Goup configuration in CSS

Hi
In Group configuration we have the option of using add service and add destination service.
In what scenario each has to be used.
Any examples, links available
Thanks in Advance
regards
R.Sundara Rajan

Sundara Rajan,
If you use 'add service', the CSS would then use/spoof the ip addresses of the browser-PC when it communicates with the Server farm that it load balances. Its called destination NAT-ing.
If you use the 'destination service' instead, the CSS uses client side ?circuit' address (browser-PC segment) of the CSS when it communicates with the Servers it load balances. Its called Source NAT-ing.
The question is in what situations do we use these type 'services'. The answer would be when CSS used in 'bridging' mode, you would use a destination service. And by now you would know in 'Routing mode' we would use the simple 'add service'.
Regarding the 'circuit address' being used as source address when CSS talks to the Servers, there is a is no clear document that can confirm this statement. I found it in the Lab I done yesterday after someone in this forum told me that he was seeing in his CSS installation. Because, most of the Cisco documents and the Training materials I read, just says that it should be the VIP address under the group address would be used as the source address when it talks to the Servers.
thanks

Similar Messages

Speeding up configuration of CSS

I find configuring the CSS to be a pretty slow process in that everything is contextual. And it is always asking you to confirm your actions. For example
"add service foo"
..results in Create service <foo>, [y/n]
Is there a way to turn off these annoying speed bumps? When you have hundreds of services and content rules to configure this is ridiculous. IOS doesn't make you do that when you say want to configure an interface or a route map.
Also - pasting configuration into the CSS often fails because it gets overloaded. Is there a way to make the CSS more amenable to receiving pasted config(from say Windows putty ssh to its console port)?
And lastly - can you just create a flat file configuration outside of the CSS and copy it to the CSS?
Any tips on speeding the configuration are most appreciated.

Great - thanks much for the expert mode. I will be using that.
Regarding tftp and ftp - do you mean just create and modify the config in its entirety offline and ftp it to config dir? Then how do you put the new config into effect?

Configure single CSS as authoritative dns server

Hi Experts,
I have one CSS11501 acting as the load balancer. And all the servers are in private network behind it. We need to configure an authoritative dns server for this web domain. I want to use this CSS to be the dns server. I saw that there are some advance configuration notes about configuring dns server
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11000series/v6.10/configuration/advanced/guide/DNS.html
I wonder if I only use a single server, what the configuration is needed? is there an example. Most of the documents have the example for multiple CSS in global server load balancing environment.
We currently only have standard feature license. I wonder if we have to purchase the 'enhanced feature set' to implement this function?
Only the command 'add dns xxx.xxx.com' under content rule could be used in the standard software. Is this sufficient enough to be as dns server?
Thanks for your help in advance.

licensing hasn't changed for the CSS in a long time.
So this old document still applies
http://www.cisco.com/en/US/partner/products/hw/contnetw/ps789/products_tech_note09186a0080094a76.shtml
The Enhanced feature set contains all components of the Standard feature set and also includes:
Network Address Translation (NAT) Peering
Domain Name Service (DNS)
Demand-Based Content Replication (Dynamic Hot Content Overflow)
Content Staging and Replication
Network Proximity DNS
Content Routing Agent
Client Side Accelerator
Gilles.

CSS One Arm Configuration with VIP(non-shared)/IP Interface Redundancy

With Reference to the following CCO documentation;
1). "How to Configure the CSS to Load Balance Using 1 Interface"
In this example, the Real Server's (10.10.10.2 etc) gateway are pointed to the router's gateway(10.10.10.1) and used the 'add destination service' command to NAT the RealServer's IP address back to the VIP (10.10.10.6).
2). "Understanding and Configuring VIP and Interface Redundancy on the CSS11000".
In the interface redundancy configuration, the gateway of the Real Server are configured as the CSS11000's Interface Redundancy Address (192.168.1.1), not the Router's gateway.
Can anyone help to advise on the preferred one arm configuration with VIP/IP redundancy?
(i). Is the reason for configuring the gateway of the Real Server to CSS11000's Interface Redundancy Address in 2) same as using 'add destination service' command in 1)? That is to make sure that the return path from Real Server back to Client passes through the CSS and is NAT back to the VIP.
(ii). To configure VIP(non-shared)/IP Interface redundancy(Active/Backup Mode) in a one arm configuration, my understanding is that there are 2 methods of configuration. Is it correct? Which method is preferred?
Method a)
1.Configure the Real Server's gateway to Router's Gateway
2.Configure 'add destination service' command on the CSS to NAT the RealServer's IP address back to the VIP
3.Configure VIP(non-shared) redundancy for the VIP on the CSS
4.IP Interface Redundancy on the CSS is not required as the Real Server's gateway is already pointing to the Router's gateway. (Assuming that HSRP redundancy is already running on the Router)
Method b)
1. Configure the Real Server's gateway to the CSS's IP Interface Redundancy IP Address
2. Configure IP Interface Redundancy on the CSS (as the Real Server's gateway)
3. Configure VIP(non-shared) redundancy for the VIP on the CSS

if you use method a) (server gateway is the router) you need the CSS to nat
the source ip address of the client in order to force the server to send traffic back to the CSS.
The issue then is that the server does not see the IP address of real client.
The server only see connections with source IP address = CSS ip address.
With method b) you don't have the above problem, but connection initiated by the servers are sent to the CSS that will then send it to the router.
You have a performance issue because the traffic will cross 2 times the one-armed interface.
If this is a new design, it is strongly recommended not to use one-armed setup.
Regards,
Gilles.

CSS content configuration problem

Hello,
I've a strange problem with CSS configuration (written below). In 10% of times, content "ABCD80old2" doesn't work - clients trying to access "/AB*" resources, receive answers from Serv3 and Serv4 (not from Serv1 or Serv2, as they should). Upgrade to the version 8.2.01 didn't resolve the problem.
Here's the configuration from CSS 11506:
content ABCD80old2
vip address 10.30.4.254
advanced-balance sticky-srcip
sticky-inact-timeout 120
add service Serv1
add service Serv2
port 80
protocol tcp
url "/AB*"
active
content ABCD80
vip address 10.30.4.254
protocol tcp
port 80
advanced-balance sticky-srcip
sticky-inact-timeout 120
add service Serv3
add service Serv4
active
Thank you in advance for any ideas.

I have to configure different content for URL /AB*, because such resources reside on different servers. So, if clients are incorrectly redirected to Serv3 or Serv4, they get "Page not found".
Configuration for services:
service Serv1
ip address 10.30.2.22
protocol tcp
port 80
keepalive type tcp
keepalive tcp-close fin
keepalive frequency 20
active
service Serv2
ip address 10.30.2.23
protocol tcp
port 80
keepalive type tcp
keepalive tcp-close fin
keepalive frequency 20
active
service Serv3
ip address 10.30.2.24
port 80
keepalive type tcp
protocol tcp
active
service Serv4
ip address 10.30.2.25
port 80
keepalive type tcp
protocol tcp
active
Correct me, if I'm wrong, but I read, that CSS looks for the most _exact_ content first - so URL with /AB* should be processed with content ABCD80old2, which is more precise than content ABCD80.

Using XML to configure CSS

Hi ,
Please let me know how can i publish xml configuration in CSS?
Thanks in advance

Extensible Markup Language (XML) is a powerful tool to use to configure a CSS switch. Anything that can be done from the Command Line Interface (CLI) can be done remotely using XML and any easy to XML editor of your choice
If you want to know more please click following URL:
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_tech_note09186a0080094009.shtml

Help with CSS configuration issue

My question is about configuring the CSS 11151 for server load balancing including some provision for communication with each of the servers (services), independent of the load balancing method. Here are the details.
We are building a test IDC for dedicated web hosting. We will use one Cisco CSS 11151 and several servers (as well as a firewall, etc). Web requests will be processed by the CSS using round robin. However, in addition to the need for servicing web requests, there are situations in which the web owner or the IDC administrator needs to communicate with a specific server.
That need exists for doing administrative functions like troubleshooting. It also exists for the web owner to deliver content and configure the web server. I understand that there are several different ways to configure the CSS to support this kind of access (see below) but I don't know what the trade-offs are, nor do I know what the commons practices are. So I am not sure which configuration(s) to use. Any experience to share? What is being done in the real world?
Configuration Alternatives I Am Aware Of:
1) In the (web) owner's rule add an additional individual pass-through VIP for each service. That VIP (or its NATed IP) is exposed only to the web owner.
2) Use an additional content rule for each service (L5 content rule) so that particular types of requests, e.g. FTP, are directed to particular servers.

Here is another way to hack this where you can use your domain name and port number to differentiate which server where you would like to connect.
If you are limited on public IP addresses and need to administrate your back-end servers remotely, then you can create a layer4 content rule for each single server you would like to access.
This means you can create a content rule using the same IP address as your main load balancing VIP, and then you can assign a different port number each one of these new rules. Per rule, the one service on the backend can map to whichever port you like, like 23.
So the end result of this method can be telnetting to www.yourdomain.com on port 1010, and having that request map to port 23 on your backend servers.
Hope that helps!
Cheers,
Perry.

CSS - configuring load based on percentages

I've been asked to configure a CSS so that 3 real servers have 25%, 35% and 40% load factor respectively, do I use the 'weight' command to do this ?
Thanks in advance.

Yes.
This is exactly the purpose of the weight command.
Gilles.

Using a single CSS to load balance multiple services

Is it possible to use a single CSS to load balance 3 different services (server farm) ? That mean the CSS need to advertise 3 VIP
I'm thinking of two scenarios:
1 - configure the CSS to use 4 interfaces: 1 to public, 3 to private (each interface will plug-in to a different vlan/server farm)
2 - configure the CSS to use 2 interfaces: 1 to public, 1 to private (all 3 server farms are in the same vlan)
Will both scenarios work ?
Thanks
--Phillip.

Hi Phillip,
both scenarios will work. One CSS can certainly manage more than 3 services! You can even use just one VIP for all traffic, then just create the proper rules to send specific traffic to the corresponding service(s). No need for 3 VIPs.
Regards
-juerg

Newly Occuring CSS SSL Issue in Chrome, FF10, IE9 with L5 rules; 3 second delay, loss of L5 stickyness

We recently started suffering an issue with our CSS11501S-K9 units not performing URL stickiness on our SSL wrapped L5 rules. I've spent dozens of manhours working on the problem, and have quite a bit of information to report, including a solution. There is a high probability that anybody who uses SSL to an L5 rule on a CSS unit will become affected by this problem over the next few weeks/months as users update their browsers with new SSL patches.
We hadn't made any changes to our config in months, and eliminated hardware problems by testing a second unit.
Here are the exact symptoms we saw:
Browsers affected: Firefox 10, Chrome, IE9, others (and some earlier versions of IE depending on patch levels)
Browsers not affected: FireFox 3.5, w3m 0.5.2, curl7.19.7
Impact 1: For SSL Rules backed by L5 rules, the initial response to the first request would be 3 seconds. Further requests on the same TCP connection would not be delayed
Impact 2: L5 rules being accessed via SSL would nolonger perform any URL based stickiness. Accessing the same rule skipping SSL, would work fine
I focused on the 3 second delay, since that was a new issue and was easier to debug than monitoring multiple servers to see if stickiness was broken. This is what I found when a client tries to connect to an SSL rule that ultimately is routed to a L5 HTTP rule:
1. Client/CSS perform initial TLS handshake, crypto cyphers determined (nearly instantly)
2. Client sends HTTP 1.1 request for resource (nearly instantly)
3. 3 seconds of no traffic in our out of the CSS related to this request
4. CSS opens an HTTP connection to backend webserver, backend webserver responds (nearly instantly)
5. The CSS seems to route to the backend server using the balance method (round-robin) instead of the advanced-balance method (url)
6. Response is sent to the client with the resource (nearly instantly)
7. Future requests sent from the browser on the same TCP connection have no delay, but the advanced-balance continues to be ignored
The 3 seconds is quite an exact figure (within a few milliseconds) and appears to be entirely happening inside of the CSS unit itself, since it does not connect to the backend server until after the 3 seconds elapse. 3 seconds smelled like some sort of internal timeout set in the CSS unit after it gives up waiting for something.
Looking at the packets from affected browsers I discovered that the GET /foobar HTTP/1.1 request was being broken into two separate TLSv1 application messages, the first was 24 bytes and the second was 400 bytes. Decrypting these messages I found the first message was a
G
and the second message was:
ET /foobar HTTP/1.1
This essentially splits the initial request the client is sending into two pieces. This confuses wireshark so much, it doesn't decode this as a HTTP request, and just decodes it as "continuation or non-HTTP traffic".
On the working browsers I saw only one TLSv1 application message, decrypting it I saw:
GET /foobar HTTP/1.1
(obviously I'm simplifying the contents of the request, there were lots of headers and stuff)
I am aware that the CSS can't handle L5 rules appropriately if they get fragmented, so I suspected this was the problem. I pulled a packet trace from a few years ago, and at that time confirmed we never saw a double TLSv1 application messages before.
A number of openssl vulnerabilities were recently fixed: http://www.ubuntu.com/usn/usn-1357-1
and browsers may have been recently updated to fix some of these issues, changing the way they encode their traffic.
Solution:
Our ssl config looked something like this:
ssl-proxy-list SSL_ACCEL
ssl-server 10 vip address XX.XX.XX.XX
ssl-server 10 rsakey XXXX
ssl-server 10 cipher rsa-with-3des-ede-cbc-sha XX.XX.XX.XX 80
ssl-server 10 cipher rsa-with-rc4-128-sha XX.XX.XX.XX 80
ssl-server 10 cipher rsa-with-rc4-128-md5 XX.XX.XX.XX 80
ssl-server 10 unclean-shutdown
ssl-server 10 rsacert XXXXXX
Removing:
ssl-server 10 cipher rsa-with-3des-ede-cbc-sha XX.XX.XX.XX 80
Solves the problem. After that's removed, the browsers will nolonger fragment the first character of their request into a separate TLSv1 message. The 3 second delay goes away, and L5 stickiness is fixed. The "CBC" in the cyper refers to Cypher-Block-Chaining (a great article here:
http://en.wikipedia.org/wiki/Cipher-block_chaining), and breaking the payload into multiple packages may have been an attempt to initialize the IV for encryption -- although I'm really just guessing, I stopped researching once I verified this solution was acceptable.
This issue became serious enough for us to notice first on Monday Feb 13th 2012. We believe a number of our large customers distributed workstation updates over the weekend. The customers affected were using IE7, although my personal IE7 test workstation did not appear to be affected. It's quite possible our customers were going through an SSL proxy. I suspect as more people upgrade their browsers, this will become a more serious issue for CSS users, and I hope this saves somebody a huge headache and problems with their production environment.
-Joe

Hi Joe,
That's a very good analysis you did.
As you already suspected, the issue comes from the TLS record fragmentation feature that was introduced in the latest browser versions to overcome a SSL vulnerability (http://www.kb.cert.org/vuls/id/864643). Unfortunately, similar issues are happening with multiple products.
For CSS, the bug tracking this issue is CSCtx68270. The development team is actively working on a fix for it, which should be available (in an interim software release, so to get it you wil have to go through TAC) in the next couple of weeks
In the meantime, as workaround, you can configure the CSS to use only RC4 cyphers (which is what you were suggesting also). These are not affected by the vulnerability, so, browsers don't apply the record fragmentation when they are in use. This workaround has been tested by several customers already, and the results seem to be very positive.
Regards
Daniel

CSS 11503 Destination NAT - can only enable one service

I have three web servers configured as six services. Three are for MOSS (Microsoft Office Sharepoint Server) and three are for SSRS (SQL Server Reporting Services 2006 in integration mode).
THE PROBLEM:
When more than one MOSS service is active I can no longer connect to the SSRS services.
This is a trunked Configuration:
interface 1/1
trunk
redundancy-phy
vlan 1
default-vlan
vlan 100
vlan 101
vlan 103
interface 3/16
bridge vlan 4000
circuit VLAN100
redundancy
ip address 192.168.100.xx0 255.255.255.0
circuit VLAN103
redundancy
ip address 192.168.103.xx0 255.255.255.0
circuit VLAN4000
ip address 1.x.x.2 255.255.255.252
redundancy-protocol
circuit VLAN101
redundancy
ip address 192.168.101.xx0 255.255.255.0
service MOSSWeb01
ip address 192.168.103.xx1
keepalive port 80
keepalive type tcp
active
service MOSSWeb02
ip address 192.168.103.xx2
keepalive port 80
keepalive type tcp
active
service MOSSWeb03
ip address 192.168.103.xx3
keepalive port 80
keepalive type tcp
active
service SSRSWeb01
ip address 192.168.103.xx1
active
service SSRSWeb02
ip address 192.168.103.xx2
active
service SSRSWeb03
ip address 192.168.103.xx3
active
owner MOSS
content MOSS
vip address 192.168.100.xx1
vip-ping-response local-remote
add service MOSSWeb01
add service MOSSWeb02
add service MOSSWeb03
active
owner SSRS
content REPORTSERVER
vip address 192.168.100.xx2
add service SSRSWeb01
add service SSRSWeb02
add service SSRSWeb03
vip-ping-response local-remote
active
group MOSS2007-DSTNAT
vip address 192.168.100.xx1
add destination service MOSSWeb01
add destination service MOSSWeb02
add destination service MOSSWeb03
active
group SSRS2005-DSTNAT
vip address 192.168.100.xx2
add destination service SSRSWeb01
add destination service SSRSWeb02
add destination service SSRSWeb03
active
NOTES:
All (3) real servers have a default route to 192.168.103.xx0 which insures traffic passing through the CSS (so I don't understand why I still need a destination service group).
When MOSS accesses SSRS it does so via http://SSRS2005/reportserver. This is configured in DNS as 192.168.100.xx2. I would think that this would also insure traffic through the CSS but I still had to configure a destination service for these.
All clients connect to the MOSS services via one VIP (192.168.100.xx1) and the MOSS services connect to the SSRS services via a 2nd VIP (192.168.100.xx2). MOSS also connects to itself for indexing content and a variety of other services (I had originally tried separating the MOSS content rules using layer 5 matching on Host Headers. This seemed to cause issues with access to ports 139 and 445 for UNC access to document libraries so I simplified the MOSS content rule back to layer 3).
I have setup two distinct groups and have used destination NAT so that the servers can communicate to each other.
When using Wireshark on the servers to run packet traces and all services are up I do not even see any packets destined for the SSRS services leading me to believe that they are dropped by the CSS (however, I don't see them using show flows on the CSS either).
Can anyone here shed some light on the correct way to configure the CSS in such a scenario?
Thanks in advance.

I have two MOSS services down because MOSS can't get to SSRS if more than one MOSSservice is active. That's the crux of the biscuit.
I had hoped to avoid the whole packet sniffing activity but it looks like I may need to capture more information. I don't really want to change the VLAN configuration since this CSS is managed by our network team and there are other services configured on the CSS that I have not indicated.
I appreciate your advice, so far. I will actually have some downtime this coming weekend where I can try some additional configuration options after prime time from home.
One thing that may not be apparent in this whole discussion is that all of the sites on both MOSS and SSRS use HOST Headers for HTTP. That's what keeps them separated. I had tried using layer 5 content rules but had the same issue plus other issues with non-HTTP traffic. I also did not care for the fact that the CSS actually spoofs the responses when using layer 5. There is a lot of NTLM Challenge/Response traffic for Windows Integrated Authentication and Negotiated Kerberos. The bottom line is that even without Layer 5 content rules the Host Headers do get passed to IIS and the sites are selected properly based on that header. The exception is that Host Headers are no longer required for SSRS since it is the default website on port 80 (besides - setting up host headers for SSRS in MOSS integration mode has it's own set of issues). Still, the host headers are sent to SSRS SOAP Endpoints and there are no issues connecting to any of the three SSRS services from any of the three MOSS servers interactively. The issue is when a client outside of these VLANs makes a request for a report.
client->MOSS->SSRS->MOSS->client
Be aware too that both MOSS and SSRS are making connections back through the CSS to their respective databases for each request.

Odd spry menu / css positioning

Hi folks,
Working on a site with a Spry menu - looks as expected in IE,
but totally
out of whack in FF and Safari. Any suggestions to what I'm
missing?
http://www.applicationdynamics.com/Clients/pwj/
I'm sure I'm just neglecting to configure the CSS correctly
but haven't
found the trick yet.
Thanks!
Lawrence
Cartweaver.com

"Lawrence *Adobe Community Expert*"
<[email protected]> wrote in
message news:g915h6$t2o$[email protected]..
> Never mind.... Got it.
Hi Lawrence,
Maybe you got the part of it you caught as an issue, but it
still doesn't
work very well in IE7. The links are not being treated as
blocks so unless
you are moused over the actual text in a submenu, it will
snap shut.
I'd recommend a better menu, but you should be able to fix
this easily
enough and so long as there are not third-level flyouts,
usability with Spry
is OK.
Al Sparber - PVII
http://www.projectseven.com
Fully Automated Menu Systems | Galleries | Widgets
http://www.projectseven.com/go/Elevators

LOAD BALANCE (CSS) and Portal Port Number based on Instance Number

Hi,
My doubt is about LOAD BALANCE (CSS) and Portal Port Number based on Instance Number.
I have to install 3 servers machines and 2 servers databases cluster. There will be a HIGH AVAILABILITY environment. There will be a MIGRATION and UPGRADE.
Today there are 2 servers machines in Windows NLB. Today my production Portal is 6 6.20.
Once, I did something for LABORATORY TEST. Migration (6 6.40) and Upgrade (7.0)in two other machines. But they were with Windows NLB. When I did the installation, for each server machine and during the instalation I had to give one Instance Number for each and in result there was a different Port Number for each.
But I accessed both machines throught a virtual url(dns) with a specific port number. And it works!
NOW, with a HARDWARE LOAD BALANCE _ CSS I don't know how to do.
A guy who works with it tell us that couldn't redirect one Port Number for different port numbers. He couldn't configure the CSS like this.
My question is: Is he write? And if he is, there is a way to give the same instance number for my 3 new Portal servers machines? Example: 5(02)00.
Could you understand?
I need help.
Regards,
cheers,
Nivia

Nivia,
I have used F5 for load balancing, I am sure you can do the same with CSS. Yes, you can configure a virtual IP on the load balancer with standard ports (80 or 443) and load balancing the traffic to multiple servers with different ports. You can have different ports for each instance.
-Regards
RK

CSS load balancing, service dependancy condition check

Hi,
I would like to seek some advice regarding the CSS's service configuration.
Is there a way to configure the CSS such that it check for the condition/status of a independant service (not involved in the load balancing algorithm) is alive/down (using service mode keepalive port/type), before deciding whether to/not to load balance to a group of services?
Senario is as follwows:
We process incoming HTTPS request and load balance to 2 HTTPS Servers (HTTPS service SSL1 and SSL2), on condition that a independent service (HTTPS service SSL3) is alive (using the keepalive type/port check in service mode).
If the independant service (HTTPS service SSL3) is not alive, remove the HTTPS Servers (HTTPS service SSL1 and SSL2) from the load balancing algorithm.
Thanks in advance for assistance
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.103.35 255.255.255.192
!************************** SERVICE **************************
service SSL1
ip address 192.168.103.53
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
service SSL2
ip address 192.168.103.54
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
? This is the service condition that CSS will check before deciding to/not to load balance to SSL1 and SSL2.
? If SSL3 is down, do not load balance to SSL1 and SSL2. If SSL3 is up, load balance to SSL1 and SSL2
service SSL3
ip address 192.168.103.55
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
!*************************** OWNER ***************************
owner CISCO
content L5Rule_SSL
vip address 192.168.103.37
application ssl
protocol tcp
port 443
url "/*"
add service SSL1
add service SSL2
active
!*************************** GROUP ***************************
group SSL
vip address 192.168.103.37
add destination service SSL1
add destination service SSL2
active

maybe this?
circuit VLAN1
ip address 192.168.103.35 255.255.255.192
ip virtual-router 10 priority 100
ip redundant-vip 10 192.168.103.37
ip critical-service 10 SSL3
if I'm not mistaken the vip 192.168.103.37 will stop working when the service SSL3 goes down. I'm not sure that this is what you want though...

CSS and Oracle Load Balancing

Hi,
I have CSS in single arm deployment model. I have multiple servers load balancing on this CSS on port 80 etc. Today I am trying to load balance one Oracle server but I am facing problem with it.
Real servers are accessible on port 80 without any problem but when we are trying to access the same servers on VIP we are not able to see the web page.
real server http://192.168.17.12/irs.htm
real server http://192.168.17.14/irs.htm
real server http://192.168.10.37/irs.htm
VIP
http://192.168.200.58/irs.htm
Below is the configuration. I can do the telnet on port 80 and I can ping the VIP IP address.
I will only put 192.168.200.58 in browser I can see the oracle page but with the full URL i am not able to see it.
Though I have other oracle servers which I have load balance with the same configuration and I can access the web page.
==========================================================================================
http://tptest.enoc.com/forms/frmservlet?config=tp (This is working fine).
========================================================================
http://irs.enoc.com/irs.htm (This is not working).
By name and by IP address both are not working.
http://192.168.200.58/irs.htm (This is not working).
=============================================================================
service IRC_1
ip address 192.168.17.12
keepalive type tcp
keepalive port 80
active
service IRC_2
ip address 192.168.17.14
keepalive type tcp
keepalive port 80
service IRC_DR
ip address 192.168.10.37
keepalive type tcp
keepalive port 80
content ENOC_IRC
    add service IRC_1
    add service IRC_2
    add service IRC_DR
    vip address 192.168.200.58
    protocol tcp
    port 80
    advanced-balance sticky-srcip
    active
owner ENOC_GIT
content ENOC_IRC
    add service IRC_1
    add service IRC_2
    add service IRC_DR
    vip address 192.168.200.58
    protocol tcp
    port 80
    advanced-balance sticky-srcip
    active
group ENOC_IRC
add destination service IRC_1
add destination service IRC_2
add destination service IRC_DR
vip address 192.168.200.58
active
===================================================================================================
ENOCDC-CSS01(config)# show service summary
Service Name                     State     Conn Weight Avg   State
                                                         Load Transitions
IRC_1                            Alive         0      1     2            0
IRC_2                            Suspended     0      1   255            1
IRC_DR                           Suspended     0      1   255            1
ENOCDC-CSS01(config)# show summary
Global Bypass Counters:
   No Rule Bypass Count:     0
   Acl Bypass Count:         0
Owner            Content Rules    State     Services         Service Hits
ENOC_GIT
              ENOC_IRC         Active    IRC_1            103
                                            IRC_2            10
                                            IRC_DR           7
=======================================================================================================
Same setting I am doing for other servers and working fine only for these servers I am facing problem. Curently only one server is active in the configuration.
Kindly let me know what I am missing and how to fix the problem.
I have also attached the full configuration of CSS.

Hi,
My point of concern is that I did the same for Oracle server and this is working fine
http://192.168.200.95/forms/frmservlet?config=tp
only when I am doing the load balancing for
http://irs.enoc.com/irs.htm (This is not working).
By name and by IP address both are not working.
http://192.168.200.58/irs.htm (This is not working).
I dont have a option for TAC case is there a a way to fix the problem by apply other load balancing method. Is there something to do with the Circut VLAN. I didnt create the Circut VLAN 17 where this server is located.
I am doing almost 8 differenceservers load balancing in this CSS.
your expert opinion will definately help me.

Goup configuration in CSS

Similar Messages

Maybe you are looking for