat server
    no nat client
    predictor forward
    vserver access2ce
    vip x.x.x.0/24 any
    serverfarm FORWARD
    ins
    Replace x.x.x.0/24 with the subnet used by the CE.
    Regards,
    Gilles.
    Thanks for rating this answer.

  • Server Load-balancing and ACL router decision

    Hello,
    My 2 server farm distribution switches are running in "hybrid" mode, with CAT OS on the switch and IOS on the MSFC.
    My server team is asking to block traffic to a specific server that is load balanced using Cisco's CSM load-balancer which is also installed in the chassis.
    The question that I have is this.
    Does anyone know in what order the MSFC will inspect and apply the ACL and when will the CSM make the load balancing decision?
    The reason I need to know this is that the CSM is setup in bridged mode, where traffic to the server comes into the MSFC with a destination IP of a VIP which resides on the CSM. Subsequently, the CSM forwards the traffic to the one of the real servers in the load-balanced server farm after it makes its load-balancing decision. Which ocurrs first??
    Does anyone have any info on what ocurrs first and so forth??
    Is there a link to Cisco's website that explains this process??
    Thanks in advance for your help.
    Tony

    Tony,
    It sounds as if your setup is like this:
    Client VLAN----MSFC----VLAN A----CSM----Server VLAN
    With VLAN A and Server VLAN being the same IP subnet.
    In this case all client traffic reaching the VIPs on the CSM first traverses the MSFC. So, if you want to block traffic to a specific VIP or Server IP you can do that on the MSFC's Interface for Client VLAN. You could configure an access list that filters inbound traffic on that VLAN interface.
    Make sense?
    -Brad

  • CSM L7 LOAD BALANCING

    I need to load-balance trafic with a persistence based on http header "X-Nokia-MSISDN".
    Knowing that I'm using the version 4.1(6), the command "http header sticky" is not available (version 4.2 and more).
    I've seen that the following command is available "persistent rebalance" with version 4.1(6) but I'm not sure about what is its action.
    According to the definition given in the guide (
    "The CSM allows HTTP connections to be switched based on (...) fields contained in the HTTP header."
    MY QUESTION :
    How can you define that persistence should occurs on the "X-Nokia-MSISDN"
    http header ?
    Thanks for your help
    Francois

    the persistent rebalance command tells the CSM to look at every HTTP request to select the best server. So, if you have a persistent connection ( 1 tcp connection for many http requests ), the CSM will look at each request.
    Otherwise, it only looks at the first request and assumes all the other requests stick to the same server. Which is normally true, except if you have a proxy connecting to your vserver.
    You still need 4.2.x to allow sticky on header info.
    Gilles.

Maybe you are looking for

  • How to create a group of e-mail addresses

    Hi, I need to create a group of recipients (mailing list) using a list of e-mail addresses. I guess I need to use the Address Book, but I could not find the correct way to copy/paste the entire block of addresses. The only way I found was to insert e

  • Page breaks inside repeating frame

    Hi, I am developing a statutory report for India Localisation. In this report there is a repeating frame which has three sections inside. I want to ensure that each of these section prints on a new page all the time. Of course there will be some page

  • Ipad apps not updating either auto or manual

    Any attempt to update apps on my ipad3 fail. appears to start then stops and returns to "x" number of updates waiting. Not having this issue with IPhone Have done both soft and hard reset & synced with ITunes. Based in UK

  • Help its really urgent.....Data type mismatch in criteria expression.

    hello everyone.... I m trying to retrive an int value from Access database with query String query = "SELECT * FROM M_PROCESS WHERE PROCESS_NAME = '"+selected_process+"' "; Here selected_process is the string retrived from a JSP page using request.ge

  • Deleted the photo icon in error

    whilst rearranging the icons on the home page,  inadventally deleted the "PHOTO" icon - query - how to reinstate it.