CSS - load balance https on different port no
Hi,
Need to create a rule for access :
https://1.1.1.1:7000 (Front End), but the server only open port 7000, how can i create a rule for that?
FYI, my CSS do not have any SSL license..is that workable??
Thanks..
you have both 7000 frontend and backend.
service web-7000
ip address x.x.x.x
port 7000
active
owner MyCompany
content https-7000
vip address x.x.x.x
port 7000
add service web-7000
active
Use the 'port' command to select the frontend and backend port.
You can change it to whatever you want and it does not need to match.
Gilles.
Similar Messages
-
Problem with WLIOTimeoutSecs in weblogic and apche CSS load balancer
Hi,
We are using Weblogic 11g, apache 2.2 and CSS load balancer for load balancing.
we have huge reports which take minutes to generate and hence we need higher value for WLIOTimeoutSecs. This works fine when we use server url but WLIOTimeoutSecs is not working when we use CSS load balancer.
We checked with our load balancing team they said CSS load balancer will not repost the request.
Here is the plugin configuration
<Location /*****>
SetHandler weblogic-handler
PathTrim /
WebLogicHost 'serevrip'
WebLogicPort 'port'
WLIOTimeoutSecs 3600
Idempotent OFF
WLProxySSL ON
DefaultFileName /***/***/index.jsp
Debug On
WLLogFile /***/***/***/***.log
</Location>
Could some please help me on this.
Thanks in advance
Regards,
VenkatHi Tarun,
The problem occurs when the SSL is enabled on apache. If I access the same URL over HTTP, the parameter WLIOTimeOut works fine.
Also I observed that, none of the parameters are getting applied to the plugin. I had switched on 'DebugConfigInfo'. With this the HTTP URL with ?__WebLogicBridgeConfig as query parameter returned the complete configuration. However when accessed with HTTPS the server did not return the configuration.
Is there a specific configuration to be applied when apache is used with SSL?
Thanks for your help,
Shashi -
Load balancing HTTP requests for an OC4J instance w/multiple JVMs
Hello everyone,
I am using OAS 10.1.3.1 and wish to load balance HTTP requests across an OC4J group of one or more OC4J instances, where each like named OC4J instance may have multiple JVMs or it may just have one JVM.
My mod_oc4j.conf file would contain the following directives :
Oc4jSelectMethod roundrobin:local
Oc4jRoutingMode Static
Oc4JMount /xyz/* xyz
In the degenerate case, I would like to have an OC4J group with a cluster size of one, and have that one OC4J instance have two or more JVMs. I would like to be able to receive a request within my web application, determine that the JVM that has been sent the request is the wrong JVM to process the request, and then call HttpServletResponse.sendRedirect("/xyz"). Then, when the browser receives the HTTP 302 response and issues the subsequent HTTP request, have that request sent to a different JVM than the previous JVM that issued the sendRedirect().
What I have seen is that the subsequent request is sent back to the same JVM that issued the sendRedirect(). I also call invalidate() against the HttpSession prior to calling sendRedirect(), but that does not seem to affect the behavior that I see.
In the full blown case, I would have an OC4J group with a cluster size > 1, and each of those OC4J instances would have at least one JVM. In that case, I wish the sendRedirect() call to allow the subsequent request to be sent to any one of the OC4J instances in the group, and any one of those JVMs within all of those OC4J instances.
Can anyone verify that my mod_oc4j mount directive is appropriate given the select method and routing mode? What else might I need to do to have a chance to have a different JVM respond to the request that results from a sendRedirect()?
Thank you,
DougI should clarify that in the full blown environment, the OC4J instances that form a group will each be housed within a separate OAS instance that resides on its own machine.
So ideally, a request could be inbound to say OAS instance 1 on machine A, OC4J instance AA, JVM 2, and I need to force a redirect so that the request can actually be serviced by OAS instance 3 on machine C, OC4J instance AA, JVM 1, and I need to be able to call sendRedirect() against an HttpServletResponse from within a JVM until the subsequent request from the browser, Internet Explorer in my case, is serviced by that JVM.
Thanks,
Doug -
CSS Load Balancing with Billing Server
Hi Gilles
Could I have a CSS load balancing two servers and also have it communicate with a billing server across the network. If yes then how can I do it?
Regards,
Sushilthe CSS does not have the notion of billing server. A separate device - like the CSG - should be used if you need to collect billing info.
Gilles. -
Load Balancing HTTP requests to ABAP App Servers options?
Looking at SAP Documentations, SAP recommends to use the Web Dispatcher to load balance HTTP requests to multiply ABAP App servers.
My question is that the only solution? or can we use hardware such as the F5 BigIP to perform the same job?
Any thoughts?In collaboration with SAP and SAP customers, F5 Networks has created a solution that delivers security, high availability, and improved performance for SAP web and portal technologies.
By deploying F5 Networks solutions with SAP NetWeaver, enterprises extend their control over their Network and Application traffic, and ensure the fast and secure delivery of their applications.
Benefits of F5 for SAP NetWeaver and Enterprise SOA
u2022 Cuts SAP Enterprise Portal login time by more than half for WAN users
u2022 Speeds document downloads
u2022 Reduces SAP server CPU utilization by 44%
u2022 Provides a 20x reduction in the number of SAP server-side connections
Further details, case studies and deployment guides on;
http://www.f5.com/solutions/applications/sap/netweaver/
F5 certification information on SAP Website
http://www.sap.com/partners/directories/SoftwareISVSolutions.epx?context=21B87D61C0F646A22B2A6DB254A010CA8C9C141B7529F029910FE6FF9EEEC5A701BF20EED61AC07159D98BAA068EBE1B8C5C7665EA2226374E942CF1D2A49D20AB1BFDFA1E0B68EC41E3058F04A85F105D5002CF1A11383C905D9FE5DDB951251A4B574B0BBE58309F67667A3B95877FEF85F1EF8B2C1A9F6FBA3BF5066D9534%7c01518B8BD6BF02F55A5A72E5947F2C45
Hope this helps. Thanks -
CSS load balance - Lock Outlook 2007 - RPC over http
I have problema whit load balance for configuration of client Outlook 2007. (using protocol RPC over http). Through the CSS, after a period of utilization, the Outlook lock. And without the CSS doind load balance, no ocurred the problem.
I appreciate any help.
Thanks!Jason,
CSS is not created in a source group of "exchange2007rcvir. Is that the problem is that?
**** OWNER ****
content exchange2007rcvir
vip address 10.58.32.123
add service scmt801cto
add service scmt801cas
redundant-index 205
protocol tcp
advanced-balance sticky-srcip
sticky-inact-timeout 30
active
content exchangehtvir
vip address 10.58.32.89
add service scmt700cto
add service scmt700cas
redundant-index 201
protocol tcp
advanced-balance sticky-srcip
sticky-inact-timeout 30
active
content exchangewavir
vip address 10.58.32.33
add service scmt800cto
add service scmt800cas
redundant-index 51
protocol tcp
advanced-balance sticky-srcip
sticky-inact-timeout 30
active
***** GROUP *****
group exchangehtvir
add destination service scmt700cto
add destination service scmt700cas
vip address 10.58.32.91
active
group grp_axiavir
vip address 10.58.32.83
add destination service scxt393cas
add destination service scxt394cas
add destination service scxt395cas
add destination service scxt393cto
add destination service scxt394cto
add destination service scxt395cto
active
** No have exchange2007rcvir -
CSS Load balancing for Exchange Server
Hi,
I have CSS configured in single arm and I have multiple servers configured for load balancing and it is working fine but when I am configuring Exchange server for load balancing I am facing problem and applications and printer/scanners are not able to send the email through the Virtual IP address configured for exchaneg server.
But if we configured the real server IP in the printer/scanners they are able to send the email. While checking the logs on the exchange server, it is showing that request for the email so coming from the Exchange VIP configured in the CSS.
I can telnet on port 25 on the VIP address (192.168.200.237). But unable to send the email through this VIP.
Below is the configuration
service ENOC_EXCHANGE-1
ip address 192.168.200.235
active
service ENOC_EXCHANGE-2
ip address 192.168.200.236
active
content EXCHANGE
add service ENOC_EXCHANGE-2
add service ENOC_EXCHANGE-1
vip address 192.168.200.237
active
group EXCHANGE
add destination service ENOC_EXCHANGE-1
add destination service ENOC_EXCHANGE-2
vip address 192.168.200.237
active
DC-CSS01# show rule GIT EXCHANGE
Name: EXCHANGE Owner: ENOC_GIT
State: Active Type: HTTP
Balance: Round Robin Failover: N/A
Persistence: Enabled Param-Bypass: Disabled
Session Redundancy: Disabled
IP Redundancy: Not Redundant
L3: 192.168.200.237
L4: Any/Any
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: EXCHANGE-1-Alive, S-1
2: EXCHANGE-2-Down, S-1
=============================================================================
Please let me know how to solve this problem. System team is saying with the physical IP address it is working fine problem with Load balancing. I have even tried with the
Add service command in the group but didnt work for me. If i will remove the group command then I cant telnet on port 25.
I think this is related to single arm modle or some wrong configuration for the NAT.
Kindly assist meHi
Printers are on Vlan 80 ( gw is 192.168.80.1) and exange server is on vlan 200 (gw is 192.168.200.1) i have multiple vlan which will communcate with exchange.
I hv other servers on 200 subnet which are working fine in load balancing.
My CSS is single arm setup.
Please assist
Sent from Cisco Technical Support iPhone App -
CSS load balancing in both directions.
Hi all,
my questions are
-if it is possible divide (virtualize) one physical CSS to separate ones?
and than
-if it is possible use one virtual CSS for loadbalancing in one direction and other CSS use for loadbalancing in opposite direction?
BR
ggIt sounds like you need to implement a group rule using 'add service service_name'.
ie.
service web1
ip address 192.168.1.1
port 80
active
service web2
ip address 192.168.1.2
port 80
active
owner vip
content web_servers
vip address 192.168.1.100
port 80
protocol tcp
add service web1
add service web2
active
group web_servers
vip address 192.168.1.100
add service web1
add service web2
active
What this should do is NAT any request *initiated* from web1 or web2 to the IP address specified in the group rule. In this case it is 192.168.1.100, the same as the content rule. This is fine, or you can use a different IP. I'm using RFC1918 addresses in this example, as 192.168.1.100 would be natted to some public IP on the firewall in front of the CSS.
If you wanted to do internal load balancing, or load balance to a service *NOT* within your environment (ie. 3rd party data center), you would simply change 'add service' to 'add destination service' in the group rule.
James -
I am new to CSS. I have CSS 1150 with IOS 7.3. I want to load balancing two servers 192.168.210.55 and 192.168.210.56 on port 80.
My CSS is connected in single arm configuration. Core switch is dong the Inter VLAN routing and CSS is connected in the VLAN 200 access Port.
Servers and CSS are connected to same Layer 3 switch.
CSS is in VLAN 200 (192.168.200.10)
Servers are in VLAN 210
Below is the configuration of my CSS
================================================================================
CSS11501(config)# show run
!Generated on 04/03/2011 16:47:41
!Active version: sg0730106
configure
!*************************** GLOBAL ***************************
username net des-password xxxxxx superuser
logging subsystem flowmgr level debug-7
logging disk log.log
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2
interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD
interface e4
bridge port-fast enable
phy 100Mbits-FD
interface e8
bridge port-fast enable
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.200.10 255.255.255.0
!************************** SERVICE **************************
service Citrix_Xenapp
ip address 192.168.210.55
keepalive port 80
active
service Citrix_Xenapp_2
ip address 192.168.210.56
keepalive port 80
active
!*************************** OWNER ***************************
owner ENOC_Citrix_XENAPP
content Citrix_XENAPP
add service Citrix_Xenapp
add service Citrix_Xenapp_2
vip address 192.168.200.52
protocol tcp
port 80
active
CSS11501(config)# show service
Services (3 entries):
Name: Citrix_Xenapp Index: 0
Type: Local State: Alive
Rule ( 192.168.210.55 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:38:49
Mtu: 1500 State Transitions: 14
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: Citrix_Xenapp_2 Index: 6
Type: Local State: Alive
Rule ( 192.168.210.56 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:39:40
Mtu: 1500 State Transitions: 12
Total Local Connections: 1 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 1 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
CSS11501(config)# sh version
Version: sg0730106 (07.30.1.06)
Flash (Locked): 07.20.2.06
Flash (Operational): 07.30.1.06
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
CSS11501(config)# sh run
!Generated on 04/03/2011 17:39:46
!Active version: sg0730106
configure
!*************************** GLOBAL ***************************
username net des-password xxxxx superuser
logging subsystem flowmgr level debug-7
logging disk log.log
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2
interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD
interface e4
bridge port-fast enable
phy 100Mbits-FD
interface e8
bridge port-fast enable
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.200.10 255.255.255.0
!************************** SERVICE **************************
service Citrix_Xenapp
ip address 192.168.210.55
keepalive port 80
active
service Citrix_Xenapp_2
ip address 192.168.210.56
keepalive port 80
active
!*************************** OWNER ***************************
owner ENOC_Citrix_XENAPP
content Citrix_XENAPP
add service Citrix_Xenapp
add service Citrix_Xenapp_2
vip address 192.168.200.52
protocol tcp
port 80
active
CSS11501(config)# show service
Services (3 entries):
Name: Citrix_Xenapp Index: 0
Type: Local State: Alive
Rule ( 192.168.210.55 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:38:49
Mtu: 1500 State Transitions: 14
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: Citrix_Xenapp_2 Index: 6
Type: Local State: Alive
Rule ( 192.168.210.56 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:39:40
Mtu: 1500 State Transitions: 12
Total Local Connections: 1 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 1 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
CSS11501(config)# show content
Content Database:
Pieces of content for module: 1
Total Content: 56
CSS11501(config)# show owner
Owner Configuration:
Name: ENOC_Citrix_XENAPP
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
CSS11501(config)# show owner ?
<cr> Execute command
ENOC_Citrix_XENAPP
CSS11501(config)# show owner ENOC_Citrix_XENAPP ?
<cr> Execute command
statistics Show owner statistical information
CSS11501(config)# show owner ENOC_Citrix_XENAPP
Owner Configuration:
Name: ENOC_Citrix_XENAPP
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
CSS11501(config)# show owner ENOC_Citrix_XENAPP statistics
Owner Statistics for <ENOC_Citrix_XENAPP>:
DNS Policy: None Case Sensitivity: Off
Hits: 1 Reject Overload: 0
Bytes: 52 Reject No Services 0
Frames: 1 Drops 0
Redirects 0 NAT Translations: 0
Spoofs: 0
CSS11501(config)#
The load balaning IP is 192.168.200.52 but I cant ping this virtual IP and cant telnet on port 80 on this IP address.
CSS11501(config)# ping 192.168.205.55
Pinging 192.168.205.55 1 time(s)...
Working(-) 0/1
0% Success.
%% Ping Failure
CSS11501(config)# ping 192.168.210.55
Pinging 192.168.210.55 1 time(s)...
Working(-) 1/1
100% Success.
CSS11501(config)# ping 192.168.210.56
Pinging 192.168.210.56 1 time(s)...
Working(-) 1/1
100% Success.
CSS11501(config)# ping 192.168.210.1
Pinging 192.168.210.1 1 time(s)...
Working(-) 1/1
100% Success.
CSS11501(config)# ping 192.168.200.1
Pinging 192.168.200.1 1 time(s)...
Working(-) 1/1
100% Success.
Network connectivity is there. Please let me know what I am missing and how to solve this problem.
Thanks in advance.Thanks for the reply, But I have modified my configuration. Now I am load balancing VLAN 200 Servers where the CSS also located in the same VLAN. Attach is the updated configuration.
I can only ping the VIP but not able to telnet on VIP (192.168.200.65 80).
configure
!*************************** GLOBAL ***************************
username net des-password net@dmin superuser
no restrict web-mgmt
logging subsystem flowmgr level debug-7
logging disk log.log
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2
interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD
interface e4
bridge port-fast enable
phy 100Mbits-FD
interface e8
bridge port-fast enable
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.200.10 255.255.255.0
!************************** SERVICE **************************
service Citrix_Xenapp
ip address 192.168.210.55
keepalive port 80
active
service Citrix_Xenapp_2
ip address 192.168.210.56
keepalive port 80
active
service ENOC_EFAX_1
ip address 192.168.200.66
keepalive type none
protocol tcp
port 80
active
service ENOC_EFAX_2
ip address 192.168.200.67
keepalive type none
port 80
protocol tcp
active
!*************************** OWNER ***************************
owner ENOC_Citrix_XENAPP
content Citrix_XENAPP
add service Citrix_Xenapp
add service Citrix_Xenapp_2
vip address 192.168.200.52
protocol tcp
port 80
active
owner ENOC_EFAX
content EFAX
add service ENOC_EFAX_2
add service ENOC_EFAX_1
vip address 192.168.200.65
protocol tcp
port 80
active
!*************************** GROUP ***************************
group EFAX
vip address 192.168.200.65
add service ENOC_EFAX_1
add service ENOC_EFAX_2
active
=====================
CSS11501(config)# show flow
flow-timeout Display flow-timeout values.
flows Show flow summary information
CSS11501(config)# show flow 0.0.0.0
^
%% Invalid input detected at '^' marker.
CSS11501(config)# show flows 0.0.0.0
Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort
192.168.80.89 4567 192.168.200.65 80 192.168.200.67 TCP e8 e8
192.168.200.67 80 192.168.80.89 4567 192.168.80.89 TCP e8 e8
192.168.80.89 2474 192.168.200.10 23 0.0.0.0 TCP e8 Ipv4
CSS11501(config)# show service
Services (5 entries):
Name: Citrix_Xenapp Index: 0
Type: Local State: Alive
Rule ( 192.168.210.55 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: Citrix_Xenapp_2 Index: 6
Type: Local State: Alive
Rule ( 192.168.210.56 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: ENOC_EFAX_1 Index: 1
Type: Local State: Alive
Rule ( 192.168.200.66 TCP 80 )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (NONE 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 1 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 1 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: ENOC_EFAX_2 Index: 2
Type: Local State: Alive
Rule ( 192.168.200.67 TCP 80 )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (NONE 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 2 Total Backup Connections: 0
Current Local Connections: 1 Current Backup Connections: 0
Total Connections: 2 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
CSS11501(config)# show service summary
Service Name State Conn Weight Avg State
Load Transitions
Citrix_Xenapp Alive 0 1 2 0
Citrix_Xenapp_2 Alive 0 1 2 0
ENOC_EFAX_1 Alive 0 1 2 0
ENOC_EFAX_2 Alive 1 1 2 0
CSS11501(config)# show rule
Content Rules:
///\\\ The Duke of Url.
{ O--O }
[||]
>>>>>>>>
Name: EFAX Owner: ENOC_EFAX
State: Active Type: HTTP
Balance: Round Robin Failover: N/A
Persistence: Enabled Param-Bypass: Disabled
Session Redundancy: Disabled
IP Redundancy: Not Redundant
L3: 192.168.200.65
L4: TCP/80
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: ENOC_EFAX_1-Alive, S-1
2: ENOC_EFAX_2-Alive, S-1
>>>>>>>>
Name: Citrix_XENAPP Owner: ENOC_Citrix_XENAPP
State: Active Type: HTTP
Balance: Round Robin Failover: N/A
Persistence: Enabled Param-Bypass: Disabled
Session Redundancy: Disabled
IP Redundancy: Not Redundant
L3: 192.168.200.52
L4: TCP/80
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: Citrix_Xenapp-Alive, S-1
2: Citrix_Xenapp_2-Alive, S-1
CSS11501(config)# show content
Content Database:
Pieces of content for module: 1
Total Content: 56
CSS11501(config)# show owner
Owner Configuration:
Name: ENOC_EFAX
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
Name: ENOC_Citrix_XENAPP
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
CSS11501(config)#
Please let me know what I am missing and also one link is not working.
To configure source nat you can refer to the following:
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/configuration/content_lb/guide/SGrp.html -
CSS load balancing, service dependancy condition check
Hi,
I would like to seek some advice regarding the CSS's service configuration.
Is there a way to configure the CSS such that it check for the condition/status of a independant service (not involved in the load balancing algorithm) is alive/down (using service mode keepalive port/type), before deciding whether to/not to load balance to a group of services?
Senario is as follwows:
We process incoming HTTPS request and load balance to 2 HTTPS Servers (HTTPS service SSL1 and SSL2), on condition that a independent service (HTTPS service SSL3) is alive (using the keepalive type/port check in service mode).
If the independant service (HTTPS service SSL3) is not alive, remove the HTTPS Servers (HTTPS service SSL1 and SSL2) from the load balancing algorithm.
Thanks in advance for assistance
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.103.35 255.255.255.192
!************************** SERVICE **************************
service SSL1
ip address 192.168.103.53
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
service SSL2
ip address 192.168.103.54
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
? This is the service condition that CSS will check before deciding to/not to load balance to SSL1 and SSL2.
? If SSL3 is down, do not load balance to SSL1 and SSL2. If SSL3 is up, load balance to SSL1 and SSL2
service SSL3
ip address 192.168.103.55
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
!*************************** OWNER ***************************
owner CISCO
content L5Rule_SSL
vip address 192.168.103.37
application ssl
protocol tcp
port 443
url "/*"
add service SSL1
add service SSL2
active
!*************************** GROUP ***************************
group SSL
vip address 192.168.103.37
add destination service SSL1
add destination service SSL2
activemaybe this?
circuit VLAN1
ip address 192.168.103.35 255.255.255.192
ip virtual-router 10 priority 100
ip redundant-vip 10 192.168.103.37
ip critical-service 10 SSL3
if I'm not mistaken the vip 192.168.103.37 will stop working when the service SSL3 goes down. I'm not sure that this is what you want though... -
CSS - Load balancing to Microsoft 2008 Sharepoint Application
We are tring to load balance using the CSS 11503 to two Servers running Microsoft Sharepoint 2008. Everything is working fine as far as load balancing is cocerned. But what we want is if the Microsoft Sharepoint 2008 Application is down one one server then we do not want any request for this application to be sent to this server. What sort of keepalive should we be using, because TCP port 80 is still up and responds when the Microsoft Sharepoint 2008 Application is down on this server.
I do not know much about how Microsoft Sharepoint 2008 Application interfaces / interacts with IIS and port 80, etc.
Any suggestions?Partial Config:
===============
service FRED30
ip address x.x.x..100
protocol tcp
port 80
redundant-index 3
keepalive port 80
keepalive type http
active
service FRED31
ip address x.x.x.101
protocol tcp
port 80
redundant-index 4
keepalive port 80
keepalive type http
active
When we do the above where we have
"keepalive type http"
and then do a show keepalive we get the State as DOWN - why? But if we take out the keepalive type http command from the above services then we don't see the state as DOWN.
But even when it says DOWN we can still connect to port 80 without problem.
CSS# sh keepalive AUTO_FRED30
Name: AUTO_FRED30 Index: 7 State: Down
Description: Auto generated for service for FRED30
Address: x.x.x.100 Port: 80
Type: HTTP:HEAD:/
Keepalive Error: General failure
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
FRED30
sh keepalive FRED31
Name: AUTO_FRED31 Index: 9 State: Down
Description: Auto generated for service FRED31
Addresess: x.x.x.101 Port: 80
Type: HTTP:HEAD:/
Keepalive Error: General failure
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
FRED31 -
CSS Load Balancing Citrix Terminal server, is ti possible ?
Hi we have to balance a Terminal Server Citrix Server Farm with css, did anyone already realize it? Is there any problem to do it ? Someone told me there is nat problem with citrix metaframe terminal server, has anyone information about it ?
Any help will be greatly appreciated. Many thanks
MaxStickyness means that once a user is directed to a server through the load balancer, that user will remain on the server he was first load balanced to for the duration of their connection. Otherwise, every tcp connection that a user makes is load balanced to whatever servers are configured. There are severalways to configure stickyness. You can do it via:
-source IP
-source IP and destination port
-text string in a cookie or URL
-SSL session ID
take a look at this document that explains it better than I could:
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080772d96.html -
CSS Load balancing on same subnet/vlan
Hi
I have connections coming in to a VIP which is load balanced with a CSS between web servers. However I need the web servers to talk to a VIP on the same subnet and then load balance that to servers in the same subnet as my web servers. We are using the CSS's in bridging mode. Is this possible?Yes, it is possible. You can define one VIP to load balance traffic on your web servers and another VIP (on the same subnet) to allow load balancing between web servers and back-end servers. If the web servers use a different TCP port to communicate with the back-end servers as for the web access, you can even use the same VIP address and two content rules.
Something is however very important to make this working : you have to NAT the source address for the backend servers connections to make sure the return traffic pass through the CSS and not directly to the web server (they are on the same subnet).
Yves Haemmerli (IBM) -
CSS load balancing issue: url isn't accessible even though services are up
service Server1:80
ip address 10.10.10.34
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
active
service Server2:80
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
ip address 10.10.10.35
active
owner Ow1
content LBR1:80
vip address 192.168.1.159
port 80
protocol tcp
url "/*"
balance weightedrr
add service Server1:80
add service Server2:80
advanced-balance sticky-srcip
sticky-inact-timeout 21
flow-timeout-multiplier 8
active
service Server1:80
ip address 10.10.10.34
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
active
service Server2:80
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
ip address 10.10.10.35
active
owner OW1
content LBR2:80
vip address 192.168.1.98
protocol tcp
port 80
url "/*"
balance weightedrr
add service Server1:80
add service Server2:80
advanced-balance sticky-srcip
sticky-inact-timeout 21
flow-timeout-multiplier 8
active
All services are alive all the time and both contexts are alive all the time.
when user tries to access LBR2:80's URL it works all the time. but when user tries to access LBR1:80's url then it works sometimes and some times it doesn't work.
could you advise what the issue could be?When the SYN comes in the CSS will first check for the srcip in the sticky database and if it finds a match will forward to the stuck server. If the source ip is not in the sticky database the request will be load balanced using weightedrr and a server selected. That sticky server will then be added to the sticky database.
If the sticky-srcip is used between 2 content rule, it will use separate sticky table.
You may need to take packet capture to understand what is really failing along with
a following outputs :
sh flow
sh rule Ow1 LBR1:80 ser
regards
Andrew -
Using ACE to load balance HTTP/S traffic between client & proxy server using tcp 8080
Folks,
I have a scenario where ACE is in load balancing connections to a bunch of Websense servers in a one-armed topology. ACE presents a single VIP to web browser clients and each client's browser proxy configuration is populated with the VIP DNS name. Traffic then gets load balanced between the Websense servers. The problem arises due to Websense requiring the 'X-Forwarded-For' HTTP header in order to obtain the source IP of the client.
ACE inserts this header into the standard HTTP 'proxied' traffic but doing this for HTTPS traffic has required the configuration of the ACE SSL proxy client server.
So the problem I have is this:
How to configure ACE to load balance both HTTP & HTTPS applications using a single VIP and tcp port number ie tcp 8080
The ACE hardware being used is ACE20-MOD-K9 - MODULE
I have attempted to use a L7 class map to match all ciphers and attach this to a L7 Policy-Map but the documentation highlights the fact the 'match cipher' configuration is only available on the ACE appliance.
I believe I am on the correct track. The HTTPS traffic must be identified and used to match against PolicyA and HTTP traffic matched against PolicyB
I'm looking for ideas! I'm hopeful someone must have solved this problem previously!!
Regards,
SimonHi Simon,
The classification has to work on different ports. Whether client types http or https doesn't matter to client. His request will reach VIP which will classify the traffic based on port, protocol first and then it can look into further detail to send the traffic to appropriate serverfarm.
You can class-map match-any xxxxx
2 match virtual-address x.x.x.x tcp any
and then you configure further classification on the basis of L7 like url, header etc.
But again, you will still need SSL termination on ACE.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
Maybe you are looking for
-
App Store keeps saying cannot commect to itunes then my app completely disappears
-
How do i remove the Tips app and the Health app that apple added to my iphone on the last update? Update 8.0.2? I didn't want these added to my phone. I have to remove apps every time there is an update. After the phone is updated I reinstall the app
-
I've been having intermittant problems with Mai ever since I installed the latest version of Mail (v - 6.2) as part of the Mountain Lion (ML) installation. My iMac 27" became so unstable that it was suggested that I erase my hard drive and start aga
-
My screen has gone small, how do I get it back to normal?
I own a 13inch Macbook Pro and the screen has suddenly narrowed so it gone really small, how do I get it back to normal?
-
hi.. let me know r there any components which reside on Xi and not on WAS..??? if yes, kindly ellaborate.... regards. vishal