Health Probe for Proxy Servers

Similar Messages

• PAC file support for Proxy Servers

  When will AIR support PAC files for proxy servers?
  In our network, we can't point to a PAC file because the AIR app simply ignores it, and we experience comms issues because of it. The workaround is to configure the network settings to point directly at the proxy, bypassing the PAC file.
  This is a big problem as pointing directly at the proxy means a lot of manual configuration for each user that requires the use of the AIR app.
  Any clues or suggestions?

  Hi,
  Additional configurations (DHCP and DNS) are required when you use Automatically detect settings.
  For details, please refer to:
  Automatic Detection and Configuration of Browser Settings
  http://technet.microsoft.com/en-us/library/dd361887.aspx
  Hope this helps.
  Jeremy Wu
  TechNet Community Support

• ACE best practice for proxy servers

  Dear,
  I would like to know which is the best practice scenario to load balance proxy servers:
  1- Best practice to have transparent proxy or proxy setting on the web browser?
  2- for transparent proxy: best practice to use ip wccp or route-map pointing to the ACE VIP?
  3- What are the advantages and disadvantages of transparent proxy V/S web browser proxy setting.
  Regards,
  Pierre

  Hi,
  Sorry, that seem to be an internal link.
  You can also check the below post where a sample config is posted here for transparent cache.
  https://supportforums.cisco.com/thread/129106
                 Best practice :
  VIP would be a catch all address.
  To optimize the caching predictor hash url is used.
  You can also use mac-sticky on interface so proper flow persistence is used within ACE
  The mode is transparent so we preserve the destination ip address.
  Regards,
  Siva

• Cisco ACE 4710 - Health Monitoring for Real Servers

  Hi,
  I have setup the following health probe to check for the existence of a specific web page.  My intention is that when the web page is removed, the health check fails and the rserver status changes to 'out of service'.  Unfortunately, when I remove the web page, I see the health check fail, and the rserver state change to 'PROBE-FAILED', however the rserver does not go 'out of service' and continues to respond to requests.
  Can anyone see where I'am going wrong?
  Health check probe config
  probe http live_http_int
    interval 15
    passdetect interval 60
    request method get url /loadbalancer/internal.html
    expect status 199 201
    open 10
  RSERVER config
  rserver host Server1
    description Server1
    ip address 10.10.10.1
    conn-limit max 4000000 min 4000000
    probe live_http_int
    inservice
  rserver host Server2
    ip address 10.10.10.2
    conn-limit max 4000000 min 4000000
    probe live_http_int
    inservice

  Hi syannetwork,
  I think you have to "force" the failed server to close the connection when it has failed. Otherwise it will still serve the available HTML pages.
  Have a look at the "Configuring the ACE Action when a Server Fails" in the "Cisco Application Control Engine Module Server Load-Balancing Configuration Guide" and let me know if the following command helped:
  conf t
  serverfarm host ServerFarm
  failaction purge
  Have a good WE.
  Cheers
  LPL

• Configuring Health Probe for Server Farm

  If I have a server farm with real servers listening on port 8888 and I apply an HTTP-type health probe with no port number specified, will the ACE know to probe the servers at 8888 or will it try to probe port 80?

  Hi,
  Yes it should inherit the port from the real servers defined in the serverfarm. This gives you the flexibility to associate same probe with different serverfarms probing different servers on different ports. This is probe port inheritance feature which is there in ACE.
  Regards,
  Kanwal

• CSM health probe for server farm with multiple vservers

  Is there a way to specify the vserver port that a health probe monitors when multiple vservers are configured for the same serverfarm? Let's say I have a serverfarm named farm1. farm1 services two ports www and https so two vservers vserver_www and vserver_https are configured and bound to farm1. I would like to enable http health probe on farm1 with the intention of only monitoring vserver_www http port but, instead, the health probe monitors both www and https and since a http probe on https fails it takes farm1 reals and both vservers vserver_www and vserver_https out-of-service. Is there a way to configure a health probe to monitor a specific port? Or, should I create two duplicate serverfarms farm1 bound to vserver_www and farm2 bound to vserver_https and only enable http health probe on farm1? Any other ideas welcomed.

  Appreciate the feedback. I also found what I was looking for in configuration examples. To summarize I've borrowed the comment from the URL below:
  # The port for the probe is inherited from the vservers.
  # The port is necessary in this case, since the same farm
  # is serving a vserver on port 80 and one on port 23.
  # If the "port 80" parameter is removed, the HTTP probe
  # will be sent out on both ports 80 and 23, thus failing
  # on port 23 which does not serve HTTP requests.
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/csm/csm_4_2/config/cfgxpls.htm

• Health probe for RDP farm

  I have an RDP server farm that lost a disk. The RDP service was still running but users were unable to log in. I'd like to create a health probe that does maybe a combination of TCP probe for port 3389 and something that can determine if the drive that stores user profiles is available.
  I cannot add any new service (http or ftp) to the server.
  Can anyone think of another way to do this? Is there any way I can check SNMP mibs on the windows server or maybe WMI through TCL?
  Thanks.

  Can you drop me a mail offline ([email protected]) and I can share what I have. Matthew

• ACE Health Probe for SQL

  Hi All,
  Has anyone seen sample TCL code for probing a generic SQL server?
  Thanks,
  Dave

  You can use the following configuration:
  probe tcp MS-SQL
  description TO-RBSQL1
  ip address 10.15.160.3
  port 1433
  interval 2
  faildetect 2
  passdetect interval 2
  passdetect count 2
  rserver host RBWEB1
  ip address 10.15.177.11
  rserver host RBWEB3
  ip address 10.15.177.13
  inservice
  serverfarm host RBWEB
  description TO-VLAN-177-RBWEB-SERVERS
  predictor leastconns
  probe WWW-RISKBROWSER
  probe PING
  rserver RBWEB1
  rserver RBWEB3
  inservice
  And also you can use the command sh probe MS-SQL, to know probe association probed-address probes health. Sure that the server respond or responded with a RST.

• ACE Health probe for SIP

  I've setup a SIP probe to check the health of a Microsoft OCS. The health of this server is always failed. What am I missing? I also tried it with a telnet probe on port 5061, but got the same result. A telnet from ACE to the server on port 5061 works fine.
  See below a show probe SIP detail and the relevant configuration.
  ACE21_Secondary/MOCS# sh probe SIP det
  probe : SIP
  type : SIP
  state : ACTIVE
  description :
  port : 5061 address : 0.0.0.0 addr type : -
  interval : 10 pass intvl : 10 pass count : 3
  fail count: 3 recv timeout: 4
  request-method : OPTIONS
  conn termination : GRACEFUL
  expect offset : 0 , open timeout : 2
  expect regex : -
  ------------------ probe results ------------------
  associations ip-address port porttype probes failed passed health
  ------------ ---------------+-----+--------+--------+--------+--------+------
  rserver : OCS_11
  10.105.11.70 5061 -- 7566 7566 0 FAILED
  Socket state : CLOSED
  No. Passed states : 0 No. Failed states : 0
  No. Probes skipped : 0 Last status code : 0
  No. Out of Sockets : 0 No. Internal error: 0
  Last disconnect err : Server reply timeout (no reply)
  Last probe time : Thu Oct 30 14:18:42 2008
  Last fail time : Tue Oct 28 16:31:30 2008
  Last active time : Never
  ACE21_Secondary/MOCS# sh run
  probe sip tcp SIP
  port 5061
  interval 10
  passdetect interval 10
  receive 4
  expect status 200 200
  open 2
  rserver host OCS_11
  ip address 10.105.11.70
  probe SSL
  probe PING
  probe SIP
  probe SIP_TELNET
  inservice
  Cheers
  Peter

  Peter,
  make sure to NOT run version A2(1.1a) as SIP probes are broken in that specific release.
  If your version is something else, get a sniffer trace on the server to see what is going on.
  Seems like we don't get a reply according to the line :
  "Last disconnect err : Server reply timeout (no reply) "
  Gilles.

• Where can I change Firefox 4 default setting for proxy servers

  I am working on setting up firefox 4 in a multi user environment in linux. In FF 3.x releases, I could go to greprefs/all.js area and make the changes in the all.js file to chagne settings globally. But, I could not find any such file for firefox 4.x installation (for linux).
  Would you please advise where can I go about editing global setting in Firefox 4?
  thanks.

  Maybe it works if you create file and place a files with the prefs in the defaults/pref folder.
  You can use a mozilla.cfg file to lock prefs or specify default values.<br />
  You can place a file local-settings.js in the defaults\pref folder to specify using mozilla.cfg.
  You can use these functions in mozilla.cfg:
  defaultPref(); // set new default value
  pref(); // set pref, but allow changes
  lockPref(); // lock pref, disallow changes
  To prevent users from installing software use:
  lockPref("xpinstall.enabled" ,false);
  See:
  * http://kb.mozillazine.org/Locking_preferences

• ACE Health probe using get URL

  Hello,
  We are trying to create a health probe for our google search appliances and as part of the URL get there is a question mark but the ACE doesn't like that.  Is there a way around this or should it be done differently?
  request method get url /searchq? (This is what we want the URL to be)
  request method get url /searchq (This is where it thinks i'm asking it for help)
  Thanks in Advance.

  Hello,
  You need to typ CRTL+v prior to entering the ?
  That's the Control key then lowercase v, then your question mark.
  Hope this helps,
  Sean

• ACE http health probes - best practice for interval and passdetect interval?

  Hi,
  Is there a recommended standard for http health probes in terms of interval and passdetect interval timings, i.e. should the passdetect interval always be less than the interval or visa versa? Can a http probe be 'mis-configured', i.e. return a 'false positive' by configuring an interval timeout thats 'incompatible' with the device it's polling?
  I have a http probe for a serverfarm consisting of two Apache http servers and get intermittent 'server reply timeout' probe failures. I'm keen to ensure that the configuration of the probe isn't at fault so I can be confident that a failed probe indicates a problem with the server and not my configuration.
  The probe is currently configured as below:-
  probe http http-apache
    interval 30
    passdetect interval 15
    passdetect count 6
    request method get url /cs/images/ACE.html
    expect status 200 304
  Any advice on the subject woud be gratefully received.
  thanks
  Matthew

  Hi Gilles,
  Thanks for the advice. In another dicussion (found here https://supportforums.cisco.com/message/462397#462397) a poster has stated that:-
  "(The) "Probe interval" should always be less then (open+recieve) timeout  value. Default open & receive timeouts are 10 seconds."
  Are you able to advise on whether the above is correct and if so, why? I currently have an interval value of 30 that obviously goes against the advice above (which I've interpretted to mean that if you leave the open & receive timeouts at their default settings your probe interval should be less than 20 seconds?).
  thanks
  Matthew

• Configuring Proxy servers for Mail.app

  Hello, and sorry if this question has been answered b4, but I couldn't find an answer... basically, I have to go thru proxy server at work to connect to the internet on my MBP, which I configured with Network Preferences (I enabled ftp, http, https, socks, and ITMS proxies.. Safari works fine, but can't get Mail to retrieve any mail from either of my mailboxes (.Mac and Gmail POP). the same prob. doesn't happen when i'm home trying to access my Mail from home (where i don't have to go thru proxy servers) using my macbook pro. the question is, how can i "tell" Mail that i'm using a proxy server?? thanks

  No, actually i tried it first with socks proxy disabled, and then with it enabled, but nothing appears to be working.. it sounds a little strange to me that Mail.app doesn't contain specific settings that allow users behind company proxies to still access their mail servers, b/c for whatever reason Mail.app doesn't appear to be using the default system-wide proxy settings specfied in network preferences, which by the way Safari picked up right away and started using. well, any further help on this would be much appreciated, thanks .....

• ACE Probes for authentication to imaps, smpts or pop3s servers

  Dear all,
  we have the demand to do health checks using authentication for servers running SSL-encrypted services like imaps, smpts or pop3s. Has someone implemented tcl scripts for that ? Unfortunately the "SSL_PROBE_SCRIPT" provided by Cisco does only do a "Client Hello". Maybe it is possible to enhance that script in order to test authentication ?
  Thank you very much in advance.
  Bernd

  Dear Gilles,
  thank you very much for your reply. This answers my question.
  But ... I would like to turn this into a feature request, because I believe this demand is not that much out of common. There already is a https probe which works in a similar way, so it should be easy for Cisco to add probes for common ssl-encrypting protocols or - even better - add a generic ssl probe.
  Best regards,
  Bernd

• Any suggestions for optimal configuration of cache on mulitple, high volume proxy servers?

  I am trying to optimize the cache on 12 proxy servers running Sun ONE Proxy 3.6 on Solaris 8. They are not set in an array at this time. Forward proxying only. I have 3- 36G drives available per box for cache. Traffic volume - approximately 50,000 users.

  Hi James,
            The typical configuration is to only use LocalDirector to balance the load
            across the web servers. Since the web servers are using our plugins to
            route the requests to the cluster based on information encoded in the
            session id, you do not need to (and should not try to) use Local Director
            between the web servers and the app servers.
            Hope this helps,
            Robert
            James Higginbotham wrote:
            > I was searching the BEA site for any tips or cautions when using Cisco
            > LocalDirector with WebLogic Server, but was surprised to only see one
            > mention of it in a whitepaper on clustering. What kinds of do's, dont's
            > would you suggest for the following project configuration:
            >
            > o 2 WebLogic 4.5.1 servers w/ cluster licenses on Solaris SPARC
            > o 2 Cisco LocalDirectors
            > o A J2EE Blueprints architecture application, using a single servlet,
            > in-memory replication of servlet sessions, stateless/stateful/entity
            > beans
            > o Entity bean caching preferred to reduce database overhead on reads
            > over time
            >
            > The clustering configuration and Cisco LocalDirectors are initially
            > meant to offer reliability and failover, rather than load balancing.
            > This is due to the local user count but high availability needs of the
            > project.
            >
            > Any advice would be appreciated.
            >
            > Regards,
            > James