Disabling load balancing in WebSphere

Hello,
We've come across this problem just after we deployed our application to a clustered environment (probably a short sight on our part while designing). This is our situation:
Environment: WebSphere 6.1, EJB 2.1
Problem: We use the EJB Timer service for executing some business logic periodically with in our stateless session bean application. We have multiple timers within the same EJB that do stuff dynamically with the same code based on the parameters. However, we don't want the timers to come up automatically when the EJB application (like doing it with in contextInitialized) comes up because we want to bring the timers up and down in a more controlled fashion (more of a business requirement) and so we expose the startTimer and stopTimer methods in our EJB, and we invoke those methods from scripts outside of the WebSphere context as and when needed. This model has worked perfectly in a stand-alone environment. When we switched to our clustered UAT environment and started testing, that's when we got this reality check.
Our cluster consists of 2 nodes, with 4 clones per node, and our middle ware team worked on the horizontal scaling in this environment. So when we try to invoke the startTimer in each of these node clones, it automatically goes to a random clone, not necessarily the one that we are trying to invoke on. And the same happens when we are trying to stop the timer, it tries to stop it on a random clone and the timer might not even be up on the clone it is trying to stop.
So my short question: is there any way to force the EJB invocation to go to a particular clone? In other words, can we disable this whole horizontal scaling and just let it go to the clone we want (not let Websphere come in between with its "smart" load balancing) in our request? Something like a magic parameter that can be passed to the java command while invoking the EJB?
This might sound "impossible" to do it that way and probably better to look at other ways, but we are just looking for something that will not significantly change our architecture at this point in the game.
Thanks in advance!

Answer to my question: http://ieoc.com/forums/p/26385/218976.aspx#218976

Similar Messages

Disable load balancing on dual PRIs - 3640 with MICA modems for dial out

We have a custom application that connects through reverse telnet to a Cisco 3640 that has 2 NM-24DM modules and 2 PRIs connected to it. Currently all outgoing calls are getting load balanced over the two PRIs. I need to change that so that all calls go over the first PRI and when all channels are used up, it starts using the second PRI. Seems like a simple enough thing to do but I can't figure out how to.
Here is my config
Current configuration : 1401 bytes
version 12.4
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname DIALOUT01
boot-start-marker
boot-end-marker
enable secret 5 xxxxxxx
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
no ip routing
no ip cef
no ip domain lookup
ip domain name xxxxxxx.xxx
isdn switch-type primary-ni
controller T1 0/0
framing esf
linecode b8zs
pri-group timeslots 1-24
description xxxx
controller T1 0/1
framing esf
linecode b8zs
pri-group timeslots 1-24
description xxxx
interface FastEthernet0/0
ip address dhcp hostname dialout01
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
interface Serial0/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
no fair-queue
no cdp enable
interface Serial0/1:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
no fair-queue
no cdp enable
no ip http server
control-plane
line con 0
line 33 56
modem InOut
modem autoconfigure type mica
transport preferred telnet
transport input telnet
transport output telnet
line 65 88
modem InOut
modem autoconfigure type mica
transport preferred telnet
transport input telnet
transport output telnet
line aux 0
line vty 0 4
password 7 xxxxx login
end
Thanks,
Shahid

If I understand the question I think that isdn bchan-number-order is the command you are interested in. I think it detaults to round-robin, sounds like you want ascending (that is isdn bchan-number-order ascending). It is an interface subcommand.
See http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gt_ibcac.html#wp1055853
That may only apply to native ISDN calls and not MICA based calls, but see if that helps.

Load Balancing 2012 R2 Session Host Collection with External Network Load Balancer

Hi,
We are moving from a 2008 R2 Remote Desktop session host deployment to 2012 R2. Previously, we used our Kemp hardware load balancer to distribute load between RDSH servers. We had a connection broker deployed so that if an existing disconnected session was
detected during the initial connection, the user was directed back to that session.
In 2012 R2, we planned to again used the Kemp load balancer to main high availability for our RDSH collection, but are experiencing strange issues. It seems that the RD Connection Broker is also performing load balancing--the result being that initial connections
to the RDSH collection may go to one RDSH server with the least connections through the Kemp, but then be redirected to a different RDSH server by the broker, even when there is no existing session for the user on that second server.
Our question is: Should we not be using the Kemp balancer at all (how would this work)? Or should we disable load balancing by the connection broker (if so...how)?
Further complicating our redirection issue with that the RDSH servers have multiple interfaces--one with public addresses and others with private. The connection broker seems to abritrarily pick among the destination RDSH server's available IP addresses
for the redirection and trying to redirect to a private address will fail. We think we have worked around this by connecting to each RDSH server from a 2008 R2 server's RDSH Configuration console and choosing just the public adapter under the Network Adapters
tab--is there no way to access this setting in 2012 R2?
Thanks in advance!
Matthew

Hi Matthew,
As you are most likely already aware, inn Remote Desktop Services 2012 / R2 the Connection broker uses round robin DNS to load balance.
To simplify things I would recommend that you let the connection broker load balance the sessions and use the KEMP to Load balance the RDweb and Gateway servers.
Have a look at the following articles:
http://ryanmangansitblog.wordpress.com/2013/03/11/create-a-rdwa-farm-using-a-kemp-load-balancer/
http://ryanmangansitblog.wordpress.com/2013/03/31/rds-2012-configuring-a-rd-gateway-farm/
http://ryanmangansitblog.wordpress.com/2013/09/05/load-balance-rds2012-rdwa-and-rdgw-using-sub-interfaces-on-kemps-loadmaster/
As you have mentioned that you are migrating from a 2008R2 configuration, have a look at the following article:
http://ryanmangansitblog.wordpress.com/2014/01/05/publish-rds-2008r2-desktop-on-rds-2012/
Ryan Mangan | [email protected] | Help keep the forums tidy, if this has helped please mark it as an answer

Load Balancing With Round Robin

Hi,
I have two iAS instances, each on their own box, and one iWS instance
running on a third box. I have setup the web connector to use round
robin and added the server weights. I believe that is all that is to it
to do simple load balancing with iAS. The problem is is that the
requests only go to one iAS instance. The server weights are 1 and 1.
Am I missing something here?
Thanks

Could be lots of things.
The most common misconfiguration is testing an application that is deployed "local". This application option effectively disables load balancing.
Another common mistake is to either not update the configuration of the webconnector (if the webconnector
has a seperate configuration LDAP) or to not restart
the webconnector after the configuration change.
Hope this helps. There's more things we could try, but I'll hope its one of these two easy things.

WLC Voice Audit - Aggressive Load Balancing on WLAN not disabled

I am running v6.0.196 on 2 WLCs. Aggressive Load Balancing is disabled globally via WCS. (Configure / Controller / General / Aggressive Load Balancing = Disabled). When running the Voice Audit Tool against the VoWLAN, I receive the following:
"Aggressive Load Balancing on WLAN not Disabled"
I am unable locate the command or the screen to actually disable this on an individual WLAN. Is this perhaps a code glitch?
-Robert

This is not available on the WCS. I was able to locate this on the individual WLCs.
But thanks for pointing me where to look nonetheless!
-Robert

Disable Apache Plugin Load Balancing

When proxying requests with the Weblogic Apache Proxy Plugin, can load balancing
be disabled? We do not want to load balance between Weblogic servers since the
Apache server is running on the same box as Weblogic. However, we still very
much want the failover capabilities. Is it possible to disable the load balancing
and preserve the failover capabilities?
Thanks in advance.
Brian Husted

"Brian Husted" <[email protected]> wrote:
>
When proxying requests with the Weblogic Apache Proxy Plugin, can load
balancing
be disabled? We do not want to load balance between Weblogic servers
since the
Apache server is running on the same box as Weblogic. However, we still
very
much want the failover capabilities. Is it possible to disable the load
balancing
and preserve the failover capabilities?
Thanks in advance.
Brian HustedHello!
I have also the same problem. Have you found out anything?
I contact the bea-suppport, but we haven't found a solution yet.
Greetings Hans

How to use the Load Balancer Plug-in to serve multiple domains

In SJSAS8.1 SE/EE the asadmin commands that create and maintain a load balancer configuration operate within a domain. When the load balancer configuration is exported an xml file is created that contains all the information for that domain. To make the load balancer plug-in balance the load for multiple domains, the loadbalancer.xml files can be manually merged to conatin the data that is exported from each domain's load balancer configuration.
For example, 2 domains are created, both having a load balancing configuration. After exporting both configurations using the asadmin export-http-lb-config command, the user would then cut and past the cluster information into the single loadbalancer.xml file that resides under the web server's config directory.
An example of the manually merged loadbalancer.xml file follows:
<?xml version="1.0" encoding="UTF-8"?>
<loadbalancer>
<cluster name="domain1">
<instance disable-timeout-in-minutes="30" enabled="true" listeners="http://localhost:1026 https://localhost:38181" name="i1"/>
<instance disable-timeout-in-minutes="30" enabled="true" listeners="http://localhost:1027 https://localhost:38182" name="i2"/>
<web-module context-root="ab" disable-timeout-in-minutes="30" enabled="true"/>
<health-checker interval-in-seconds="5" timeout-in-seconds="60" url="/"/>
</cluster>
<cluster name="domain2">
<instance disable-timeout-in-minutes="30" enabled="true" listeners="http://localhost:1029 https://localhost:38189" name="i3"/>
<instance disable-timeout-in-minutes="30" enabled="true" listeners="http://localhost:1030 https://localhost:38188" name="i4"/>
<web-module context-root="webservice" disable-timeout-in-minutes="30" enabled="true"/>
<health-checker interval-in-seconds="5" timeout-in-seconds="60" url="/"/>
</cluster>
<property name="response-timeout-in-seconds" value="60"/>
<property name="reload-poll-interval-in-seconds" value="5"/>
<property name="https-routing" value="false"/>
<property name="require-monitor-data" value="false"/>
<property name="route-cookie-enabled" value="true"/>
</loadbalancer>
Hope this helps - Mark

Mark, be my savior, I work for SUN as subcontractor at client site. the only one at site ...so I depend on this forum for solutions........
still having trouble failingover to second instance. I have two AccessManagers behind this loadbalancer.
Here is what I saw......
**************LOGS**********************
[20/Jun/2005:14:22:47] failure (15102): for host 128.114.65.13 trying to GET /amconsole/base/AMA
dminFrame, service-passthrough reports: timed out waiting for request body
[20/Jun/2005:14:22:47] warning (15102): reports: lb.runtime: ROUT1014: Non-idempotent request /
amconsole/base/AMAdminFrame cannot be retried.
So I went and updated the loadbalancer.xml (see at the end of the msg). Now I get a different kind of problem...
**************LOGS******************************
[20/Jun/2005:15:25:18] failure (15295): for host 128.114.65.13 trying to GET /amconsole/base/AMA
dminFrame, service-passthrough reports: timed out waiting for request body
[20/Jun/2005:15:25:18] info (15295): reports: lb.runtime: RNTM3003 : Error servicing the request : NoVal
Here is my loadbalancer.xml file...
<loadbalancer>
<cluster name="cluster1">
<instance name="instance1" enabled="true" disable-timeout-in-minutes="1" listeners="http://idm-test-1.ucsc.
edu:80 "/>
<instance name="instance2" enabled="true" disable-timeout-in-minutes="1" listeners="http://idm-test-2.ucsc.
edu:80 "/>
<web-module context-root="amconsole" disable-timeout-in-minutes="1" enabled="true" error-url="sun-http-lber
ror.html" >
<idempotent-url-pattern url-pattern="/*" no-of-retries="3" />
</web-module>
<web-module context-root="amserver" disable-timeout-in-minutes="1" enabled="true" error-url="sun-http-lberr
or.html" >
<idempotent-url-pattern url-pattern="/*" no-of-retries="3" />
</web-module>
<web-module context-root="ampassword" disable-timeout-in-minutes="1" enabled="true" error-url="sun-http-lb
error.html" />
<web-module context-root="amcommon" disable-timeout-in-minutes="1" enabled="true" error-url="sun-http-lberr
or.html" >
<idempotent-url-pattern url-pattern="/*" no-of-retries="3" />
</web-module>
<health-checker url="/" interval-in-seconds="15" timeout-in-seconds="2" />
</cluster>
<property name="reload-poll-interval-in-seconds" value="60"/>
<property name="response-timeout-in-seconds" value="30"/>
<property name="https-routing" value="false"/>
<property name="require-monitor-data" value="true"/>
<property name="active-healthcheck-enabled" value="true"/>
<property name="number-healthcheck-retries" value="3"/>
<property name="route-cookie-enabled" value="true" />
</loadbalancer>
**************************************************************

Load balance not happening in BGP

Dear Friends,
As per I know local BGP process may implement equal-cost load-balancing to the paths that:
Have the same set of path attributes up to the MED (weight, Local Preference, Origin, MED)
Are of the same type (both learned via iBGP or eBGP)
Have the same IGP cost to reach their NEXT_HOP IP address
If the above conditions are met andmaximum-paths [ibgp]is configured under the BGP process, BGP will install multiple equal-cost routes into the local RIB and use them for load-balancing. We call the above condition as load-balancing conditions for BGP.
As all the above criteria are matched still BGP is not doing load balance. Please find below routing table:
R1:
R1#sh ip bgp
BGP table version is 4, local router ID is 40.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*>i192.168.1.0      20.1.1.2                 0    100      0 i
* i                        30.1.1.1                 0    100      0 i
R1#sh ip route
Gateway of last resort is not set
     20.0.0.0/24 is subnetted, 1 subnets
R       20.1.1.0 [120/1] via 10.1.1.2, 00:00:03, FastEthernet0/0
     40.0.0.0/24 is subnetted, 1 subnets
C       40.1.1.0 is directly connected, FastEthernet0/1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, FastEthernet0/0
B    192.168.1.0/24 [200/0] via 20.1.1.2, 00:12:01
     30.0.0.0/24 is subnetted, 1 subnets
R       30.1.1.0 [120/1] via 40.1.1.2, 00:00:15, FastEthernet0/1
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 100
neighbor 40.1.1.2 remote-as 100
maximum-paths 2
no auto-summary
Please help....!!!!!!!   why BGP is not load balancing here????
R1#traceroute 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
1 10.1.1.2 88 msec 60 msec 28 msec
2 20.1.1.2 104 msec 56 msec 120 msec
Regards,
Sanjib

Dear Jon,
Thank you so much.
When I changed the configuration BGP is now loadbalancing. But in configuartion Max-path showing as 1 instead of 2.
R1#sh ip pro | sec bgp
Routing Protocol is "bgp 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
IGP synchronization is disabled
Automatic route summarization is disabled
Neighbor(s):
    Address          FiltIn FiltOut DistIn DistOut Weight RouteMap
    12.1.1.2
    13.1.1.3
Maximum path: 1
Routing Information Sources:
    Gateway         Distance      Last Update
    13.1.1.3             200      00:01:12
    12.1.1.2             200      00:02:15
Distance: external 20 internal 200 local 200
Regards,
Sanjib

ASA 5520 VPN load balancing with Active/Standby failover on 2 devices only...

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
This topic has been beat to death, but I did not see a real answer. Here is configuration:
1) 2 x ASA 5520, running 8.2
2) Both ASA are in same outside and inside interface broadcast domains – common Ethernet on interfaces
3) Both ASA are running single context but are active/standby failovers of each other. There are no more ASA’s in the equation. Just these 2. NOTE: this is not a Active/Active failover configuration. This is simply a 1-context active/standby configuration.
4) I want to share VPN load among two devices and retain active/standby failover functionality. Can I use VPN load balancing feature?
This sounds trivial, but I cannot find a clear answer (without testing this); and many people are confusing the issue. Here are some examples of confusion. These do not apply to my scenario.
Active/Active failover is understood to mean only two ASA running multi-contexts. Context 1 is active on ASA1 Context 2 is active on ASA2. They are sharing failover information. Active/Active does not mean two independently configured ASA devices, which do not share failover communication, but do VPN load balancing. It is clear that this latter scenario will work and that both ASA are active, but they are not in the Active/Active configuration definition. Some people are calling VPN load balancing on two unique ASA’s “active/active”, but it is not
The other confusing thing I have seen is that VPN config guide for VPN load balancing mentions configuring separate IP address pools on the VPN devices, so that clients on ASA1 do not have IP address overlap with clients on ASA2. When you configure ip address pool on active ASA1, this gets replicated to standby ASA2. In other words, you cannot have two unique IP address pools on a ASA Active/Standby cluster. I guess I could draw addresses from external DHCP server, and then do some kind of routing. Perhaps this will work?
In any case, any experts out there that can answer question? TIA!

Wow, some good info posted here (both questions and some answers). I'm in a similar situation with a couple of vpn load-balanced pairs... my goal was to get active-standby failover up and running in each pair- then I ran into this thread and saw the first post about the unique IP addr pools (and obviously we can't have unique pools in an active-standby failover rig where the complete config is replicated). So it would seem that these two features are indeed mutually exclusive. Real nice initial post to call this out.
Now I'm wondering if the ASA could actually handle a single addr pool in an active-standby fo rig- *if* the code supported the exchange of addr pool status between the fo members (so they each would know what addrs have been farmed out from this single pool)? Can I get some feedback from folks on this? If this is viable, then I suppose we could submit a feature request to Cisco... not that this would necessarily be supported anytime soon, but it might be worth a try. And I'm also assuming we might need a vip on the inside int as well (not just on the outside), to properly flip the traffic on both sides if the failover occurs (note we're not currently doing this).
Finally, if a member fails in a std load-balanced vpn pair (w/o fo disabled), the remaining member must take over traffic hitting the vip addr (full time)... can someone tell me how this works? And when this pair is working normally (with both members up), do the two systems coordinate who owns the vip at any time to load-balance the traffic? Is this basically how their load-balancing scheme works?
Anyway, pretty cool thread... would really appreciate it if folks could give some feedback on some of the above.
Thanks much,
Mike

Load balancing 10g forms - Connection from new browser window not supported

Load balancing 10g forms - Connection from new browser window not supported
We're experimenting with using webcache to load balance between multiple applications servers running OC4J forms processes.
We currently have one machine with infrastructure and mid-tier (BI & Forms) installed, which is being used for the webcache functionality, this is load balancing between 2 other servers each of which just have the mid-tier (BI & Forms) installation
In order to get this to work, I had to follow the instructions in the Forms deployment guide : http://download-uk.oracle.com/docs/cd/B14099_11/web.1012/b14032/tuning.htm#sthref707
The main gist of this is that you need to set the following in the orion-web.xml file in order that the sessions are maintained:
<session-tracking
cookies="enabled">
</session-tracking>
This all works fine in most cases.
The problem I am having is if I do one of the following on the client machine:
1) From IE6 / IE7 run a copy of a forms application. Then open a new window using the "New Window" menu option, and attempt to run another forms application.
2) In IE7 or Firefox 2.0 open a copy of the forms application, and then open a new tab and try and open another forms application.
If I try either of these I get a FRM-92101 error, and the following is displayed in the java console:
oracle.forms.net.ConnectionException: Connection from new browser window not supported
From trawling various forums (including metalink and otn) it looks like a problem with the way coockies are handled.
Unfortunately the usual workaround is to ensure that the session tracking option in the orion-web.xml file is disabled.
The problem is that I need this enabled in order for the load balancing to work.
Does anyone know of any other workarounds or patches that might help resolve this?
We're using Application server 10.1.2.0.2 running on windows 2003 servers.

You were right. Carriage returns were stopping it from working (the document is laid out over separate lines, so I assumed it would make no difference...).
I've now managed to get it so the forms at least run, but they are all being run in the forms OC4J instance on the same machine as the OHS.
Has anyone actually managed to get this to work, or am I doing something wrong?
I did wonder if using an OHS instance on a machine with no forms installation would make any difference?
I had raised a support call via metalink on this subject, but they eventually came to the conclusion that the only way to do this is with a hardware load balancer (Despite several documents suggesting that webcache is the way to go (including the forms deployment manual)).
I'm at the point now of giving up and writing some custom scripts to do the job instead...

Load balancing weirdness using NAT and same-metric route

Hi.
I'm trying to set up a double-WAN load-balancing scenario:
I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
=== PING 1 ECHO REQUEST ===
*Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
*Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
*Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
*Mar 3 04:38:43.521: ICMP type=8, code=0
=== PING 1 ECHO REPLY ===
*Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
*Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:45.589: ICMP type=0, code=0
=== (something else) ===
*Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
OLD rdb: via 10.129.124.33, Vlan2
NEW rdb: via 10.129.124.1, Vlan1
=== PING 2 ECHO REQUEST ===
*Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
*Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
*Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
*Mar 3 04:38:52.353: ICMP type=8, code=0
=== PING 2 ECHO REPLY ===
*Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
*Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:53.033: ICMP type=0, code=0
In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
no ip cef
ip dhcp pool lan-side
import all
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
domain-name doublewan.local
dns-server 8.8.8.8 8.8.4.4
lease infinite
ip domain name doublewan
interface FastEthernet0
!doesn't appear on running-config: vlan 1 is the default access vlan
!switchport access vlan 1
interface FastEthernet1
switchport access vlan 2
interface FastEthernet2
shutdown
interface FastEthernet3
shutdown
interface FastEthernet4
ip address 192.168.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
interface Vlan1
ip address 10.129.124.2 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
interface Vlan2
ip address 10.129.124.35 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
ip nat inside source route-map nat1 interface Vlan1 overload
ip nat inside source route-map nat2 interface Vlan2 overload
ip access-list standard acl4-nexthop-vlan1
permit 10.129.124.1
ip access-list standard acl4-nexthop-vlan2
permit 10.129.124.33
route-map nat2 permit 10
match ip address 102
match ip next-hop acl4-nexthop-vlan2
match interface Vlan2
route-map nat1 permit 10
match ip address 101
match ip next-hop acl4-nexthop-vlan1
match interface Vlan1
control-plane
Of course, there is some configuration pending for redundancy and stuff.
Thanks a lot in advance.
[1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.html

Hello.
This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing".

CSS Load balancing for Exchange Server

Hi,
I have CSS configured in single arm and I have multiple servers configured for load balancing and it is working fine but when I am configuring Exchange server for load balancing I am facing problem and applications and printer/scanners are not able to send the email through the Virtual IP address configured for exchaneg server.
But if we configured the real server IP in the printer/scanners they are able to send the email. While checking the logs on the exchange server, it is showing that request for the email so coming from the Exchange VIP configured in the CSS.
I can telnet on port 25 on the VIP address (192.168.200.237). But unable to send the email through this VIP.
Below is the configuration
service ENOC_EXCHANGE-1
ip address 192.168.200.235
active
service ENOC_EXCHANGE-2
ip address 192.168.200.236
active
content EXCHANGE
    add service ENOC_EXCHANGE-2
    add service ENOC_EXCHANGE-1
    vip address 192.168.200.237
    active
group EXCHANGE
add destination service ENOC_EXCHANGE-1
add destination service ENOC_EXCHANGE-2
vip address 192.168.200.237
active
DC-CSS01# show rule GIT EXCHANGE
Name:                EXCHANGE   Owner:                ENOC_GIT
State:                 Active   Type:                     HTTP
Balance:          Round Robin   Failover:                  N/A
Persistence:          Enabled   Param-Bypass:         Disabled
Session Redundancy: Disabled
IP Redundancy:    Not Redundant
L3:         192.168.200.237
L4:         Any/Any
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: EXCHANGE-1-Alive, S-1
2: EXCHANGE-2-Down, S-1
=============================================================================
Please let me know how to solve this problem. System team is saying with the physical IP address it is working fine problem with Load balancing. I have even tried with the
Add service command in the group but didnt work for me. If i will remove the group command then I cant telnet on port 25.
I think this is related to single arm modle or some wrong configuration for the NAT.
Kindly assist me

Hi
Printers are on Vlan 80 ( gw is 192.168.80.1) and exange server is on vlan 200 (gw is 192.168.200.1) i have multiple vlan which will communcate with exchange.
I hv other servers on 200 subnet which are working fine in load balancing.
My CSS is single arm setup.
Please assist
Sent from Cisco Technical Support iPhone App

Load Balancing on RV320

Hi,
My Cisco RV320 router are not working like I want ...
I get two ISP in France, same tech. specs., sames bandwidth, but 2 differents way to connect.
The first WAN is connected in PPPoE with a ADSL2+ Modem
The second WAN is connected in Static IP with a modem/router
I set the load balancing Auto. but it seem that the WAN2 is more used than the WAN1...
For example, I upload a big documents, like a video on youtube, witch take a long time and need the max Bandwidth. While I'm going to download a file with an internal software, who use a different port by the way. The most of the time, it only use the WAN2 ... so my download is flanged ! It only donwload @~450KB/S when it can max @ ~1,8MO/S, and the WAN1 is not blinking ... And sometimes the balancing is good ... I can't understand the RV320 logic ? But Maybe is there a bug ? Maybe I get a bad configuration ?
Have a clue ?
Please help me !

So, you can hear the phone ringing and answer it? which means that SIP pakets are coming through WAN to LAN and well redirected to the phone IP, but you cannot hear after that, which means that there could be a problem with the RTP packets.
If you have problem only with the incoming calls and not the outgoing, than try enable/disable SIP ALG (Firewall). If that doesn't fix the issue, try to allow (or even forward) from WAN to LAN RDP - UDP ports 16384-32767 to the phone IP.
Regards,
Kremena

CSS Load Balancing with Cookies

We are trying to load balance 2 backend servers hosted on Websphere with advance balance cookies method.
Restrictions
ServerA is unable to accept cookies generated from ServerB.
ServerA and ServerB are generating random cookies
Unable to modify cookie string with a constant.
How can we load balance based on cookies considering the above restrictions?
We have attempted to do hash based load balancing with cookies but the problem we run into is the servers do not accept cookies generated from another server.
The configuration we tried is written below:
service ServerA
ip address 192.168.10.2
keepalive type tcp
keepalive port 80
active
service ServerB
ip address 192.168.20.2
keepalive type tcp
keepalive port 80
active
content ABC
url "/*"
add service ServerA
string prefix "JSESSIONID="
advanced-balance cookies
port 80
add service ServerB
string skip-length 5
string process-length 16
string operation hash-xor
protocol tcp
vip address 172.16.32.1
active
Can we change the string prefix to JSESSION instead of JSESSIONID= ?
The only place the app guys can add a constant string to match on is before the = sign.
Is it possible for CSS to match on a constant string before = sign e.g below:
service ServerA
ip address 192.168.10.2
keepalive type tcp
keepalive port 80
string id567=
active
service ServerB
ip address 192.168.20.2
keepalive type tcp
keepalive port 80
string id123=
active
content ABC
url "/*"
add service ServerA
string prefix "JSESSION"
advanced-balance cookies
port 80
add service ServerB
string skip-length 0
string process-length 6
protocol tcp
vip address 172.16.32.1
active

It should work.
There is no reason for it not to work...
This is the best method you can have on the CSS for stickyness.
Get a sniffer trace on the client and server with arrowpoint cookie configured on the CSS and capture a failure so we can see what is going on.
also send me the config so I can verify everything is ok.
If you have a service request open with the TAC, you can also give the SR # so I can review what has been done.
Gilles.

Load balancing not happening on UDQ in weblogic 11g

Hi Team,
I have a 2 clusters with two managed servers each on different machines
Cluster A(On machine 1)
Managed server A (on machine 1)
Managed server B(on machine 2)
I have created 2 JMS servers
JMS Server A on Managed server A
JMS Server Bon Managed server B
and a JMS module on Cluster A
and JMS connection factory targeted on Cluster A and a uniform distributed queue targeted on JMS server A and JMS Server B
But load balancing is not happening only one managed server is loaded at a time.. Using weblogic 11(aka 10.2.3)
Tried disabling server affinity but it did not help ...Can any one please let me know how to fix this?

Hi,
When you say load is not balanced and reaching only one managed server.
I assume both the UDD's targets are reachable and are visible in JNDI tree ?
also , what kind of application is it - i,e is it clustered app that would be seen as consumers on each UDQ ?
take a look at the app and check if its clusterred . along with that also take a look at the number of consumers on UDQ instances.
Let me know what you find.
Sri

Disabling load balancing in WebSphere

Similar Messages

Maybe you are looking for