CSS Citrix CAG Load Balancing

Similar Messages

• Cisco CSS 11503 Arrowpoint/Load Balance question

  I am troubleshooting an issue with my 11503.  I am running version 07.40.0.04. I have it configured as follows:
    content upcadtoa-rule
      add service cadtoa-wls1-e0
      add service cadtoa-wls1-e1
      add service cadtoa-wls2-e0
      add service cadtoa-wls2-e1
      add service cadtoa-wls3-e0
      add service cadtoa-wls3-e1
      add service cadtoa-wls4-e0
      add service cadtoa-wls4-e1
      add service cadtoa-wls5-e0
      add service cadtoa-wls5-e1
      add service cadtoa-wls6-e0
      add service cadtoa-wls6-e1
      arrowpoint-cookie expiration 00:00:15:00
      protocol tcp
      port 8001
      advanced-balance arrowpoint-cookie
      redundant-index 2
      vip address 172.30.194.195 range 2
      arrowpoint-cookie name TOA
      active
  However, the load-balancing across the servers does not seem to be doing much balancing.  One of those servers is getting hit with 5 times as much traffic as another and another server is lucky to get a connection at all.  With the cookie expiration set, one would think that this would all balance out over time.
  I just came across this information from Cisco and I am wondering if it is relevant:
  If you configure a balance or advanced-balance method on a content rule that requires the TCP protocol for Layer 5 (L5) spoofing, you should configure a default URL string, such as url "/*". The addition of the URL string forces the content rule to become an L5 rule and ensures L5 load balancing or stickiness. If you do not configure a default URL string, unexpected results can occur.
  In the following configuration example, if you configure a Layer 3 (L3) content rule with an L5 balance method, the CSS performs L5 load balancing, but will reject UDP packets.
  content testing
  vip address 192.168.128.131
  add service s1
  balance url
  active
  The balance url method is an L5 load-balancing method in which the CSS must spoof the connection and examine the HTTP GET content request to perform load balancing. The CSS rejects the UDP packet sent to this rule because a UDP connection cannot be L5. Though the CSS allows this rule configuration, its expected behavior would be more clear if you promote the rule to L5 by configuring the url "/*" command.
  In the next example, if you configure an L3 content rule with an L5 advanced-balance method, L5 stickiness will not work as expected.
  content testing
  vip address 192.168.128.131
  add service s1
  advanced-balance arrowpoint-cookie
  active
  The advanced-balance arrowpoint-cookie method causes the CSS to spoof the connection, however, the CSS still marks it as an L3 rule. Thus, the CSS does not insert the generated cookie and the rule defaults to L3 stickiness (sticky-srcip). You must configure a URL like url "/*" to promote this rule to L5, ensuring that L5 stickiness works as expected.
  Thanks in advance for any help you can give.  The thing is not down, it is just balancing strangely causing application performance issues.
  James

  Hey James,
  You will need to suspend the content rule in order to add the url statement.  This will cause a quick downtime until the content rule is activated again.  I have shown below the commands to add the statement.  Perhaps you can create your commands in a Notepad file, then paste them all in so they execute quickly to minimize your downtime:
    content MY-SITE
      vip address 10.201.130.140
      port 80
      protocol tcp
      add service MY-SERVER
      active
  CSS11503# config t
  CSS11503(config)# owner TEST
  CSS11503(config-owner[TEST])# content MY-SITE
  CSS11503(config-owner-content[TEST-MY-SITE])# url "/*"
  %% Attribute may not be modified on active rule
  CSS11503(config-owner-content[TEST-MY-SITE])# suspend
  CSS11503(config-owner-content[TEST-MY-SITE])# url "/*"
  CSS11503(config-owner-content[TEST-MY-SITE])# active
  CSS11503(config-owner-content[TEST-MY-SITE])# exit
  CSS11503(config-owner[TEST])# exit
  CSS11503(config)# exit
  CSS11503# show run
    content MY-SITE
      vip address 10.201.130.140
      add service MY-SERVER
      port 80
      protocol tcp
     url "/*"       <--------
      active
  Hope this helps,
  Sean

• CSS and Oracle Load Balancing

  Hi,
  I have CSS in single arm deployment model. I have multiple servers load balancing on this CSS on port 80 etc. Today I am trying to load balance one Oracle server but I am facing problem with it.
  Real servers are accessible on port 80 without any problem but when we are trying to access the same servers on VIP we are not able to see the web page.
  real server http://192.168.17.12/irs.htm
  real server http://192.168.17.14/irs.htm
  real server http://192.168.10.37/irs.htm
  VIP
  http://192.168.200.58/irs.htm
  Below is the configuration. I can do the telnet on port 80 and I can ping the VIP IP address.
  I will only put 192.168.200.58 in browser I can see the oracle page but with the full URL i am not able to see it.
  Though I have other oracle servers which I have load balance with the same configuration and I can access the web page.
  ==========================================================================================
  http://tptest.enoc.com/forms/frmservlet?config=tp  (This is working fine).
  ========================================================================
  http://irs.enoc.com/irs.htm  (This is not working).
  By name and by IP address both are not working.
  http://192.168.200.58/irs.htm  (This is not working).
  =============================================================================
  service IRC_1
    ip address 192.168.17.12
    keepalive type tcp
    keepalive port 80
    active
  service IRC_2
    ip address 192.168.17.14
    keepalive type tcp
    keepalive port 80
  service IRC_DR
    ip address 192.168.10.37
    keepalive type tcp
    keepalive port 80
  content ENOC_IRC
      add service IRC_1
      add service IRC_2
      add service IRC_DR
      vip address 192.168.200.58
      protocol tcp
      port 80
      advanced-balance sticky-srcip
      active
  owner ENOC_GIT
  content ENOC_IRC
      add service IRC_1
      add service IRC_2
      add service IRC_DR
      vip address 192.168.200.58
      protocol tcp
      port 80
      advanced-balance sticky-srcip
      active
  group ENOC_IRC
    add destination service IRC_1
    add destination service IRC_2
    add destination service IRC_DR
    vip address 192.168.200.58
    active
  ===================================================================================================
  ENOCDC-CSS01(config)# show service summary
  Service Name                     State     Conn  Weight  Avg   State
                                                           Load  Transitions
  IRC_1                            Alive         0      1     2            0
  IRC_2                            Suspended     0      1   255            1
  IRC_DR                           Suspended     0      1   255            1
  ENOCDC-CSS01(config)# show summary
  Global Bypass Counters:
     No Rule Bypass Count:     0
     Acl Bypass Count:         0
  Owner            Content Rules    State     Services         Service Hits
  ENOC_GIT        
                ENOC_IRC         Active    IRC_1            103
                                              IRC_2            10
                                              IRC_DR           7
  =======================================================================================================
  Same setting I am doing for other servers and working fine only for these servers I am facing problem. Curently only one server is active in the configuration.
  Kindly let me know what I am missing and how to fix the problem.
  I have also attached the full configuration of CSS.

  Hi,
  My point of concern is that I did the same for Oracle server and this is working fine
  http://192.168.200.95/forms/frmservlet?config=tp
  only when I am doing the load balancing for
  http://irs.enoc.com/irs.htm  (This is not working).
  By name and by IP address both are not working.
  http://192.168.200.58/irs.htm  (This is not working).
  I dont have a option for TAC case is there a a way to fix the problem by apply other load balancing method. Is there something to do with the Circut VLAN. I didnt create the Circut VLAN 17 where this server is located.
  I am doing almost 8 differenceservers load balancing in this CSS.
  your expert opinion will definately help me.

• CSS 11501 http load balancing

  Hi,
  i have configured to load balancing the http traffic to 2 servers, servers have the ip address 10.10.50.100 and 10.10.50.101 resp and the vip is 10.10.46.10
  iam not able to access the http through the vip, can some one help on this
  am i required to the nating, below is the connectivity
  User -->SW->ASA->CSS->SW->server1 & server2
  iam not able to access the server through vip
  Please help
  Thanks
  Ravi
  Ravi

  What is the default gateway defined on Servers?
  Is it CSS circuit IP or the ASA?
  How is CSS conected? Are there diff vlans connected to servers and ASA? Or CSS is connected to the Switch in one arm mode?
  You need to make sure that the return traffic from Servers should pass through the CSS.
  Syed

• CSS arrowpoint cookie load balancing issue

  Hi guys,
  I need some advice on a load balancing issue.
  We have connections hitting the CSS via a proxy environment. As a result i see only one source ip address. I want to use arrowpoint cookies for session stickeyness. However when i enable the rule the tcp session negotiation fails. The CSS sends a TCP/RST which terminates the session.
  Here's the rule config:
  content HTTP_rule
  add service ZSTS299102
  add service ZSTS281101
  vip address <filtered>
  add service LONS299102
  add service LONS281101
  balance weightedrr
  change service ZSTS299102 weight 5
  change service ZSTS281101 weight 5
  advanced-balance arrowpoint-cookie
  protocol tcp
  port 80
  url "/*"
  active
  Any help would be much appreciated.

  Remko,
  in L3/L4 the CSS sends the SYN directly to the server.
  So when the FIN comes in, we simply pass it to the server.
  With L5 the CSS spoofs the connection and we select the server only after receiving the GET.
  If there was some delay between the GET and the FIN, the CSS would have time to establish a connection with the server and the FIN could be simply forwarded.
  Unfortunately, in this case the FIN is right after the GET with no delay.
  Gilles.

• Citrix and Load Balancing

  We can use a single Citrix Terminal Server over Netlet without a problem.
  Has anyone experience using a Terminal Server Farm instead of a single server?
  What is the best approach?
  - DNS round robin?
  - Citrix configuration, i.e. load balancing?
  - Netlet configuration?
  - other?
  Thanks,
  Juergen, Thomas

  Thomas,
  There is an internal white paper from iPlanet Professional Services that
  describes a technique for contacting a Citrix ICA Master browser which in
  turn supports load balancing across a MetaFrame/Terminal Server Farm.
  The gist of it was that the latest ICA clients support a new protocol
  "TCPIP+HTTP" which gets around the UDP problem when contacting the browser.
  And since the browser will return a different IP depending on which
  MetaFrame server it selects, this was solved by use of the "altaddr" setting
  that can be done on each MetaFrame server to set an alternate IP address
  that will be forwarded through firewalls.
  All of these settings are described in the Citrix Administrator's guide, but
  the white paper puts it all together along with examples of how the Netlets
  should be constructed.
  I have not tried this yet myself, and unfortunately, I do not have the white
  paper in electronic form right now to send to you.
  Hopefully your iPlanet SE, or other tech support will be able to track this
  down and send it to you.
  Gary Beshara
  BP
  "Juergen Maihoefner" <[email protected]> wrote in message
  news:[email protected]..
  We can use a single Citrix Terminal Server over Netlet without a problem.
  Has anyone experience using a Terminal Server Farm instead of a singleserver?
  >
  What is the best approach?
  - DNS round robin?
  - Citrix configuration, i.e. load balancing?
  - Netlet configuration?
  - other?
  Thanks,
  Juergen, Thomas

• CSS: BoxToBox and Global Server Load Balancing

  Hi,
  I'm going to setup a CSS based Global Load Balancing architecture in two different sites with 2xCSS11503 in each site.
  I need DNS Sticky but I'm not going to configure a Global Sticky Database since I would like to configure the two CSS in each site in Box To Box redunancy.
  Is it possible to configure on a CSS two app session, one for the Zone-based DNS with remote site and the other one for local Box-to-Box redund?
  Thank you
  Kind Regards
  Fulvio

  Hi Fulvio,
  Take a look at the NOTE on the below link
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/gslb/guide/DNS.html#wp1170057
  Box to box should be at part of the caveat
  Thanks
  Venky

• Load Balancing simple question

  Hi,
  i'm using CSS 11501 to load balance some web servers using src IP.
  if one src IP is directed to certain web server,
  How much time has to pass for this same src IP to be directed to other web server?
  Thank you in advance!

  By default, entries in the sticky table do not time out. The table works on a first-in, first-out basis. The size of the table depends on the amount of memory in the CSS (SCM 144 MB --> 32k, SCM 288 MB --> 128k).
  You can change the default timeout value using the 'sticky-inact-timeout ' command.
  ~Zach

• Exchange 2013 Load Balancing Question

  Hey Everyone,
      I have recently started building up my companies Exchange 2013 environment and ran into some questions that I can't seem to find clear answers for on Google.
      First, a little bit about my set up:
  2 CAS Servers
  2 Mailbox Servers
  Citrix NetScaler load balancing the external URL (Controlling all incoming ports 25, 80, 443, 587, 993, and 995) to both of my CAS servers
  This is not doing SSL offloading, it's just forwarding encrypted traffic to the CAS servers
  I have configured a DAG between the 2 mailbox servers and am able to actively move the database my user account is on between the 2 copies with outlook disconnecting / reconnecting in about 10 - 15 seconds of moving it.
  My questions started when I saw what Outlook was filling in for the "Server" field once autodiscover set it up.  I found this very strange server name in it:  *** Email address is removed for privacy ***
  Once I read up on it, I think i understand what it does.   If i understand correctly, this weird URL is sort of like an old CAS array from Exchange 2010.  When I started testing the failover is when I started running into issues.
  When I shut down one of my mailbox servers, my outlook will lose connection and it won't come back.  The mailbox database that my user account is on successfully failed over to the other DAG copy but outlook never correctly connects.  I
  believe this issue has something to do with the new CAS functions of Exchange 2013 since DAG works fine.
  If I look at my "Connection Status" in Outlook, I see that there are several connections open.  All of them have a Proxy server address of "exchange.domain.com" and out of the 3 that show up there, they are all pointed to
  the weird URL mentioned above.
  Whew, long post but let me summarize my questions below:
  1)  If exchange is configured to be fully redundant, why does my outlook disconnect when I shut down one of the servers?
  2)  What is the weird URL pointing to that I mentioned above that is showing in outlook?
  3)  How can I get outlook to correctly not lose it's connection when any 1 of the servers goes down?
  Thanks,
  Zac

  Hi,
  According to your description, it seems that the load balancer did not configure successfully.
  I recommend you refer to the following article to configure the load balancer for Exchange 2013 :
  http://blogs.vmware.com/vsphere/2012/11/load-balancing-using-vcloud-networking-and-security-5-1-edge.html 
  Hope this helps!
  Thanks.
  Niko Cheng
  TechNet Community Support

• Printer load balancing

  Hi Experts,
  Greetings!
  We have requirement where Currently all the printing work ( paper work ) takes place on one printer for a plant.
  ( Table z*, one printer is assigned per plant )
  Going forward, as the volume of the paper work is going to drastically increase, the business
  is thinking of including more printers for a plant.
  Say 2 or 3 printers per plant. so, all the paper work is going to be printed on 2-3 printers
  to offload the printing from a single printer.
  How we can technically see all the printer specific details run time and how to manage the queue of the printer. Any Inputs on this will be really help full.
  Thanks ,
  Raj

  Hi Andre,
  I'm not very familiar with the protocols that printers use, but if the connection is simply over a TCP or UDP connection, then sure, that should be no problem.  However, if you need to do some sort of upper-layer fixup, then maybe not.  The CSS only really has application layer capabilites for HTTP, and just enough for FTP to open the necessary pin-holes, etc.
  So the bottom line, is if for printing, a client simply opens a TCP connection on some port to the printer, sends the print job, then closes that connection, then i don't see any reason that the CSS, or any load balancer, couldn't load balance it.
  Perhaps you are more knowledgeable on printer communications than I.  Are you aware of anything special that might make printers tricky to load balance?
  BTW, I think this is the first time I've heard of printer load balancing.  Learn something new every day!  ;- )
  Sean

• CSS Load Balancing Citrix Terminal server, is ti possible ?

  Hi we have to balance a Terminal Server Citrix Server Farm with css, did anyone already realize it? Is there any problem to do it ? Someone told me there is nat problem with citrix metaframe terminal server, has anyone information about it ?
  Any help will be greatly appreciated. Many thanks
  Max

  Stickyness means that once a user is directed to a server through the load balancer, that user will remain on the server he was first load balanced to for the duration of their connection. Otherwise, every tcp connection that a user makes is load balanced to whatever servers are configured. There are severalways to configure stickyness. You can do it via:
  -source IP
  -source IP and destination port
  -text string in a cookie or URL
  -SSL session ID
  take a look at this document that explains it better than I could:
  http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080772d96.html

• Citrix CAG and CSS

  I have a problem with Citrix dropping connections when going through the CSS.
  I am just doing a L3 content and the CAG is handling all the SSL.
  I have set the flow-timeouts and verified that flows are NOT timing out with a show flows.
  I have enabled tcp fragments. Otherwise the config is very simple. Just two CAGs with a VIP to load balance.
  When I go through the CSS, the connections are dropped after about 1 1/2 hours. The client side appears to issue a "FIN" Packet to close out the connection.
  However, when we bypass the CSS, we DO NOT get this behavior.
  Has anyone seen this or have any suggestions?

  Hi Chris,
  You might want to try balance leastconn for your balancing method.  Also, note that you are not currently configured for sticky, so the sticky timeout you have configured isn't doing anything.  Do you require sticky?  If you do not require sticky, then leastconn should give you the best distribution across services at any given point in time.  Adding sticky, such as with advanced-balance sticky-srcip, will skew load balancing as clients become stuck to one service.
  Hope this helps,
  Sean

• Load Balance a Citrix Farm

  Been approached by our server team. They are having issues with DNS load distibution (won't call it balancing as there's no logic to it) with a 10 server Citrix Farm. It seems to me this would be a good candidate for L3 loadbalancing on a CSS 11500 series.
  Anyone have any experience or things I need to consider?
  Thanks in advance.
  Jim

  Check that traffic volumes and patterns are the ones that you have dimensioned the circuits for.
  For basic css load balancing configuration kindly refer the following url,
  http://cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a008009438d.shtml
  http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps792/prod_end-of-life_notice0900aecd804882de.html

• Problem with WLIOTimeoutSecs in weblogic and apche  CSS load balancer

  Hi,
  We are using Weblogic 11g, apache 2.2 and CSS load balancer for load balancing.
  we have huge reports which take minutes to generate and hence we need higher value for WLIOTimeoutSecs. This works fine when we use server url but WLIOTimeoutSecs is not working when we use CSS load balancer.
  We checked with our load balancing team they said CSS load balancer will not repost the request.
  Here is the plugin configuration
  <Location /*****>
  SetHandler weblogic-handler
  PathTrim /
  WebLogicHost 'serevrip'
  WebLogicPort 'port'
  WLIOTimeoutSecs 3600
  Idempotent OFF
  WLProxySSL ON
  DefaultFileName /***/***/index.jsp
  Debug On
  WLLogFile /***/***/***/***.log
  </Location>
  Could some please help me on this.
  Thanks in advance
  Regards,
  Venkat

  Hi Tarun,
  The problem occurs when the SSL is enabled on apache. If I access the same URL over HTTP, the parameter WLIOTimeOut works fine.
  Also I observed that, none of the parameters are getting applied to the plugin. I had switched on 'DebugConfigInfo'. With this the HTTP URL with ?__WebLogicBridgeConfig as query parameter returned the complete configuration. However when accessed with HTTPS the server did not return the configuration.
  Is there a specific configuration to be applied when apache is used with SSL?
  Thanks for your help,
  Shashi

• How to set up load balancing with overload server on css

  can anyone tell me how to set up a load balancing config on css that will enable me to LB proxy caches and when they have too many connections then LB against an overload proxy-cache.
  Such that when the normal proxy-cache farm is under the ceiling of max connections then the overload server is not used ?
  I don't think redirect or sorry server will do this ?

  see the below configuration,any question,just tell me.
  service proxy-1
  ! below is the real ip of server
  ip address 10.1.1.1
  keepalive type icmp
  active
  service proxy-2
  ip address 10.1.1.2
  keepalive type icmp
  active
  ! enter owner config-mode
  owner proxy
  ! define a content rule,match what you want to load balancing
  content rule-proxy
  ! below is virtual ip,it can be another ip segment
  vip address 10.1.1.50
  add service proxy-1
  add service proxy-2
  protocol any
  advanced-balance sticky-srcip
  active