Load Balancing 2 routers
Hi all
Can someone tell me the best way to load balance between 2 routers, can someone post a typical config ?
thanks a million
Carl
Hi Carl,
You can use the following load-blancing methods between the routers.
1. Static routes or default route load-balancing
2. Multilink PPP
3. Equal/unequal cost path load-balancing with Dynamic Routing protocol.
4. CEF load-balancing.
Please see the DOC below.
http://www.cisco.com/en/US/products/hw/modules/ps2033/products_white_paper09186a0080091d4b.shtml
I have multilink PPP and static route load-balancing config handy with me. Please see below :
interface Multilink1
ip address 193.193.193.1 255.255.255.252
ppp multilink
multilink-group 1
interface Serial0/2
no ip address
encapsulation ppp
ppp multilink
multilink-group 1
interface Serial0/3
no ip address
encapsulation ppp
ppp multilink
multilink-group 1
interface Serial1/1:0
ip address 192.168.170.1 255.255.255.0
encapsulation ppp
no ip route-cache
interface Serial1/2:0
ip address 192.168.180.1 255.255.255.0
encapsulation ppp
no ip route-cache
ip route 172.28.20.0 255.255.255.0 192.168.170.2
ip route 172.28.20.0 255.255.255.0 192.168.180.2
HTH,
-amit singh
Similar Messages
-
Load balancing between two routers
I have two routers connected through the LAN connection. The first one is using as routing protocol EIGRP, the other one is part of the managed service and I do not have access to it. I would like to make a load balancing between the two of them by redistributing the static routes in EIGRP. When I tried this, I am loosing the EIGRP entry for this route in the routing table. I would like to have both of them , so we could have traffic sharing. I appreciate if you give me any hints.
Raju,
you have two choices as far as I can see. If you want to use static routing over the WAN to your branch, you could duplicate your static routes to the branch and point them to the secondary router. You will have two identical sets of static routes in the primary router, one set pointing to the WAN interface and the other one pointing to the secondary router.
ip route x.x.x.x "WAN-interface"
ip route x.x.x.x "secondary router"
ip route y.y.y.y "WAN-interface"
ip route y.y.y.y "secondary router"
etc.
As a result the primary router will have two routes to the branch and will load-balance. If one next-hop fails (either the WAN interface or the secondary router), only the other will be used. If the next-hop comes back up, load-balancing will resume.
The other choice would be to use EIGRP over the WAN, and make sure the two routers become EIGRP neighbors. Then you can use the "variance" command to achieve unequal cost load-balancing between the two routers. Let me know if you need more information about this, but i think static routes will be sufficient in your situation.
HTH, Thomas -
Load balancing over two separate outside routers and two separate WAN Links
Hi everybody,
I have one 2851 setup with two separate ISP links and have it configured for failover with BGP. It works great but doesn't load balance.
Well now I have to new routers (3925's) to replace the single 2851 and I want to configure them to load balance over separate WAN links.
Can someone help figure out the best approach to make this happen? I would really appreciate it.
Thank you,
Thomas ReilingDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
The "best approach", IMO, would be to use PfR (if your routers support it). -
Two 2911 routers and 3560 switches (load balancing and redundancy)
Good day, Sir !
I have a model with hierarchical model. Two routers 2911 and two core switches 3560, two providers.
I want to design redundancy scheme. Can you advice me how is better to do it ? here you can find image with topology, can you say is it good idea to connect with devices in this way ?
Hope on you help ! Thank you !!!Hi,
If you want to configure redundancy in your network on LAN you can use HSRP and from the WAN side depending on the connection with the provider you can either use BGP or any IGP.
If you want to have load balancing as well with redundancy you can define differnt HSRP group for different vlan and on the wan with BGP you can use multipath option or with IGP you can manipulate the route matric.
Thanks & Regards
Sandeep -
Load balance on routers LAN and WAN
Hi ;
I have a setup where i need to implement load balance on 2 routers in both sides ,LAN and WAN , and there is ASA in the LAN side , my question is that when do load blance in LAN side using GLBP how the 2 ASA's will act on this because they will have only 1 default gateway IP address .
ThanksNot Harbi
Not entirely sure i understand the question but i'll try to answer based on a few assumptions.
It sounds like you have a pair of ASA devices on the LAN side. Assuming they are in active / failover then they will appear as one IP address to the routers - a VRRP address. When the ASA arps out for the default gateway address they will get one of the virtual mac addresses back from the AVG.
They will send traffic to that mac address ie. they won't load balance.
The load balancing aspect comes in when another host on the LAN then arps out for the default gateway and the AVG assigns it a different virtual mac address tied to a different router. But as the ASA pair always appear as one host entity they will always be tied to one of the routers at any one time.
Hope this covers what you were asking
Jon -
Load balance between DLSw and CIP routers
Take a look on this environment:
- 4 routers receiving all DLSw peers and circuits
- 4 routers with CIP boards connected to 2 mainframes
All CIP routers are configured with same MAC address. All routers (DLSw and CIP) are connected on a Ethernet LAN switching, so this traffic are pure LLC2.
How I can balance the traffic between DLSw and CIP routers ?
Thank's in advance.I am not sure if I totally understand the topology. Let me rephrase it. Please correct me if I misunderstand the topology. In a data centre, there are 4 DLSw routers terminating DLSw peer connections from the remote sites. In the same data centre, there are 4 CIP routers which connects to 2 mainframes. CSNA is configured on all CIP router, which uses the same MAC. You configure transparent bridging on the DLSw routers, which connect to the same ethernet switches as the CIP routers. You configure SR/TLB on the CIP routers; so that all LLC2 circuits coming from the DLSw routers connect through the ethernet interfaces of the CIP routers.
Do you want the LLC2 circuits from a DLSw router load balance across 4 CIP routers? As duplicate MAC address is not allowed, there is no way to connect all 4 DLSw routers and CIP 4 routers on the same VLAN.
I can think of a couple of workarounds.
1. Enable SNASw on the 4 DLSw routers. Create a VDLC port on all 4 DLSw routers. The MAC address of the VDLC interface is the same. The VDLC MAC address is pointed by the remote SNA stations. Each DLSw router uses one of the CIP routers as DLUS.
2. If this is the case, create 4 VLANs on the ethernet switches. Connect a pair of DLSw router and CIP router to each VLAN. -
Dual ISP load balancing with 2 routers and 2 FW without using BGP
Hi all,
Based on the attachment diagram, is the design viable?
Do anyone has a similar deployment before and can you share with me the config guide to this because I'm at lost on a few configs:
1. On core switch A and B, I understood we need to have a default route pointing to the firewall interface. For this case, I have different IPs for the same context on both the firewalls.
So, how should the config be?
CoreSW_A(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.110
CoreSW_A(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.111
I don't think the above will work as the core switch will load balance the traffic to both firewalls even if one of the context is on standby mode?
2. The area from the firewall to the internet would all be public IP. Thus, if i put a switch in between the firewall and the router, then i would waste some public IP addresses but if i remove the switch, I would not have enough ports on the ASA firewall. What is the best recommended solution for this?
3. How do I load balance traffic to both R1 and R2 to their respective ISPs without using BGP? I may be using only a 2811 router.
Thanks alot!!.. really much looking forward for some guidance and tips on this as I havent found any guides on this deployment yet.. mostly are LAN HA.For policy based routing, I would need to create route maps on the core switch itself right?
Correct me if I'm wrong, if i use route-maps, i would be assigning e.g. internal network A to go through firewall context A and internal network B to go through firewall context B.
Context A will only have path to Router A and context B will only have path to Router B. But if router B goes down, network B won't be able to access the Internet, right?
I'm not sure whether it's a PI or PA for this as the ISP will assign us a block of IP address, for example 202.111.1.8/29 (these IPs can be used for webservers, etc). There will also be a public IP of /30 on the serial interface to connect to their router.
Thanks alot.. -
Load balancing weirdness using NAT and same-metric route
Hi.
I'm trying to set up a double-WAN load-balancing scenario:
I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
=== PING 1 ECHO REQUEST ===
*Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
*Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
*Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
*Mar 3 04:38:43.521: ICMP type=8, code=0
=== PING 1 ECHO REPLY ===
*Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
*Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:45.589: ICMP type=0, code=0
=== (something else) ===
*Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
OLD rdb: via 10.129.124.33, Vlan2
NEW rdb: via 10.129.124.1, Vlan1
=== PING 2 ECHO REQUEST ===
*Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
*Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
*Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
*Mar 3 04:38:52.353: ICMP type=8, code=0
=== PING 2 ECHO REPLY ===
*Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
*Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:53.033: ICMP type=0, code=0
In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
no ip cef
ip dhcp pool lan-side
import all
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
domain-name doublewan.local
dns-server 8.8.8.8 8.8.4.4
lease infinite
ip domain name doublewan
interface FastEthernet0
!doesn't appear on running-config: vlan 1 is the default access vlan
!switchport access vlan 1
interface FastEthernet1
switchport access vlan 2
interface FastEthernet2
shutdown
interface FastEthernet3
shutdown
interface FastEthernet4
ip address 192.168.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
interface Vlan1
ip address 10.129.124.2 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
interface Vlan2
ip address 10.129.124.35 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
ip nat inside source route-map nat1 interface Vlan1 overload
ip nat inside source route-map nat2 interface Vlan2 overload
ip access-list standard acl4-nexthop-vlan1
permit 10.129.124.1
ip access-list standard acl4-nexthop-vlan2
permit 10.129.124.33
route-map nat2 permit 10
match ip address 102
match ip next-hop acl4-nexthop-vlan2
match interface Vlan2
route-map nat1 permit 10
match ip address 101
match ip next-hop acl4-nexthop-vlan1
match interface Vlan1
control-plane
Of course, there is some configuration pending for redundancy and stuff.
Thanks a lot in advance.
[1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.htmlHello.
This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing". -
HI Prof,
I've two cisco 837 router with cisco IOS 12.3 currently. I would like to configure load balancing on both the router, have tried to configure GLBP but it show me that the hardware not supported.
Is there any other protocol or technology to achieve my desire?
Thank and Advice.What are your requirements. Do you have multiple segments to support? Are you only looking for load-balancing or do you have a high availibility requirement?
In that case you can use multiple HSRP groups for instance.
Do both 837 routers have a separate xDSL connection?
Are you using NAT to translate between private and public address pools?
There is more than one solution to achieve load-balancing. Please answer the above questions and if possible draw a simple diagram of your desired topology.
HTH
Leon -
RE: (forte-users) Call to the load-balanced SO not throughrouter
We never call an SO from within an SO. Instead we do the following :
MySO is mapped to MySOclass.
MySOclass is a facade which has an attribute for every Policy Manager
related to this SO.
Each Policy manager is instanciated in MySOclass.
Each Policy manager has an attribute called Parent.
Parent is defined by MySOclass to be self.
If two Policy managers need to work together we invoke methods via the
parent attribute :
Example
I have a partition for Enrolments.
It has three Policy Managers within it
a Students Policy Manager (with a Add, Delete, Get methods)
a Courses Policy Manager (with a Add, Delete, Get methods).
an Enrolments Policy Manager (with a Add, Delete, Get methods).
To enable this partition we have defined :
EnrolmentsSO (environment visible, message duration) with the EnrolmentsMgr
class as its related class.
The EnrolmentsMgr class has the following methods and attributes :
Methods :
AddStudent
AddCourse
AddEnrolment
GetStudent
GetCourse
GetEnrolment
DeleteStudent
DeleteCourse
DeleteEnrolment
All of these methods do a one line return statement, simply passing the
method invocation to
the appropriate Policy Manager. For example AddStudent would say
Return theStudentPM.AddStudent(pInStudentParams : pInStudentParams)
: pOutStudentParams
In the Init method for the EnrolmentsMgr we instanciate the following
attributes :
theStudentPM (which is typed to the StudentPM class)
theCoursePM (which is typed to the CoursePM class)
theEnrolmentsPM (which is typed to the EnrolmentsPM class)
Also in the Init method we set an attribute (called parent) on each
PM to the value of Self.
Then when one PM needs to invoke a method on another PM we simply do :
For example in the theEnrolmentPM.GetEnrolment method we need to get
Students and Courses
thus we code :
Parent.GetStudent(pInStudentParams = pInStudentParams) : pOutStudentParams
Parent.GetCourse((pInCourseParams = pOutStudentParams.CourseStuff) :
pOutCourseParams
Build Enrol details based on student / course stuff.
Return EnrolmentParams.
Hope this makes sense.
Regards,
Chris Will, Dept. of Educ. Training, ITB, Sydney, Australia
-----Original Message-----
From: Peter Sham [mailto:[email protected]]
Sent: Friday, 8 October 1999 9:35
To: [email protected]; [email protected]
Subject: Re: (forte-users) Replicating the PersistenceMgrSO
Hi,
Whenever you make a call to your load-balanced SO, it
would go through the router. That is what I
understand. No matter you make the call from inside
or outside the SO.
Secondly, you can turn on the "fail-over" option of a
router but not load-balanced it. On these routers,
you can check their instruments to see which one is
really running.
Hope this help.
Regards,
Peter Sham.We never call an SO from within an SO. Instead we do the following :
MySO is mapped to MySOclass.
MySOclass is a facade which has an attribute for every Policy Manager
related to this SO.
Each Policy manager is instanciated in MySOclass.
Each Policy manager has an attribute called Parent.
Parent is defined by MySOclass to be self.
If two Policy managers need to work together we invoke methods via the
parent attribute :
Example
I have a partition for Enrolments.
It has three Policy Managers within it
a Students Policy Manager (with a Add, Delete, Get methods)
a Courses Policy Manager (with a Add, Delete, Get methods).
an Enrolments Policy Manager (with a Add, Delete, Get methods).
To enable this partition we have defined :
EnrolmentsSO (environment visible, message duration) with the EnrolmentsMgr
class as its related class.
The EnrolmentsMgr class has the following methods and attributes :
Methods :
AddStudent
AddCourse
AddEnrolment
GetStudent
GetCourse
GetEnrolment
DeleteStudent
DeleteCourse
DeleteEnrolment
All of these methods do a one line return statement, simply passing the
method invocation to
the appropriate Policy Manager. For example AddStudent would say
Return theStudentPM.AddStudent(pInStudentParams : pInStudentParams)
: pOutStudentParams
In the Init method for the EnrolmentsMgr we instanciate the following
attributes :
theStudentPM (which is typed to the StudentPM class)
theCoursePM (which is typed to the CoursePM class)
theEnrolmentsPM (which is typed to the EnrolmentsPM class)
Also in the Init method we set an attribute (called parent) on each
PM to the value of Self.
Then when one PM needs to invoke a method on another PM we simply do :
For example in the theEnrolmentPM.GetEnrolment method we need to get
Students and Courses
thus we code :
Parent.GetStudent(pInStudentParams = pInStudentParams) : pOutStudentParams
Parent.GetCourse((pInCourseParams = pOutStudentParams.CourseStuff) :
pOutCourseParams
Build Enrol details based on student / course stuff.
Return EnrolmentParams.
Hope this makes sense.
Regards,
Chris Will, Dept. of Educ. Training, ITB, Sydney, Australia
-----Original Message-----
From: Peter Sham [mailto:[email protected]]
Sent: Friday, 8 October 1999 9:35
To: [email protected]; [email protected]
Subject: Re: (forte-users) Replicating the PersistenceMgrSO
Hi,
Whenever you make a call to your load-balanced SO, it
would go through the router. That is what I
understand. No matter you make the call from inside
or outside the SO.
Secondly, you can turn on the "fail-over" option of a
router but not load-balanced it. On these routers,
you can check their instruments to see which one is
really running.
Hope this help.
Regards,
Peter Sham. -
Forcing traffic through load balancer rather than zone to zone
I have several T5140s with 2 LDOMs. Within each LDOM I have multiple zones which contain 2 environments. Each environment comprises the following, an apache instance behind a BigIP load balancer, a JBoss instance, and several misc. The jboss zone has three IP address assigned for multiple applications. Each server is configured identically as far as zone and LDOM layout. We use mod_cluster to cluster our apache and Jboss environment. What I'm trying to accomplish is forcing the apache zone's traffic through the BigIP rather than zone to zone.
Referring to the information below, server2ldom1jboss is one jboss node which needs to connect to both server2ldom1japache and server1ldom1apache. server2ldom1jboss connects to server2ldom1apache via its DNS name which is a NAT address. So webserver2 resolves to 10.10.2.5 which NATs to 10.10.1.5 behind the BigIP. webserver2 responds directly to the jboss zone rather than through the BigIP. Not good. server1ldom1apache works correctly as it's not a local zone.
Referring to this document, https://blogs.oracle.com/solarium/resource/solaris-container-guide-en-v3.1.pdf
section 5.2.7.8
"Connection of zones via external routers using the shared IP instance"
I've created the following routes
route add 10.10.2.5 10.10.1.5
route add 10.10.0.34 10.10.1.5 -interface -reject
route add 10.10.0.35 10.10.1.5 -interface -reject
route add 10.10.0.87 10.10.1.5 -interface -reject
route add 10.10.1.5 10.10.0.87 -interface -reject
route add 10.10.1.5 10.10.0.34 -interface -reject
route add 10.10.1.5 10.10.0.35 -interface -reject
This does prevent the zone to zone traffic, but it also preventing any response. I've tried other options as well, but have not been successful yet. What concerns me is this "These interfaces must not be used elsewhere in the global zone." The 5140 has 4 ethernet ports, which are configured into two port channels. vnet0 and vnet1. The apache instances use vnet1. The remaining zones use vnet0, including the global zone (server2ldom1 10.10.0.21). I think this may be the issue, but do not see an easy resolution without breaking my port channels and losing redundancy and fail-over.
If there is anything I'm missing or a better/different way to do this, I would greatly appreciate any input on this matter.
Thank you.
webserver2 10.10.2.5 NATs to 10.10.1.5
jboss apps 10.10.0.34, 10.10.0.35, 10.10.0.87
10.10.0.0/24 is the lan
10.10.1.0/24 is the network behind the BigIP
10.10.2.0/24 is the webserver network (in front of the BigIP)
[1658]root@server2:~# ldm list-bindings
NAME STATE FLAGS CONS VCPU MEMORY UTIL UPTIME
primary active -n-cv- SP 4 2G 1.1% 138d 5h
MAC
00:14:4f:ec:20:ff
HOSTID
0x84ec20b8
VCPU
VID PID UTIL STRAND
0 0 2.0% 100%
1 1 1.4% 100%
2 2 0.7% 100%
3 3 2.1% 100%
MAU
ID CPUSET
0 (0, 1, 2, 3, 4, 5, 6, 7)
MEMORY
RA PA SIZE
0x8000000 0x8000000 2G
VARIABLES
boot-device=/pci@0/pci@0/pci@2/scsi@0/disk@0,0:a disk net
keyboard-layout=US-English
nvramrc=devalias rootdisk /pci@0/pci@0/pci@2/scsi@0/disk@0,0:a devalias rootmirror /pci@0/pci@0/pci@2/scsi@0/disk@1,0:a
security-mode=none
security-password=
use-nvramrc?=true
IO
DEVICE PSEUDONYM OPTIONS
pci@0 pci
niu@80 niu
VCC
NAME PORT-RANGE
primary-vcc0 5000-5010
CLIENT PORT
group1@primary-vcc0 5000
group1@primary-vcc0 5000
VSW
NAME MAC NET-DEV DEVICE DEFAULT-VLAN-ID PVID VID MODE
primary-vsw0 00:14:4f:f9:ff:ff aggr1 switch@0 1 1
PEER MAC PVID VID
vnet0@ldom2 00:14:4f:fb:7b:ff 1
vnet0@ldom1 00:14:4f:fb:1a:ff 1
NAME MAC NET-DEV DEVICE DEFAULT-VLAN-ID PVID VID MODE
primary-vsw1 00:14:4f:fb:8e:ff aggr2 switch@1 1 1
PEER MAC PVID VID
vnet1@ldom1 00:14:4f:f8:17:ff 1
vnet1@ldom2 00:14:4f:f8:c2:ff 1
VDS
NAME VOLUME OPTIONS MPGROUP DEVICE
primary-vds0 ldom2_swap /ldoms/swap/server2ldom2
ldom2_root /dev/dsk/c4t600601601CE1210018F9E37BD2AADD11d0s2
ldom1_swap /ldoms/swap/server2ldom1
ldom1_root /dev/dsk/c4t600601601CE121007E02166CD2AADD11d0s2
CLIENT VOLUME
ldom2_swap@ldom2 ldom2_swap
ldom2_root@ldom2 ldom2_root
ldom1_swap@ldom1 ldom1_swap
ldom1_root@ldom1 ldom1_root
VCONS
NAME SERVICE PORT
SP
NAME STATE FLAGS CONS VCPU MEMORY UTIL UPTIME
ldom1 active -n---- 5000 30 15G 3.7% 192d 6h
MAC
00:14:4f:f8:a5:ff
HOSTID
0x84f8a5f5
VCPU
VID PID UTIL STRAND
0 4 0.4% 100%
1 5 0.3% 100%
2 6 0.1% 100%
3 7 4.4% 100%
4 8 0.2% 100%
5 9 0.2% 100%
6 10 14% 100%
7 11 0.1% 100%
8 12 8.1% 100%
9 13 0.1% 100%
10 14 0.1% 100%
11 15 0.1% 100%
12 16 0.3% 100%
13 17 0.1% 100%
14 18 0.1% 100%
15 19 0.1% 100%
16 20 0.3% 100%
17 21 0.6% 100%
18 22 0.3% 100%
19 23 0.1% 100%
20 54 1.0% 100%
21 55 0.5% 100%
22 56 1.2% 100%
23 57 0.2% 100%
24 58 4.5% 100%
25 59 0.9% 100%
26 60 0.0% 100%
27 61 0.1% 100%
28 62 0.1% 100%
29 63 0.3% 100%
MAU
ID CPUSET
1 (8, 9, 10, 11, 12, 13, 14, 15)
2 (16, 17, 18, 19, 20, 21, 22, 23)
6 (48, 49, 50, 51, 52, 53, 54, 55)
7 (56, 57, 58, 59, 60, 61, 62, 63)
MEMORY
RA PA SIZE
0x8000000 0x88000000 10G
0x401800000 0x6b1800000 5G
VARIABLES
auto-boot?=true
boot-device=ldom1_root:b
NETWORK
NAME SERVICE DEVICE MAC MODE PVID VID
vnet0 primary-vsw0@primary network@0 00:14:4f:fb:1a:ff 1
PEER MAC MODE PVID VID
primary-vsw0@primary 00:14:4f:f9:ff:ff 1
vnet0@ldom2 00:14:4f:fb:7b:ff 1
NAME SERVICE DEVICE MAC MODE PVID VID
vnet1 primary-vsw1@primary network@1 00:14:4f:f8:17:ff 1
PEER MAC MODE PVID VID
primary-vsw1@primary 00:14:4f:fb:8e:ff 1
vnet1@ldom2 00:14:4f:f8:c2:ff 1
DISK
NAME VOLUME TOUT DEVICE SERVER MPGROUP
ldom1_swap ldom1_swap@primary-vds0 disk@0 primary
ldom1_root ldom1_root@primary-vds0 disk@1 primary
VCONS
NAME SERVICE PORT
group1 primary-vcc0@primary 5000
NAME STATE FLAGS CONS VCPU MEMORY UTIL UPTIME
ldom2 active -n---- 5000 30 15000M 0.8% 192d 6h
MAC
00:14:4f:fa:e8:ff
HOSTID
0x84fae839
VCPU
VID PID UTIL STRAND
0 24 1.0% 100%
1 25 1.0% 100%
2 26 0.0% 100%
3 27 0.0% 100%
4 28 0.1% 100%
5 29 0.3% 100%
6 30 0.0% 100%
7 31 0.0% 100%
8 32 0.0% 100%
9 33 0.1% 100%
10 34 1.3% 100%
11 35 0.0% 100%
12 36 0.1% 100%
13 37 1.0% 100%
14 38 1.9% 100%
15 39 0.0% 100%
16 40 0.0% 100%
17 41 0.0% 100%
18 42 0.1% 100%
19 43 0.5% 100%
20 44 0.2% 100%
21 45 0.0% 100%
22 46 0.2% 100%
23 47 0.4% 100%
24 48 0.2% 100%
25 49 0.0% 100%
26 50 0.0% 100%
27 51 0.0% 100%
28 52 0.0% 100%
29 53 0.0% 100%
MAU
ID CPUSET
3 (24, 25, 26, 27, 28, 29, 30, 31)
4 (32, 33, 34, 35, 36, 37, 38, 39)
5 (40, 41, 42, 43, 44, 45, 46, 47)
MEMORY
RA PA SIZE
0x8000000 0x308000000 15000M
VARIABLES
auto-boot?=true
boot-device=/virtual-devices@100/channel-devices@200/disk@1:b ldom2_root
keyboard-layout=US-English
NETWORK
NAME SERVICE DEVICE MAC MODE PVID VID
vnet0 primary-vsw0@primary network@0 00:14:4f:fb:7b:ff 1
PEER MAC MODE PVID VID
primary-vsw0@primary 00:14:4f:f9:ff:ff 1
vnet0@ldom1 00:14:4f:fb:1a:ff 1
NAME SERVICE DEVICE MAC MODE PVID VID
vnet1 primary-vsw1@primary network@1 00:14:4f:f8:c2:ff 1
PEER MAC MODE PVID VID
primary-vsw1@primary 00:14:4f:fb:8e:ff 1
vnet1@ldom1 00:14:4f:f8:17:ff 1
DISK
NAME VOLUME TOUT DEVICE SERVER MPGROUP
ldom2_swap ldom2_swap@primary-vds0 disk@0 primary
ldom2_root ldom2_root@primary-vds0 disk@1 primary
VCONS
NAME SERVICE PORT
group1 primary-vcc0@primary 5000
[1657]root@server2ldom1:~# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone server2ldom1z3
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone server2ldom1z2
inet 127.0.0.1 netmask ff000000
lo0:3: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone server2ldom1z6
inet 127.0.0.1 netmask ff000000
lo0:4: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone server2ldom1jboss
inet 127.0.0.1 netmask ff000000
lo0:5: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone server2ldom1apache
inet 127.0.0.1 netmask ff000000
lo0:6: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone server2ldom1z1
inet 127.0.0.1 netmask ff000000
vnet0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.10.0.21 netmask ffffff00 broadcast 10.10.0.255
ether 0:14:4f:fb:1a:ff
vnet0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone server2ldom1z2
inet 10.10.0.33 netmask ffffff00 broadcast 10.10.0.255
vnet0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone server2ldom1z6
inet 10.10.0.36 netmask ffffff00 broadcast 10.10.0.255
vnet0:3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone server2ldom1jboss
inet 10.10.0.34 netmask ffffff00 broadcast 10.10.0.255
vnet0:4: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone server2ldom1jboss
inet 10.10.0.35 netmask ffffff00 broadcast 10.10.0.255
vnet0:5: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone server2ldom1z1
inet 10.10.0.32 netmask ffffff00 broadcast 10.10.0.255
vnet0:6: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone server2ldom1z1
inet 10.10.0.74 netmask ffffff00 broadcast 10.10.0.255
vnet0:7: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone server2ldom1jboss
inet 10.10.0.87 netmask ffffff00 broadcast 10.10.0.255
vnet1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 0.0.0.0 netmask 0
ether 0:14:4f:f8:17:ff
vnet1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
zone server2ldom1z3
inet 10.10.1.101 netmask fffffc00 broadcast 10.10.47.255
vnet1:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
zone server2ldom1apache
inet 10.10.1.5 netmask fffffc00 broadcast 10.10.47.255
[1701]root@server2ldom1:~# zonecfg -z server2ldom1jboss info
zonename: server2ldom1jboss
zonepath: /zones/server2ldom1jboss
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
inherit-pkg-dir:
dir: /opt/sfw
inherit-pkg-dir:
dir: /opt/
net:
address: 10.10.0.34
physical: vnet0
defrouter: 10.10.0.1
net:
address: 10.10.0.35
physical: vnet0
defrouter: 10.10.0.1
net:
address: 10.10.0.87
physical: vnet0
defrouter: 10.10.0.1
attr:
name: comment
type: string
value: server2ldom1jboss
[1702]root@server2ldom1:~# zonecfg -z server2ldom1apache info
zonename: server2ldom1apache
zonepath: /zones/server2ldom1apache
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
inherit-pkg-dir:
dir: /opt/sfw
inherit-pkg-dir:
dir: /opt/
net:
address: 10.10.1.5/22
physical: vnet1
defrouter not specified
attr:
name: comment
type: string
value: server2ldom1apache
Edited by: coreyva on Feb 18, 2012 11:36 AMAfter further research, I think the best course of action will be to create a VLAN for the zone behind the BigIP and then create the corresponding interface in the vlan and zone. Using this links as my references in case anyone is interested. I'll post what I come up with.
https://blogs.oracle.com/stw/entry/using_ip_instances_with_vlans
https://blogs.oracle.com/stw/entry/solaris_zones_and_networking_common
http://docs.oracle.com/cd/E19253-01/816-4554/816-4554.pdf # AdministeringVirtualLocalAreaNetworks
http://docs.oracle.com/cd/E19053-01/ldoms.mgr11/820-4913-10/820-4913-10.pdf # Assign VLANs to a Virtual Switch and Virtual
Network Device -
With Ajay Kumar and Telmo Pereira
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about configuration and troubleshooting the Cisco Application Control Engine (ACE) load balancer with Cisco expert Ajay Kumar and Telmo Pereira. The Cisco ACE Application Control Engine Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is a next-generation load-balancing and application-delivery solution. A member of the Cisco family of Data Center 3.0 solutions, the module: Helps ensure business continuity by increasing application availability Improves business productivity by accelerating application and server performance Reduces data center power, space, and cooling needs through a virtualized architecture Helps lower operational costs associated with application provisioning and scaling
Ajay Kumar is a customer support engineer in the Cisco Technical Assistance Center in Brussels, covering content delivery network technologies including Cisco Application Control Engine, Cisco Wide Area Application Services, Cisco Content Switching Module, Cisco Content Services Switches, and others. He has been with Cisco for more than four years, working with major customers to help resolve their issues related to content products. He holds DCASI and VCP certifications.
Telmo Pereira is a customer support engineer in the Cisco Technical Assistance Center in Brussels, where he covers all Cisco content delivery network technologies including Cisco Application Control Engine (ACE), Cisco Wide Area Application Services (WAAS), and Digital Media Suite. He has worked with multiple customers around the globe, helping them solve interesting and often highly complex issues. Pereira has worked in the networking field for more than 7 years. He holds a computer science degree as well as multiple certifications including CCNP, DCASI, DCUCI, and VCP
Remember to use the rating system to let Ajay know if you have received an adequate response.
Ajay and Telmo might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community discussion forum Application Networking shortly after the event.
This event lasts through July 26, 2013. Visit this forum often to view responses to your questions and the questions of other community members.Hello Krzysztof,
Another set of good/interesting questions posted. Thanks!
I will try to clarify your doubts.
In the output below both resources (proxy-connections and ssl-connections rate) are configured with a min percentage of resources (column Min), while 'Max' is set to equal to the min.
ACE/Context# show resource usage
Allocation
Resource Current Peak Min Max Denied
-- outputs omitted for brevity --
proxy-connections 0 16358 16358 16358 17872
ssl-connections rate 0 626 626 626 23204
Most columns are self explanatory, 'Current' is current usage, 'Peak' is the maximum value reached, and the most important counter to monitor 'Denied' represents the amount of packets denied/dropped due to exceeding the configured limits.
On the resources themselves, Proxy-connections is simply the amount of proxied connections, in other words all connections handled at layer 7 (SSL connections are proxied, as are any connections with layer 7 load balance policies, or inspection).
So in this particular case for the proxy-connections we see that Peak is equal to the Max allocated, and as we have denies we can conclude that you have surpassed the limits for this resource. We see there were 17872 connections dropped due to that.
ssl-connections rate should be read in the same manner, however all values for this resource are in bytes/s, except for Denied counter, that is simply the amount of packets that were dropped due to exceeding this resource.
For your particular tests you have allocated a min percentage and set max equal to min, this way you make sure that this context will not use any other additional resources.
If you had set the max to unlimited during resource allocation, ACE would be allowed to use additional resources on top of those guaranteed, if those resources were available.
This might sound a great idea, but resource planning on ACE should be done carefully to avoid any sort of oversubscription, specially if you have business critical contexts.
We have a good reference for ACE resource planning that contains also description of all resources (this will help to understand the output better):
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/virtualization/guide/config.html#wp1008224
1) When a resource is utilized to its maximum limit, the ACE denies additional requests made by any context for that resource. In other words, the action is to Drop. ACE should in theory silently drop (No RST is sent back to the client). So unless we changed something on the code, this is what you should see.
To give more context, seeing resets with SSL connections is not necessarily synonym of drops. As it is usual to see them during normal transactions.
For instance Microsoft servers are usually ungracefully terminating SSL connections with RESET. Also when there is renegotiation during an SSL transaction you may see RESETS, but this will pass unnoticed for end users.
2) ACE will simply drop/ignore new connections when we reach the maximum amount of proxied connections for that context. Exisiting connections will continue there.
As ACE doesn't respond back, client would simply retransmit, and if he is lucky maybe in the next attempt he will be able to establish the connection.
To overcome the denies, you will definitely have to increase the resource allocation. This of course, assuming you are not reaching any physical limit of the box.
As mentioned setting max as unlimited might work for you, assuming there are a lot of unused resources on the box.
3) If a new connection comes in with a sticky value, that matches the sticky entry of a real server, which is already in MAXCONNS state, then both the ACE module/appliance should reject the connection and that sticky entry would be removed.
The client would at that point reestablish a new connection and ACE would associate a new sticky entry with the flow for a new RSERVER after the loadbalancing decision.
I hope this makes things clearer! Uff...
Regards,
Telmo -
2 ISP load balancing and redundancy
Hello!!
Our small company has about 40 branches spreaded within city. Branches are connected by optic wire supplied by our ISP. So in ISP our branches are located in one VLAN. From every branch we created VPN tunnel to our server room in central office. Central office is like a cetner point. If optic wire fails to central office, there would no VPN tunnels and no network to all branches. Moreover, all the traffice goes through central office.
Now we decided to pave one more optic line to our central office. And that will increase bandwidth and redundancy.
Private network topology: There are no default gateways and ip-addresses. For examle, at first branch I will plug computer directly into media converter and at the second branch plug another computer to the media converter. After that this two computers became in one network. And can assign any ip addresses to them.
What I have: our firewall do enough work, don't want to overload it. But we have some free ports in our new cisco 3750. The question is how to do load balancing and redundanccy? Can it do load balancing according to traffic? And how load balance incoming traffic? For example, connection was established from branche's router, how this router will choose through which line make connection? By the way, at all branches we use noisy cisco
3700 series routers.Sorry for upping 1 year old threat.
We talked to our Network Provider. They said "these two cables are coming from two different places, so there is no way to use etherchannel. You must use active-standby solution."
Relying on STP we just put two cables into 3750 stack. But with default STP settings, connection was very unstable, many packet losses and disconnections. So we found easy solution with "flex links", making one interface backup of the other. And only now I recognized that this is not a failover solution. Because, if network beyond media converter will down, link from media converter to switch would still up.
What could I do to make our L2 WAN redundant? Are there any additional STP settings. -
SA520 load balancing for multiple IPSec connections
Hello,
I just would like to ask whether the following is possible or what other people think might be the best way to go.
Let me describe the current setup:
Our company has a main office which is connected to the internet through an SA520W appliance, and two satellite offices which have other IPSec routers installed. The SA520W is currently only connected through the main WAN interface to a DSL line (DSL 16000). The tunnels are established and it all works quite well.
However, we have experienced lags and slow connections when someone transfers a larger file from the main office to the outside (either satellite office or, say, some FTP server on the internet). This is of course due to the limited upload capacity of the DSL line. Therefore, I am thinking about getting another DSL line for use as the optional WAN port of the SA520W.
My question is: Is it possible to establish two IPSec tunnels from a satellite office to the main office, one to the main WAN port and one to the optional WAN port of the SA520W? The two main hurdles I see with that is that a) the SA520W can only bind IPSec to one port and b) the network mask of each IPSec phase 2 needs to identify the subnet uniquely. Am I correct with the assumption that this cannot be done?
If so, the only way I can see right now is to bind all IPsec traffic to the optional port and have at least main office <-> internet traffic separated from all IPSec traffic. Or has anyone a better solution to this?
Thanks in advance,
RolandI honestly don't recall any issues with the load balancing. I've personally never seen an issue, opened a case for one or observed a problem in my lab using multiple T1 lines...
That's not to say there could be a problem. But as far as I know this aspect of the router is solid.
The only thing I strongly dislike about most modern DSL deployments, the ISP like to give out "residential" or "business" gateways. These things just make life terrible since it is a router/nat device.
-Tom
Please rate helpful posts -
I have a lab scenario, that is confusing me greatly. I can get per packet load-balancing working when I ping from R2 to interfaces in the 192.168.1.0/30. However, when I'm pinging from R3 , I can't packet load-balance to interfaces in 192.168.4.0/30. I also can't packet load-balance from R1 pinging to interfaces in 192.168.4.4/30. Am I doing something wrong? Thanks...
I have three routers: R1, R2, R3.
R1: Eth0 192.168.1.1/30 connected to R3 eth0
R1: Ser0 192.168.4.1/30 connect to R2 Ser0
R2: Ser0 192.168.4.2/30 connect to R1 Ser0
R2: Ser1 192.168.4.5/30 connect to R3 Ser0
R3: Eth0 192.168.1.2/30 connect to R1 eth0
R3: Ser0 192.168.4.6/30 connect to R2 Ser1
All of the routers run:
2500 Software (C2500-I-L), Version 12.2(29a), RELEASE SOFTWARE (fc1)
Configs for R1, R2, R3 are attached as a plain text file and listed below:
R1 config:
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
hostname R1
ip subnet-zero
ip host R1 192.168.1.1
ip host R2 192.168.4.2
ip host R3 192.168.1.2
interface Ethernet0
ip address 192.168.1.1 255.255.255.252
no ip route-cache
no ip mroute-cache
interface Serial0
ip address 192.168.4.1 255.255.255.252
no ip route-cache
no ip mroute-cache
interface Serial1
no ip address
no ip mroute-cache
shutdown
interface Serial2
no ip address
no ip mroute-cache
shutdown
interface Serial3
no ip address
no ip mroute-cache
shutdown
interface BRI0
no ip address
encapsulation hdlc
no ip mroute-cache
shutdown
router rip
version 2
network 192.168.1.0
network 192.168.4.0
ip classless
no ip http server
line con 0
line aux 0
line vty 0 4
end
R2 config:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname R2
ip subnet-zero
ip host R1 192.168.1.1
ip host R2 192.168.4.2
ip host R3 192.168.1.2
interface Ethernet0
shutdown
interface Serial0
ip address 192.168.4.2 255.255.255.252
no ip route-cache
no ip mroute-cache
clockrate 56000
interface Serial1
ip address 192.168.4.5 255.255.255.252
no ip route-cache
no ip mroute-cache
clockrate 56000
interface Serial2
no ip address
shutdown
interface Serial3
no ip address
shutdown
interface Serial4
no ip address
shutdown
interface Serial5
no ip address
shutdown
interface Serial6
no ip address
shutdown
interface Serial7
no ip address
shutdown
interface Serial8
no ip address
shutdown
interface Serial9
no ip address
shutdown
interface BRI0
no ip address
encapsulation hdlc
shutdown
router rip
version 2
network 192.168.4.0
ip classless
no ip http server
line con 0
line aux 0
line vty 0 4
end
R3 config:
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname R3
ip subnet-zero
ip host R2 192.168.4.2
ip host R1 192.168.1.1
ip host R3 192.168.1.2
interface Ethernet0
ip address 192.168.1.2 255.255.255.252
no ip route-cache
no ip mroute-cache
interface Serial0
ip address 192.168.4.6 255.255.255.252
no ip route-cache
no ip mroute-cache
interface Serial1
no ip address
no ip mroute-cache
shutdown
interface BRI0
no ip address
encapsulation hdlc
no ip mroute-cache
shutdown
router rip
version 2
network 192.168.1.0
network 192.168.4.0
ip classless
no ip http server
line con 0
line aux 0
line vty 0 4
endI figured it out. When I configur "no auto-summary" on each router it behaves nicely with per packet load balancing. I guess I needed to get rid of the summarized routes listing /24 for my VLSMed 4.0 4.4 /30 networks.
Thanks
Maybe you are looking for
-
Hi guys, I have the following scenario: A file is picked up that has multiple rows and for each row that contains a material, I have to call a BAPI, which it was not possible to wrap inside an Idoc. Initially, I had increased the cardinality of the B
-
Total of percentages must equal 100
Hello, SRM 7/Ext classic scenario When user changes one of the line items in a 10 item PO, he gets the error "Total of percentages must equal 100". System automatically creates a duplicate entry for cost distribution of 100% for one of the line items
-
IPad shuts Down when being used.. Why plz help
Hi when im using my iPad 1 it automatic shuts down locks and even comes with the power off screen why is this. I have tryed Down grading and claning and resetting bios. Some say it's the off switch but thats sounds wierd.. Please tell mé if it is jus
-
Maintenance in Leopard 10.5.1
As my Mac Pro is turned off overnight am I missing out on the systems essential maintenance sequence and if so, can I use programs such as Onyx to run these? Cheers Mark
-
Upgrade to Server 10.8 for Mac Mini Server running Server 10.7.5?
Hi-I am seeing references to OS X Server 10.8 yet my Mac Mini Server (mid-2011, machine identifier "Macmini5,3") is holding firm with OS X Server version 10.7.5. There are no pending updates for this machine either through OS X (software updates) or