Defining virtual servers using content-rules

Can multiple virtual servers be "bound" to a single real server when all of the virtual servers have the same ip address and port, with the only difference between each virtual server being a unique content rule applied to each? (This is more of a migration issue, than a load-balance issue)

I assume you are saying Web(HTTP) and the answer is yes.
1. Your server should has name-based virtual hosting enabled if your server only use 1 IP address.
2. In CSS, you can use single service for this server or use different services with different keepalive uri for each service.
3. You can use a number of unique Content rules (same VIP, TCP 80 with different URLs) and add the service to it.
Remarks: If you want to use unique Content rules, you should make them difference with URL, otherwise all the content rules are the same and you can't activate all.
Another suggestion: If your server already support Name-VHOST, you can use just single L4 Content rule and all the traffic would be handled by that server (service).

Similar Messages

Setup Virtual Servers in IIS with WLS 8.1

Hi,
I have multiple virtual servers (using host headers) in my IIS 5.0 web server. I also created multiple server instances in WLS. Can anyone tell me how I can integrate this virtual servers to connect to WLS virtual servers via port 80.
Would I have to create ini file for all virtual IIS servers.
Thanks

Hi,
I have multiple virtual servers (using host headers) in my IIS 5.0 web server. I also created multiple server instances in WLS. Can anyone tell me how I can integrate this virtual servers to connect to WLS virtual servers via port 80.
Would I have to create ini file for all virtual IIS servers.
Thanks

Use of content rule vs source group for NATing

To NAT outgoing flows out of two servers, is it necessary to define a content rule and source group (or is just a source group sufficient?).
Having trouble with Option 2.
Option 1:
service svr1
ip address 192.168.10.1
no port
protocol tcp
active
Also does CSS do NAPT i.e. alter the source port number for outgoing packets from source groups?
service svr2
ip address 192.168.10.2
no port
protocol tcp
active
content outflows
protocol tcp
add service svr1
add service svr2
vip address <externalip>
active
group outgrp
vip address <external ip>
add service svr1
add service svr2
active
<add appropriate acl>
Option 2:
service svr1
ip address 192.168.10.1
no port
protocol tcp
active
service svr2
ip address 192.168.10.2
no port
protocol tcp
active
group outgrp
vip address <external ip>
add service svr1
add service svr2
active
<add appropriate acl>

to nat connections initiated by the server, you only need a source group.
No need for a content rule.
The CSS will port nat.
Gilles.

Just FYI, new blog post "Deploy BranchCache Content and Hosted Cache Servers Using Windows PowerShell"

Just FYI, new blog post "Deploy BranchCache Content and Hosted Cache Servers Using Windows PowerShell" at
http://aka.ms/le85n3
Thanks -
James McIllece

Great to see new BranchCache content out there!
We created a BranchCache info page to try to get all of the relevant info into one place for V1 and 2
http://2pintsoftware.com/microsoftbranchcache
thanks
Phil
Phil Wilcock http://2pintsoftware.com @2pintsoftware

Can I use virtual Servers in private cloud for RAC

Hello to all
We are going to install an Oracle RAC on two servers
But our Hardware Administrator says to us “I Allocate two virtual servers in the our private cloud not two physical Servers (or real Servers)”
Do you think it’s practical and reasonable to using virtual Server for Oracle RAC in production environment ?
Which one is better physical server or virtual server for RAC?
Please write your reasons
Thanks

Using virtual machines is officially supported for RAC only in a few cases which can be found here:
http://www.oracle.com/technetwork/database/virtualizationmatrix-172995.html
Make sure that you meet these requirements in your private cloud. Some cases like vmware are still somewhat supported despite beeing not on the list.
Beside this you should make sure that your 2 virtual machines run on different hardware servers in the cloud, otherwise you lose most parts of the rac advantage regarding high availability, when both virtual servers happen to run on the same hardware during a crash
Virtual servers are used in production environments, but you will have to take greater care for many aspects of rac compared to physical hardware, e.g.. something like "live migration" of vmware can kill a rac node due to timeout.
I would prefer hardware for rac anytime over virtual servers and spare me the hassle of dealing with all possible issues arising from the virtualization.
And check oracles licensing policy...
Running an enterprise edition rac on e.g. a large vmware cluster is insanely expensive, you pay every cpu core the rac COULD run on -> the entire cluster!
If you must use virtual hardware but don't want to and need an argument against it use the license issue.
Regards
Thomas

Virtual servers tab returns error after using jdk 1.4

Hi, I configured Iplanet 6.0SP5 to use SDK 1.4.1_02 and all apears to work, EXCEPT the "virtual servers" tab. When clicking this tab I receive "page cannot be displayed" errors. Additionally, the logfile reports the following (see below). Any ideas on what's going on here ?
Thank you,
Richard
[09/Jul/2003:15:45:04] failure ( 3086): Internal error: Unexpected error condition thrown (unknown exception,no description), stack: java.lang.StackOverflowError
at java.util.zip.ZipFile.getEntry(ZipFile.java:147)
at java.util.jar.JarFile.getEntry(JarFile.java:184)
at java.util.jar.JarFile.getJarEntry(JarFile.java:171)
at sun.misc.URLClassPath$JarLoader.getResource(URLClassPath.java:669)
at sun.misc.URLClassPath.getResource(URLClassPath.java:156)
at java.net.URLClassLoader$1.run(URLClassLoader.java:190)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
at java.lang.ClassLoader.loadClass(ClassLoader.java:292)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
at java.lang.ClassLoader.loadClass(ClassLoader.java:255)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:315)
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:502)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:250)
at java.net.URLClassLoader.access$100(URLClassLoader.java:54)
at java.net.URLClassLoader$1.run(URLClassLoader.java:193)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
at java.lang.ClassLoader.loadClass(ClassLoader.java:255)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:315)
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:502)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:250)
at java.net.URLClassLoader.access$100(URLClassLoader.java:54)
at java.net.URLClassLoader$1.run(URLClassLoader.java:193)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
at java.lang.ClassLoader.loadClass(ClassLoader.java:255)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:315)
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:502)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:250)
at java.net.URLClassLoader.access$100(URLClassLoader.java:54)
at java.net.URLClassLoader$1.run(URLClassLoader.java:193)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
at java.lang.ClassLoader.loadClass(ClassLoader.java:255)
at java.lang.ClassLoader.findSystemClass(ClassLoader.java:666)
at com.iplanet.server.http.servlet.NSServletLoader.findClass(NSServletLoader.java:152)
at com.iplanet.server.http.servlet.NSServletLoader.loadClass(NSServletLoader.java:108)
at com.iplanet.server.http.servlet.WServletEntity.loadAndInitServlet(WServletEntity.java:57)
at com.iplanet.server.http.servlet.WebApplication.service(WebApplication.java:1041)
at com.iplanet.server.http.servlet.NSServletRunner.ServiceWebApp(NSServletRunner.java:981)

For newer JDK versions, you will need to increase the StackSize
parameter in magnus.conf file. This is documented in the
release notes:
http://docs.sun.com/source/816-6434-10/rn60sp5.html#1027907
Thanks
Manish

Using a content rule for port translation.

If I set up a content rule to grab traffic on a VIP on port 81, can I then send it to a server that is configured for port 80 ?
cheers,
Mike

If I receive a udp packet with the sourse port 123. Can CSS forward this packet to the Server, but replace sourse port to something greater than 1023 ???
As I know CSS doesn't NAT for udp ports less than 1023.

Help with J2EE SDK 1.4 Virtual Servers please!

H!
Are we doomed to have just one virtual server pointing to port 80??
I have a Win2K computer with J2EE App Server 1.4. In this computer I stopped the IIS 5.0 in order to use the HTTP Server included with the product. I also run the DNS on the same machine with 3 domains. All name resolutions for these 3 domains work fine.
Now I want to enter to any of the 3 domains freely and execute JSP apps. But I don't want to enter ports numbers like this:
http://www.mytest.com:8081/hello.jsp
I just want to enter:
http://www.mytest.com/hello.jsp
So I defined a new http-port listener pointing to the 80 port on this server. With no SSL support.
Name: http-port80
IP Address: 0.0.0.0
POrt: : 80
Then I defined a new virtual server using the http-port listener. I set the following fields:
ID: mytest
Hosts: www.mytest.com
HTTP Listener: http-port80 (This is the name of the port listener)
Everything seems to be fine. I can enter http://www.mytest.com and call the hello.jsp it's ok.
But then I create a new virtual server for http://www.mytest2.com exactly as the one for the www.mytest.com, except for the host field: http://www.mytest2.com
Then when I restart the app server I got the message on the log: "Port already in use".
I don't want to enter http://www.mytest2.com:<port> but I've read that you cannot assign the same http-listener to 2 virtual servers, so I created another listener pointing to the same port 80. But I still have the same error.
Any ideas how to handle this?
Am I doing something wrong on the configuration?
Thank you very much!!

I can help you out with this, because I just solved this problem using the Apache web server 2.0 with mod_proxy and mod_proxy_http.
this is how the configuration works.
setup sunone creating one virtual host for each http-listener on a different port. and make sure these ports are any port except the 80. -- we will configure apache on this port and then use it as a reverse proxy to get to our hosts.
like this
virtual-listener-1 - port 8081
virtual-listener-2 - port 8082
virtual-listener-3 - port 8083
virtual-host-1: www1.domain.com bind to: virtual-listener-1
virtual-host-2: www2.domain.com bind to: virtual-listener-2
virtual-host-3: www3.domain.com bind to: virtual-listener-3
now download apache with all the modules http://www.apache.org
in your httpd.conf add the following lines of code.
#the code below will tell apache to enable the proxy for your host
<IfModule mod_proxy.c>
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
ProxyRequests On
<Proxy *>
Order deny,allow
Deny from all
Allow from www1.domain.com
Allow from www2.domain.com
Allow from www3.domain.com
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
ProxyVia On
# End of proxy directives.
</IfModule>
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www1.domain.com
<Location />
Order allow,deny
Allow from all
ProxyPass http://sunoneserver:8081/
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName www2.domain.com
<Location />
Order allow,deny
Allow from all
ProxyPass http://sunoneserver:8082/
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName www3.domain.com
<Location />
Order allow,deny
Allow from all
ProxyPass http://sunoneserver:8083/
</Location>
</VirtualHost>
note the sunone server indicates the server where you installed sunone-as (J2EE 1.4). this will give you the result you are looking for: all three of these sites will run on port 80 and each of them will respond to a different web application on sunone.
there are naturally limits because when you run out of ports on your application server this won't work any more but then again there are about 60000 of those free and i don't think you will be able to run that many sites on one server anyway.
Chris.

I am not able to telnet my content rule VIP address

I am not able to telnet my content rule VIP address and port number. But I am able to direct to telnet to service servers, which are added into the content rule set. Can anyone tell me why. I have update the latest WEBOS 5.00 Build 69. The content switch model is 11050. thank you very much .

Is possible one armed and in line in the same content switch ?
Currently I have some content rule are using one armed solution, there is only one rule I need to make the server see the original IP. I guess my question is , can I have this rule use in -line solution only, so I will not have to impact other rules set.
The other question since this content rule's service sever have only one interface only, Can I have this in-line solution go in the content switch and come out content switch in the same server farm switch ? Thank you for all the help.

LD416 (Ver4.2.5) specification content-rule

I have localdirector 416 with 4.2.5.
How to define the rules for content load balancing
with https.
First of all, on specification Is it impossible?
As the following
content-rule rule01 depth 1024 "/aaa/"
content-rule rule02 depth 1024 "/bbb/"
virtual 10.1.1.1:443:0:tcp1 is
virtual 10.1.1.1:443:0:tcp:rule01 is
virtual 10.1.1.1:443:0:tcp:rule02 is
bind 10.1.1.1:443:0:tcp 10.1.1.2:443:0:tcp
bind 10.1.1.1:443:0:tcp:rule01 10.1.1.3:443:0:tcp
bind 10.1.1.1:443:0:tcp:rule02 10.1.1.2:443:0:tcp
sticky 10.1.1.1:443:0:tcp 10 ssl

I found the following comments about CSS.
All traffic is encrypted to avoid people to look at it.
So, the CSS does not see and has no way to see the URL.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.eea6243
Does this correspond to Local Director ?

Another newb question: multiple virtual servers

Hi, I have yet another ignorant question. I have several unrelated web projects that I am working on, and I would like to be able to set up a virtual server for each one for testing purposes, such as: http://project1, http://project2, http://project3. Can someone tell me if this is doable, and if there are any tutorials/resources on this for someone who has 0 experience running a web serer? Sorry for being so ignorant!

Yes, it is doable.
You can setup virtual server either by IP or by name.
If you have one IP, and want to set them up by name (ex. http://project1, http://project2, http://project3) you can do so easily with this type of configuration:
<virtual-server>
    <name>mydomain</name>
    <http-listener-name>http-listener-1</http-listener-name>
    <host>*.mydomain.com</host>
    <document-root>/www/domain</document-root>
</virtual-server>
<virtual-server>
    <name>myotherdomain</name>
    <http-listener-name>http-listener-1</http-listener-name>
    <host>*.myotherdomain.com</host>
    <document-root>/www/myotherdomain</document-root>
</virtual-server>
....The important part here is that
a) all virtual servers share the same HTTP listener
b) which virtual server serves the request depends on the $HOST request header send by the client. Sun Web Server does the matching for you. It will match $HOST vs. the virtual server's host attribute. Depending on which site you connect to the right virtual server will be used.
c) if the $HOST request header does not match any of the virtual servers, then the default virtual server defined in the HTTP listener will be used.
To create a virtual server, use the Admin GUI, access the configuration, and then add new virtual server. Or use the following CLI command.
wadm> create-virtual-server --config=myconfig --http-listener-name=http-listener-1 --document-root=/www/docs/myserver.com --host-pattern=myserver.com --log-file=../logs/myserver.com-error_logs myserverHost pattern will be used for matching. Some of this elements might be optional.
Hope that helps. And keep the questions coming :D
Edit: Also check the documentation
Using Virtual Servers in SJS Web Server 7.0

Can a Sorry server be a content rule?

Hello
I want to direct all my traffic to server A and if that fails I want to send all my traffic to server B. This I can do by directing all traffic to service A and having server B defined as a primarySorryServer. If these two fail I want my SecondarySorry Server to refer to a content rule. Is this possible?
Thanks!

Donagh,
indeed this document is not very clear but we can use it as an example.
There are 2 vips - 10.10.10.10 and 10.10.10.20.
They have a redirect service to send the traffic to 10.10.10.20.
All you have to do in your case, assuming your content rule looks similar to 10.10.10.10 in the example, is add the service redirect as a sorry server to the content rule 10.10.10.10.
What it does is if all your services go down, redirect the traffic to the 2nd content rule 10.10.10.20
Regards,
Gilles.

Source NAT for specific servers in a rule

Hello,
I am trying to achieve source NATing on the CSS and want to confirm if below configuration is good.
VIP address: 61.61.61.61
Services: 10.1.1.1, 10.1.1.2, 20.1.1.1 and 20.1.1.2
Front-end circuit IP: 61.61.61.1 (Same subnet as 61.61.61.61)
Back-end circuit: 10.1.1.10 (Same subnet as 10.1.1.1 or .2)
service AAAA
ip address 10.1.1.1
active
service BBBB
ip address 10.1.1.2
active
service XXXX
ip address 20.1.1.1
active
service YYYY
ip address 20.1.1.2
active
owner Gateway
content Gateway1
vip address 61.61.61.61
add service 10.1.1.1
add service 10.1.1.2
add service 20.1.1.2
add service 20.1.1.1
active
As the two servers 20.1.1.1 and 20.1.1.2 are not in the same subnet, we configured the below to source NAT specifically to these two servers.
group Gateway
vip address 61.61.61.61
add destination service 20.1.1.1
add destination service 20.1.1.2
active
In the past this configuration didn't work. We are going to try it again. Is there anything missing and what else should we check to get it to work.
Appreciate any help.

Using 'add destination service' in the group rule NATs the original client IP as the VIP (in your case), and ensures that return traffic from the remote 20.x.x.x servers flows back to the CSS and then to the client instead of directly to the client (which would reject the traffic). There's no need to worry about any kind of load balancing loop being created. The downside to implementing this is that your servers will see all traffic as originating from the VIP and not the unique client IPs, and since the CSS doesn't support the x-forwarded-for header you're kinda stuck with that side effect.
Also, it's my understanding that the group rule must match the content rule in terms of VIP address and services within it to be effective. You would need to change your group rule to the following for it to work:
FROM:
group Gateway
vip address 61.61.61.61
add destination service 20.1.1.1
add destination service 20.1.1.2
active
TO:
group Gateway
vip address 61.61.61.61
add destination service 10.1.1.1
add destination service 10.1.1.2
add destination service 20.1.1.1
add destination service 20.1.1.2
active
Good luck!
James

One Arm config Domain Name Content rule

Hi Guys
How does domain name content rule works in one arm config.
What do we put in source groups as VIP address.
Does it need host headers in WebServer as a requirement.
How does the client request gets completed.
Any help much appriciated..

Thanks for your reply Jim,
This is what I am trying to do in a One arm config topology
( As the CSS guide ( cntntgd.pdf ) says under Configuring a Domain Name content rule)
The CSS allows you to use a domain name in place of, or in conjunction with, a
VIP address in a content rule. Using a domain name in a content rule enables you
to:
Enable service provisioning to be independent of IP-to-domain namemappings
Provision cache bandwidth as needed based on domain names
So I am trying to create a content rule with a domain name instead of VIP address. For ex.
content domainRule3
protocol tcp
port 80
url "//domain.com/*"
add service Serv1
active
group servers
add destination service Serv1
VIP address ???????? ( what shd we put in here )
In this case what do we put as VIP address in source groups and how does the traffic flows from Client to actual Server in One arm topology. I am trying this topology where we have multiple sites configured with the same IP address with host headers
My assumption is that I shd configure DNS servers with VIP address for domain.com and use that as VIP address in source group. But how does the actual traffic flows from client to servers
Many thanks.

Oracle has not certified Hyperion products on virtualized servers

Hyperion's official stance:
Oracle has not certified Hyperion products on virtualized environments;
I'm surprised that there are users in this forum who are using VMware instead of physical servers. If you run into a bug, Oracle tech support require you to replicate that bug in physical servers before they will help you.
Also, consultants tell us that data has been known to be lost by virtual servers.
Has anyone good results from running Planning and Essbase on VMware?

Thats right I dont personally have access to Metalink2.
I found a statement on Metalink3:
Click the knowledge tab, go to Advanced Search, tick all sources and in the Doc ID field enter 588303.1. Hit Search!
You get the following statement:
Hyperion Essbase
Goal
Describe support for Oracle's Hyperion Products in virtualized environments.
Solution
Oracle has not certified Hyperion products on third-party virtualized environments; however, Oracle Support will assist customers running Oracle’s Hyperion products on third-party virtualized environments as follows:
When a customer logs a previously unreported issue, Oracle Support may require the issue to be diagnosed in a non-virtualized environment when there is reason to believe that the virtual environment is a contributing factor. Oracle Support may refer customers to the third-part virtualization vendor for issues that can not be duplicated in non-virtualized environments.
When a problem has been previously reported and a resolution is available, Oracle support will recommend the appropriate solution on the non-virtualized OS. If that solution does not work in the virtual environment, the customer will be referred to their virtualization software vendor for support. If the customer demonstrates that the Oracle solution does not work when running on a non-virtualized OS, Oracle will resume support, including logging a bug with Oracle Development for investigation if required.
While Oracle’s Hyperion products are expected to function properly in virtual environments, there may be performance implications, which can invalidate Oracle’s typical sizing recommendations. An analysis should be performed within the context of the specific application to be hosted in the virtual environment to mitigate potential resource contention, as this can result in degradation of performance and scalability, particularly under peak load.
For further information on support for Hyperion products running on Oracle VM, please see Note 466538.1 and Note 464754.1 in MetaLink2 (a href="https://metalink.oracle.com)
Hope this helps.
Seb

Defining virtual servers using content-rules

Similar Messages

Maybe you are looking for