CSS11501 load-balancing IPv6 services

Similar Messages

• Question about Load Balance SFTP service by using CSS1150X

  Does anyone come across of load balancing SFTP service by using CSS1150X? Typically by configuring CSS1150X to load balance FTP service, the configuration will as follow:
  content ftp_rule
  vip address 192.168.3.6
  protocol tcp
  port 21
  application ftp-control
  add service serv1
  add service serv2
  add service serv3
  active
  group ftp_group
  vip address 192.168.3.6
  add service serv1
  add service serv2
  add service serv3
  active
  However, for my personal understanding and knowledge, I will configure my CSS1150X as follow to load balance SFTP service:
  content sftp_rule
  vip address 192.168.3.6
  protocol tcp
  port 22 //Change 21 to 22
  application ftp-control
  add service serv1
  add service serv2
  add service serv3
  active
  group sftp_group
  vip address 192.168.3.6
  add service serv1
  add service serv2
  add service serv3
  active
  My question is, "application ftp-control" in content "ftp_rule" is still applicable to SFTP or not?

  I believe application ftp-control would not be used for sftp.
  This might cause the session to get dropped when there is no data channel created and cause issues with long connections.
  Hope it helps!!

• Using a single CSS to load balance multiple services

  Is it possible to use a single CSS to load balance 3 different services (server farm) ? That mean the CSS need to advertise 3 VIP
  I'm thinking of two scenarios:
  1 - configure the CSS to use 4 interfaces: 1 to public, 3 to private (each interface will plug-in to a different vlan/server farm)
  2 - configure the CSS to use 2 interfaces: 1 to public, 1 to private (all 3 server farms are in the same vlan)
  Will both scenarios work ?
  Thanks
  --Phillip.

  Hi Phillip,
  both scenarios will work. One CSS can certainly manage more than 3 services! You can even use just one VIP for all traffic, then just create the proper rules to send specific traffic to the corresponding service(s). No need for 3 VIPs.
  Regards
  -juerg

• Load Balancing Forms Services with an effective healthcheck

  I am in the process of configuring two forms 11.1.2 servers running with weblogic 10.3.5 with multiple forms applications clustered across both physical servers. We are looking to load balance to the various forms applications using a hardware load balancer. Can anyone comment on their experience with setting up effective application healthchecks using either hardware or software load balancers?
  For example say that we have 3 applications clustered across 2 servers with the following
  URLs:
  http://server01:7777/forms/frmservlet?config=myapp1
  http://server01:7777/forms/frmservlet?config=myapp2
  http://server01:7777/forms/frmservlet?config=myapp3
  http://server02:7777/forms/frmservlet?config=myapp1
  http://server02:7777/forms/frmservlet?config=myapp2
  http://server02:7777/forms/frmservlet?config=myapp3
  We would need a checking mechanism on the load balancer that could tell if myapp2 was down on say server01 and therefore block traffic to that application yet keep traffic open for the other 2 apps on the same server.
  A specific difficulty with forms is that when the database behind the application is down forms services will return an error message within a displayed error form. From the load balancer's point of view the forms services are "up". We need to find a way of detecting that the application is actually available and not just that the forms services themselves are available. To detect that the forms services are available we might normally use the status check:
  http://server01:7777/forms/frmservlet?ifcmd=status
  however this will only tell use the availability of the forms services on a physical server and not whether any actual applications are available.
  I am aware that f5 do a BIGIP offering that includes some Oracle Forms specific components. Can anyone comment on how they have setup Oracle Forms healthchecks using various load balancing methods. In particular if a load balancer is limited to using WGET commands to check HTTP returned content is there a way of checking a forms application's availability and if not how have other people achieved an effective healthcheck?
  Many thanks,
  Philippe

  Did you ever Get this to work?
  I am having some problems trying to load balance with Oracle Forms, Discover and reports Oracle Application Server Release 10g (9.0.4.0.2) and I was wondering if you could help. Has any one ever got this to work consistently? We are an ERP product written mostly in forms (904) and are trying to implement are largest customer there performance issue so we need the load balancing to work. Will also accept other recommendation as cost effective as solutions.
  Site 1:
  A: SERVER –
  •     Host as1.xyzco.local
  •     Version 10.1.2.0.2
  •     Installation Type Identity Management and Metadata Repository
  •     Oracle Home E:\oracle\inf_1012
  •     Farm as1db.xyzco.net
  o     HTTP_Server
  o     Internet Directory
  o     OC4J_SECURITY
  o     Single Sign-On:orasso
  o     Management
  B SERVER –
  •     Host as2. xyzco.local
  •     Version 9.0.4.0.2
  •     Installation Type Business Intelligence and Forms
  •     Oracle Home E:\oracle\mid_904
  •     Farm as2db. xyzco.net
  o     Discoverer
  o     Forms
  o     home
  o     HTTP_Server
  o     OC4J_BI_Forms
  o     Reports Server
  o     Web Cache
  o     Management
  C SERVER –
  •     Host as3. xyzco.local
  •     Version 9.0.4.0.2
  •     Installation Type Business Intelligence and Forms – Discoverer and Reports
  •     Oracle Home E:\oracle\mid_904
  •     Farm as2db. xyzco.net
  o      Discoverer
  o     Forms
  o     home
  o     HTTP_Server
  o     OC4J_BI_Forms
  o     Reports Server
  o     Web Cache
  o     Management
  All servers Are:
  •     Windows 2003 Standard Server with current service packs
  •     Xeon Dual Processor with 4GB ram
  •     Raid 0 drives 2 for OS and 2 for Oracle
  Daniel Brody
  [email protected]

• Oracle RAC load balancing advisory services query

  Hi,
  I have a query on RAC load balancing advisory.
  Is it possible to create a service for exeuction of a PL/SQL package?
  We have UNIX batches which are set of PL/SQL packages that may or may not be linked are executed daily. These batches consumes lots of resources.
  So i want to configure my services such that say pkg1 will go to node1 and pkg2 will go to node2 and so on and so forth.
  Is it possible to achieve this with Net services and LBA?
  If not, is there any other way i can do this?
  Thanks
  AT
  Message was edited by:
  Amit Trivedi

  Hi, my answers are:
  Is it possible to create a service for exeuction of a PL/SQL package?Yes, that is posible, you can create a service for execute PL/SQL Packages, in fact you can create any service that you need and assign the resources and priorities for this service.
  Is it possible to achieve this with Net services and LBA?Yes, thats posible, you define the priorities at service level and where the service must run at node level.
  If not, is there any other way i can do this?Yes, if you dont wish using the LBA and services you will must create statict definition into tnsnames file for operate connection string and indicate where must connect the session for execute the package.
  Luck.
  Have a good day.
  Regards.

• Load balancing Reports Services 10g with WebCache?

  Hi Guys
  Does anybody have any good ideas on how to load balance Oracle Reports Services?
  Can I do it with WebCache as with Forms Services?
  /Jacob :)

  My java application resides in a different server (weblogic) from the Oracle Application server (which has the report server). I do a browser redirect from my java application to a URL of OAS . I have hard coded Oracle Application server and report server name in one of my config files in my java weblogic server
  In the above URL, servername:7770 is the Oracle Application Server. I would not have a problem with this since this will be the name of the cluster.
  But the problem is server=<report server> . The report server which will pickup my request will be identified only after the browser has redirected to the URL. SO I cannot hard code it in my ajava application.
  Can I just remove server=<report server name> when generating URL from my java application when I need to run report server in a clustered load balancing environment?
  Sorry if my earlier post was confusing

• Load balancing web services

  Our architecture has 4 app servers and a central instance. Just recently, we enabled web services. The WISDL points to a specific server depending on which server you access the WISDL.
  What is the recommended approach to load balance accross the servers?  Set up a load balancer switch outside of SAP or can the J2EE handle internally? Should the WISDL point to the central instance? etc.
  I am having trouble finding discussions or documentation on this subject. 
  I will reward points.  Thanks!!!1

  Can you go into a little more detail.  We have I believe the same setup as you just described.  We have 2 app servers on 6.40 and would like to load balance between them.  We have set the ms/server_port_0 = PROT=HTTP,PORT=8100.  (Which for some reason rsaparam has flagged as red.)  We have set parameter ms/http_port = 8100 in each of the app servers.  In SICF we have activated both sap/public/icf_info/urlprefix and sap/public/icf_info/logon_groups.  When we run a BW querry it runs just to the CI.
  A couple of questions:  1)  In the 2 SICF services there is a place for logon groups, is this a pre-requisite and if so, can a normal GUI logon group work that is just pointing to the 2 app servers?  If they don't work, how do you create a logon group just for HTTP load balancing?  2)  Is there some other settings that we could be missing?
  Any help on this matter would greatly be appreciated as we have been struggling with this for some time.
  Thanks,
  Jared

• Load Balance FIM Service

  Hello, I am researching the best way to load balance our FIM Service infrastructure and I wanted to get some advice from others who have been down this road.  Here is our current set up and what we are trying to to achieve:
  We currently have two FIM Service machines in place that share a FIM Service DB and use the same AD FIM Service account
  Machine one has a FIM service address of fimservice.acme.com (FQN= myfirstmachine.acme.com)
  The second machine has a FIM service address of fimserviceOther.acme.com (FQN-mysecondmachine.acme.com) 
  Each FIM service has its own
  partition
  Our goal is to load balance the two FIM services under one address as fimservice.acme.com.  The NLB would route traffic to the original fimservice.acme.com instance as well as the fimserviceOther.acme.com instance.
  Under this scenario, are there any changes that we need to make to our environment? Or will simply setting up the VIP with an address of fimservice.acme.com suffice and then just have the two nodes as myfirstmachine.acme.com and mysecondmachine.acme.com
  work?
  Are there any changes that we need to make to the FIM partition or is keeping them separate as they currently are ok?
  Cheers!

  Hi any thoughts on this would be appreciated!
  Cheers

• CSS11501 load-balancing SMTP and LDAP servers

  Can anybody provide me with samples of configuration to load-balance SMTP & LDAP servers with CSS ? I feer having the same problem as with FTP when the session is initiated from the server side and that we have to make some special adds-on to the config ?

  Load balancing should work fine on the CSS. I am sure that there is some confiugaration issue. Can you post the configuration so that we can check where the problem is?

• Does SLS support load balancing services?

  Does SLS allow for load balancing of services? Such as iChat, Address Book, Calendar, Mail, Web, etc?
  Right now I have four Mac Mini servers
  Mac Mini 1 - Primary DNS, Open Directory Primary
  Mac Mini 2 - Primary DNS, Open Directory Replicate
  Mac Mini 3 - VPN, Mobile Access, File Sharing, Software Update Services, Address Book, iCal, and iChat.
  Mac Mini 4 - Web / Mail
  I want to get two more mac mini's to load balance #3 and #4. Meaning, if the server goes down or gets heavy load, it will start utilizing the other mac mini.
  How can I set this up??

  As for load balancing iAS has a component called Web-Cache which can be used for this.
  For installation of iAS as per the OS you will find information at the folowing link:
  http://otn.oracle.com/docs/products/ias/content.html
  -- Mathew

• Network Load Balancing - Multicast IPv6

  I have a two servers with network load balancing. They are configured to use IGMP Multicast which works well with IPv4.  The switch correctly detects the group and sends the traffic to only the ports connected to the servers.
  However i can't get IPv6 working outside of the servers subnet.  You can access the loadbalanced IPv6 address from within the servers subnet but machines outside the subnet cannot access it.
  Does load balancing properly support IPv6?  Should it not support Multicast Listerner Discovery (MLD) to work properly with IPv6? 
  Thanks

  Thanks for your reply. 
  Yes - you are correct. We are using an IPv6 address as the cluster IP address for incoming connections but it can't be access outside of the subnet. The cluster has both a link-local and global address - both are only accessible from within the subnet.
  The two servers that are part of load balancing cluster both have IPv6 address assigned to their network adapters - these are accesible outside the subnet. Infact 80% of all our network traffic is IPv6 - routing is working fine between all servers, workstations
  and devices on our various subnets.  The problem is purley affecting the load balancing IPv6 address.
  The IP config and route tables are below.  Thanks for your help.
  Regards, Daniel
  Microsoft Windows [Version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation. All rights reserved.
  M:\>ipconfig /all
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : indium
  Primary Dns Suffix . . . . . . . :
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . :
  Ethernet adapter Public:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
  pter
  Physical Address. . . . . . . . . : 00-15-5D-CA-6C-04
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv6 Address. . . . . . . . . . . : 2001:630:34:1010::42(Preferred)
  IPv6 Address. . . . . . . . . . . : 2001:630:34:1010::40(Preferred)
  Link-local IPv6 Address . . . . . : fe80::4c7b:41a3:be85:e6c4%10(Preferred)
  Link-local IPv6 Address . . . . . : fe80::95f6:2da7:dcdb:1fc1%10(Preferred)
  IPv4 Address. . . . . . . . . . . : 10.0.0.42(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.252.0
  IPv4 Address. . . . . . . . . . . : 10.0.0.40(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.252.0
  Default Gateway . . . . . . . . . : 2001:630:34:1010::1
  10.0.0.1
  DHCPv6 IAID . . . . . . . . . . . : 234886493
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-D0-9F-CD-00-15-5D-01-14-35
  DNS Servers . . . . . . . . . . . : 2001:630:34:1010::10
  2001:630:34:1010::8
  10.0.0.10
  10.0.0.8
  NetBIOS over Tcpip. . . . . . . . : Disabled
  Microsoft Windows [Version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation. All rights reserved.
  M:\>ipconfig /all
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : aluminium
  Primary Dns Suffix . . . . . . . :
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . :
  Ethernet adapter Public:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
  pter
  Physical Address. . . . . . . . . : 00-15-5D-01-37-04
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv6 Address. . . . . . . . . . . : 2001:630:34:1010::43(Preferred)
  IPv6 Address. . . . . . . . . . . : 2001:630:34:1010::40(Preferred)
  Link-local IPv6 Address . . . . . : fe80::95f6:2da7:dcdb:1fc1%10(Preferred)
  Link-local IPv6 Address . . . . . : fe80::fcab:aeb9:175d:9994%10(Preferred)
  IPv4 Address. . . . . . . . . . . : 10.0.0.43(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.252.0
  IPv4 Address. . . . . . . . . . . : 10.0.0.40(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.252.0
  Default Gateway . . . . . . . . . : 2001:630:34:1010::1
  10.0.0.1
  DHCPv6 IAID . . . . . . . . . . . : 234886493
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-BF-55-42-00-15-5D-01-13-45
  DNS Servers . . . . . . . . . . . : 2001:630:34:1010::10
  2001:630:34:1010::8
  10.0.0.10
  10.0.0.8
  NetBIOS over Tcpip. . . . . . . . : Disabled
  Microsoft Windows [Version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation. All rights reserved.
  M:\>route print
  IPv6 Route Table
  ===========================================================================
  Active Routes:
  If Metric Network Destination Gateway
  10 261 ::/0 2001:630:34:1010::1
  1 306 ::1/128 On-link
  10 261 2001:630:34:1010::/64 On-link
  10 261 2001:630:34:1010::40/128 On-link
  10 261 2001:630:34:1010::42/128 On-link
  10 261 fe80::/64 On-link
  10 261 fe80::4c7b:41a3:be85:e6c4/128
  On-link
  10 261 fe80::95f6:2da7:dcdb:1fc1/128
  On-link
  1 306 ff00::/8 On-link
  10 261 ff00::/8 On-link
  ===========================================================================
  Persistent Routes:
  If Metric Network Destination Gateway
  0 4294967295 ::/0 2001:630:34:1010::1
  ===========================================================================

• F5 and Presentation Services Load balancing

  I like to utilize F5 for load balancing 2 presntation services on clustered BI servers on windows Platform
  If any one have set up F5 in a OBIEE clustered environment for load balancing presentation services , can you please share any links
  to articles regarding this setup or any other information that may help understanding the configuration details
  Thanks

  hi,
  try this blog http://bvellinger.blogspot.com/2008/01/obiee-10132-and-multiple-presentation.html
  Regards
  Naresh

• Re: Shared SO's and Load Balancing

  Thanks, Tom. I understand this issue a lot better now.
  Dale
  On Wed, 21 Jan 1998 23:28:33 +0000, Tom O'Rourke wrote:
  Dale,
  You are right in that it many times does not make sense to load balance
  services that are multi-threaded.
  But, when a TOOL service object is partitioned with a DBSession service
  object, the TOOL service acts as if it is single-threaded regardless of if
  it is SHARED or not (while the partition is accessing the database). This
  means that the entire partition will be blocked (single-threaded) while the
  TOOL service object is using the DBSession to access a database.
  Forte blocks the partition to protect the integrity of the data being
  passed back and forth to the database because the database vendors have yet
  to provide a thread safe call interface to the RDBMS. This is changing as
  we speak and Forte is in the process of making the appropriate adjustments.
  So, this is the case where it makes complete sense to load balance a
  service that is not marked as being SHARED and why it can be a tremendous
  performance advantage to use Forte load balancing. As we all know, this
  architecture (TOOL EVSO partitioned with DBSession UVSO) is one that is
  widely used and proven to produce high performing applications.
  The point you bring up is a good one and that is often misunderstood. A
  load balanced SO will behave as if it is single threaded (or SHARED).
  FYI, we have just added a new feature in release 3.F. Performance-based
  load balancing. Check it out.
  Tom
  At 07:38 PM 1/21/98, Dale V. Georg wrote:
  On Wed, 21 Jan 1998 17:24:33 -0000, Richard Stobart wrote:
  Dale,
  If SHARED is true in a Service Object then the Service Object is not
  re-entrant (because many clients are sharing its variables and therefore is
  not multitasked (Funny logical naming if you ask me)). I got a lot of replies correcting me on what SHARED means! I do know
  what SHARED means, I just phrased it backwards in my post. Excuse me
  while I smack myself upside the head. :)
  All replicates of a
  load balanced partition are not re-entrant and thus equivalent to SHARED =
  true. The advantage of load balancing is that the replicates can be
  distributed over machines and thus the load is balanced. What I fail to understand is this: If you have a non-SHARED SO all by
  itself in a partition which is not load-balanced, it will be
  re-rentrant and multiple users can call it at the same time. But as
  soon as you load-balance it, all of a sudden it behaves as if it were
  SHARED. Why? I don't understand the technical limitations that impose
  this, nor do I understand the advantage. For example, let's say that I
  have 50 concurrent users of the SO I described above. It's in a
  non-load-balanced partition, so all 50 users can access it at the same
  time without any problem. Now let's say my server is a little
  stressed, so I decide I want to load-balance my SO and have two
  replicates, one on the original server and one on a second server. But
  now that I've load-balanced it, the partitions act as if they're SHARED
  and my 50 concurrent users are going to be lining up in queues and
  suffering from horrible response times. How is this advantageous?
  ================================================
  Dale V. Georg
  Systems Analyst
  Indus Consultancy Services
  [email protected]
  ================================================
  ================================================
  Dale V. Georg
  Systems Analyst
  Indus Consultancy Services
  [email protected]
  ================================================

  Thanks, Tom. I understand this issue a lot better now.
  Dale
  On Wed, 21 Jan 1998 23:28:33 +0000, Tom O'Rourke wrote:
  Dale,
  You are right in that it many times does not make sense to load balance
  services that are multi-threaded.
  But, when a TOOL service object is partitioned with a DBSession service
  object, the TOOL service acts as if it is single-threaded regardless of if
  it is SHARED or not (while the partition is accessing the database). This
  means that the entire partition will be blocked (single-threaded) while the
  TOOL service object is using the DBSession to access a database.
  Forte blocks the partition to protect the integrity of the data being
  passed back and forth to the database because the database vendors have yet
  to provide a thread safe call interface to the RDBMS. This is changing as
  we speak and Forte is in the process of making the appropriate adjustments.
  So, this is the case where it makes complete sense to load balance a
  service that is not marked as being SHARED and why it can be a tremendous
  performance advantage to use Forte load balancing. As we all know, this
  architecture (TOOL EVSO partitioned with DBSession UVSO) is one that is
  widely used and proven to produce high performing applications.
  The point you bring up is a good one and that is often misunderstood. A
  load balanced SO will behave as if it is single threaded (or SHARED).
  FYI, we have just added a new feature in release 3.F. Performance-based
  load balancing. Check it out.
  Tom
  At 07:38 PM 1/21/98, Dale V. Georg wrote:
  On Wed, 21 Jan 1998 17:24:33 -0000, Richard Stobart wrote:
  Dale,
  If SHARED is true in a Service Object then the Service Object is not
  re-entrant (because many clients are sharing its variables and therefore is
  not multitasked (Funny logical naming if you ask me)). I got a lot of replies correcting me on what SHARED means! I do know
  what SHARED means, I just phrased it backwards in my post. Excuse me
  while I smack myself upside the head. :)
  All replicates of a
  load balanced partition are not re-entrant and thus equivalent to SHARED =
  true. The advantage of load balancing is that the replicates can be
  distributed over machines and thus the load is balanced. What I fail to understand is this: If you have a non-SHARED SO all by
  itself in a partition which is not load-balanced, it will be
  re-rentrant and multiple users can call it at the same time. But as
  soon as you load-balance it, all of a sudden it behaves as if it were
  SHARED. Why? I don't understand the technical limitations that impose
  this, nor do I understand the advantage. For example, let's say that I
  have 50 concurrent users of the SO I described above. It's in a
  non-load-balanced partition, so all 50 users can access it at the same
  time without any problem. Now let's say my server is a little
  stressed, so I decide I want to load-balance my SO and have two
  replicates, one on the original server and one on a second server. But
  now that I've load-balanced it, the partitions act as if they're SHARED
  and my 50 concurrent users are going to be lining up in queues and
  suffering from horrible response times. How is this advantageous?
  ================================================
  Dale V. Georg
  Systems Analyst
  Indus Consultancy Services
  [email protected]
  ================================================
  ================================================
  Dale V. Georg
  Systems Analyst
  Indus Consultancy Services
  [email protected]
  ================================================

• Sticky load balancing across 2 ports with cookies

  Hi,
  I have a server configuration where I have 1 top level Apache server that deals with SSL termination (and handles static content) and proxy passes dynamic content onto 2 Tomcat servers on 2 ports, one for http requests (9001) and one for the requests that were secure, but have now been un-encrypted by Apache (9002).  My 2 Tomcat servers are load balanced using a CSS and I need this load balancing to stick to the tomcat servers regardless of port so that the user is stuck to the same Tomcat server for their entire session. 
  I would like to use arrowpoint cookies to perform this stickyness, but the documentation suggests that arrowpoint cookie load balancing (in fact any cookie based load balancing) requires the port to be specified in the content rule.  Is this correct?  Is my only option to use the source IP for stickyness? I don't understand why the port should be required if the stickyness is via a cookie. Can I not simply configure my 2 tomcat servers as services with no port and add a single content rule that load balances these services using arrowpoint-cookie advanced balancing?
  service tomcat1
    ip address x.x.x.x
    active
  service tomcat2
    ip address x.x.x.x
    active
  owner me
     content sticky
       vip address x.x.x.x
       protocol tcp
       url "/*"
       add service tomcat-1
       add service tomcat-2
       advanced-balance arrowpoint-cookie
       active

  Angela-
  The issue with port is that cookies are very specifically HTTP only and the CSS has no way of knowing what protocol will hit a VIP prior to trying to address it as HTTP. Your issue is actually a bit clearer than it is initially led to be - you can still use 2 different rules by using the configuration below. 
  However, you might be headed for a headache if you don't implicitly control the client's actions.  By default, browsers don't generally send cookies cross-protocol and definitely not cross-domain.  Use something like httpwatch or iewatch to check out the headers your client sends to your site.  Make sure when the 200ok arrives with the set-cookie that the client sends that cookie in all preceeding packets that are HTTP and HTTPS both.
  service tomcat1
    string "tomcat1"
    ip address x.x.x.x
    active
  service tomcat2
    string "tomcat2"
    ip address x.x.x.x
    active
  owner me
     content sticky9001
       vip address x.x.x.x
       protocol tcp
       url "/*"
       port 9001
       add service tomcat-1
       add service tomcat-2
       advanced-balance arrowpoint-cookie
       active
     content sticky9002
       vip address x.x.x.x
       protocol tcp
       url "/*"
       port 9002
       add service tomcat-1
       add service tomcat-2
       advanced-balance arrowpoint-cookie
       active
  With this configuration, the CSS will use the "string" as the cookie value. So if the client were to recieve set-cookie: ArrowpointCookie=tomcat1, it should use it for either rule, and end up on tomcat1 accessing either VIP.
  Regards,
  Chris

• Load balance with a reverse proxy in front

  I have a CSS11501 load balancing 2 web servers. We want to use an Aventail in front of it as a reverse proxy, to control access to these servers. How can I ensure that the two servers will be load balanced, and make sure that an end user always hits the same server during his session since the client will always be the Aventail? thanks in advance

  Is your proxy spoofing client ip address ?
  If yes, nothing special needs to be done.
  If not, the problem is to sticky client to the same server.
  We can't use sticky srcip because all traffic comes from a single ip.
  The only solution is to use cookies.
  You can use arrowpoint cookies.
  You can find a sample config at :
  http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080094398.shtml
  Regards,
  Gilles.