CSS load balancing, service dependancy condition check
Hi,
I would like to seek some advice regarding the CSS's service configuration.
Is there a way to configure the CSS such that it check for the condition/status of a independant service (not involved in the load balancing algorithm) is alive/down (using service mode keepalive port/type), before deciding whether to/not to load balance to a group of services?
Senario is as follwows:
We process incoming HTTPS request and load balance to 2 HTTPS Servers (HTTPS service SSL1 and SSL2), on condition that a independent service (HTTPS service SSL3) is alive (using the keepalive type/port check in service mode).
If the independant service (HTTPS service SSL3) is not alive, remove the HTTPS Servers (HTTPS service SSL1 and SSL2) from the load balancing algorithm.
Thanks in advance for assistance
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.103.35 255.255.255.192
!************************** SERVICE **************************
service SSL1
ip address 192.168.103.53
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
service SSL2
ip address 192.168.103.54
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
? This is the service condition that CSS will check before deciding to/not to load balance to SSL1 and SSL2.
? If SSL3 is down, do not load balance to SSL1 and SSL2. If SSL3 is up, load balance to SSL1 and SSL2
service SSL3
ip address 192.168.103.55
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
!*************************** OWNER ***************************
owner CISCO
content L5Rule_SSL
vip address 192.168.103.37
application ssl
protocol tcp
port 443
url "/*"
add service SSL1
add service SSL2
active
!*************************** GROUP ***************************
group SSL
vip address 192.168.103.37
add destination service SSL1
add destination service SSL2
active
maybe this?
circuit VLAN1
ip address 192.168.103.35 255.255.255.192
ip virtual-router 10 priority 100
ip redundant-vip 10 192.168.103.37
ip critical-service 10 SSL3
if I'm not mistaken the vip 192.168.103.37 will stop working when the service SSL3 goes down. I'm not sure that this is what you want though...
Similar Messages
-
Problem with WLIOTimeoutSecs in weblogic and apche CSS load balancer
Hi,
We are using Weblogic 11g, apache 2.2 and CSS load balancer for load balancing.
we have huge reports which take minutes to generate and hence we need higher value for WLIOTimeoutSecs. This works fine when we use server url but WLIOTimeoutSecs is not working when we use CSS load balancer.
We checked with our load balancing team they said CSS load balancer will not repost the request.
Here is the plugin configuration
<Location /*****>
SetHandler weblogic-handler
PathTrim /
WebLogicHost 'serevrip'
WebLogicPort 'port'
WLIOTimeoutSecs 3600
Idempotent OFF
WLProxySSL ON
DefaultFileName /***/***/index.jsp
Debug On
WLLogFile /***/***/***/***.log
</Location>
Could some please help me on this.
Thanks in advance
Regards,
VenkatHi Tarun,
The problem occurs when the SSL is enabled on apache. If I access the same URL over HTTP, the parameter WLIOTimeOut works fine.
Also I observed that, none of the parameters are getting applied to the plugin. I had switched on 'DebugConfigInfo'. With this the HTTP URL with ?__WebLogicBridgeConfig as query parameter returned the complete configuration. However when accessed with HTTPS the server did not return the configuration.
Is there a specific configuration to be applied when apache is used with SSL?
Thanks for your help,
Shashi -
CSS11500 vs microsoft load balancing service
Greeting
I have some experience in CSS11500 but, I have no knowledge on microsoft load balancing service.
now I would like to understand what benefit on both technoledge? specially for a microsoft application, such as sharepoint.
Any comments will be appreciated
Thanks in advanceHi Julie,
The only input I can provide is that I have a customer who used Microsoft NLB to laodbalance a lot of Windows Terminal Servers and often had problems and uneven load sharing.
He then used the ACE4710 for the NLB and one comment was: I have never seen such an even load sharing on my WTS.
Our only problem is to have a probe for the WTS which is good enough. Currently wer just check for port 3389 but sometimes it does not catch a faulty server, so we would like to have a TCL script to do the job but have not yet been able to come up with one, so if anybody out there has an idea to a TCL script for WTS then I'd be glad to hear about it.
HTH, Ingolf -
CSS Load Balancing with Billing Server
Hi Gilles
Could I have a CSS load balancing two servers and also have it communicate with a billing server across the network. If yes then how can I do it?
Regards,
Sushilthe CSS does not have the notion of billing server. A separate device - like the CSG - should be used if you need to collect billing info.
Gilles. -
Bug with Network Load Balancing Services and SkipAsSource always reverting to true
Steps to reproduce:
Add an IP address to the cluster (2 nodes running Windows Server 2012) using the Network Load Balancing Manager
Using PowerShell set the SkipAsSource flag on the IP Address to true (Set-NetIpAddress -IpAddress 192.168.1.10 -SkipAsSource $true). The flag is correctly set.
Try to reverse the setting (Set-NetIpAddress -IpAddress 192.168.1.10 -SkipAsSource $false). Flag stays as true.
It appears as though Network Load Balancing Services is remembering the setting from someone.
Things I've tried all without success (in no particular order):
Removing the IP address from the cluster and adding it back in
Using PowerShell to remove the IP address and add it back in manually (on each host).Flag stays set as true on the 1st node but takes a second before it reverts back to true on the 2nd node.
Using netsh to remove the IP address and add it back in manually (on each host). Flag stays set as true on the 1st node but takes a second before it reverts back to true on the 2nd node.
Deleting each host from the cluster (one at a time), removing the registry keys CurrentControlSet\Services\WLBS and
Removing both hosts from the cluster
Restarting the hosts
Using processmon (sysinternals) to try and find a registry entry that might be set when SkipAsSource is set
Does anyone know:
How to resolve this issue? I'm guessing resetting the TCP/IP stack would work but that's a last resort as it requires an on sight visit to the datacentre.
Where the SkipAsSource flag it stored?
How to reset the master/global cluster config?
Thank in advance,
AntonyHi Antony,
I am trying to involve someone familiar with this topic to further look at this issue.
There might be some time delay. Appreciate your patience.
Best Regards.
Steven Lee
TechNet Community Support -
How to remove farm account from Application Discovery and Load Balancer Service Application
Hello Community
Using Sharpoint 2010 Server I think the reason
the User Profile Synchronization would stop is because somehow the farm
account was registered as a managed account. So I removed the farm
account from all services that ran under the farm account so that I could
run Remove-SPManagedAccount or click the Remove icon in manage service accounts
and then unregisted farm account as a managed account.
But before I can run Remove-SPManagedAccount I need to remove it from one more
service account that uses the farm account which is:
"Application Discovery and Load Balanceer Service Account".
However, nothing seems to remove it from there.
I tried :
"get-spserviceapplication | where {$_.TypeName -match "Application Discovery and Load Balancer Service Application"}
and then
"stop-spserviceinstance "dde7fbef-b068-4687-bedb-f67230efab5a"
amongst a host of other methods so that I could ultimately
unregister farm account as a managed account.
But no matter what I do when I try to remove the farm account from Application Discovery
and Load Balancer Service Application
and then unregister the farm account as a managed account a message always says
"Application Discovery and Load Balancer Service Application" is using the farm account
as its service account.
What can I do to free the farm account from Application Discovery and Load Balancer Service Application?
Thank you
ShabeautThe Farm Account is always a Managed Account and can never be "unmanaged". You don't have to set the automatic password roll.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
CSS load balancing issue: url isn't accessible even though services are up
service Server1:80
ip address 10.10.10.34
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
active
service Server2:80
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
ip address 10.10.10.35
active
owner Ow1
content LBR1:80
vip address 192.168.1.159
port 80
protocol tcp
url "/*"
balance weightedrr
add service Server1:80
add service Server2:80
advanced-balance sticky-srcip
sticky-inact-timeout 21
flow-timeout-multiplier 8
active
service Server1:80
ip address 10.10.10.34
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
active
service Server2:80
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
ip address 10.10.10.35
active
owner OW1
content LBR2:80
vip address 192.168.1.98
protocol tcp
port 80
url "/*"
balance weightedrr
add service Server1:80
add service Server2:80
advanced-balance sticky-srcip
sticky-inact-timeout 21
flow-timeout-multiplier 8
active
All services are alive all the time and both contexts are alive all the time.
when user tries to access LBR2:80's URL it works all the time. but when user tries to access LBR1:80's url then it works sometimes and some times it doesn't work.
could you advise what the issue could be?When the SYN comes in the CSS will first check for the srcip in the sticky database and if it finds a match will forward to the stuck server. If the source ip is not in the sticky database the request will be load balanced using weightedrr and a server selected. That sticky server will then be added to the sticky database.
If the sticky-srcip is used between 2 content rule, it will use separate sticky table.
You may need to take packet capture to understand what is really failing along with
a following outputs :
sh flow
sh rule Ow1 LBR1:80 ser
regards
Andrew -
CSS Load balancing for Exchange Server
Hi,
I have CSS configured in single arm and I have multiple servers configured for load balancing and it is working fine but when I am configuring Exchange server for load balancing I am facing problem and applications and printer/scanners are not able to send the email through the Virtual IP address configured for exchaneg server.
But if we configured the real server IP in the printer/scanners they are able to send the email. While checking the logs on the exchange server, it is showing that request for the email so coming from the Exchange VIP configured in the CSS.
I can telnet on port 25 on the VIP address (192.168.200.237). But unable to send the email through this VIP.
Below is the configuration
service ENOC_EXCHANGE-1
ip address 192.168.200.235
active
service ENOC_EXCHANGE-2
ip address 192.168.200.236
active
content EXCHANGE
add service ENOC_EXCHANGE-2
add service ENOC_EXCHANGE-1
vip address 192.168.200.237
active
group EXCHANGE
add destination service ENOC_EXCHANGE-1
add destination service ENOC_EXCHANGE-2
vip address 192.168.200.237
active
DC-CSS01# show rule GIT EXCHANGE
Name: EXCHANGE Owner: ENOC_GIT
State: Active Type: HTTP
Balance: Round Robin Failover: N/A
Persistence: Enabled Param-Bypass: Disabled
Session Redundancy: Disabled
IP Redundancy: Not Redundant
L3: 192.168.200.237
L4: Any/Any
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: EXCHANGE-1-Alive, S-1
2: EXCHANGE-2-Down, S-1
=============================================================================
Please let me know how to solve this problem. System team is saying with the physical IP address it is working fine problem with Load balancing. I have even tried with the
Add service command in the group but didnt work for me. If i will remove the group command then I cant telnet on port 25.
I think this is related to single arm modle or some wrong configuration for the NAT.
Kindly assist meHi
Printers are on Vlan 80 ( gw is 192.168.80.1) and exange server is on vlan 200 (gw is 192.168.200.1) i have multiple vlan which will communcate with exchange.
I hv other servers on 200 subnet which are working fine in load balancing.
My CSS is single arm setup.
Please assist
Sent from Cisco Technical Support iPhone App -
CSS - Load balancing to Microsoft 2008 Sharepoint Application
We are tring to load balance using the CSS 11503 to two Servers running Microsoft Sharepoint 2008. Everything is working fine as far as load balancing is cocerned. But what we want is if the Microsoft Sharepoint 2008 Application is down one one server then we do not want any request for this application to be sent to this server. What sort of keepalive should we be using, because TCP port 80 is still up and responds when the Microsoft Sharepoint 2008 Application is down on this server.
I do not know much about how Microsoft Sharepoint 2008 Application interfaces / interacts with IIS and port 80, etc.
Any suggestions?Partial Config:
===============
service FRED30
ip address x.x.x..100
protocol tcp
port 80
redundant-index 3
keepalive port 80
keepalive type http
active
service FRED31
ip address x.x.x.101
protocol tcp
port 80
redundant-index 4
keepalive port 80
keepalive type http
active
When we do the above where we have
"keepalive type http"
and then do a show keepalive we get the State as DOWN - why? But if we take out the keepalive type http command from the above services then we don't see the state as DOWN.
But even when it says DOWN we can still connect to port 80 without problem.
CSS# sh keepalive AUTO_FRED30
Name: AUTO_FRED30 Index: 7 State: Down
Description: Auto generated for service for FRED30
Address: x.x.x.100 Port: 80
Type: HTTP:HEAD:/
Keepalive Error: General failure
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
FRED30
sh keepalive FRED31
Name: AUTO_FRED31 Index: 9 State: Down
Description: Auto generated for service FRED31
Addresess: x.x.x.101 Port: 80
Type: HTTP:HEAD:/
Keepalive Error: General failure
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
FRED31 -
CSS Load Balancing with Cookies
We are trying to load balance 2 backend servers hosted on Websphere with advance balance cookies method.
Restrictions
ServerA is unable to accept cookies generated from ServerB.
ServerA and ServerB are generating random cookies
Unable to modify cookie string with a constant.
How can we load balance based on cookies considering the above restrictions?
We have attempted to do hash based load balancing with cookies but the problem we run into is the servers do not accept cookies generated from another server.
The configuration we tried is written below:
service ServerA
ip address 192.168.10.2
keepalive type tcp
keepalive port 80
active
service ServerB
ip address 192.168.20.2
keepalive type tcp
keepalive port 80
active
content ABC
url "/*"
add service ServerA
string prefix "JSESSIONID="
advanced-balance cookies
port 80
add service ServerB
string skip-length 5
string process-length 16
string operation hash-xor
protocol tcp
vip address 172.16.32.1
active
Can we change the string prefix to JSESSION instead of JSESSIONID= ?
The only place the app guys can add a constant string to match on is before the = sign.
Is it possible for CSS to match on a constant string before = sign e.g below:
service ServerA
ip address 192.168.10.2
keepalive type tcp
keepalive port 80
string id567=
active
service ServerB
ip address 192.168.20.2
keepalive type tcp
keepalive port 80
string id123=
active
content ABC
url "/*"
add service ServerA
string prefix "JSESSION"
advanced-balance cookies
port 80
add service ServerB
string skip-length 0
string process-length 6
protocol tcp
vip address 172.16.32.1
activeIt should work.
There is no reason for it not to work...
This is the best method you can have on the CSS for stickyness.
Get a sniffer trace on the client and server with arrowpoint cookie configured on the CSS and capture a failure so we can see what is going on.
also send me the config so I can verify everything is ok.
If you have a service request open with the TAC, you can also give the SR # so I can review what has been done.
Gilles. -
CSS load balancing in both directions.
Hi all,
my questions are
-if it is possible divide (virtualize) one physical CSS to separate ones?
and than
-if it is possible use one virtual CSS for loadbalancing in one direction and other CSS use for loadbalancing in opposite direction?
BR
ggIt sounds like you need to implement a group rule using 'add service service_name'.
ie.
service web1
ip address 192.168.1.1
port 80
active
service web2
ip address 192.168.1.2
port 80
active
owner vip
content web_servers
vip address 192.168.1.100
port 80
protocol tcp
add service web1
add service web2
active
group web_servers
vip address 192.168.1.100
add service web1
add service web2
active
What this should do is NAT any request *initiated* from web1 or web2 to the IP address specified in the group rule. In this case it is 192.168.1.100, the same as the content rule. This is fine, or you can use a different IP. I'm using RFC1918 addresses in this example, as 192.168.1.100 would be natted to some public IP on the firewall in front of the CSS.
If you wanted to do internal load balancing, or load balance to a service *NOT* within your environment (ie. 3rd party data center), you would simply change 'add service' to 'add destination service' in the group rule.
James -
I am new to CSS. I have CSS 1150 with IOS 7.3. I want to load balancing two servers 192.168.210.55 and 192.168.210.56 on port 80.
My CSS is connected in single arm configuration. Core switch is dong the Inter VLAN routing and CSS is connected in the VLAN 200 access Port.
Servers and CSS are connected to same Layer 3 switch.
CSS is in VLAN 200 (192.168.200.10)
Servers are in VLAN 210
Below is the configuration of my CSS
================================================================================
CSS11501(config)# show run
!Generated on 04/03/2011 16:47:41
!Active version: sg0730106
configure
!*************************** GLOBAL ***************************
username net des-password xxxxxx superuser
logging subsystem flowmgr level debug-7
logging disk log.log
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2
interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD
interface e4
bridge port-fast enable
phy 100Mbits-FD
interface e8
bridge port-fast enable
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.200.10 255.255.255.0
!************************** SERVICE **************************
service Citrix_Xenapp
ip address 192.168.210.55
keepalive port 80
active
service Citrix_Xenapp_2
ip address 192.168.210.56
keepalive port 80
active
!*************************** OWNER ***************************
owner ENOC_Citrix_XENAPP
content Citrix_XENAPP
add service Citrix_Xenapp
add service Citrix_Xenapp_2
vip address 192.168.200.52
protocol tcp
port 80
active
CSS11501(config)# show service
Services (3 entries):
Name: Citrix_Xenapp Index: 0
Type: Local State: Alive
Rule ( 192.168.210.55 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:38:49
Mtu: 1500 State Transitions: 14
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: Citrix_Xenapp_2 Index: 6
Type: Local State: Alive
Rule ( 192.168.210.56 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:39:40
Mtu: 1500 State Transitions: 12
Total Local Connections: 1 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 1 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
CSS11501(config)# sh version
Version: sg0730106 (07.30.1.06)
Flash (Locked): 07.20.2.06
Flash (Operational): 07.30.1.06
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
CSS11501(config)# sh run
!Generated on 04/03/2011 17:39:46
!Active version: sg0730106
configure
!*************************** GLOBAL ***************************
username net des-password xxxxx superuser
logging subsystem flowmgr level debug-7
logging disk log.log
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2
interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD
interface e4
bridge port-fast enable
phy 100Mbits-FD
interface e8
bridge port-fast enable
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.200.10 255.255.255.0
!************************** SERVICE **************************
service Citrix_Xenapp
ip address 192.168.210.55
keepalive port 80
active
service Citrix_Xenapp_2
ip address 192.168.210.56
keepalive port 80
active
!*************************** OWNER ***************************
owner ENOC_Citrix_XENAPP
content Citrix_XENAPP
add service Citrix_Xenapp
add service Citrix_Xenapp_2
vip address 192.168.200.52
protocol tcp
port 80
active
CSS11501(config)# show service
Services (3 entries):
Name: Citrix_Xenapp Index: 0
Type: Local State: Alive
Rule ( 192.168.210.55 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:38:49
Mtu: 1500 State Transitions: 14
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: Citrix_Xenapp_2 Index: 6
Type: Local State: Alive
Rule ( 192.168.210.56 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:39:40
Mtu: 1500 State Transitions: 12
Total Local Connections: 1 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 1 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
CSS11501(config)# show content
Content Database:
Pieces of content for module: 1
Total Content: 56
CSS11501(config)# show owner
Owner Configuration:
Name: ENOC_Citrix_XENAPP
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
CSS11501(config)# show owner ?
<cr> Execute command
ENOC_Citrix_XENAPP
CSS11501(config)# show owner ENOC_Citrix_XENAPP ?
<cr> Execute command
statistics Show owner statistical information
CSS11501(config)# show owner ENOC_Citrix_XENAPP
Owner Configuration:
Name: ENOC_Citrix_XENAPP
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
CSS11501(config)# show owner ENOC_Citrix_XENAPP statistics
Owner Statistics for <ENOC_Citrix_XENAPP>:
DNS Policy: None Case Sensitivity: Off
Hits: 1 Reject Overload: 0
Bytes: 52 Reject No Services 0
Frames: 1 Drops 0
Redirects 0 NAT Translations: 0
Spoofs: 0
CSS11501(config)#
The load balaning IP is 192.168.200.52 but I cant ping this virtual IP and cant telnet on port 80 on this IP address.
CSS11501(config)# ping 192.168.205.55
Pinging 192.168.205.55 1 time(s)...
Working(-) 0/1
0% Success.
%% Ping Failure
CSS11501(config)# ping 192.168.210.55
Pinging 192.168.210.55 1 time(s)...
Working(-) 1/1
100% Success.
CSS11501(config)# ping 192.168.210.56
Pinging 192.168.210.56 1 time(s)...
Working(-) 1/1
100% Success.
CSS11501(config)# ping 192.168.210.1
Pinging 192.168.210.1 1 time(s)...
Working(-) 1/1
100% Success.
CSS11501(config)# ping 192.168.200.1
Pinging 192.168.200.1 1 time(s)...
Working(-) 1/1
100% Success.
Network connectivity is there. Please let me know what I am missing and how to solve this problem.
Thanks in advance.Thanks for the reply, But I have modified my configuration. Now I am load balancing VLAN 200 Servers where the CSS also located in the same VLAN. Attach is the updated configuration.
I can only ping the VIP but not able to telnet on VIP (192.168.200.65 80).
configure
!*************************** GLOBAL ***************************
username net des-password net@dmin superuser
no restrict web-mgmt
logging subsystem flowmgr level debug-7
logging disk log.log
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2
interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD
interface e4
bridge port-fast enable
phy 100Mbits-FD
interface e8
bridge port-fast enable
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.200.10 255.255.255.0
!************************** SERVICE **************************
service Citrix_Xenapp
ip address 192.168.210.55
keepalive port 80
active
service Citrix_Xenapp_2
ip address 192.168.210.56
keepalive port 80
active
service ENOC_EFAX_1
ip address 192.168.200.66
keepalive type none
protocol tcp
port 80
active
service ENOC_EFAX_2
ip address 192.168.200.67
keepalive type none
port 80
protocol tcp
active
!*************************** OWNER ***************************
owner ENOC_Citrix_XENAPP
content Citrix_XENAPP
add service Citrix_Xenapp
add service Citrix_Xenapp_2
vip address 192.168.200.52
protocol tcp
port 80
active
owner ENOC_EFAX
content EFAX
add service ENOC_EFAX_2
add service ENOC_EFAX_1
vip address 192.168.200.65
protocol tcp
port 80
active
!*************************** GROUP ***************************
group EFAX
vip address 192.168.200.65
add service ENOC_EFAX_1
add service ENOC_EFAX_2
active
=====================
CSS11501(config)# show flow
flow-timeout Display flow-timeout values.
flows Show flow summary information
CSS11501(config)# show flow 0.0.0.0
^
%% Invalid input detected at '^' marker.
CSS11501(config)# show flows 0.0.0.0
Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort
192.168.80.89 4567 192.168.200.65 80 192.168.200.67 TCP e8 e8
192.168.200.67 80 192.168.80.89 4567 192.168.80.89 TCP e8 e8
192.168.80.89 2474 192.168.200.10 23 0.0.0.0 TCP e8 Ipv4
CSS11501(config)# show service
Services (5 entries):
Name: Citrix_Xenapp Index: 0
Type: Local State: Alive
Rule ( 192.168.210.55 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: Citrix_Xenapp_2 Index: 6
Type: Local State: Alive
Rule ( 192.168.210.56 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: ENOC_EFAX_1 Index: 1
Type: Local State: Alive
Rule ( 192.168.200.66 TCP 80 )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (NONE 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 1 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 1 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: ENOC_EFAX_2 Index: 2
Type: Local State: Alive
Rule ( 192.168.200.67 TCP 80 )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (NONE 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 2 Total Backup Connections: 0
Current Local Connections: 1 Current Backup Connections: 0
Total Connections: 2 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
CSS11501(config)# show service summary
Service Name State Conn Weight Avg State
Load Transitions
Citrix_Xenapp Alive 0 1 2 0
Citrix_Xenapp_2 Alive 0 1 2 0
ENOC_EFAX_1 Alive 0 1 2 0
ENOC_EFAX_2 Alive 1 1 2 0
CSS11501(config)# show rule
Content Rules:
///\\\ The Duke of Url.
{ O--O }
[||]
>>>>>>>>
Name: EFAX Owner: ENOC_EFAX
State: Active Type: HTTP
Balance: Round Robin Failover: N/A
Persistence: Enabled Param-Bypass: Disabled
Session Redundancy: Disabled
IP Redundancy: Not Redundant
L3: 192.168.200.65
L4: TCP/80
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: ENOC_EFAX_1-Alive, S-1
2: ENOC_EFAX_2-Alive, S-1
>>>>>>>>
Name: Citrix_XENAPP Owner: ENOC_Citrix_XENAPP
State: Active Type: HTTP
Balance: Round Robin Failover: N/A
Persistence: Enabled Param-Bypass: Disabled
Session Redundancy: Disabled
IP Redundancy: Not Redundant
L3: 192.168.200.52
L4: TCP/80
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: Citrix_Xenapp-Alive, S-1
2: Citrix_Xenapp_2-Alive, S-1
CSS11501(config)# show content
Content Database:
Pieces of content for module: 1
Total Content: 56
CSS11501(config)# show owner
Owner Configuration:
Name: ENOC_EFAX
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
Name: ENOC_Citrix_XENAPP
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
CSS11501(config)#
Please let me know what I am missing and also one link is not working.
To configure source nat you can refer to the following:
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/configuration/content_lb/guide/SGrp.html -
Hi,
I'm facing a problem with CSS while load balaning for the web application with two servers.
The application is based on activex..
Basically I have two servers running web application for which I have created VIP in the CSS, user hits the VIP address and they access the application, also we use the sticky thing as the application requires the session persistence.. everything is fine, but the problem starts when one of the server fails...
Assume a user hits the VIP address and access the application, due to the sticky thing his session will be with server A (for eg.), now suddenly the server A fails and in that time the user was doing a transcation and inputting some data and after that he press the submit button on the page, as the server A is down the web page gets refreshed and he has to relogin to the application and redo the whole thing what he was doing in that particular transcation...
Now the application guys are telling this problem should not happen as the CSS should be able to take care of the session getting reestablished to the other server B during the server A failure...
Can someone through some lights on this... I'm bit confused now... as what I understand is that the webpage gets refreshed during a server failure because the tcp session id will get changed and the server B will not accept the same tcp session so it reinitiates the new session...
Is my understanding right?? or is there something which we can do on the CSS to avoid this problem...
Regards
Vijay.Hi Gilles,
Thanks for the clarification.
I have two more issues too...
1. The load balancing of the application between the two servers are not even. Actually the traffic from the users keep hitting only one server, I understand the point of sticky method used in our case, but even atleast the connection from another client machine should go to the other server,but it is not the case... traffic from all the clients goes to only one server..
what could be the possible reason for the same...
My config is as below...
service SERVER-1
port 80
protocol tcp
keepalive port 80
keepalive type tcp
redundant-index 4
ip address 10.6.223.87
active
service SERVER-2
port 80
protocol tcp
keepalive port 80
keepalive type tcp
ip address 10.6.223.77
redundant-index 5
active
owner WEB
content WEB
add service SERVER-1
add service SERVER-2
redundant-index 104
vip address 10.6.223.78
protocol tcp
port 80
url "/webretrieve*"
advanced-balance sticky-srcip
active
2. Slow response of the application when users access application through VIP address(CSS), what can be done further in the configuration to improve the performance?? or any thing else I can do...
Regards -
Hi,
I have two CSS that I use to load balance RDP connections to two WTS servers. I dont have switch behind CSS so they are connected back-to-back via cable. All server facing ports (including back-to-back ports) are in the same VLAN.
CSS1 is primary for the VIP address and for redundant interface address, and CSS2 is standby.
So, when I connect WTS-1 to CSS-1 and WTS-2 to CSS-2, CSS1 sees both services as active and everything seems fine. If WTS-2 is disconnected, WTS2 service on CSS1 is down etc.
In sticky table, I can see that CSS1 is load balancing request to both servers, but the problem is that only RDP connections to WTS-1(server directly connected to CSS1) work fine , and connections that are load balanced to WTS-2 are dropped??? Direct RDP connection to WTS-2 IP works fine.
If I connect WTS-2 to CSS1, so both WTS servers are connected to CSS1 everything works fine.
Can anyone tell what can be wrong?
Configurations are in the attachment.
Thanks for help.
Regards,
Branimirtry the command 'ip uncond' on both CSS.
It will guarantees that the response from WTS-2 comes back to CSS1.
Gilles. -
CSS load balance - Lock Outlook 2007 - RPC over http
I have problema whit load balance for configuration of client Outlook 2007. (using protocol RPC over http). Through the CSS, after a period of utilization, the Outlook lock. And without the CSS doind load balance, no ocurred the problem.
I appreciate any help.
Thanks!Jason,
CSS is not created in a source group of "exchange2007rcvir. Is that the problem is that?
**** OWNER ****
content exchange2007rcvir
vip address 10.58.32.123
add service scmt801cto
add service scmt801cas
redundant-index 205
protocol tcp
advanced-balance sticky-srcip
sticky-inact-timeout 30
active
content exchangehtvir
vip address 10.58.32.89
add service scmt700cto
add service scmt700cas
redundant-index 201
protocol tcp
advanced-balance sticky-srcip
sticky-inact-timeout 30
active
content exchangewavir
vip address 10.58.32.33
add service scmt800cto
add service scmt800cas
redundant-index 51
protocol tcp
advanced-balance sticky-srcip
sticky-inact-timeout 30
active
***** GROUP *****
group exchangehtvir
add destination service scmt700cto
add destination service scmt700cas
vip address 10.58.32.91
active
group grp_axiavir
vip address 10.58.32.83
add destination service scxt393cas
add destination service scxt394cas
add destination service scxt395cas
add destination service scxt393cto
add destination service scxt394cto
add destination service scxt395cto
active
** No have exchange2007rcvir
Maybe you are looking for
-
How can I delete one page in a 3-page document?
hi everybody! i have this document structure: http://www.adrive.com/public/d319adba81cf1dc6d60759bb52e5e7b9229aec2fa575fb8ae3c8d8710a54b 030.html in the regular case it produces a pdf with 3 pages. in a particular case i need to delete the third page
-
IPhoto 6.0.4 says update available, Software Update disagrees
OK, I'm a bit confused here. I've got a fairly new Mac Pro (2.66 quad xeon). When I start iPhoto (6.0.4), it says that there is a new update available (6.0.5), but when I run Software Update, it says "Your software is up to date.". Ditto for iDVD and
-
How to set up web root on mac os 10 cf 7 install?
I've finally gotten ColdFusion 7 up and running with Jrun 4 on a Mac running 10.4. Now I have a silly problem. Going to http://localhost:8080 doesn't show a web site. Neither does http://localhost/. I know I'm supposed to define the web root, but how
-
Error starting Acrobat X Pro: ...You need to deactivate another computer within 32767 days to use
The serial number xxxxxxx... is already in use by the maximum allowed computers. You need to deactivate another computer within 32767 days to use this product. Installed CS6 Design Std (which included Acro X Pro) from DVD. All the apps work except
-
Export iPhoto Library in original, to folders named per Event
I have a need to export out my entire photo library in its original format (photos and videos) but I want to land the exported version in folders that are named by Events in iPhoto. I am on 10.6.4 with iPhoto '09 (8.1.2). Any way to achieve this via