Load-balance / autofailover using 2 ISPs
Good morning.
we have a T1 installed at our site and recently purchased a broadband connection from a different ISP. Our plan is to utilize both ISPs to Load-balance our Internet and setup auto-failover in case either one fails. We run exchange 2007 and host an ASP application so we can't afford to have our Internet disrupted.
currently we have a 1841 cisco router for the T1 and we're trying to figure-out if we need to purchase an ASA Firewall to setup the auto fail-over / load balance system.
Can you tell me which is the best way to do this and what equipment / model of cisco routers/ Firewalls do you recommend to implement this?
Thanks,
Collin
Hi Collin -- We appreciate your post but, as this pertains to ISR 1841, think you'd be better served in the Cisco NetPro Forums.
Here's the link:http://forums.cisco.com/eforum/servlet/NetProf;jsessionid=37FE634C9B9344028C695A694C4E3971.SJ2A?page=netprof&forum=Small%20and%20Medium%20Business&topic=Technologies%20for%20Small%20Medium%20Businesses&CommCmd=MB%3Fcmd%3Ddisplay_messages%26mode%3Dnew%26location%3D.1ddbf5a7.
Thanks,
Stephanie
Similar Messages
-
Cluster/load balance weblogic using L4 switch like Alteon
Can I install weblogic as a standalone server on 2 or more server and
cluster/load balance weblogic using a hardware balancer like Alteon Layer4
switch (of course I will use a centralised storage to maintain a single copy
of data which will eliminate syncronizing problem among servers)?
BTW, Alteon can support persistent binding. The reason to use a Layer 4
switch is that it is very fast, and this will make the application server
layer transparent to client, the client can think this is a single server
(it don't need to know whether there are 5 weblogic servers or 20 weblogic
servers behind switch), and hardware are more reliable, sacalable and fast.
I am not sure whether the normal weblogic clustered servers need to
share/exchange info on the running memory, if it does, this approach will
fail.
So My understanding is:
Alteon with WL 6.0 can do load balancing for:
entity bean
stateless session bean
but can't do load balancing for:
stateful session bean (will persistent/sticky binding solve part of the
problem except fail-over)
in-memory replication
am I right?
Pao Wan
"Don Ferguson" <[email protected]> wrote in message
news:[email protected]...
> It is possible to configure Alteon to understand the WebLogic 6.0 cookie
format
> and have a proxy-less cluster configuration that performs load balancing
and
> fail over of session state.
>
> It is also possible to configure Alteon's hardware-based SSL decryption
for really
> fast HTTPS processing.
>
> We are working on a white paper that describes how to configure Alteon for
use
> with WebLogic Server 6.0.
>
> -Don
>
>
> Robert Patrick wrote:
>
> > Cameron,
> >
> > I believe that BEA tested their new proxy-less web clustering solution
with
> > load-balancing products from Alteon and several other vendors
(Arrowpoint ?--
> > which is now Cisco). However, it was my understanding that these
products do
> > not understand how to decrypt our cookies and extract IP addresses but
rather
> > these products are capable of doing sticky load balancing based on the
Session
> > ID contained in our cookie.
> >
> > If this is correct, then what this means is that when the primary server
fails,
> > the request will be routed to "some other server" in the cluster but not
> > necessarily the one that holds the secondary copy of the user's session.
The
> > change in WLS 6.0 is that WLS will accept these misdirected requests and
it will
> > go out to the correct server and "migrate" the session to the server
that
> > received the request making that server the new primary (and
regenerating the
> > Session ID).
> >
> > I am sure if this is wrong that our product manager or one of our
engineers will
> > correct me (please?)...
> >
> > Hope this helps,
> > Robert
> >
> > Cameron Purdy wrote:
> >
> > > Hi Robert,
> > >
> > > FWIW - There are several vendors (Primeon? Arrowpoint?) who claim to
> > > understand WL cookies and parse the IPs out. (I haven't verified it
myself
> > > though.)
> > >
> > > --
> > > Cameron Purdy
> > > Tangosol, Inc.
> > > http://www.tangosol.com
> > > +1.617.623.5782
> > > WebLogic Consulting Available
> > >
> > > "Robert Patrick" <[email protected]> wrote in message
> > > news:[email protected]...
> > > > There are not any hardware vendors (yet) that can understand
WebLogic's
> > > session
> > > > ID. While you might be able to use the load balancer without the
proxy on
> > > 5.1,
> > > > you would not be able to take advantage of in-memory replication
failover
> > > unless
> > > > you only had two machines in the cluster. Like you said, everything
will
> > > work
> > > > with 6.0 regardless of how the load balancer works (though you
really,
> > > really
> > > > want to minimize the number of times the requests come into the
wrong
> > > server by
> > > > utilizing sticky load balancing).
> > > >
> > > > Hope this helps,
> > > > Robert
> > > >
> > > > Cameron Purdy wrote:
> > > >
> > > > > Rajesh,
> > > > >
> > > > > I meant that it would work in lieu of a proxy (such as Apache or
NES)
> > > with
> > > > > 5.1, but only if both the hw load balancer and WL were set up to
use
> > > > > cookies. Some hw load balancers rely on IP and that doesn't
work -- AOL
> > > > > connections for example can change the source IP on the fly.
Others
> > > produce
> > > > > their own cookies, that will work. Some even can use WL cookies
and
> > > parse
> > > > > them to determine where to go. According to what I've read, with
6.0 if
> > > the
> > > > > WL primary dies or for some other reason the request shows up at
the
> > > "wrong"
> > > > > server, it will be handled correctly. That means you are pretty
safe
> > > with
> > > > > hw load balancers and 6.0, almost regardless of the sticky
> > > implementation
> > > > > that they use.
> > > > >
> > > > > --
> > > > > Cameron Purdy
> > > > > Tangosol, Inc.
> > > > > http://www.tangosol.com
> > > > > +1.617.623.5782
> > > > > WebLogic Consulting Available
> > > > >
> > > > > "Rajesh" <[email protected]> wrote in message
> > > > > news:[email protected]...
> > > > > >
> > > > > > Hi Cameron,
> > > > > > Can you elaborate on how it would work with WL5.1 since no in
memory
> > > > > replication
> > > > > > would happen if the servers are standalone.
> > > > > >
> > > > > > "Cameron Purdy" <[email protected]> wrote:
> > > > > > >Yes, this will work fine with WL6. (WL5.1 will work fine as
long as
> > > > > cookies
> > > > > > >are used by the load balancer.)
> > > > > > >
> > > > > > >--
> > > > > > >Cameron Purdy
> > > > > > >Tangosol, Inc.
> > > > > > >http://www.tangosol.com
> > > > > > >+1.617.623.5782
> > > > > > >WebLogic Consulting Available
> > > > > > >
> > > > > > >
> > > > > > >"paowan" <[email protected]> wrote in message
> > > > > > >news:[email protected]...
> > > > > > >> Can I install weblogic as a standalone server on 2 or more
server
> > > and
> > > > > > >> cluster/load balance weblogic using a hardware balancer like
Alteon
> > > > > Layer4
> > > > > > >> switch (of course I will use a centralised storage to
maintain a
> > > single
> > > > > > >copy
> > > > > > >> of data which will eliminate syncronizing problem among
servers)?
> > > > > > >>
> > > > > > >> BTW, Alteon can support persistent binding. The reason to use
a
> > > Layer
> > > > > > >4
> > > > > > >> switch is that it is very fast, and this will make the
application
> > > > > server
> > > > > > >> layer transparent to client, the client can think this is a
single
> > > > > server
> > > > > > >> (it don't need to know whether there are 5 weblogic servers
or 20
> > > > > weblogic
> > > > > > >> servers behind switch), and hardware are more reliable,
sacalable
> > > and
> > > > > > >fast.
> > > > > > >>
> > > > > > >> I am not sure whether the normal weblogic clustered servers
need to
> > > > > > >> share/exchange info on the running memory, if it does, this
> > > approach
> > > > > will
> > > > > > >> fail.
> > > > > > >>
> > > > > > >>
> > > > > > >
> > > > > > >
> > > > > >
> > > >
>
-
Load balancing weirdness using NAT and same-metric route
Hi.
I'm trying to set up a double-WAN load-balancing scenario:
I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
=== PING 1 ECHO REQUEST ===
*Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
*Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
*Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
*Mar 3 04:38:43.521: ICMP type=8, code=0
=== PING 1 ECHO REPLY ===
*Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
*Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:45.589: ICMP type=0, code=0
=== (something else) ===
*Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
OLD rdb: via 10.129.124.33, Vlan2
NEW rdb: via 10.129.124.1, Vlan1
=== PING 2 ECHO REQUEST ===
*Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
*Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
*Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
*Mar 3 04:38:52.353: ICMP type=8, code=0
=== PING 2 ECHO REPLY ===
*Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
*Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:53.033: ICMP type=0, code=0
In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
no ip cef
ip dhcp pool lan-side
import all
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
domain-name doublewan.local
dns-server 8.8.8.8 8.8.4.4
lease infinite
ip domain name doublewan
interface FastEthernet0
!doesn't appear on running-config: vlan 1 is the default access vlan
!switchport access vlan 1
interface FastEthernet1
switchport access vlan 2
interface FastEthernet2
shutdown
interface FastEthernet3
shutdown
interface FastEthernet4
ip address 192.168.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
interface Vlan1
ip address 10.129.124.2 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
interface Vlan2
ip address 10.129.124.35 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
ip nat inside source route-map nat1 interface Vlan1 overload
ip nat inside source route-map nat2 interface Vlan2 overload
ip access-list standard acl4-nexthop-vlan1
permit 10.129.124.1
ip access-list standard acl4-nexthop-vlan2
permit 10.129.124.33
route-map nat2 permit 10
match ip address 102
match ip next-hop acl4-nexthop-vlan2
match interface Vlan2
route-map nat1 permit 10
match ip address 101
match ip next-hop acl4-nexthop-vlan1
match interface Vlan1
control-plane
Of course, there is some configuration pending for redundancy and stuff.
Thanks a lot in advance.
[1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.htmlHello.
This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing". -
LRT224 Load Balancing with only one ISP
I found that the LRT224 Load Balancing really increased performance on my network with a single Internet Service Provider.
Also if your ISP doesn't limit the number of Public IP Addresses your ISP Device can provide to one. You can get two Public IP Address for additional port forwarding and other uses.
------------------- OR ----------------------------
Please remember to Kudo those that help you.
Linksys
Communities Technical SupportIn my case I noticed an immediate improvement in overall performance. When I do a "speedtest.net" test the speeds are always at the maximum throughput even with other heavy users on the internet. Which wasn't the case before. I suspect that the Dual WAN connections are doubling the amount of available full speed connections due to the load balancing.
It's interesting to watch the ethernet port lights on the ISP Modem blinking like mad as the LRT224 pumps data through the two ethernet ports.
Please remember to Kudo those that help you.
Linksys
Communities Technical Support -
EIGRP load balancing when using HSRP on LAN
Hi
I have a question about my topology. I have two routers with EIGRP on both of them connected through 2 ISPs to other site. On those routers i have HSRP runing. Now my question is: HSRP is standby/active protocol so when one router act as active will it send data to other site only through one ISP??? will load balancing work on WAN side? will routers use both ISPs or just one- the one which is active in HSRP when sending data???Hi sotiris_pafitis, may be I didn't understand what you mean but if the idea is to configure one static on each router (pointing it's ISP) and redistribute it in EGRIP, I disagree: is useless because the other router will prefer the static route due to its better administrative distance. Using EIGRP unequal load balancing is useless because it balanced EIGRP path with different metric, not different Administrative distance. Isn't it ?
If you want to use static route simply configure two static route on each router: one though WAN interface and the other through the LAN.
For example:
R1#conf t
ip route 0.0.0.0 0.0.0.0 192.168.13.3
ip route 0.0.0.0 0.0.0.0 192.168.12.2
The result is:
R1#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "static", distance 1, metric 0, candidate default path
Redistributing via eigrp 100
Advertised by eigrp 100
Routing Descriptor Blocks:
* 192.168.13.3
Route metric is 0, traffic share count is 1
192.168.12.2
Route metric is 0, traffic share count is 1
In any case I think static router is not a good choice: in case of a fault on ISP 1, WAN interface can remain up producing a routing blackhole. If possible it's better to have a dynamic routing protocol between router and ISP, receving the default route and changing delay on interf to have the same metric for both the path
Bye,
enrico -
Load balancing with use of router 881.
Hello,
I have two MPLS line and i want load balancing with the help of CISCO router 881. is it necessary that i require two router on both location.? if one location have firewall and one location have cisco router 881 then can i do a load balancing or i require two router each on both location ? What are the basic requirement that i need.
Thanks,
KuntalDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
An 881 should be able to load share across multiple ports. Many routing protocol support ECMP, including BGP, but you need "special" hidden/secret commands to enable. EIGRP also supports unequal cost load sharing.
If an 881 supports OER or PfR, those too will do unequal load sharing, dynamically. -
ACE: load balancing servers using DMZ ports on FWSM
devices; (2 core with the ff config)
6500
fwsm
idsm
msfc
SETUP;
Servers are connected to the dmzs on the core
REQUIREMENT;
to load balance the servers
QUESTION;
Using the ACE module, is it possibe to load balance the servers which are connected to the port which is configured as DMZ?
Thanksdoes not matter where the servers are connected.
However, be aware that the flows from client to server needs to go through the loadbalancer BUT also the flows server to client.
So, you should be careful where you attach the ACE module.
The easier would be to attach to the DMZ as well between the FW and the servers.
Gilles. -
Load Balancing OBIEE using OC4J
Hi All,
I would like to know if there is a way of load balancing 2 instances of OBIEE using OC4J.
Please advice if possible and the steps required to achieve that.
A small correction ... we have 2 instance of OBIEE and 2 of stand alone of OC4J
Is there any way we can attempt to load balance the two???
Regards,
maabajaber
Edited by: maabajaber on Sep 22, 2010 4:19 AMHi All,
A small correction ... we have 2 instance of OBIEE and 2 of stand alone of OC4J.
I believe OC4J stand alone can do this but i dont know how
Is there any way we can attempt to load balance the two.
Regards,
maabajaber -
Issue in setting flex app in load balanced environment using SSL
I have developed the dashboard in my application using flex 3.0. For this I have used JSP wrapper around the flex application. My application runs on JBoss application server. for communication between flex app and my application i am using LCDS. HTTPService component is being used to receive data from the server. Channel definitions are given in service-config.xml for amf and http channels and for both secure secure and not secure mode. In my proxy-config.xml i have defined Channels and destinations.
services-config.xml
<channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf" class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<polling-enabled>false</polling-enabled>
</properties>
</channel-definition>
<channel-definition id="my-secure-amf" class="mx.messaging.channels.SecureAMFChannel">
<endpoint url="https://{server.name}:{server.port}/{context.root}/messagebroker/amfsecure" class="flex.messaging.endpoints.SecureAMFEndpoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>
<channel-definition id="my-http" class="mx.messaging.channels.HTTPChannel">
<endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/http" class="flex.messaging.endpoints.HTTPEndpoint"/>
</channel-definition>
<channel-definition id="my-secure-http" class="mx.messaging.channels.SecureHTTPChannel">
<endpoint url="https://{server.name}:{server.port}/{context.root}/messagebroker/httpsecure" class="flex.messaging.endpoints.SecureHTTPEndpoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>
proxy-config.xml
<default-channels>
<channel ref="my-http"/>
<channel ref="my-amf"/>
<channel ref="my-secure-http"/>
<channel ref="my-secure-amf"/>
</default-channels>
<destination id="dashboardService">
<properties>
<url>/kr/servlet/DashboardServlet</url>
</properties>
</destination>
<destination id="dashboardJSPService">
<properties>
<url>/kr/krportal/dashboardJSPService.jsf</url>
</properties>
</destination>
In my development environment both secure and non secure mode were working fine. Now when I have deployed it behind the load balancer(which accepts secure requests only and if the request is not secure it redirects it to secure url) there is no response from the message broker servlet. One thing more I have observed is when the environment is non load balanced there are request like 'http://{server.name}:{server.port}/{context.root}/messagebroker/http'. and these requests are post request. But in load balanced environment with ssl the request is again like 'http://{server.name}:{server.port}/{context.root}/messagebroker/http' which is a post request and it is redirected to 'https://{server.name}:{server.port}/{context.root}/messagebroker/http' which is a get request. The content returned by this get request is null.
Looking for some comments
Thanks
Abhishek Guptaif the load balancing environment is already well configured, thes rest is very easy, there is no difference between a configuration of load balancing environment and a simple one, for you that is transparent, except the manual deployment and manual copying
of files in the directory 15 -
Two active active ISPs with load balancing, publishing and VPN connection
Hi,
I wonder how to enable a scenario where i have to use two ISP's to share 30/70 load on our internet traffic, have to configure almost 60 internal websites already published using microsoft TMG firewall and connect client VPN connections and site-to-site vpn connections. I know that ASA firewall has limitation when using security contexts. Is good idea that how to achieve this gool?
I previously tried connecting four sites running ASA devices with this fifth site running Microsoft TMG firewall but i was able to connect only two ASA firewalls using site-to-site VPN, though I was able to connect remaining two as well but last two were not able to access ASA-TMG resources. furthermore behavious of two ASA-TMG connected sites was strange: sometime i was not able to access cross site resources from one machine but was able to do so from another machine.
I noticed that two of ASA sites connected with TMG site has different internal IP class (e.g site one 192.168.0.* and site two using 172.16.*.*) while remaining two have same class like the first site e.g 192.168.128.* and 192.168.100.*
Did anyone has experiance connecting TMG-ASA with multiple sites within same IP class scenario?
OR
How to enable same features using Cisco devices as they are on a single Microsoft TMG?
Best,
Saulat (Contact# 0092-321-4025587)Sulat,
You can load balance between the two ISPs. That is not possible. But, we do have some options that I have discussed here:
Hope the above link gives you some ideas to utilize both your ISP links.
-Kureli -
How to control a Load Balanced set in IaaS VMs using Text files
Hi,
I would like to control the Load Balanced nodes Using a resource to probe like active.txt in IIS than a Endpoint on the Management Portal.
The reason i need this is because the engineers in my team will have access to VMs but not to Management servers.
Any info on it is very helpful.
ThanksHi,
You can Control the access to the Load Balanced Set by using Network ACL. A Network Access Control List (ACL) is a security enhancement available for your Azure deployment. An ACL provides the ability to selectively permit or deny traffic for a virtual machine
endpoint. This packet filtering capability provides an additional layer of security.
Using Network ACLs, you can do the following:
Selectively permit or deny incoming traffic based on remote subnet IPv4 address range to a virtual machine input endpoint.
Blacklist IP addresses
Create multiple rules per virtual machine endpoint
Specify up to 50 ACL rules per virtual machine endpoint
Use rule ordering to ensure the correct set of rules are applied on a given virtual machine endpoint (lowest to highest)
Specify an ACL for a specific remote subnet IPv4 address.
Network ACLs can be specified on a Load balanced set (LB Set) endpoint. If an ACL is specified for a LB Set, the Network ACL is applied to all Virtual Machines in that LB Set. For example, if a LB Set is created with “Port 80” and the LB Set contains 3 VMs,
the Network ACL created on endpoint “Port 80” of one VM will automatically apply to the other VMs.
Hope this helps !
Regards,
Sowmya -
Load Balancing using Virtual IP on DMZ interface of 5520 ASA
We want to achieve a load balancing scenario using Virtual IP on DMZ interface on a Cisco ASA 5520.
The IPs we are going to use on DMZ are 10.15.1.2 and 10.15.1.3
These IPs are going to be NATted to all inside IPs.
Lets say our outside IP is X.X.X.X
This IP points to 10.15.1.2 and 10.15.1.3 with .2 being the primary and .3 being the secondary.
When I hit the outside IP, it should point me to .2 and that .2 should take me to the inside IPs.
I need configuration assistance with that.Hi Pratik,
The ASA does not support having 1 global/translated IP address on the outside mapped to multiple local/real IP addresses on the DMZ. If it did, the ASA would have no way of deciding if traffic destined to X.X.X.X is really meant for 10.15.1.2 or 10.15.1.3. For this scenario, you should use a dedicated load balancer or a router that supports policy-based routing.
-Mike -
Cisco 886VA - Multiple PPPoE Line Load Balancing
Dear Cisco Community,
due to the need of increased bandwidth a customer ordered three ADSL6000/576Kbit lines from the same ISP. Dial-in is done with PPPoE and the IP is not static.
- Is it possible to load balance between the three ISP lines with this router as the Cisco 886VA-K9 (Advanced IP Services) doesnt support PFR/OER I want to load balance per session, meaning each TCP session takes the same path, the next TCP session takes second path, next TCP session takes third path, then first path again and so on.
- I did read the tutorials avaiable, but they don't discuss how the lines are used in round-robin fashion, just how to distribute different traffic on different lines. (https://supportforums.cisco.com/document/32186/dual-internet-links-nating-pbr-and-ip-sla?page=1) or (http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.html)
- How would you solve this challenge?
Relevant config so far:
vlan 1
name #LAN#
vlan 2
name #WAN-Uplink1#
vlan 3
name #WAN-Uplink2#
interface FastEthernet0
description #LAN#
switchport access vlan 1
interface FastEthernet2
description #WAN-Uplink1#
switchport access vlan 2
no ip address
pppoe enable
pppoe-client dial-pool-number 20
interface FastEthernet3
description #WAN-Uplink2#
switchport access vlan 3
no ip address
pppoe enable
pppoe-client dial-pool-number 30
interface ATM0
description #WAN-Uplink3#
no ip address
logging event atm pvc state
logging event atm pvc autoppp
logging event subif-link-status
no atm ilmi-keepalive
no ip redirects
no ip unreachables
no ip proxy-arp
dsl enable-training-log delay 0
dsl bitswap both
interface ATM0.1 point-to-point
bandwidth 550
bandwidth receive 6000
pvc pvc 1/32
pppoe enable
pppoe-client dial-pool-number 10
vbr-nrt 500 500 1
service-policy out WAN-Control1-Parent
interface Vlan1
description #LAN#
ip address 172.16.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Dialer1
description #WAN-Dialer1#
bandwidth 550
bandwidth receive 6000
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 20
dialer idle-timeout 0
ppp authentication chap pap callin
ppp chap hostname XXX
ppp chap password XXX
ppp pap sent-username XXX
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
service-policy output WAN-Control2-Parent
interface Dialer2
description #WAN-Dialer2#
bandwidth 550
bandwidth receive 6000
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 30
dialer idle-timeout 0
ppp authentication chap pap callin
ppp chap hostname XXX
ppp chap password XXX
ppp pap sent-username XXXX
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
service-policy output WAN-Control3-Parent
interface Dialer3
description #WAN-Dialer3-ATM#
bandwidth 550
bandwidth receive 6000
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 10
dialer idle-timeout 0
ppp authentication chap pap callin
ppp chap hostname XXX
ppp chap password 7 XXX
ppp pap sent-username xxx
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
ip nat inside source route-map ISP1 interface Dialer1 overload
ip nat inside source route-map ISP2 interface Dialer2 overload
ip nat inside source route-map ISP3 interface Dialer3 overload
route-map ISP1 permit 10
match ip address 100
match interface Dialer1
route-map ISP2 permit 10
match ip address 100
match interface Dialer2
route-map ISP3 permit 10
match ip address 100
match interface Dialer3
access-list 100 remark #NAT-LIST#
access-list 100 permit ip 172.16.1.0 0.0.0.255 any
Thank you for helping.Hey there,
I managed to fulfill my requirement..
If its a cluster on same machine or across machines, this should work
1. Login to machine, cd $DOMAIN_HOME
2. mkdir -p Apex_lsn_config/AdminServer Apex_lsn_config/<MS1> Apex_lsn_config/<MS2> # MS1 and MS2 are the Managed Server names as appropriate
#If you are planning for cluster spawning MS's across machines, make sure you create the dir's on step 2 for each machine respectively. (in my case $DOMAIN_HOME is not shared)
3. Copy apex-config.xml from the /tmp/apex or whatever location you have it currently to Apex_lsn_config/<MS1> Apex_lsn_config/<MS2>
4. cd $DOMAIN_HOME/bin; cp -p SetDomainEnv.sh SetDomainEnv.sh.orig #Backup the file
5. Append -Djava.io.tmpdir in SetDomainEnv.sh as below for JAVA_OPTIONS # Do it on both machine if you are not sharing DOMAIN_HOME and planning cluster across machines
-Djava.io.tmpdir=$DOMAIN_HOME/APEX_CONFIG/${SERVER_NAME}
Hint: Search for "iterativeDev" and append the same line with -Djava.jo.tmpdir
6. Modify "java.io.tmpdir" from the web.xml file of apex.war as below and re-deploy the war
<context-param>
<param-name>config.dir</param-name>
<param-value>${java.io.tmpdir}</param-value>
</context-param>
7. Bounce Weblogic Admin and Manged Servers. Make sure to tail the Managed Server log to see apex-config.xml is picked from the new location.
8. Brew a Coffee for yourself :)
- You find the instructions on creating a cluster from weblogic documentation, the steps mentioned above are only to overcome the bdb locking issue whilst creating a cluster.
Did it help?
Edited by: Oratime on Mar 25, 2013 2:44 AM -
We are big ISP, and we are peering ebgp with several International ISPs for inetrnet connectivity. My question is how to load balance between the several ISPs, I mean based on what?, we need to make sure to load balance in both ways.
Hi,
usually load balancing has two parts:
1) local traffic to the internet
2) return traffic from the internet
As we are talking about BGP any mechanism influencing path selection can be used to load balance local traffic.
Basically you send traffic towards some destinations through one peering point and some traffic to other destinations through other peering points. Local Preference could be a good way to achieve this.
Be aware that you need some traffic analysis in order to influence the local traffic in the desired way.
Regarding option 2):
We are talking about BGP and what you want is to influence the routing decisions of other ASes. Bad news: there is no way to make SURE it will happen the way you want this to happen. They are AUTONOMOUS and therefore can also use f.e. LocPref to achieve their goals. Those might contradict yours.
But from a technical point of view the BGP updates you send should contain "hints" as to where the return traffic should be sent. As anything can be stripped of a BGP update except well-known mandatory attributes (origin, next-hop, AS path) usually AS path prepending is the measure to make return traffic for one of your prefixes prefer one way. And traffic for other prefixes you own another way.
Also be aware that BGP in itself was not built for Load sharing per prefix, because every BGP speaker will only announce the best path per prefix. So even in the neighbor AS after a route-reflector all BGP speakers will only learn ONE path to your AS per prefix.
Hope this helps
Martin
P.S.: Do not prepend too many ASes and do not split your IP address space in to many small junks. Also look at RIPE document 229, which talks about route flap dampening ... larger prefixes are always better. -
SAP GLM Print Request - Load Balancing of WWI server
Hi GLM Experts,
I am using new GLM + module that generates labels based on Print Requests. I am unable to understand how I can load balance the WWI services when there are multiple label printing requests.
In GLM + we associate a WWI to a Print Station and which can then be associated with a printer. So in the configuration we are tying up a printer a WWI.
Also during label printing, if the scenario uses print request module, then the use need to select a print station and printer. What happens if the WWI related to the print station is down?
For example I have two services in WWI server GENPC1 and GENPC2. I created WWII and WWI2 as two print stations. I will associate my printer PRNWWI to both the print stations WWI1 and WWI2.
During label printing if the user picks and WWI1 and Printer PDNWWI and if the GENPC1 WWI server assocaited with print status WWI1 is busy and down I want WWI GENPC2 to generate the label?
How to setup the above load balancing or fall back? Please let me know.
Thanks
PugalDear Pugal
we are not using GLM + and I am not sure about the technqiue used there to handle load balancing. Regarding general WWI setup I assume you know this Note: EH&amp;S: Availability and performance of WWI and Expert servers
On the top there is a further SAP Note abvailable which might be of interest. This is referenced here:
http://de.scribd.com/doc/191576739/011000358700000861002013-e
May be check OSS note: 1958655; OSS Note 1155294 is more related to normal WWI stuff; but may be check it as well. May be 1934253 might help better
May be this might help.
C.B.
PS: may be check as well: consolut - EHS_MD_140_01 - EH&amp;S-Management-Server einrichten
The load balancing of synchron WWi servers is donein the "RFC" layer, therefore you have no inffluence here, for asynchron WWI servers you can do a lot to manage the WWI load balancing by using "exits" etc.
Maybe you are looking for
-
Error while Importing a Web Services Model
Hi, I have developed an Web Dynpro application for sending an e-mail message, using an e-mail Web service provided by an external service provider (in this case http://webservices.matlus.com/scripts/emailwebservice.dll/wsdl/IemailService) as provided
-
TS4062 After using Setup Assistant, devices no longer appear in iTunes for Wifi Sync
I'm trying to fix an issue that is the result of a bug I disovered, and I'm out of ideas to troubleshoot. I'm hoping you guys will have some more suggestions, perhaps deleting plists or somehow resetting iTunes device syncing so I can start over. The
-
Error Details- [email protected] : Could not invoke 'process'; nested exception is: java.net.UnknownHostException: otm-connor-otm-55-wl.us.oracle.com: otm-connor-otm-55-wl.us.oracle.com Hi Guys, I am getting the above error when i am invoking th
-
Questions about function ---- showModalDialog()
<html> <head> <meta charset="UTF-8"> </head> <body> <h1>This is indexHtml!</h1> <button onclick="clickMe()">click Me!</button> </body> <script type="text/javascript"> function clickMe() { var paramObj = new Object(); paramObj.parentWin = "1111"; para
-
Can i trap the URL of the browser??help!!!!
Hi, I want to trap the URL of the browser in my java application.Is it possible to do that?? In other words, can i manipulate the browser (like 'IE browser' available as an activex component for vb users.) in java for some urgent requirement? (Or) Is