CSS 11503 load-balancing with MS Print Servers

Similar Messages

• CSS 11503 Load Balancing Verification

  Alright, so I have toiled long and hard to get this right.  I think I have the config down but I am unsure on how to verify how this load balancing is working.
  Here is the Content Config that I am speaking of:
  content cad-rule
      add service wls1-e0
      add service wls1-e1
      add service wls2-e0
      add service wls2-e1
      add service wls3-e0
      add service wls3-e1
      add service wls4-e0
      add service wls4-e1
      add service wls5-e0
      add service wls5-e1
      add service wls6-e0
      add service wls6-e1
      arrowpoint-cookie expiration 00:00:15:00
      advanced-balance arrowpoint-cookie
      redundant-index 2
      vip address 172.30.194.195 range 2
      arrowpoint-cookie name TOQ
      protocol tcp
      port 8001
      url "/*"
      active
  Each service in the rule above is configured as follows:
  service wls1-e1
    port 8001
    protocol tcp
    strin ags001-e1
    ip address 172.30.193.81
    keepalive type http
    keepalive uri "/cad/index.html"
    redundant-index 12
    keepalive frequency 20
    keepalive maxfailure 10
    keepalive retryperiod 2
    active
  I am using the advanced arrowpoint cookies because I need some stickiness here.  Straight round-robin would not have done what I needed it to do.
  Now, when I go to my show summary, this is what I see for this rule:
                   cad-rule    Master   wls1-e0 84274
                                              wls1-e1 13144
                                              wls2-e0 96884
                                              wls2-e1 26374
                                              wls3-e0 71145
                                              wls3-e1 16592
                                              wls4-e0 76403
                                              wls4-e1 8657
                                              wls5-e0 118623
                                              wls5-e1 22760
                                              wls6-e0 30836
                                              wls6-e1 20464
  The far right column indicates the services hits.  I originally had the E1's suspended and activated them later on. So if this was true round robin, all the E0's should have the same number of service hits and all the E1's should have the same number of service hits.  But as you can see, the wls5 server is getting hit the most while the wls6 server is sitting there twiddling its thumbs.
  Now understanding how the arrowpoint cookies do their load balancing (inserting a cooking into the flow and then timing out after 15 mins as configured above) I would not expect a 1:1 ratio of load balancing between servers.  But the distribution above seems rather extreme.
  Does anyone have any suggestions on how to both A) verify that this is the right config and B) suggest to my boss that this is working the way it should be working?
  Thanks!
  James

  Hi James,
  There are several reasons of the uneven load balancing that you are seeing (based on the show summary). First
  of all, the CSS is configured to do stickiness (advance-balance).
  With arrowpoint-cookies (for HTTP only) method for stickiness, only the requests coming with the same cookie
  are going to get stuck to the same server, since the cookie is
  lost when the browser is closed (or based on the expiration), then the stickiness is going to be session
  based and if the same client open a new session is going to be load balanced.
  Is important to understand that when using stickiness, no real even load balancing is
  going to happen since we are sticking new flows to the same server; even when layer 5 stickiness would
  permit more even balancing than layer 3 stickiness (source IP based).
  Also consider that the "show summary" is a command to see the hits (requests) being balanced to an specific
  server, this is a good command to see the load balancing, anyway since the CSS balance
  connections (flows), a persistent connection could have a lot of requests, so all those requests are
  always going to the same server (incrementing the amount of hits in the counter) while a non-persistent
  connection would be just one request (refer to HTTP persistence).
  Also keep in mind that if a service is take out for maintenance, or is added to the load balancing later
  than another, or if goes down for a period of time, then the CSS will be balancing among the remaining alive
  servers. When you add the server again, the another servers are going to have connections
  already established, so since the CSS is doing round robin, the server last added will
  never have the same amount of connections (nor hits) that the other ones, because while one could
  have 55 for example, the new one will have it first connection, and when the first one
  gets the 56, the another will get the second, and so on.
  Please let me know if this makes any sense.
  Diego M

• CSS 11501 Load Balancing with X-forwarded-for

  Hi,
  We have a pair of CSS 11501,
  Currently it is using source ip for load balancing and 5 servers as backend , however we have users loggin in using http and based on its source IP (ISP PROXY) , it is forwarded to SERVER A.
  However, we have a SSL page and when the client switches over to SSL , it is forwarded to SERVER B/C/D/E  based on its source IP ( REAL CLIENT IP) .
  This will cause the user to be terminated as the 5 servers are independent and not running in a cluster.
  Is there any way that we can use the X-Forwarded-For address to load balance so that when users loging , they are sent to SERVER A (Based on X-Forwarded-For Header IP which translate to REAL CLIENT IP).
  This way we are able to also send it back to the same server when it uses SSL.
  I believe that we should be able to load balance using X-Forwarded-For IP or to rewrite the X-Forwarded-For IP into client source IP
  Regards

  Hi,
  Unfortunately CSS does not support X-Forwarded-For, and even if CSS supports that, this wont work if you are not using SSL termination.
  One option that you can use here, is using SSL termination, so you can manage the SSL traffic on HTTP on the CSS, in this way you can use the same HTTP content rule which is the one currently working.
  In summary, you will have an SSL content rule that will decrypt the traffic, and this one will use the same content rule that already exist for HTTP, in case that the server is the one doing the redirect to SSL, but this is something that requires testing since depending on the redirect behavior we might have a redirect loop, but without details it is kind of hard to confirm that you will face this with this option.
  Another option, which is less complex, is to use a portless content rule, so this content rule will match port 443 and 80 at the same time, and using sticky or balance based on source IP, you will get the same result with less config. The downside is the troubleshooting, but in this way you will have what you want.
    content HTTP-HTTPS
      vip address 10.198.44.70
      advanced-balance sticky-srcip
      add service server1
      add service server2
      add service server3
      add service server4
      add service server5
      protocol tcp
      active
  Here the content rule is not looking for the destination port, it is just looking for the source IP, and HTTP and HTTPS will end all the time on the same server.
  Thanks,
  Rodrigo

• CSS 11050 Load Balancing with Single VLAN (no NAT)

  We have several CSS 11050's in use on our network, cheifly for load-balancing web servers. In a test network I've set up, I've configured our test servers' IP addresses and our load-balanced IP address to be on the same subnet. This way our developers can easily check both single servers as well as the LB configuration. This got me thinking...
  All the config documentation I've seen on the CSS seems to assume that you are putting the VIP for the content rule on a different VLAN than the IPs for the services. Is there any particular need for this? I'm in the process of setting up another network that will have its services NATed behind a PIX. There are some services (WWW) that I want load balanced and some services (passive FTP with one server) where there's really no need. Would I do any harm by putting the content rules' VIPs on the same subnet as the servers themselves? I can still plug the servers into the other ports on the CSS so that I'm not really doing a "one-arm" configuration.
  -Mark Romer

  You shouldn't have any problem doing this. In addition to load balancing web servers we've also balanced terminal servers that are configured to be accessed by remote users through VPN connections. Because we have over 90 remote locations, I didn't want the services and the VIP addresses to be on different VLAN's because I'd have to reconfigure the routers in all the remote locations. I was in the same position you're in, all the documentation indicated different VLAN's but I thought it would be a worth a try. Everything works perfectly...
  Cody Rowland

• CSS Load Balancing with Cookies

  We are trying to load balance 2 backend servers hosted on Websphere with advance balance cookies method.
  Restrictions
  ServerA is unable to accept cookies generated from ServerB.
  ServerA and ServerB are generating random cookies
  Unable to modify cookie string with a constant.
  How can we load balance based on cookies considering the above restrictions?
  We have attempted to do hash based load balancing with cookies but the problem we run into is the servers do not accept cookies generated from another server.
  The configuration we tried is written below:
  service ServerA
  ip address 192.168.10.2
  keepalive type tcp
  keepalive port 80
  active
  service ServerB
  ip address 192.168.20.2
  keepalive type tcp
  keepalive port 80
  active
  content ABC
  url "/*"
  add service ServerA
  string prefix "JSESSIONID="
  advanced-balance cookies
  port 80
  add service ServerB
  string skip-length 5
  string process-length 16
  string operation hash-xor
  protocol tcp
  vip address 172.16.32.1
  active
  Can we change the string prefix to JSESSION instead of JSESSIONID= ?
  The only place the app guys can add a constant string to match on is before the = sign.
  Is it possible for CSS to match on a constant string before = sign e.g below:
  service ServerA
  ip address 192.168.10.2
  keepalive type tcp
  keepalive port 80
  string id567=
  active
  service ServerB
  ip address 192.168.20.2
  keepalive type tcp
  keepalive port 80
  string id123=
  active
  content ABC
  url "/*"
  add service ServerA
  string prefix "JSESSION"
  advanced-balance cookies
  port 80
  add service ServerB
  string skip-length 0
  string process-length 6
  protocol tcp
  vip address 172.16.32.1
  active

  It should work.
  There is no reason for it not to work...
  This is the best method you can have on the CSS for stickyness.
  Get a sniffer trace on the client and server with arrowpoint cookie configured on the CSS and capture a failure so we can see what is going on.
  also send me the config so I can verify everything is ok.
  If you have a service request open with the TAC, you can also give the SR # so I can review what has been done.
  Gilles.

• CSS ACTIVE/ACTIVE SCENARIO WITH JUST TWO SERVERS ??? POSSIBLE??

  Hi
  I'm gonna have a setup of TWO CSS11503 Content Switches with standard WEBNS feature set
  in an ACTIVE / ACTIVE VIP and Virtual interface redundancy scenario for load-balancing just
  two web servers initially.
  Can I hv this setup up & running if I configure the two servers with different default
  gateway addresses on the private side and two static routes in the private side Layer3
  for two different VIP addresses in the public side ??
  Any better suggestions for this scenario.
  Thanx

  Firstly - what Gilles said.
  Having said that, I'm using some content switches in active/active modes in a couple of places in a geographically distributed gateway. Active/Active lets us improve our redundancy characteristics and allow for device failures as well as link failures between the gateways.
  There are lots of complexities that arise if you take this path - you will need to do a lot of logical math and testing about traffic symmetry under all of the different failure conditions, because you introduce the possibility that response traffic could come back at L2/L3 through a different CSS than the request traffic.

• CF 10 Load-Balancing with Remote Instances

  I was reading an article on Clustering/LB/HA using CF8, but have not found any updates for CF10.
  Using VM VirtualBox to setup a few virtual servers, I am looking to setup a load balancing of ColdFusion 10 on 2 remote instances. The goal would be have ColdFusion Cluster Manager be able to point http request to one of the two servers based on load/availability. Not really having a hardware cluster/failover setup, just managing resources on two CF instances instead of a standalone.
  The servers are Windows Server 2008 R2 with IIS7.5 and ColdFusion 10 Enterprise on installed on 3 of these machines. Let's call them CF-LBManager, CF-Web1, and CF-Web 2. In the CF Docs, they show the Cluster Manager adding the local CF instance and "if you want" a remote instance. However, this scenario would require the main instance to be running and not fail for it to direct to the other instance.
  I am trying to set this up now with CF-LBManager as just a manager of the requests coming in. In the Enterprise Manager >> Instance Manager, the local instance is shown and I add the two remote instances with the correct Remote Port, JVM Route, etc. I also made sure the <Cluster>...</Cluster> block was added to the two remote instances (CF-Web1 and CF-Web2) \runtime\conf\server.xml file too, Jetty Services also is running. Now under the Enterprise Manager >> Cluster Manager I add the two remote instances to the cluster, not the local instance on CF-LBManager with Multicast Port and Sticky Sessions enabled. On Submit, I get a green message "You must restart all the server instances and any configured webservers for these changes to take effect.". I go ahead and reboot the servers and come back.
  I now browse to the ColdFusion page as a test on CF-Web1 and CF-Web2 to make sure CF is running properly, they do. I then browse the IP of the CF-LBManager, however it only returns the local IIS web site and not redirect to one of the two cluster members. I am not seeing any message on the coldfusion-out.log on the remote instances. Am I not setting this up correctly or not enabling the Cluster Manager to take over and pass along the requests to those in the cluster?

  Unfortunatley I don't have a lot of experience with CF10 on Windows, but if you are running CF behind IIS I think  you will need to update the Tomcat connector configuraiton to do load balancing. I'm not sure if re-running the wsconfig tool on all of the servers will do this or not, but that is what I would suggest trying first. If that doesn't work you will need to update the Tomcat connector configuraiton manually. You can find more information on load balancing with the Tomcat connector here: http://tomcat.apache.org/connectors-doc/generic_howto/loadbalancers.html.

• How do I load balance TFTP between two servers and a client on the same subnet?

  Hi,
  I have trawled through several documents and tried umpteen different configs, all to no avail. I have a PXE boot client trying to access a boot file via TFTP from a couple of TFTP servers on the same VLAN/subnet. For HA purposes I want to load balance the two TFTP servers.
  Config is currently;
  =====
  probe icmp ICMP_PROBE
    description icmp probe for default gateway tracking
    interval 5
    passdetect interval 15
  rserver host server1
    description Server1
    ip address 10.0.0.1
    inservice
  rserver host server2
    description Server 2
    ip address 10.0.0.2
    inservice
  serverfarm host serverfarm_01
    description servers used
    probe ICMP_PROBE
    rserver server1
      inservice
    rserver server2
      inservice
  class-map match-all L4_VIP_TFTP
    10 match virtual-address 10.0.0.10 udp eq 69
  policy-map type loadbalance first-match L7_TFTP
    class class-default
      serverfarm serverfarm_01
  policy-map multi-match L4_LB_VIP_POLICY
    class L4_VIP_TFTP
      loadbalance vip inservice
      loadbalance policy L7_TFTP
      loadbalance vip icmp-reply active
  nat dynamic 1 vlan 200
  interface vlan 200
    ip address 10.0.0.250 255.255.255.0
    nat-pool 1 10.0.0.241 10.0.0.243 netmask 255.255.255.255 pat
    service-policy input L4_LB_VIP_POLICY
    no shutdown
  ip route 0.0.0.0 0.0.0.0 10.0.0.254
  =====
  I have read the doco by Ivan Kovacevic amongst many others but as my clients and servers are on the same subnet, the config doesnt work.
  Can anybody point me in the right direction please. The devices are ACE 4710 running A3(2.3).
  Thanks

  Try using the following configuration:
  Note: Please make sure to configure also a udp probe to probe udp port 69, in case the application is down.
  You need to configure a management policy on the interface when using a UDP probe.
  That is because, when port 69 on the server will be unreachable, the server will send an ICMP unreachable.
  ACE will consider a udp probe as "failed" only when it sees ICMP unreachable.
  Without a management policy-map, the ICMP unreachable message will be dropped.
  Also, add an ICMP probe to the rserver because udp probe will not be enough when the physical interface will be down.
  That is because UDP is a connection-less protocol. To consider a UDP probe successfull, ACE need to see NO answer from the server in respose to the probe.
  The ACE will not see any answer from the server when the interface is down and thus, will consider the probe as "sucessful".
  With ICMP probe attached to the rserver, you also test the reachability of the server and not only the UDP port.
  Here is the configuration (of course, you can chage the names of the of the objects to the name you are using if you want) :
  access-list ALL line 10 extended permit ip any any
  probe udp TFTP
    port 69
    interval 5
    passdetect interval 15
  probe icmp ICMP_PROBE
    interval 5
    passdetect interval 15
  rserver host TFTP_1
    ip address 10.0.0.1
    probe TFTP
    probe ICMP_PROBE
    inservice
  rserver host TFTP_2
    ip address 10.0.0.2
    probe TFTP
    probe ICMP_PROBE
    inservice
  serverfarm host TFTP-SFARM
    rserver TFTP_1
      inservice
    rserver TFTP_2
      inservice
  sticky ip-netmask 255.255.255.255 address source TFTP-STICKY
    timeout 10
    replicate sticky
    serverfarm TFTP-SFARM
  class-map type management match-any MANAGE
    2 match protocol icmp any
  class-map match-all NAT
    2 match virtual-address 0.0.0.0 0.0.0.0 udp any
  class-map match-all TFTP
    2 match virtual-address 10.0.0.10 udp eq 69
  policy-map type management first-match MANAGE
    class MANAGE
      permit
  policy-map type loadbalance first-match ROUTE
    class class-default
      forward
  policy-map type loadbalance first-match TFTP-POL
    class class-default
      sticky-serverfarm TFTP-STICKY
  policy-map multi-match TFTP-MULTI
    class TFTP
      loadbalance vip inservice
      loadbalance policy TFTP-POL
      nat dynamic 1 vlan 212
    class NAT
      loadbalance vip inservice
      loadbalance policy ROUTE
      nat dynamic 2 vlan 212
  interface vlan 212
    ip address 10.0.0.250 255.255.255.0
    no normalization
    access-group input ALL
    nat-pool 1 10.0.0.241 10.0.0.243 netmask 255.255.255.0 pat
    nat-pool 2 10.0.0.10 10.0.0.10 netmask 255.255.255.0 pat
    service-policy input TFTP-MULTI
    service-policy input MANAGE
    no shutdown
  Let me know how it goes.
  Good luck!

• Load balancing with JSP

  Anyone and everyone,
  When configuring load balancing with Weblogic clusters, does load
  balancing take effect for all services or just EJB and RMI? Or another
  way of saying the same thing, can I setup weighted load balancing for
  the JSP engines across 2 weblogic servers.
  Thanks in advance,
  Mike

  The load-balancing documentation you read describing the different algorithms only applies to RMI stubs (e.g., EJB clients). Please see http://www.weblogic.com/docs51/cluster/concepts.html#1026091 for a description of how load-balancing/clustering works with servlets/JSPs.
  The short answer is that in using servlet clustering, most people want/need/use in-memory replication for HttpSession objects. In WLS 5.1 (and before), in-memory replication requires one or more proxy servers be set-up in front of the cluster. Typically, most people use something like BigIP to load-balance
  across the proxy servers and let the weblogic plug-in for the proxy server handle the routing to the cluster. The plug-in uses round-robin until an HttpSession is established for a user, then it always tries to route to the server where the user's session is located.
  Hope this helps,
  Robert
  Brian Lin wrote:
  All,
  I have a quesiton here regarding load balancing with DNS round robin. As of Chapter Adminstration of Clustering Weblogic server, Weblogic can be configured to balance by weight. How about Weblogic handle weight based balancing after DNS round robin ip response? or just can choose one way instead of both?
  What's the big difference between choosing BigIP and software balancing (WL)?
  Brian
  "Wei Guan" <[email protected]> wrote:
  I don't think you can configure this load balancing in weblogic in current
  release. However, if you have Big-IP or LocalDireoctr, you can set up
  weighted load-balancing there. Otherwise, weblogic proxy will use DNS round
  robin to do the load-balancing between JSP engins.
  My 2 cents.
  Cheers - Wei
  Michael Yakimisky <[email protected]> wrote in message
  news:[email protected]...
  Anyone and everyone,
  When configuring load balancing with Weblogic clusters, does load
  balancing take effect for all services or just EJB and RMI? Or another
  way of saying the same thing, can I setup weighted load balancing for
  the JSP engines across 2 weblogic servers.
  Thanks in advance,
  Mike

• Load Balancing with BigIP / SSL question

  I have an oddball question. We're load balancing ColdFusion
  MX7 across 3 servers using a BigIP load balancing server. We
  decided to go the hardware approach and it has been great except
  for one small configuration issue.
  We use a mix of SSL and non SSL pages, prior to the switch
  from a single server to a load balanced setup I used to script that
  would determine if a page that was supposed to be SSL had the
  variable CGI.HTTPS turned on or off. If it was off, the page would
  redirect back to itself with the SSL turned on.
  The problem we have is that we followed BigIP's instruction
  to secure the load balancing hardware instead of the three servers
  running behind it. So what happens is that the traffic goes to the
  load balancer port 441, but then the calls from the load balancer
  to the individual servers is port 80. So even if a page is called
  as HTTPS://... the coldfusion server says that CGI.HTTPS is "off"
  since the traffic is port 80.
  This isn't much of a problem, our SSL pages are linked as
  HTTPS:// and the only problem would actually arise if someone was
  to type in the URL and call it as HTTP rather than HTTPS.
  My questions is this, does anyone know of a way that I can
  detect if the page should be HTTPS and is not without changing our
  configuration and putting SSL certificates on each individual
  server?

  Hey,
  Well the load balancing with the BigIP device is really very
  amazing. I think
  what i liked most was swapping out servers when their lease
  was up, through the
  BigIP manager I just stopped all traffic to a server, shut it
  down, plugged in
  the new one and turned traffic back on. It was really very
  easy.
  The SSL stuff still gives me a headache to think about. but
  I should mention I
  no longer work where I was, plus now I'm all .net C# but
  that's a different
  story.
  I think if I was going to do this all again I would not have
  secured the bigIP
  unit. It was nice to buy one SSL cert for all the servers I
  attached rather
  than one per server, but getting the SSL sites to work
  properly was a headache.
  We also use windows file replication where now I would go
  with like a pair of
  Dell MD1000's mirrored for storage and just have tons of ram
  and cpu on the
  front end units. Depends what you want to spend I guess. I
  think the bigIP unit
  we bought was like 20 grand, i think they are cheaper now
  though.
  Hope I helped.

• How does load-balancing with WebCache work - is there still a bottleneck?

  Hello,
  We're migrating an old Forms 6i app to 10.1.2.0.2 (apps servers = Redhat Linux), and are starting to consider using WebCache to loadbalance between two application servers.
  My question is this - say we have apps servers A and B, both running Forms and Reports Services. We use Webcache on server A (don't have the luxury of a third apps server...) to load balance between A and B. So all initial requests come into A, which in some cases may then be diverted to start a new Forms session on B.
  For those users whose middle-tier sessions are now running on B - will all network traffic for their Forms session continue to be routed through Webcache on A, then to B, over the course of the session? Or does Webcache somehow shunt the whole connection to be straight between the client PC and server B, for the duration of that Forms session?
  If the former, does that mean that the server hosting Webcache can still be a significant bottleneck for network traffic? Have people found load-balancing with Webcache to be useful..?
  Thanks in advance,
  James

  Hi gudnyc,
  Thanks for posting on Adobe forums.
  For HDPI you do not have to do any It will adjust automatically.
  http://helpx.adobe.com/photoshop-elements/using/whats-new.html
  Regards,
  Sandeep

• ACE 4710 and load balancing with sticky cookie

  Configuring load balancing with SSL termination and stickiness for a couple of citrix xenapp servers.  I'm doing a source-NAT as the ACE resides in the DMZ and these particular servers reside on the inside arm of the firewall.  The ACE is in bridged mode to load balance web servers that reside in the DMZ.  Everything seems to work just fine, but the cookie stickiness does not seem to be working.

  Hi David,
  As you may know, using Wireshark to look at an HTTPS capture is only useful if you've installed the server SSL key.This is why I find it easier to use something like LiveHTTPHeaders or HTTPWatch.
  When using cookie-insert, the ACE will not create any dynamic cookie entries.  It will simply create one static entry for each rserver with a cookie value, such as R3911631338, and any client that gets load balanced to that rserver will receive a cookie with that value.  So what you see there is what is expected.
  You are correct in that when using location cookies that the server supplies, the ACE will create a dynamic entry when it sees the server response with the cookie.   The cookie is included in the server's response, and the ACE will look for the value as configured.  The cookie will also be sent to the client.  If the cookie is not in the server's first response, you will need enable persistence-rebalance so that it will look in subsequent server responses.  If the browser opens new connections with that cookie, then the ACE will stick to the same server.
  My suggestion would be to get sticky working with cookie-insert first.  Then if that meets your needs, go with that permanently.  If you need to use server cookies, then once cookie insert is working, migrate your sticky to cookie location.
  Sean

• Trying to load Balance several Cisco ISE servers.

  Trying to load Balance several Cisco ISE servers.  For persistence, Cisco recommends using Calling-Station-ID and Framed-IP-address...Session-ID is recommended if load balancer is capable of it.  I have documentation for the Cisco ACE, but using F5 LTM's.  Assuming this has to be done with an I-Rule as none of these are available as a default.  Not sue where to begin.  I tried attaching the Cisco PDF, but not able for whatever reason.

  Please also keep in mind that When using a Load-Balancer (anyone's) you must ensure a few things.
  Each PSN must be reachable by the      PAN /  MNT directly, without having to go through NAT (Routed mode LB,       not NAT). No Source-NAT. This includes the Accounting      messages, not  just the Authentication ones.
  This means the       Load-Balancer must be in the direct path between the clients and the ISE PSNs.
  Some       organizations have used Policy  Based Routing (PBR) to accomplish the       path, without physically  locating the Load-Balancer between the clients       and the PSNs.
  Endpoints (clients) must be able      to  reach each Policy Services Node Directly (not going through the VIP) for       redirections/Centralized Web Authentication/Posture  Assessments/Native      Supplicant Provisioning, and more.
  You may want to "hack"      the certs to include the VIP FQDN in the SAN field (my next blog post      should cover this trick).
  Perform sticky (aka: persistence)      based on Calling-Station-ID and Framed-IP-address.
  VIP gets listed as the RADIUS      server of each NAD for all 802.1X related AAA.
  Dynamic-Authorization (CoA):
  If you use       Server NAT to replace the  PSN IP address with the VIP Address for Change       of Authorization,  then you would use the VIP address as the       Dynamic-Authorization  (CoA) client.
  Otherwise, use       the real IP Address of the PSN, not the VIP.
  The LoadBalancers get listed as      NADs in ISE so their test authentications may be answered, to keep the      probes alive.
  ISE uses the Layer-3 Address      to  identify the NAD, not the NAS-IP-Address in the RADIUS packet. This       is a big reason to avoid SNAT.
  Failure Scenarios:
  The VIP is the RADIUS Server, so      if the  entire VIP is down, then the NAD should fail over to the Secondary       DataCenter VIP (listed as the secondary RADIUS server on the NAD).
  Use probes on the Load-Balancers      to ensure that RADIUS is responding, as well as HTTPS (at minimum).
  LB Probes       should send test RADIUS  messages to each PSE periodically, to ensure that       RADIUS is  responding, not just look for open UDP ports.
  LB Probe should       also examine the response for HTTPS, not just look for the open port(s).
  Use node-groups with the L2-adjacent      PSN's behind the VIP.
  If the       session was in process and one  of the PSN's in a node-group fails,       then another member of the  node-group will issue a CoA-reauth; forcing       the session to begin  again. 
  At this point,       the LB should have  failed the dead PSN due to the probes configured       in the LB; and so  this new authentication request will reach the LB &       be  directed to a different PSN…

• T3 Load Balancing with Weblogic Server 6.1

  We are using rwo weblogic 6.1 servers A and B behind a load balancer with a DNS name (eg. www.loadbalancer.com). We are using T3 for Java client to application server communication. The client creates the Initial context with the load balancer url,creates remote objects using the context, closes the initial context and then tries to get a new initial Context. What we noticed is even though the client closes the first context and gets a new one, the client is always hooked on to only one server making load balancing ineffective. Is there a T3 configuration to release the connection when we close the context ? The documentation says only one T3 is established per client JVM.

  Rick,
  You may want to look at the Alteon and F5 configuration we have on edocs.
  Take a look at the following URLs for a possible solution
  http://edocs.bea.com/wls/docs61/cluster/alteon.html#591902
  http://edocs.bea.com/wls/docs61/cluster/bigip.html#591902
  Chuck Nelson
  DRE
  BEA Technical Support

• Configure Barracuda Load Balancer with Exchange 2010

  I have following scenario:
  1 x DB
  1 x Exchange multi role server on VLAN1 on site 1
  1 x Exchange multi role Server on VLAN2 on site 2
  1 x cas array on site 1
  1 x cas array on site 2
  1 x Barracuda at site 1.
  How barracuda will load balance my 2 exchange servers located on different subnets and sites? Do i need to make them SINGLE SITE? and make them part of single array or i can do it without bringing them into single site. Barracuda can access both exchange servers.
  I cannot move servers, all i have to do is in the same scenario and that is to load balance CAS services.
  Hasan

  If your network supports(i.e. Bandwidth between Vlan1 and Vlan2) and if it is single ADsite you can. You have to add both Vlan1 server and Vlan2  server to the load balancer. 
  Enable DAC on both servers http://technet.microsoft.com/en-us/library/dd979790(v=exchg.150).aspx
  Cconfigure alternatewitness on DAG properties. http://technet.microsoft.com/en-us/library/dd297934(v=exchg.150).aspx
  One server with all roles in Vlan1  IP 192.168.1.101  
  One server with all roles in Vlan2  IP 192.168.2.101
  Assume you configured 192.168.1.100 as Barracuda VIP and pointed the names to this IP.
  If your Vlan1 network goes down your Exchange will go offline till you point the CAS Array FQDN to the IP of the Vlan2 server in Vlan2 DNS server. (i.e point CAS array FQDN to 192.168.2.101 as per above example)
  If you are not sure about the configuration on Barracuda I suggest you take help from Barracuda support to configure as per the above scenario. 
  If you want to reduce the traffic between Vlans you can switchoff shadow redundancy. Please read about
  shadow redundancy before switching off
  Set-TransportConfig -ShadowRedundancyEnabled $false
  Thanks, MAS
  Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
  I got you. Now if i make both Vlans server part of single array and that array FQDN IP will obviously be one of VLANs IP, so if that VLAN goes down then i need to change the IP of CAS array FQDN from local DNS (Pick one IP from another VLAN) and also on
  Barracuda... right? 
  Also correct me that VLAN IP on Barracuda will be the IP of CAS Array FQDN right? 
  Hasan