CSS Sorry Server subdirectory
Is it possible to define a sorry service with a specific url without service type redirect ?
I want to specify the url location of the sorry service page.
Thanks
you will need a redirect if you want to change the original request from the client.
Or, if your sorryserver is configured to display the same page, whatever the client request, then you do not need the redirect.
You just need a normal service.
Regards,
Gilles.
Similar Messages
-
How to configure Sorry server for HTTPS (443) port. Sorry server works fine with HTTP, But not with 443
In the following config if server1 and server2 are down, the HTTP requests goes to the Sorry Server, but for HTTPS nothing is displayed. I am running the sorry server on port 81
Please suggest
!************************** SERVICE **************************
service prisorry
ip address 10.100.11.11
keepalive type http
keepalive port 81
port 81
active
service secsorry
ip address 10.100.11.12
keepalive port 81
keepalive type http
port 81
active
service server1
ip address 10.100.11.11
keepalive type http
keepalive port 80
active
service server2
ip address 10.100.11.12
keepalive type http
keepalive port 80
active
!*************************** OWNER ***************************
owner Loadbalancing
content L4Rule1
protocol tcp
add service server2
add service server1
port 80
url "/*"
vip address 10.100.11.4
advanced-balance sticky-srcip-dstport
primarySorryServer prisorry
secondarySorryServer secsorry
active
content L4Rule2
protocol tcp
add service server2
port 443
add service server1
vip address 10.100.11.4
advanced-balance sticky-srcip-dstport
primarySorryServer prisorry
secondarySorryServer secsorry
application ssl
active
content L4Rule3
add service server2
protocol tcp
port 1443
add service server1
vip address 10.100.11.4
advanced-balance sticky-srcip-dstport
primarySorryServer prisorry
secondarySorryServer secsorry
active
ThanksI just deployed a couple 11050's the other day so my experience is limited, but I'd guess your problem is that, when using the Primary Sorry Server, you end up with clients sending HTTPS requests to an HTTP port. Having HTTPS requests redirected to HTTP ports is one thing because the client then makes an HTTP request to that port, but the way you have it above, it appears to me that the client will be talking HTTPS to port 81 on the Sorry Server, which is listening for HTTP.
-
Folks,
The documentation says that the sorry server concept will only work if the loadbalancing is done at layer 7. My question is why, why can't i see the sorry server redirect if all services are down when doing load balancing at Layer 3 or Layer 4?Hi,
Can you point me to those docs. I believe sorry server should work regardless of which layer is the content rule configured to check.
Actually this doc's example is layer 3:
http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080093de8.shtml
I will build a working config at layer 3 for you soon. -
CSS 11501 - Balancing vs. Sorry Server
Hi,
I need a little advice.
I have configured my test CSS box with two services. I enabled keepalives and load balancing with one server having a weight of 5, while the other is set to the default.
Testing has proven successfull in redirecting requests when the primary server (weight 5) is taken offline. However, when it comes back online, not all requests are sent to it, and some requests still go to the secondary server.
My question:
If I want all requests to go to the primary server except in the event it is unavailable, should I configure the secondary server as a Sorry server, and not as a load balanced peer? I would effectively be using the Sorry server as a secondary content server.
Is this workable? Am I missing something?
Thanks,
JMJM,
yes you need the sorryserver option if you don't want traffic to go to your backup.
Whatever weight option you configure, there will always be a fraction of the traffic going to the backup.
Gilles. -
Hi,
I have a question regarding sorry server configuration on the CSS 11500 series.
Is there a way for the sorry server to ignore the URL path and always send the user traffic to the "root" page (e.g. index.html) of the sorry server web server?
The problem I have is the redirection of the "root" page (url "/") that is configured for the normal traffic is causing the sorry page not to work since the URL path ("/psp/CUSTOMER1/?cmd=login") does not exist on the sorry page web server:
service Sorry-Server
protocol tcp
port 8000
keepalive type tcp
ip address 192.168.2.254
active
service server1
ip address 192.168.2.101
protocol tcp
keepalive type tcp
port 8080
active
service server2
ip address 192.168.2.102
protocol tcp
keepalive type tcp
port 8080
active
owner Customer1
content Content1
vip address 192.168.1.101
port 80
protocol tcp
url "/*"
balance aca
advanced-balance arrowpoint-cookie
flow-timeout-multiplier 6
add service server1
add service server2
primarySorryServer Sorry-Server
active
content Content1-Redirect
redirect "/psp/CUSTOMER1/?cmd=login"
vip address 192.168.1.101
port 80
protocol tcp
url "/"
active
Thanks in advance for your help!
Best regards,
HarryHi again,
During a maintenance window I made the following change and that made things a bit better:
service Sorry-Server
type redirect
keepalive type none
redirect-string "192.168.2.254:8000"
active
However, since the redirect string points to a private address, Internet users are not able to access the URL.
As a work-around I sent the redirect to a new content rule with a public address and then configured a second sorry page server:
service Sorry-Server
type redirect
keepalive type none
redirect-string "sorry.example.com:8000"
active
service Sorry-Server-2
ip address 192.168.2.254
protocol tcp
port 8000
keepalive type tcp
active
owner Customer1
content Content2
vip address x.x.x.x
add service Sorry-Server-2
port 8000
protocol tcp
active
Is there a better way to do this?
Best regards,
Harry -
I have been trying to get my CSS 11506 to redirct to a Sorry Server when our content servers go offline. We thought that we had it working, but after some downtime it turned out that our configuration did not work.
After extensive reading I can't figure out what is wrong with my config, or if the problem lies else where. I am attaching my config below, can anyone tell me if they see any problems with what I have or if there is something that I need to do in addition to what I have. Thank you for you help, here is the config:
*************************** GLOBAL ***************************
no restrict web-mgmt
no restrict xml
bypass persistence disable
snmp community ******read-write
snmp name "******"
snmp contact "*******r"
snmp location "CSS11056"
snmp trap-host 10.20.1.4 ******
dns primary 10.20.1.2
ftp-record ******10.20.1.17 *** des-password
ibfebcgg6aheuc4h1hfcqhpcubwdxcjb cssgui
ip route 0.0.0.0 0.0.0.0 10.20.1.1 1 !
*************************INTERFACE*************************
interface 1/1
phy 1Gbits-FD-sym !
**************************CIRCUIT**************************
circuit VLAN1
router-discovery lifetime 1000
ip address 10.20.1.4 255.255.255.0
router-discovery
**************************SERVICE**************************
service Blade01
ip address 10.20.1.60
active
service Blade02
ip address 10.20.1.61
active
service Blade03
ip address 10.20.1.62
active
service Blade04
ip address 10.20.1.63
active
service sorry
ip address 10.20.1.41
active
!*************************** OWNER***************************
owner ***
email-address ******
content Content1
vip address 10.20.1.80
balance aca
add service Blade01
add service Blade02
no persistent
primarySorryServer sorry
active
content Content2
vip address 10.20.1.81
add service Blade03
add service Blade04
balance aca
active
!*************************** GROUP***************************
group content1nat
vip address 10.20.1.80
add destination service Blade01
add destination service Blade02
add destination service sorry
group content2nat
add destination service Blade03
add destination service Blade04
vip address 10.20.1.81
!**************************** ACL ****************************
acl 10
clause 5 permit any 10.20.1.60 destination content ****
sourcegroup ****
clause 6 permit any 10.20.1.61 destination content ICC/flippid
sourcegroup Content1
clause 99 permit any any destination any
clause 2 permit any 10.0.0.0 destination content ****
sourcegroup ****
apply circuit-(VLAN1)
clause 7 permit any 10.20.1.41 destination content ****
sourcegroup Content1One problem I can see is that you don't have any keepalives configured under the services, so they will default to a Ping. As long as they respond to ping, it will keep traffic going to those servers.
What services run on these Servers? We generally recommend you use as higher layer keepalive as possible, so if it is a web server for example, use a HTTP keepalive.
Have a look here for more info:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/content_lb/guide/KAL.html -
CSS 11051: Sorry Server receives request although the normal server is up
Hello,
my customer has configured a sorry for his server. If the normal server is down the Sorry Server receives the requests. That works fine. But if the normal server comes back the Sorry Server still receives some requests( 2 hours and more). Has anybody an idea what might be the reason for that ?
regards
Dietrich Schleyer
content webserver
add service server12
vip address 10.40.52.20
primarySorryServer server13
protocol tcp
port 80
url "/*"
no persistent
active
service server12
ip address 10.40.52.12
port 80
protocol tcp
keepalive type named applicationwww01
active
service server13
ip address 10.40.52.13
protocol tcp
port 80
keepalive type named applicationwww02
active
keepalive applicationwww01
ip address 10.40.52.12
port 80
type http non-persistent
uri "/test.html"
frequency 10
method get
active
keepalive applicationwww02
ip address 10.40.52.13
port 80
uri "/test.html"
frequency 10
method get
type http non-persistent
activeAccording to: http://www.cisco.com/warp/public/117/css_sorry_server.html After the CSS 11000 directs requests to a primary sorry server, the switch will continue to use the primary sorry server even when the original server becomes functional. To force the connection back to the original server, you must suspend the primary sorry server or wait until the connection is dropped or times out. When a new session is initiated by the CSS 11000, the connection should go back to the original server.
-
Sorry server - different replies
We have CSS 11000 that provides load balancing between several servers with configured max-session .
How to configure that sorry server sends different reply:
1) if all servers are down, it has redirect to page "sorry, server is down"
2) in case of overload, it it has to redirect to page "sorry, server is bussy, try later"
Can you advise how it possible to configue this?
thanks in advance,
Nataliathere is no direct way of doing this.
However, my solution is to do this :
service sorry_down
service sorry_overloaded
keepalive type script check_service_down use-output
owner mycompany
content www
vip ...
add service ...
primarysorryserver sorry_overloaded
secondarysorryserver sorry_down
active
The script check_service_down, will do a 'show service ' grep -u Alive to detect if a service is alive or just not used because down.
Or you could also simply do ap-kal-pinglist and ping the services.
Anyway, the idea for the kal for the service sorry_overloaded is to check the status of the other services and detect if they are down or just overloaded.
Gilles. -
Hi,
we have two CSS11503 to load balance http and https traffic, we have to know the source IP packet of request to a Sorry Server when all the services on the content are down.
I mean, when all services into the content are down a request from a client i forwarded to the primary sorry server, is the source IP of the request the load balancer IP address, or is the client IP address wherefrom the request starts?!
Thanks
CinziaBy default we do not source nat the client ip address.
But if the sorry server is at a remote location, you will NEED to do source nat for the connection to work, otherwise the sorry server will respond directly to the client bypassing the CSS and the client will not appreciate seeing a response from a different ip than the vip.
You could use a redirect sorry server, so that a redirect response is sent to the client which does open a new connection directly with the sorry server.
Gilles. -
ACE and secondary sorry server?
Hi,
I need to transfer the CSS' concept of the "secondary sorry server" to the ACE.
My (so far untested) idea is: attaching a backup server-farm to the primary server-farm to get the "sorry server" function; attaching a backup rserver to the rserver used in the backup server-farm to get a backup for the backup.
Will it work this way?
ArnoCascading serverfarms is restricted to one backup level but you can cascade backup for individual servers.
-
is it possible to confider the css so that is one of the servers goes down that it will redirect the request to the sorry server, as per the documentation all servers have to be done, i want it to go to sorry server if one of the servers goes down. any ides?
so, you have multiple servers assigned to a content rule, and if one of them goes down, you want the traffic to be redirected to a sorryserver. Is that correct ?
The only solution would be to create a probe that would bring all servers down at the same time. You can create a global keepalive that uses a script probe that does check each server and assign this same global keepalive to all server. Like this, they will all go down at the same time and your sorryserver will be used.
Gilles. -
I have added a service for the sorr server and I have added the name of the server SorryServer1 to the content rule. However when I suspend the content rule I get a Page Not diplayed instead of the redirect to the Sorry Server.
The config has mulitple Content rules, I am currently only testing on one.
ThanksHi,
if you suspend the whole content rule the sorry server can not do it's action as the rule is "down" you need do suspend all services except the sorry server.
Kind Regards,
Joerg
PS
For a HowTo and recommendations refer to http://www.cisco.com/en/US/partner/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801579f2.html#1038009 -
I have configured 3 different serverfarms with including realservers
2 of them are with websites, the other 1 is with webservices
I also have configured a sorry server farm and the including rserver.
On the sorry rserver i have configured 2 maintenance websites, listening to an unique hostheader.
So for serverfarm A & B i have configured a seperate maintenance website.
Now when i take rservers from serverfarm A or B down, the sorry server will get active for the needed farm.
However i can only reach 1 maintenance website. And even so, an url used to reach farm A gets on maintenance site from B
This is strange behaviour, doesnt a sorryserver just accept requests with the requested hostheader by the client ?
Also, when i put the rservers from A and B back into service i have to do a "clear stick database all" otherwise the sorryserver will remain active.
What is wrong here ?
probe http EHIC-http
description Test op WWW functionaliteit
interval 10
passdetect interval 30
request method get url http://acc.site-B.nl/web/
expect status 200 200
header Host header-value "acc.site-B.nl"
expect regex 1.8.0.2
probe http WWW-http
description Test op WWW functionaliteit
interval 10
passdetect interval 30
request method get url http://acc.site-A.nl/web/default.aspx
expect status 200 200
header Host header-value "acc.site-A.nl"
expect regex v1.9.2.327
serverfarm host EHIC-FARM
failaction purge
predictor leastconns slowstart 30
probe EHIC-http
rserver ehic_server01.site-B.nl
inservice
serverfarm host SORRY-FARM
failaction purge
predictor leastconns
rserver sorrypage.site-C.nl
inservice
serverfarm host WBS-FARM
failaction purge
predictor leastconns slowstart 30
probe ICMP-PROBE
rserver acc-wbs01v.site-D
inservice
rserver wbs_01.site-D
inservice
rserver wbs_02.site-D
inservice
serverfarm host WWW-FARM
failaction purge
predictor leastconns slowstart 30
probe WWW-http
rserver acc-www01v.site-A
inservice
rserver acc_server01.site-A
inservice
rserver acc_server02.site-A
inservice
sticky ip-netmask 255.255.255.255 address source EHIC-FARM-STICKY
serverfarm EHIC-FARM backup SORRY-FARM
sticky ip-netmask 255.255.255.255 address source WWW-FARM-STICKY
serverfarm WWW-FARM backup SORRY-FARM
class-map match-any EHIC-VIP
2 match virtual-address 172.30.9.4 tcp eq https
3 match virtual-address 172.30.9.4 tcp eq www
class-map match-any WBS-VIP
6 match virtual-address 172.30.5.4 tcp eq www
7 match virtual-address 172.30.5.4 tcp eq https
class-map match-any WWW-VIP
2 match virtual-address 172.30.6.4 tcp eq www
3 match virtual-address 172.30.6.4 tcp eq https
policy-map type loadbalance first-match EHIC-FARM-STICKY-BALANCE
class class-default
sticky-serverfarm EHIC-FARM-STICKY
policy-map type loadbalance first-match WBS-FARM-BALANCE
class class-default
serverfarm WBS-FARM
policy-map type loadbalance first-match WWW-FARM-STICKY-BALANCE
class class-default
sticky-serverfarm WWW-FARM-STICKY
policy-map multi-match LOADBALANCING-EHIC
class EHIC-VIP
loadbalance vip inservice
loadbalance policy EHIC-FARM-STICKY-BALANCE
loadbalance vip icmp-reply active
appl-parameter http advanced-options EHIC-PARAMETERS
policy-map multi-match LOADBALANCING-WBS
class WBS-VIP
loadbalance vip inservice
loadbalance policy WBS-FARM-BALANCE
loadbalance vip icmp-reply active
appl-parameter http advanced-options WBS-PARAMETERS
policy-map multi-match LOADBALANCING-WWW
class WWW-VIP
loadbalance vip inservice
loadbalance policy WWW-FARM-STICKY-BALANCE
loadbalance vip icmp-reply active
appl-parameter http advanced-options WWW-PARAMETERS
Regards,
SebastianHi Gilles,
Here is our full config, i only changed some domain names.
I'll try to describe the problem again ;
We have published a website by vip 172.30.6.4
We have another website published by vip 172.30.9.4
These websites are hosted by realservers configured in 2 serverfarms and can be reached from the internet (secured by an ASA)
For both of these farms i have configured a sorryserver. This sorry server should serve a webpage containing a maintenance message whenever a farm should get down.
The sorry server is configured with 2 websites, each listening to the specific hostheader. This hostheader is the same as configured on the rservers for the specific farm 172.30.6.4 or 172.30.9.4.
So what i am trying to accomplish is that i only need 1 sorryserver to server 2 sorry webpages, ofcourse listening to a hostheader to get 2 different sorrypages to be returned.
Now when i take all realservers for both serverfarms down, except for the sorryserver, i can only reach 1 sorrypage.
For example, site A and B are down, when i try to reach site A i get to the sorrypage of site A. But when i try to reach site B i too get served the sorrypage of site A.
And also when i "inservice" all rservers again i have to do a "clear sticky database", otherwise the sorryserver will remain active.
Now i have upgraded to the last version of the ACE ios, but i still have to test if the same problem persists so i will give feedback on this later.
Regards,
Sebastian -
Here is a description of the problem I am having:
I have a VIP configured using 2 serverfarms. ServerFarm-A as the primary and ServerFarm-B as the backup.
Serverfarm-A (Primary) contains 2 webservers hosting the website
Serverfarm-B (BackUp) contains 1 server simply hosting a sorry page
When Serverfarm-A (Primary) fails, I recieve the sorry page hosted on Serverfarm-B (Backup)
This action works fine with no issues. I simply click the refresh button on my browser and get the sorry page.
When Serverfarm-A (Primary) comes back on-line I still recieve the sorry page hosted on Serverfarm-B (Backup)
The only way I do not recieve the sorry page is if the client deletes its cache from the browser. (This issue occurs in both IE and FireFox)
I am assuming that since this action does not occur when ServerFarm-A goes down why would it happen the opposite way.
I have tried several differnt configs recommended by TAC and still no luck.
I am hoping someone has come across this issue and can help.Larry,
Have you compared the headers that are being sent by the servers in the primary farm with those of the sorry serverfarm? If the sorry servers are marking the content as cacheable but the primary servers are not then you could perhaps configure the sorry servers with the same settings.
Is the sorry server giving actual application content or just a sorry page telling the user the site is unavailable?
Also when you refresh is the browser making a new tcp connection to the vip or is it just sending a get on the existing tcp conversation? A wireshark trace on the client would show if it is a new connection or a continuation of the existing one. If the connection is still established and you are just sending another get on the same tcp stream you may want to try and disable connection keepalive on the web server. When the primary farm comes back up only new tcp connections should be sent there. The existing connection will stay on the server they were initially sent to. -
Https serverfarm with http sorry server
Hello all,
I am having difficulty configuring a sorry server for an existing https serverfarm. The sorry (backup) server is failing all connections and I think it's because I can not determine a way to differentiate ssl connections for the production serverfarm and non-ssl connections for the sorry server. Here is the load balance policy:
policy-map type loadbalance http first-match WWW-HTTPS-LBP
class class-default
serverfarm WWW-HTTPS backup WWW-OUTAGE
action https-rewrite
ssl-proxy client CLIENT-SSL-PROXY
The WWW-HTTPS serverfarm is comprised of HTTPS real servers, hence the necessity of the ssl-proxy client; however, when the WWW-HTTPS serverfarm is offline, the ssl-proxy can't connect to the WWW-OUTAGE serverfarm as the real server in that farm is HTTP only.
Has anyone run into this scenario before?The ssl-proxy client forces the connection on the backend (to the real server to be https).
You should instead create a redirect serverfarm and use it to redirect the user to an http vserver where you can use your http serverfarm without the ssl-proxy client.
Gilles.
Maybe you are looking for
-
How to remove a hard disk file on storage
Hello, In my process, I would like to remove an additional disk. To achieve that task, I have found "Remove VM device". It is a VMware box that I can use to remove any device (including Hard disks) and I have not found another box to do that. But fil
-
Output type not generated after PO save.
HI, While creating new PO, we are able to see the output type(ABC) before saving the PO. But after saving it, there isn't any output type (ABC) generated. I have maintained MN04 & WE20. Kindly advice. Best Regards, Kapil.
-
How to download adobe 10.1
Hello, My computer, with adobe reader, was working perfectly until I tried to download a free 30-day trial of adobe pro. After the second day of the free trial, I was so tired of the continuous pop-up asking if I'd like to continue the trial or buy
-
Do Apple employees receive benefits such as educational allowances?
-
Hi , I created one table and also creted a transaction code for that table where when we execute the transaction all the contents of the table are displayed in display mode. Now i made the changes in the table (like field names , dataelements) and ac