CSS load balancing questions
I hope that someone can help with 2 simple (i think) CSS questions.
1. When configured properly for load balancing, should the CSS round-robin between servers or will it continue to use only one server until triggered by some event or parameter?
2. If 1 of 2 load balanced servers fails, how does load balancing proceed? Will it continue to try to load balance between the servers or will it give up on the failed server unitil some event or timeout occurs?
Thanks in advance,
Eliot
Hi Eliot,
The CSS can be configured to perform load balancing in a variety of different ways. Least connections, round robin, ACA etc. Each new connection through the CSS will be round robined over each of the servers in your server group.
If a server fails then the CSS will know it has failed through the use of keepalives (based on TCP connection, ICMP etc) and no longer send requests through to that server. Traffic associated with a previous connection to the failed server will be sent to on of the surviving servers. It is then up to the behavior of the application as to if the user experiences any disruption.
Hope this helps
Brett
Similar Messages
-
Problem with WLIOTimeoutSecs in weblogic and apche CSS load balancer
Hi,
We are using Weblogic 11g, apache 2.2 and CSS load balancer for load balancing.
we have huge reports which take minutes to generate and hence we need higher value for WLIOTimeoutSecs. This works fine when we use server url but WLIOTimeoutSecs is not working when we use CSS load balancer.
We checked with our load balancing team they said CSS load balancer will not repost the request.
Here is the plugin configuration
<Location /*****>
SetHandler weblogic-handler
PathTrim /
WebLogicHost 'serevrip'
WebLogicPort 'port'
WLIOTimeoutSecs 3600
Idempotent OFF
WLProxySSL ON
DefaultFileName /***/***/index.jsp
Debug On
WLLogFile /***/***/***/***.log
</Location>
Could some please help me on this.
Thanks in advance
Regards,
VenkatHi Tarun,
The problem occurs when the SSL is enabled on apache. If I access the same URL over HTTP, the parameter WLIOTimeOut works fine.
Also I observed that, none of the parameters are getting applied to the plugin. I had switched on 'DebugConfigInfo'. With this the HTTP URL with ?__WebLogicBridgeConfig as query parameter returned the complete configuration. However when accessed with HTTPS the server did not return the configuration.
Is there a specific configuration to be applied when apache is used with SSL?
Thanks for your help,
Shashi -
CSS Load Balancing with Billing Server
Hi Gilles
Could I have a CSS load balancing two servers and also have it communicate with a billing server across the network. If yes then how can I do it?
Regards,
Sushilthe CSS does not have the notion of billing server. A separate device - like the CSG - should be used if you need to collect billing info.
Gilles. -
Hi all,
I have a service object (SO1) which has been set to Load Balancing.
This service object has an attribute which serves as a number allocator
(NA1).
This NA1 provides a unique number across the whole application for each of
the record that require to store into DB.
The problem is, will the NA1 get replicated if the SO1 is replicated?
If yes, will NA1 crash?
Regards,
Martin Chan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Senior Analyst/Programmer
Dept of Education and Training
Mobile : 0413-996-116
Email: martin.chandet.nsw.edu.au
Tel: 02-9942-9685Hi Serge,
Could you prefix it with the PID of the load balanced process ?No I can't. At least not at the moment.
When a service object is replicated, it is automatically replicated into adifferent partition...
Thanks.
An advice, make the NA1 shared. So if you get to do multithreaded accessto
it, you won't screw up things.I am thinking it may be better off to create it as a service object on it's
own.
How is the number returned by the NA1 generated ?It gets generated by Forte's code.
... Try to make it so that the
load balanced partitions don't need to access the database more than onein
5 min. to get a new Seed Key. This would not need to PID.Thanks for your advise.
Regards
Martin Chan
-----Original Message-----
From: Serge Blais [mailto:Serge.BlaisSun.com]
Sent: Tuesday, 3 April 2001 14:17
To: Chan, Martin
Subject: RE: (forte-users) SO Load Balancing Question
Your right, they can generate the same number. How much control do you have
over the ID being generated? Could you prefix it with the PID of the load
balanced process ?
Just a note: When a service object is replicated, it is automatically
replicated into a different partition, possibly on the same machine or on a
different one.
An advice, make the NA1 shared. So if you get to do multithreaded access to
it, you won't screw up things.
How is the number returned by the NA1 generated ? If NA1 is using a stored
procedure, or something like:
Start TRX
read number
newnumber = number+5000
write back newnumber
End Trx
Something like will be very safe. The Database Index Table is taking care
of the critical section. Then you can be sure that each replicate can be
independent (not hit into each other) for 5000 iterations. Depending on the
frequency, you may want to up this number or lower this number. Too high it
would make the key very high very soon with wholes in the sequence. Too low
and you would have hit between the replicates. Try to make it so that the
load balanced partitions don't need to access the database more than one in
5 min. to get a new Seed Key. This would not need to PID.
Serge
At 01:59 PM 4/3/2001 +1000, you wrote:
Hi Serge,
The number return by the NA1 is used as a primary key for each of therecord
that stores in the DB.
The Number Allocator NA1 is required to access to DB to update an ID table
which carry the next available sequence number. NA1 will only update this
table for every 5000 records.
For example, the initial value of the sequence is: 1
The next update will change the value to 5001, next will be 10001 and soon.
>
The properties of this NA1 class at runtime
Shared - Disallowed
Distributed - Disallowed
Transactional - Is Default
Monitored - Disallowed
Unfortunately, this attribute is not a handle but is instantiated by theSO1
itself.
I have been thinking, if SO1 is replicated within the same partition, and
each replicate will carry its own NA1. NA1 and the replicate of NA1 may
return a same number if their initial values of the sequence are the same.
Correct?
Regards
Martin Chan
-----Original Message-----
From: Serge Blais [mailto:Serge.BlaisSun.com]
Sent: Tuesday, 3 April 2001 13:11
To: Chan, Martin; forte-userslists.xpedior.com
Subject: Re: (forte-users) SO Load Balancing Question
Let's see if I understand right.
You have a service object that keep a handle to an object that either keep
state information, or that generate state information. Now the thing to
figure out is which is it. Let's assume that NA1 is a number generator,
that does not need to be synchronized or that doesn't need to access any
external resource. It would still work, depending on the algorythm you are
using.
Will they share the same NA1? It depends on the nature of NA1, but for sure
NA1 would have to be an anchored object. An if multiple partitions would
share the same object "only" for key generation, you would bring down your
performance on key generation or key update (by adding one inter-process
call).
In short:
1. Many scenarios can happen, you need to be clearer on your description.
2. If you are sharing an object by load balanced partitions, this greatly
reduce the gain of load balancing the partition.
3. If NA1 is keeping state, any access to it would need to be controlled
"shared".
Have fun now...
Serge
At 12:30 PM 4/3/2001 +1000, Chan, Martin wrote:
Hi all,
I have a service object (SO1) which has been set to Load Balancing.
This service object has an attribute which serves as a number allocator
(NA1).
This NA1 provides a unique number across the whole application for each
of
the record that require to store into DB.
The problem is, will the NA1 get replicated if the SO1 is replicated?
If yes, will NA1 crash?
Regards,
Martin Chan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Senior Analyst/Programmer
Dept of Education and Training
Mobile : 0413-996-116
Email: martin.chandet.nsw.edu.au
Tel: 02-9942-9685
For the archives, go to: http://lists.xpedior.com/forte-users and use
the login: forte and the password: archive. To unsubscribe, send in a new
email the word: 'Unsubscribe' to: forte-users-requestlists.xpedior.comSerge Blais
Professional Services Engineer
iPlanet Expertise Center
Sun Professional Services
Cell : (514) 234-4110
Serge.BlaisSun.comSerge Blais
Professional Services Engineer
iPlanet Expertise Center
Sun Professional Services
Cell : (514) 234-4110
Serge.BlaisSun.com -
Cisco CSS 11503 Arrowpoint/Load Balance question
I am troubleshooting an issue with my 11503. I am running version 07.40.0.04. I have it configured as follows:
content upcadtoa-rule
add service cadtoa-wls1-e0
add service cadtoa-wls1-e1
add service cadtoa-wls2-e0
add service cadtoa-wls2-e1
add service cadtoa-wls3-e0
add service cadtoa-wls3-e1
add service cadtoa-wls4-e0
add service cadtoa-wls4-e1
add service cadtoa-wls5-e0
add service cadtoa-wls5-e1
add service cadtoa-wls6-e0
add service cadtoa-wls6-e1
arrowpoint-cookie expiration 00:00:15:00
protocol tcp
port 8001
advanced-balance arrowpoint-cookie
redundant-index 2
vip address 172.30.194.195 range 2
arrowpoint-cookie name TOA
active
However, the load-balancing across the servers does not seem to be doing much balancing. One of those servers is getting hit with 5 times as much traffic as another and another server is lucky to get a connection at all. With the cookie expiration set, one would think that this would all balance out over time.
I just came across this information from Cisco and I am wondering if it is relevant:
If you configure a balance or advanced-balance method on a content rule that requires the TCP protocol for Layer 5 (L5) spoofing, you should configure a default URL string, such as url "/*". The addition of the URL string forces the content rule to become an L5 rule and ensures L5 load balancing or stickiness. If you do not configure a default URL string, unexpected results can occur.
In the following configuration example, if you configure a Layer 3 (L3) content rule with an L5 balance method, the CSS performs L5 load balancing, but will reject UDP packets.
content testing
vip address 192.168.128.131
add service s1
balance url
active
The balance url method is an L5 load-balancing method in which the CSS must spoof the connection and examine the HTTP GET content request to perform load balancing. The CSS rejects the UDP packet sent to this rule because a UDP connection cannot be L5. Though the CSS allows this rule configuration, its expected behavior would be more clear if you promote the rule to L5 by configuring the url "/*" command.
In the next example, if you configure an L3 content rule with an L5 advanced-balance method, L5 stickiness will not work as expected.
content testing
vip address 192.168.128.131
add service s1
advanced-balance arrowpoint-cookie
active
The advanced-balance arrowpoint-cookie method causes the CSS to spoof the connection, however, the CSS still marks it as an L3 rule. Thus, the CSS does not insert the generated cookie and the rule defaults to L3 stickiness (sticky-srcip). You must configure a URL like url "/*" to promote this rule to L5, ensuring that L5 stickiness works as expected.
Thanks in advance for any help you can give. The thing is not down, it is just balancing strangely causing application performance issues.
JamesHey James,
You will need to suspend the content rule in order to add the url statement. This will cause a quick downtime until the content rule is activated again. I have shown below the commands to add the statement. Perhaps you can create your commands in a Notepad file, then paste them all in so they execute quickly to minimize your downtime:
content MY-SITE
vip address 10.201.130.140
port 80
protocol tcp
add service MY-SERVER
active
CSS11503# config t
CSS11503(config)# owner TEST
CSS11503(config-owner[TEST])# content MY-SITE
CSS11503(config-owner-content[TEST-MY-SITE])# url "/*"
%% Attribute may not be modified on active rule
CSS11503(config-owner-content[TEST-MY-SITE])# suspend
CSS11503(config-owner-content[TEST-MY-SITE])# url "/*"
CSS11503(config-owner-content[TEST-MY-SITE])# active
CSS11503(config-owner-content[TEST-MY-SITE])# exit
CSS11503(config-owner[TEST])# exit
CSS11503(config)# exit
CSS11503# show run
content MY-SITE
vip address 10.201.130.140
add service MY-SERVER
port 80
protocol tcp
url "/*" <--------
active
Hope this helps,
Sean -
CSS load balancing in both directions.
Hi all,
my questions are
-if it is possible divide (virtualize) one physical CSS to separate ones?
and than
-if it is possible use one virtual CSS for loadbalancing in one direction and other CSS use for loadbalancing in opposite direction?
BR
ggIt sounds like you need to implement a group rule using 'add service service_name'.
ie.
service web1
ip address 192.168.1.1
port 80
active
service web2
ip address 192.168.1.2
port 80
active
owner vip
content web_servers
vip address 192.168.1.100
port 80
protocol tcp
add service web1
add service web2
active
group web_servers
vip address 192.168.1.100
add service web1
add service web2
active
What this should do is NAT any request *initiated* from web1 or web2 to the IP address specified in the group rule. In this case it is 192.168.1.100, the same as the content rule. This is fine, or you can use a different IP. I'm using RFC1918 addresses in this example, as 192.168.1.100 would be natted to some public IP on the firewall in front of the CSS.
If you wanted to do internal load balancing, or load balance to a service *NOT* within your environment (ie. 3rd party data center), you would simply change 'add service' to 'add destination service' in the group rule.
James -
My company is in the process of building a small scale network architecture strictly for testing purposes. We have a DMZ area that contains 2 load balancers and 1 web server. The web server is a SunFire 280 and has two gig e nics. They want to cable one nic to one load balancer and one nic to the other. Since this is only one box we have to put the nics on separate subnets. The question is, can I configure the load balancers in a failover situation of an active active situation with one load balancer on one vlan and another load balancer on a separate vlan.
I did not able to understand why you want to give ip to two NICs from different subnets.
There is NO any requirement, like that. If you have your own requirement can you explain me that?
Ashman -
CSS Load balancing for Exchange Server
Hi,
I have CSS configured in single arm and I have multiple servers configured for load balancing and it is working fine but when I am configuring Exchange server for load balancing I am facing problem and applications and printer/scanners are not able to send the email through the Virtual IP address configured for exchaneg server.
But if we configured the real server IP in the printer/scanners they are able to send the email. While checking the logs on the exchange server, it is showing that request for the email so coming from the Exchange VIP configured in the CSS.
I can telnet on port 25 on the VIP address (192.168.200.237). But unable to send the email through this VIP.
Below is the configuration
service ENOC_EXCHANGE-1
ip address 192.168.200.235
active
service ENOC_EXCHANGE-2
ip address 192.168.200.236
active
content EXCHANGE
add service ENOC_EXCHANGE-2
add service ENOC_EXCHANGE-1
vip address 192.168.200.237
active
group EXCHANGE
add destination service ENOC_EXCHANGE-1
add destination service ENOC_EXCHANGE-2
vip address 192.168.200.237
active
DC-CSS01# show rule GIT EXCHANGE
Name: EXCHANGE Owner: ENOC_GIT
State: Active Type: HTTP
Balance: Round Robin Failover: N/A
Persistence: Enabled Param-Bypass: Disabled
Session Redundancy: Disabled
IP Redundancy: Not Redundant
L3: 192.168.200.237
L4: Any/Any
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: EXCHANGE-1-Alive, S-1
2: EXCHANGE-2-Down, S-1
=============================================================================
Please let me know how to solve this problem. System team is saying with the physical IP address it is working fine problem with Load balancing. I have even tried with the
Add service command in the group but didnt work for me. If i will remove the group command then I cant telnet on port 25.
I think this is related to single arm modle or some wrong configuration for the NAT.
Kindly assist meHi
Printers are on Vlan 80 ( gw is 192.168.80.1) and exange server is on vlan 200 (gw is 192.168.200.1) i have multiple vlan which will communcate with exchange.
I hv other servers on 200 subnet which are working fine in load balancing.
My CSS is single arm setup.
Please assist
Sent from Cisco Technical Support iPhone App -
CSS Load Balancing with Cookies
We are trying to load balance 2 backend servers hosted on Websphere with advance balance cookies method.
Restrictions
ServerA is unable to accept cookies generated from ServerB.
ServerA and ServerB are generating random cookies
Unable to modify cookie string with a constant.
How can we load balance based on cookies considering the above restrictions?
We have attempted to do hash based load balancing with cookies but the problem we run into is the servers do not accept cookies generated from another server.
The configuration we tried is written below:
service ServerA
ip address 192.168.10.2
keepalive type tcp
keepalive port 80
active
service ServerB
ip address 192.168.20.2
keepalive type tcp
keepalive port 80
active
content ABC
url "/*"
add service ServerA
string prefix "JSESSIONID="
advanced-balance cookies
port 80
add service ServerB
string skip-length 5
string process-length 16
string operation hash-xor
protocol tcp
vip address 172.16.32.1
active
Can we change the string prefix to JSESSION instead of JSESSIONID= ?
The only place the app guys can add a constant string to match on is before the = sign.
Is it possible for CSS to match on a constant string before = sign e.g below:
service ServerA
ip address 192.168.10.2
keepalive type tcp
keepalive port 80
string id567=
active
service ServerB
ip address 192.168.20.2
keepalive type tcp
keepalive port 80
string id123=
active
content ABC
url "/*"
add service ServerA
string prefix "JSESSION"
advanced-balance cookies
port 80
add service ServerB
string skip-length 0
string process-length 6
protocol tcp
vip address 172.16.32.1
activeIt should work.
There is no reason for it not to work...
This is the best method you can have on the CSS for stickyness.
Get a sniffer trace on the client and server with arrowpoint cookie configured on the CSS and capture a failure so we can see what is going on.
also send me the config so I can verify everything is ok.
If you have a service request open with the TAC, you can also give the SR # so I can review what has been done.
Gilles. -
I am new to CSS. I have CSS 1150 with IOS 7.3. I want to load balancing two servers 192.168.210.55 and 192.168.210.56 on port 80.
My CSS is connected in single arm configuration. Core switch is dong the Inter VLAN routing and CSS is connected in the VLAN 200 access Port.
Servers and CSS are connected to same Layer 3 switch.
CSS is in VLAN 200 (192.168.200.10)
Servers are in VLAN 210
Below is the configuration of my CSS
================================================================================
CSS11501(config)# show run
!Generated on 04/03/2011 16:47:41
!Active version: sg0730106
configure
!*************************** GLOBAL ***************************
username net des-password xxxxxx superuser
logging subsystem flowmgr level debug-7
logging disk log.log
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2
interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD
interface e4
bridge port-fast enable
phy 100Mbits-FD
interface e8
bridge port-fast enable
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.200.10 255.255.255.0
!************************** SERVICE **************************
service Citrix_Xenapp
ip address 192.168.210.55
keepalive port 80
active
service Citrix_Xenapp_2
ip address 192.168.210.56
keepalive port 80
active
!*************************** OWNER ***************************
owner ENOC_Citrix_XENAPP
content Citrix_XENAPP
add service Citrix_Xenapp
add service Citrix_Xenapp_2
vip address 192.168.200.52
protocol tcp
port 80
active
CSS11501(config)# show service
Services (3 entries):
Name: Citrix_Xenapp Index: 0
Type: Local State: Alive
Rule ( 192.168.210.55 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:38:49
Mtu: 1500 State Transitions: 14
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: Citrix_Xenapp_2 Index: 6
Type: Local State: Alive
Rule ( 192.168.210.56 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:39:40
Mtu: 1500 State Transitions: 12
Total Local Connections: 1 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 1 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
CSS11501(config)# sh version
Version: sg0730106 (07.30.1.06)
Flash (Locked): 07.20.2.06
Flash (Operational): 07.30.1.06
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
CSS11501(config)# sh run
!Generated on 04/03/2011 17:39:46
!Active version: sg0730106
configure
!*************************** GLOBAL ***************************
username net des-password xxxxx superuser
logging subsystem flowmgr level debug-7
logging disk log.log
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2
interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD
interface e4
bridge port-fast enable
phy 100Mbits-FD
interface e8
bridge port-fast enable
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.200.10 255.255.255.0
!************************** SERVICE **************************
service Citrix_Xenapp
ip address 192.168.210.55
keepalive port 80
active
service Citrix_Xenapp_2
ip address 192.168.210.56
keepalive port 80
active
!*************************** OWNER ***************************
owner ENOC_Citrix_XENAPP
content Citrix_XENAPP
add service Citrix_Xenapp
add service Citrix_Xenapp_2
vip address 192.168.200.52
protocol tcp
port 80
active
CSS11501(config)# show service
Services (3 entries):
Name: Citrix_Xenapp Index: 0
Type: Local State: Alive
Rule ( 192.168.210.55 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:38:49
Mtu: 1500 State Transitions: 14
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: Citrix_Xenapp_2 Index: 6
Type: Local State: Alive
Rule ( 192.168.210.56 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:39:40
Mtu: 1500 State Transitions: 12
Total Local Connections: 1 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 1 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
CSS11501(config)# show content
Content Database:
Pieces of content for module: 1
Total Content: 56
CSS11501(config)# show owner
Owner Configuration:
Name: ENOC_Citrix_XENAPP
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
CSS11501(config)# show owner ?
<cr> Execute command
ENOC_Citrix_XENAPP
CSS11501(config)# show owner ENOC_Citrix_XENAPP ?
<cr> Execute command
statistics Show owner statistical information
CSS11501(config)# show owner ENOC_Citrix_XENAPP
Owner Configuration:
Name: ENOC_Citrix_XENAPP
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
CSS11501(config)# show owner ENOC_Citrix_XENAPP statistics
Owner Statistics for <ENOC_Citrix_XENAPP>:
DNS Policy: None Case Sensitivity: Off
Hits: 1 Reject Overload: 0
Bytes: 52 Reject No Services 0
Frames: 1 Drops 0
Redirects 0 NAT Translations: 0
Spoofs: 0
CSS11501(config)#
The load balaning IP is 192.168.200.52 but I cant ping this virtual IP and cant telnet on port 80 on this IP address.
CSS11501(config)# ping 192.168.205.55
Pinging 192.168.205.55 1 time(s)...
Working(-) 0/1
0% Success.
%% Ping Failure
CSS11501(config)# ping 192.168.210.55
Pinging 192.168.210.55 1 time(s)...
Working(-) 1/1
100% Success.
CSS11501(config)# ping 192.168.210.56
Pinging 192.168.210.56 1 time(s)...
Working(-) 1/1
100% Success.
CSS11501(config)# ping 192.168.210.1
Pinging 192.168.210.1 1 time(s)...
Working(-) 1/1
100% Success.
CSS11501(config)# ping 192.168.200.1
Pinging 192.168.200.1 1 time(s)...
Working(-) 1/1
100% Success.
Network connectivity is there. Please let me know what I am missing and how to solve this problem.
Thanks in advance.Thanks for the reply, But I have modified my configuration. Now I am load balancing VLAN 200 Servers where the CSS also located in the same VLAN. Attach is the updated configuration.
I can only ping the VIP but not able to telnet on VIP (192.168.200.65 80).
configure
!*************************** GLOBAL ***************************
username net des-password net@dmin superuser
no restrict web-mgmt
logging subsystem flowmgr level debug-7
logging disk log.log
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2
interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD
interface e4
bridge port-fast enable
phy 100Mbits-FD
interface e8
bridge port-fast enable
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.200.10 255.255.255.0
!************************** SERVICE **************************
service Citrix_Xenapp
ip address 192.168.210.55
keepalive port 80
active
service Citrix_Xenapp_2
ip address 192.168.210.56
keepalive port 80
active
service ENOC_EFAX_1
ip address 192.168.200.66
keepalive type none
protocol tcp
port 80
active
service ENOC_EFAX_2
ip address 192.168.200.67
keepalive type none
port 80
protocol tcp
active
!*************************** OWNER ***************************
owner ENOC_Citrix_XENAPP
content Citrix_XENAPP
add service Citrix_Xenapp
add service Citrix_Xenapp_2
vip address 192.168.200.52
protocol tcp
port 80
active
owner ENOC_EFAX
content EFAX
add service ENOC_EFAX_2
add service ENOC_EFAX_1
vip address 192.168.200.65
protocol tcp
port 80
active
!*************************** GROUP ***************************
group EFAX
vip address 192.168.200.65
add service ENOC_EFAX_1
add service ENOC_EFAX_2
active
=====================
CSS11501(config)# show flow
flow-timeout Display flow-timeout values.
flows Show flow summary information
CSS11501(config)# show flow 0.0.0.0
^
%% Invalid input detected at '^' marker.
CSS11501(config)# show flows 0.0.0.0
Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort
192.168.80.89 4567 192.168.200.65 80 192.168.200.67 TCP e8 e8
192.168.200.67 80 192.168.80.89 4567 192.168.80.89 TCP e8 e8
192.168.80.89 2474 192.168.200.10 23 0.0.0.0 TCP e8 Ipv4
CSS11501(config)# show service
Services (5 entries):
Name: Citrix_Xenapp Index: 0
Type: Local State: Alive
Rule ( 192.168.210.55 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: Citrix_Xenapp_2 Index: 6
Type: Local State: Alive
Rule ( 192.168.210.56 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: ENOC_EFAX_1 Index: 1
Type: Local State: Alive
Rule ( 192.168.200.66 TCP 80 )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (NONE 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 1 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 1 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: ENOC_EFAX_2 Index: 2
Type: Local State: Alive
Rule ( 192.168.200.67 TCP 80 )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (NONE 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 2 Total Backup Connections: 0
Current Local Connections: 1 Current Backup Connections: 0
Total Connections: 2 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
CSS11501(config)# show service summary
Service Name State Conn Weight Avg State
Load Transitions
Citrix_Xenapp Alive 0 1 2 0
Citrix_Xenapp_2 Alive 0 1 2 0
ENOC_EFAX_1 Alive 0 1 2 0
ENOC_EFAX_2 Alive 1 1 2 0
CSS11501(config)# show rule
Content Rules:
///\\\ The Duke of Url.
{ O--O }
[||]
>>>>>>>>
Name: EFAX Owner: ENOC_EFAX
State: Active Type: HTTP
Balance: Round Robin Failover: N/A
Persistence: Enabled Param-Bypass: Disabled
Session Redundancy: Disabled
IP Redundancy: Not Redundant
L3: 192.168.200.65
L4: TCP/80
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: ENOC_EFAX_1-Alive, S-1
2: ENOC_EFAX_2-Alive, S-1
>>>>>>>>
Name: Citrix_XENAPP Owner: ENOC_Citrix_XENAPP
State: Active Type: HTTP
Balance: Round Robin Failover: N/A
Persistence: Enabled Param-Bypass: Disabled
Session Redundancy: Disabled
IP Redundancy: Not Redundant
L3: 192.168.200.52
L4: TCP/80
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: Citrix_Xenapp-Alive, S-1
2: Citrix_Xenapp_2-Alive, S-1
CSS11501(config)# show content
Content Database:
Pieces of content for module: 1
Total Content: 56
CSS11501(config)# show owner
Owner Configuration:
Name: ENOC_EFAX
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
Name: ENOC_Citrix_XENAPP
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
CSS11501(config)#
Please let me know what I am missing and also one link is not working.
To configure source nat you can refer to the following:
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/configuration/content_lb/guide/SGrp.html -
CSS load balancing, service dependancy condition check
Hi,
I would like to seek some advice regarding the CSS's service configuration.
Is there a way to configure the CSS such that it check for the condition/status of a independant service (not involved in the load balancing algorithm) is alive/down (using service mode keepalive port/type), before deciding whether to/not to load balance to a group of services?
Senario is as follwows:
We process incoming HTTPS request and load balance to 2 HTTPS Servers (HTTPS service SSL1 and SSL2), on condition that a independent service (HTTPS service SSL3) is alive (using the keepalive type/port check in service mode).
If the independant service (HTTPS service SSL3) is not alive, remove the HTTPS Servers (HTTPS service SSL1 and SSL2) from the load balancing algorithm.
Thanks in advance for assistance
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.103.35 255.255.255.192
!************************** SERVICE **************************
service SSL1
ip address 192.168.103.53
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
service SSL2
ip address 192.168.103.54
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
? This is the service condition that CSS will check before deciding to/not to load balance to SSL1 and SSL2.
? If SSL3 is down, do not load balance to SSL1 and SSL2. If SSL3 is up, load balance to SSL1 and SSL2
service SSL3
ip address 192.168.103.55
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
!*************************** OWNER ***************************
owner CISCO
content L5Rule_SSL
vip address 192.168.103.37
application ssl
protocol tcp
port 443
url "/*"
add service SSL1
add service SSL2
active
!*************************** GROUP ***************************
group SSL
vip address 192.168.103.37
add destination service SSL1
add destination service SSL2
activemaybe this?
circuit VLAN1
ip address 192.168.103.35 255.255.255.192
ip virtual-router 10 priority 100
ip redundant-vip 10 192.168.103.37
ip critical-service 10 SSL3
if I'm not mistaken the vip 192.168.103.37 will stop working when the service SSL3 goes down. I'm not sure that this is what you want though... -
Hi,
I'm facing a problem with CSS while load balaning for the web application with two servers.
The application is based on activex..
Basically I have two servers running web application for which I have created VIP in the CSS, user hits the VIP address and they access the application, also we use the sticky thing as the application requires the session persistence.. everything is fine, but the problem starts when one of the server fails...
Assume a user hits the VIP address and access the application, due to the sticky thing his session will be with server A (for eg.), now suddenly the server A fails and in that time the user was doing a transcation and inputting some data and after that he press the submit button on the page, as the server A is down the web page gets refreshed and he has to relogin to the application and redo the whole thing what he was doing in that particular transcation...
Now the application guys are telling this problem should not happen as the CSS should be able to take care of the session getting reestablished to the other server B during the server A failure...
Can someone through some lights on this... I'm bit confused now... as what I understand is that the webpage gets refreshed during a server failure because the tcp session id will get changed and the server B will not accept the same tcp session so it reinitiates the new session...
Is my understanding right?? or is there something which we can do on the CSS to avoid this problem...
Regards
Vijay.Hi Gilles,
Thanks for the clarification.
I have two more issues too...
1. The load balancing of the application between the two servers are not even. Actually the traffic from the users keep hitting only one server, I understand the point of sticky method used in our case, but even atleast the connection from another client machine should go to the other server,but it is not the case... traffic from all the clients goes to only one server..
what could be the possible reason for the same...
My config is as below...
service SERVER-1
port 80
protocol tcp
keepalive port 80
keepalive type tcp
redundant-index 4
ip address 10.6.223.87
active
service SERVER-2
port 80
protocol tcp
keepalive port 80
keepalive type tcp
ip address 10.6.223.77
redundant-index 5
active
owner WEB
content WEB
add service SERVER-1
add service SERVER-2
redundant-index 104
vip address 10.6.223.78
protocol tcp
port 80
url "/webretrieve*"
advanced-balance sticky-srcip
active
2. Slow response of the application when users access application through VIP address(CSS), what can be done further in the configuration to improve the performance?? or any thing else I can do...
Regards -
Hi,
I have two CSS that I use to load balance RDP connections to two WTS servers. I dont have switch behind CSS so they are connected back-to-back via cable. All server facing ports (including back-to-back ports) are in the same VLAN.
CSS1 is primary for the VIP address and for redundant interface address, and CSS2 is standby.
So, when I connect WTS-1 to CSS-1 and WTS-2 to CSS-2, CSS1 sees both services as active and everything seems fine. If WTS-2 is disconnected, WTS2 service on CSS1 is down etc.
In sticky table, I can see that CSS1 is load balancing request to both servers, but the problem is that only RDP connections to WTS-1(server directly connected to CSS1) work fine , and connections that are load balanced to WTS-2 are dropped??? Direct RDP connection to WTS-2 IP works fine.
If I connect WTS-2 to CSS1, so both WTS servers are connected to CSS1 everything works fine.
Can anyone tell what can be wrong?
Configurations are in the attachment.
Thanks for help.
Regards,
Branimirtry the command 'ip uncond' on both CSS.
It will guarantees that the response from WTS-2 comes back to CSS1.
Gilles. -
CSS - Load balancing to Microsoft 2008 Sharepoint Application
We are tring to load balance using the CSS 11503 to two Servers running Microsoft Sharepoint 2008. Everything is working fine as far as load balancing is cocerned. But what we want is if the Microsoft Sharepoint 2008 Application is down one one server then we do not want any request for this application to be sent to this server. What sort of keepalive should we be using, because TCP port 80 is still up and responds when the Microsoft Sharepoint 2008 Application is down on this server.
I do not know much about how Microsoft Sharepoint 2008 Application interfaces / interacts with IIS and port 80, etc.
Any suggestions?Partial Config:
===============
service FRED30
ip address x.x.x..100
protocol tcp
port 80
redundant-index 3
keepalive port 80
keepalive type http
active
service FRED31
ip address x.x.x.101
protocol tcp
port 80
redundant-index 4
keepalive port 80
keepalive type http
active
When we do the above where we have
"keepalive type http"
and then do a show keepalive we get the State as DOWN - why? But if we take out the keepalive type http command from the above services then we don't see the state as DOWN.
But even when it says DOWN we can still connect to port 80 without problem.
CSS# sh keepalive AUTO_FRED30
Name: AUTO_FRED30 Index: 7 State: Down
Description: Auto generated for service for FRED30
Address: x.x.x.100 Port: 80
Type: HTTP:HEAD:/
Keepalive Error: General failure
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
FRED30
sh keepalive FRED31
Name: AUTO_FRED31 Index: 9 State: Down
Description: Auto generated for service FRED31
Addresess: x.x.x.101 Port: 80
Type: HTTP:HEAD:/
Keepalive Error: General failure
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
FRED31 -
CSS Load Balancing Citrix Terminal server, is ti possible ?
Hi we have to balance a Terminal Server Citrix Server Farm with css, did anyone already realize it? Is there any problem to do it ? Someone told me there is nat problem with citrix metaframe terminal server, has anyone information about it ?
Any help will be greatly appreciated. Many thanks
MaxStickyness means that once a user is directed to a server through the load balancer, that user will remain on the server he was first load balanced to for the duration of their connection. Otherwise, every tcp connection that a user makes is load balanced to whatever servers are configured. There are severalways to configure stickyness. You can do it via:
-source IP
-source IP and destination port
-text string in a cookie or URL
-SSL session ID
take a look at this document that explains it better than I could:
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080772d96.html
Maybe you are looking for
-
When I open fire fox and start opening tabs it tell me that fire fox is not responding and after a while some time will open and some time not. What can I do to correct this. If I need to reload the fire fox let me know how I don't wont to loose all
-
Packet Loss When Extending Network?
Hi there, everyone. I just purchased the Airport Extreme AC after upgrading to 802.11AC devices in the home. On its own, the Extreme AC performs flawlessly - consistent connections, max speed my ISP provides, no-lag, no studdering, no packet loss. I
-
I have at least 3 albums of music that appear in the "purchased" column on itunes, but the files have gone missing. I have the files on my iphone, and can listen to them on it, but when I try to play them on my Mac I get the message : The song "XXXX
-
How to show a nice URL in Browser URL navigator?
How to show a nice URL in Browser URL navigator? Hello Arquitecture: Internet --- Machine1 (Apache like Proxy Reverse and rewrite) --- MAchine2 (GLASSFISH-APEX LISTENER 2.0.1) --- DATABASE That application will be like a directory of products, we nee
-
HT201365 I had purchased music on I tunes that I cannot find on iCloud . I need my music
I had purchased music in one of my iPhones . Was consistent about my password and all. I could only get one album from the several that I had purchased using my Apple ID and password . My music is somewhere !!! How do I retrieve it to enjoy it in my