How to config CSM load balance of http combined https

In this case,when I config CSM for load balance http and https service separately was ok.2 VIPs , 2 Serverfarms, One for http , and one for https .But I found that the https would referred to http information on IIS , because when the client first to access http is ok,and then login by https ,the information is not right.So,how to config CSM in this case,any reply will be very be appreciated.

There are 2 different ways.
You could combine the 2 vserver into a single one by not specifying the tcp port.
Another solution would be to use the same sticky group for both vservers.
For example, you could use sticky srcip.
ie:
sticky 10 netmask /32 address source
vserver http
sticky 60 group 10
inservice
vserver https
sticky 60 group 10
inservice
Regards,
Gilles.
Thanks for rating this answer.

Similar Messages

  • CSM Load Balance redirect

    I have a request to do a redirect on a CSM load balance device and I am not sure how to go about doing it.
    The request is to send traffic destined for https://payments.domain.com to https://www.diffdomain.com/folder/folder/page.jsp. I already have a serverfarm created for www.diffdomain.com, I guess I could create a vserver with a unique IP address for payments.domain.com and point it at the same set of servers, but how would I append the "/folder/folder/page.jsp" on to the request?

    Hi,
    The only way you can do HTTPS to HTTPS redirection is if you have an SSL module or also if this module happens to be a CSM-S. To be able to redirect encrypted traffic the CSM needs to inspect first the L5 information contained on the HTTP header. Once the SSL card has decrypted the traffic you can configure a webhost relocation serverfarm to ask the client to send the request to https://www.diffdomain.com/folder/folder/page.jsp which will be sent to the 443 vserver that is already taking traffic for https://payments.domain.com
    Hope this helps.
    Pablo

  • Portal Landscape - With 2 CSM (load balance) related question

    Hi,
      We are currently having a portal landscape (Dev, QA -2 app servers, PRD - 4 app servers). The load balancing happens on Production Portal using CSM (load balancer) and it does SSL offloading for security encryption and it lands onto one of the application servers. When we try to login to portal it authenticates using the LDAP (OID). And we have some links which takes to backend R/3, BW etc (we use SAP load balance using SMLG logon group)
    Now due to another special project the following is what we are planning:
    1. Adding couple of more application servers for production portal or having seperate second portal landscape itself
    2. Adding couple of more application servers for R/3 production server (load balance can be done with special logon group for that)
    Questions are:
    1. When we land into current production portal page and click a iview link for the special project it should go only to those special portal app servers (planning to do through another CSM) and from their to backend R/3. In this scenario how the authentication (or sso ticket) happens when it goes from CSM to another CSM, will it ask for login again or any issue will happen with SSO ticket ?
    2. If we decide to go for second portal landscape and in the same scenario when login to current prod portal page and click a iview link for the special project it should go to that another production portal,in that case what will happen to the login authentication happened through the first portal and SSO ticket ?
    3. Suppose if we go to the second production portal directly through a website and if the user tries to login using the same id to first portal how portal will deal in terms of security (SSO) and also how backend R/3 will behave when same id comes as part of SSO.
    Or if anyone thinks of any other issue apart from SSO or encryption related things which i need to be aware of, kindly let me know.
    Thanks,
    Murali.

    I am not sure what CSM is, but I would expect it only does ssl offloading and a sort of "reverse proxy" against the cluster.
    >1. When we land into current production portal page and click a iview link for the special project it should go only to those special portal app servers (planning to do through another CSM) and from their to backend R/3. In this >scenario how the authentication (or sso ticket) happens when it goes from CSM to another CSM, will it ask for login again or any issue will happen with SSO ticket ?
    This depends on the host name you use for the two CSM clusters. If they have the same subdomain, there should be no problem as the SAP Logon Ticket (MYSAPSSO2) cookie is issued to the sub domain of the portal.
    If they do not have the same subdomain, the second CSM cluster will receive the request without the MYSAPSSO2 cookie, and will therefore trigger reauthentication.
    >2. If we decide to go for second portal landscape and in the same scenario when login to current prod portal page and click a iview link for the special project it should go to that another production portal,in that case what will >happen to the login authentication happened through the first portal and SSO ticket ?
    It will fail, as the MYSAPSSO2 cookie from the first portal is not recognized in the second. However, you can easily setup so that the second portal trusts the first and does a logon based on its credentials
    >3. Suppose if we go to the second production portal directly through a website and if the user tries to login using the same id to first portal how portal will deal in terms of security (SSO) and also how backend R/3 will behave >when same id comes as part of SSO.
    I assume both portal will be setup against the same LDAP/UME source. Therefore it will allow the logon. The backend systems should trust both the first and second portal (STRUSTSSO2 transaction)
    I think your architecture choice comes down to if the new project has special considerations with regards to versioning of portal. If it does, it would be sensible to separate it into a separate portal (and you can always integrate them with the first portal through portal federation if you have a relatively new version).
    Regards
    Dagfinn

  • Load balancing effect on ssh/https connections

    We have a RV016 load balancing between two broadband WAN connections. On protocols that are sensitive to a change in IP address such as ssh and https, if the client connection goes inactive for a short time (sometimes as short as 10 seconds), the RV016 often changes WAN connection as part of its "load balancing" feature. Most protocols do not even notice, but the more sensitive protocols do and often lock a session or timeout the session which is not a good thing.
    We have been able to bind these sensitive protcolols to a particular WAN port but (in our minds) this is not an "ideal" situation. In fact I would consider this to be a broken "load balancing" solution and should be fixed.
    Does anyone have any "permanent fixes" or ideas on this?
    Thanks!

    Sorry Tom, but I wrote (edited for clarity): "What would happen [..] when the particular WAN chosen goes down? Does the system apply the same binding to ***another WAN*** until the original one comes back up, will it ignore the bining and so break any new sessions of the same protocol or will it simply fail (no connection)?"
    I did not write "the other WAN". That is, I am considering the case, quite common, of more than two WANs.
    Proper load balancing is described here:
    http://help.mysonicwall.com/sw/eng/305/ui2/23100/Network/WAN_Failover_Load_Balancing.htm
    "About Source and Destination IP Address Binding
    When you establish a connection with a WAN, you can create multiple interfaces, dividing up the task load over these interfaces. There are both Primary and Secondary WAN interfaces. This task distribution model maintains high performance, ensuring that one interface does not become an impasse to the point where it blocks traffic from passing. This process is WAN Load Balancing.
    While WAN Load Balancing addresses performance challenges, it can create other problems, including losing track of sessions. Session confusion can occur because some applications fail to adequately track multiple user sessions load-balanced on multiple interfaces. These applications treat incoming packets as originating from different users because they use IP addresses to differentiate user sessions instead of application-layer user identification tags.
    To ensure that you have proper connectivity in all applications, SonicWALL provides a feature called Source and Destination IP Addresses Binding, a solution that maintains a consistent mapping of traffic flows with a single outbound WAN interface."
    and their appliances are no more expensive than Cisco multi WAN ones...

  • How to enable Network load balancing for Enterprise portal

    Hello,
    We have installed EP 7.0 central instance(00) and dialog instance (01) and would like to enable network load balancing between these two EP servers.Have installed network balancer and the configuration has been done at network level.
    The below URLs are being used for accessing the portal
    Central instance :
    http://CIhostname:50000/irj/portal
    Dialog Instance:
    http://DIhostname:50100/irj/portal
    Both the port number has to be same for enabling load balancing.In order to acive this we have to map this port to http port by making some changes in Visual Administrator.
    Can you please let me know step by step  procedure or any link where i can find the same?
    Appreciate your response
    Thanks,
    Vadi

    Dear Jay,
    Thnaks for your reply.
    No...NLB will helpful in load balancing between different 2 different  application (Ep)servers.
    We are using microsoft network load balancer.Found the service http provider in VA for making those changes.
    Any way thanks.
    Regards,
    Vadi

  • CSM Load Balancer Help

    Hey,
    Just a quick question....
    Does anyone know a) if it's possible and b) how to have two servers off the CSM but instead of load-balancing between them make them a failover pair i.e. if server A goes down server B will take over - done using the same VIP?? It's needed because the application on the servers can't do load-balancing yet but can work in a failover way.
    I'm reading the book trying to work it out but if someone has done this before that would be great!
    Thanks
    Anthony

    Thanks for the responses.
    I'm using CSM 4.6(6) and have given what you suggested a go but have run into problems.
    When I disconnect the primary server I see that go out of service but that also knocks out the VIP and it never fails over to the second server. Am I missing something? I've attached the relevant parts of the config and would be greatful for any advice.
    serverfarm FARM1
    nat server
    nat client WEB
    real 10.2.250.10
    inservice
    probe HTTP
    serverfarm FARM2
    nat server
    nat client WEB
    real 10.2.250.11
    inservice
    probe HTTP
    vserver WEBTRAFFIC
    virtual 10.2.250.100 tcp www
    vlan 250
    serverfarm FARM1 backup FARM2
    persistent rebalance
    inservice
    I also had a go at creating that variable but it wouldn't let me...just said variable not configurable - but I'll play with that and see if I can work it out...I'm not so bothered as long as the backup part works.
    Thanks guys...
    Anthony

  • CSM - Load balance using Server CPU

    Hi
    I have a customer who requires the load-balancing prediction
    algorithm to be based on the CPU level of the Server. So the server with the least CPU is chosen at the laod-balancing stage.
    Is there a way to do this?
    Thanks James

    Hi James
    With CSM the only option is DFP (Dynamic feed back protocol). If your application vendor provides DFP agents (which is very unlikely) for the application then these agents can be installed on App servers for the desired purpose.
    Config details at
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/rsfarms.html#wp1039774')">http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/rsfarms.html#wp1039774
    With ACE you can use SNMP based probes to achieve what you are looking for.
    Syed Iftekhar Ahmed

  • How to use the Load Balancer Plug-in to serve multiple domains

    In SJSAS8.1 SE/EE the asadmin commands that create and maintain a load balancer configuration operate within a domain. When the load balancer configuration is exported an xml file is created that contains all the information for that domain. To make the load balancer plug-in balance the load for multiple domains, the loadbalancer.xml files can be manually merged to conatin the data that is exported from each domain's load balancer configuration.
    For example, 2 domains are created, both having a load balancing configuration. After exporting both configurations using the asadmin export-http-lb-config command, the user would then cut and past the cluster information into the single loadbalancer.xml file that resides under the web server's config directory.
    An example of the manually merged loadbalancer.xml file follows:
    <?xml version="1.0" encoding="UTF-8"?>
    <loadbalancer>
    <cluster name="domain1">
    <instance disable-timeout-in-minutes="30" enabled="true" listeners="http://localhost:1026 https://localhost:38181" name="i1"/>
    <instance disable-timeout-in-minutes="30" enabled="true" listeners="http://localhost:1027 https://localhost:38182" name="i2"/>
    <web-module context-root="ab" disable-timeout-in-minutes="30" enabled="true"/>
    <health-checker interval-in-seconds="5" timeout-in-seconds="60" url="/"/>
    </cluster>
    <cluster name="domain2">
    <instance disable-timeout-in-minutes="30" enabled="true" listeners="http://localhost:1029 https://localhost:38189" name="i3"/>
    <instance disable-timeout-in-minutes="30" enabled="true" listeners="http://localhost:1030 https://localhost:38188" name="i4"/>
    <web-module context-root="webservice" disable-timeout-in-minutes="30" enabled="true"/>
    <health-checker interval-in-seconds="5" timeout-in-seconds="60" url="/"/>
    </cluster>
    <property name="response-timeout-in-seconds" value="60"/>
    <property name="reload-poll-interval-in-seconds" value="5"/>
    <property name="https-routing" value="false"/>
    <property name="require-monitor-data" value="false"/>
    <property name="route-cookie-enabled" value="true"/>
    </loadbalancer>
    Hope this helps - Mark

    Mark, be my savior, I work for SUN as subcontractor at client site. the only one at site ...so I depend on this forum for solutions........
    still having trouble failingover to second instance. I have two AccessManagers behind this loadbalancer.
    Here is what I saw......
    **************LOGS**********************
    [20/Jun/2005:14:22:47] failure (15102): for host 128.114.65.13 trying to GET /amconsole/base/AMA
    dminFrame, service-passthrough reports: timed out waiting for request body
    [20/Jun/2005:14:22:47] warning (15102): reports: lb.runtime: ROUT1014: Non-idempotent request /
    amconsole/base/AMAdminFrame cannot be retried.
    So I went and updated the loadbalancer.xml (see at the end of the msg). Now I get a different kind of problem...
    **************LOGS******************************
    [20/Jun/2005:15:25:18] failure (15295): for host 128.114.65.13 trying to GET /amconsole/base/AMA
    dminFrame, service-passthrough reports: timed out waiting for request body
    [20/Jun/2005:15:25:18] info (15295): reports: lb.runtime: RNTM3003 : Error servicing the request : NoVal
    Here is my loadbalancer.xml file...
    <loadbalancer>
    <cluster name="cluster1">
    <instance name="instance1" enabled="true" disable-timeout-in-minutes="1" listeners="http://idm-test-1.ucsc.
    edu:80 "/>
    <instance name="instance2" enabled="true" disable-timeout-in-minutes="1" listeners="http://idm-test-2.ucsc.
    edu:80 "/>
    <web-module context-root="amconsole" disable-timeout-in-minutes="1" enabled="true" error-url="sun-http-lber
    ror.html" >
    <idempotent-url-pattern url-pattern="/*" no-of-retries="3" />
    </web-module>
    <web-module context-root="amserver" disable-timeout-in-minutes="1" enabled="true" error-url="sun-http-lberr
    or.html" >
    <idempotent-url-pattern url-pattern="/*" no-of-retries="3" />
    </web-module>
    <web-module context-root="ampassword" disable-timeout-in-minutes="1" enabled="true" error-url="sun-http-lb
    error.html" />
    <web-module context-root="amcommon" disable-timeout-in-minutes="1" enabled="true" error-url="sun-http-lberr
    or.html" >
    <idempotent-url-pattern url-pattern="/*" no-of-retries="3" />
    </web-module>
    <health-checker url="/" interval-in-seconds="15" timeout-in-seconds="2" />
    </cluster>
    <property name="reload-poll-interval-in-seconds" value="60"/>
    <property name="response-timeout-in-seconds" value="30"/>
    <property name="https-routing" value="false"/>
    <property name="require-monitor-data" value="true"/>
    <property name="active-healthcheck-enabled" value="true"/>
    <property name="number-healthcheck-retries" value="3"/>
    <property name="route-cookie-enabled" value="true" />
    </loadbalancer>
    **************************************************************

  • How to set up load balancing with overload server on css

    can anyone tell me how to set up a load balancing config on css that will enable me to LB proxy caches and when they have too many connections then LB against an overload proxy-cache.
    Such that when the normal proxy-cache farm is under the ceiling of max connections then the overload server is not used ?
    I don't think redirect or sorry server will do this ?

    see the below configuration,any question,just tell me.
    service proxy-1
    ! below is the real ip of server
    ip address 10.1.1.1
    keepalive type icmp
    active
    service proxy-2
    ip address 10.1.1.2
    keepalive type icmp
    active
    ! enter owner config-mode
    owner proxy
    ! define a content rule,match what you want to load balancing
    content rule-proxy
    ! below is virtual ip,it can be another ip segment
    vip address 10.1.1.50
    add service proxy-1
    add service proxy-2
    protocol any
    advanced-balance sticky-srcip
    active

  • CSM load balancing

    I have an interesting problem. I have a VIP with a two server, serverfarm. Originally the VIP and serverfarm were doing load balancing in the switch IOS and the vip was configured with a 27 bit subnet mask. I moved the configuration to our csm mod and removed the subnet mask. The original sticky was set to 120 and I reset the sticky to 30 as part of the move. Now the load balancing is extremely off kilter (200 connections to 7). Any ideas what could be amiss?

    Real servers are physical devices assigned to a server farm. Real servers provide the services that are load balanced. When the server receives a client request, it pulls matching information from a disk and sends it to the CSM for forwarding to the client.
    You configure the real server in the real server configuration mode by specifying the server IP address and port when you assign it to a server farm. You enter the real server configuration mode from the serverfarm mode where you are adding the real server.
    This URl should help me:
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_installation_and_configuration_guide09186a00801760d0.html#xtocid439743

  • How to check the load balancing in Oracle 11gR2 2 node RAC

    Dear All,
    Can any one please assist me how to check whether the incoming connections are evenly distributing across the nodes..?
    We have two nodes, when we check the sessions counts in both nodes, Most of the time we could see node -1 has more no of sessions than node-2..? So just wanted to know whether load balancing is happening or not ...? If not how to enable it and distribute the incoming connections evenly..?
    Oracle 11gR2 / RHEL5

    SQL> select inst_id,count(*) from gv$session where username is not null group by inst_id;
    INST_ID COUNT(*)
    1 43
    2 40
    Not sure how to check the users are connecting through scan or not ..? But below are scan setttings...
    SQL> !srvctl config scan_listener
    SCAN Listener LISTENER_SCAN1 exists. Port: TCP:1521
    SCAN Listener LISTENER_SCAN2 exists. Port: TCP:1521
    SCAN Listener LISTENER_SCAN3 exists. Port: TCP:1521
    SQL> !srvctl status scan_listener
    SCAN Listener LISTENER_SCAN1 is enabled
    SCAN listener LISTENER_SCAN1 is running on node za-rac-prd-02
    SCAN Listener LISTENER_SCAN2 is enabled
    SCAN listener LISTENER_SCAN2 is running on node za-rac-prd-01
    SCAN Listener LISTENER_SCAN3 is enabled
    SCAN listener LISTENER_SCAN3 is running on node za-rac-prd-01
    SQL> !srvctl config scan
    SCAN name: rac_prd.abc.local, Network: 1/10.100.130.0/255.255.255.192/eth6.64
    SCAN VIP name: scan1, IP: /rac_prd.abc.local/10.100.130.55
    SCAN VIP name: scan2, IP: /rac_prd.abc.local/10.100.130.54
    SCAN VIP name: scan3, IP: /rac_prd.abc.local/10.100.130.53
    SQL>

  • How are JNDI lookups load balanced through software?

    Presumably they are not generally speaking.
              I can see how HTTP Requests are via HttpClusterServlet but how are the
              JNDI lookups handled if the client isn't specify a specific node in their
              intialcontext?
              

    Is there any way of doing that with one nic only?
              Rajesh Mirchandani <[email protected]> wrote in message news:<[email protected]>...
              > You machine could be multi-homed.
              >
              > Robert Nicholson wrote:
              >
              > > Specifically how can I run multiple clusternodes on the same machine and
              > > still load balance my JNDI lookups across them if obviously they are not all
              > > running on the same port and I cannot use
              > >
              > > ht.put(Context.PROVIDER_URL, "t3://acme1,acme2,acme3:7001");
              > >
              > > like syntax.
              > >
              > > "Robert Nicholson" <[email protected]> wrote in message
              > > news:[email protected]..
              > > > Presumably they are not generally speaking.
              > > >
              > > > I can see how HTTP Requests are via HttpClusterServlet but how are the
              > > > JNDI lookups handled if the client isn't specify a specific node in their
              > > > intialcontext?
              > > >
              > > >
              

  • How can I design Load Balancing for distant Datacenters? without single point of failure

    Dear Experts,
    We are using the following very old and passive method of redundancy for our cload SaaS but it's time to make it approperiate. Can youplease advise:
    Current issues:
    1. No load balancing. IP selection is based on primary and secondary IP configurations. If Primary fails to respond, IP record for DNS changes to secondary IP with TTL=1min
    2. When primary server fails, it takes around 15 min for clients to access the servers. Way too long!
    The target:
    A. Activate a load balancing mechanism to utilized the stand-by server.
    B. How can the solution be designed to avoid single point of failure? In the previous example, UltraDNS is a single point of failure.
    C. If using GSS is the solution, how can it be designed in both server locations (for active redundancy) using ordinary DNS server?
    D. How can HSRP, GSS, GSLB, and/or VIP be used? What would be the best solution?
    Servers are running ORACLE DB, MS SQL, and tomcat with 2x SAN of 64TB each.

    Hi Codlick,
    the answer is, you cannot (switch to two web dispatchers).
    If you want to use two web dispatchers, they need something in front, like a hardware load balancer. This would actually work, as WD know their sessions and sticky servers for those. But remember you always need a single point for the incoming address (ip).
    Your problem really is about switchover groups. Both WD need to run in different switchover groups and need to switch to the same third software. I'm not sure if your switchover software can handle this (I'm not even sure if anyone can do this...), as this means the third WD needs to be in two switchover groups at the same time.
    Hope this helps,
    Regards,
    Benny

  • How to control a Load Balanced set in IaaS VMs using Text files

    Hi,
    I would like to control the Load Balanced nodes Using a resource to probe like active.txt  in IIS than a Endpoint on the Management Portal.
    The reason i need this is because the engineers in my team will have access to VMs but not to Management servers.
    Any info on it is very helpful.
    Thanks

    Hi,
    You can Control the access to the Load Balanced Set by using Network ACL. A Network Access Control List (ACL) is a security enhancement available for your Azure deployment. An ACL provides the ability to selectively permit or deny traffic for a virtual machine
    endpoint. This packet filtering capability provides an additional layer of security. 
    Using Network ACLs, you can do the following:
    Selectively permit or deny incoming traffic based on remote subnet IPv4 address range to a virtual machine input endpoint. 
    Blacklist IP addresses
    Create multiple rules per virtual machine endpoint
    Specify up to 50 ACL rules per virtual machine endpoint
    Use rule ordering to ensure the correct set of rules are applied on a given virtual machine endpoint (lowest to highest)
    Specify an ACL for a specific remote subnet IPv4 address.
    Network ACLs can be specified on a Load balanced set (LB Set) endpoint. If an ACL is specified for a LB Set, the Network ACL is applied to all Virtual Machines in that LB Set. For example, if a LB Set is created with “Port 80” and the LB Set contains 3 VMs,
    the Network ACL created on endpoint “Port 80” of one VM will automatically apply to the other VMs.
    Hope this helps !
    Regards,
    Sowmya

  • How to configure software load balancer for R12.1.3

    Dear All,
    I need to configure software load-balancer on application tiers and i need to know if its possible to have a software load-balancer in place of hardware load balancer if i need to route the load on two application nodes.
    Thanks !

    As we do not certify, nor support 3rd party loadbalancers we can not confirm that the Piranha loadbalancer will perform as expected with EBS. The basic minimum requirements or loadbalaning is that it has death detection, and session / cookie persistence We also typically require that a hardware loadbalancer is used. Internally we use F5 loadbalancers, and Cisco ACE.
    What are the limitations of a software load balancer compared to hardware ? As mentioned above, your software balancer should has the capability of "death detection, and session/cookie persistence" -- More details can be found in (Implementing Load Balancing On Oracle E-Business Suite - Documentation For Specific Load Balancer Hardware [ID 727171.1]).
    Oracle Web Cache can be used as a software load balancer (which is an Oracle product), but Oracle recommends you do not use it in production instances.
    Thanks,
    Hussein

Maybe you are looking for