Load Balancing across Multiple DMZ's

Similar Messages

• Load balancing across multiple machines

  I am looking for assistance in configuring Tuxedo to perform load balancing across
  multiple machines. I have successfully performed load balancing for a service
  across different servers hosted on one machine but not to another server that's
  hosted on a different machine.
  Any assistance in this matter is greatly appreciated.

  Hello, Christina.
  Load balancing with multiple machines is a little bit different than
  in the same machine. One of the important resource in this kind
  of application is network bandwidth, so tuxedo tries to keep the
  traffic among the machines as low as possible. So, it only
  balance the load (call services in other machine) in case all the
  services are busy in the machine where they are call.
  I mean, if you have workstation clients attached only to one
  machine, then tuxedo will call services in this machine untill
  all servers are busy.
  If you want load balancing, try to put one WSL in each machine,
  and the corresponding configuration in your WSC ( with the | to
  make tuxedo randomly choose one or the other) or spread your
  native clients among all the machines.
  And so, be carefull with the routing!
  Ramón Gordillo
  "Christina" <[email protected]> wrote:
  >
  I am looking for assistance in configuring Tuxedo to perform load balancing
  across
  multiple machines. I have successfully performed load balancing for a
  service
  across different servers hosted on one machine but not to another server
  that's
  hosted on a different machine.
  Any assistance in this matter is greatly appreciated.

• Load balancing across multiple paths to Internet

  Hello,
  I have a 2821 router. Currently, I have two bonded T-1 circuits to the Internet.
  I would like to add a DSL circuit to augment the T1s. I would also like to load balance across all of the circuits. Currently, IOS performs inherent load balancing for the T1 circuits. The DSL circuit is from a different provider than the T1s.
  The T1s are coming from a local ISP that runs no routing protocols within their infrastructure. (They run static routes and rely on the upstream provider for BGP.) The DSL provider is a national telecom carrier.
  What is the best way to perform load balancing for this scenario?

  Here is the answer (sort of) for anyone reading this post with the same question:
  No matter which way I choose to do it, the trick is to have the local ISP subnet advertised via BGP through both pipes. The national telecom DSL provider will not advertise a /20 subnet down a DSL pipe. (Ahh, why not? =:)
  Had the secondary pipe been a T-1,T-3, or other traditional pipe, I could have used a load balancer like a BigIP, or FatPipe device or possibly CEF within the IOS.
  Case closed. Thanks to everyone that took a look.
  Doug.

• Load balancing across multiple application servers not working with JCo RFC

  We have a problem where inbound messages to the Mapping Runtime engine (ABAP -> J2EE) are not load balanced over application servers. However, load balancing does take place across server nodes within one application server.
  Our system comprises of the following:
  Central Instance (2 X server nodes)
  Database Instance
  2 X Dialog Instances (with 2 X server nodes each)
  The 1st application server that starts is usually the one that is used for inbound messaging.
  We have looked at the sap gateway configuration and have tried various options without much luck:
  i.e.: local gateways vs. one central gateway, load balancing type by changing parameter gw/reg_lb_level, see: http://help.sap.com/saphelp_nw70/helpdata/EN/bb/9f12f24b9b11d189750000e8322d00/frameset.htm
  Here are our release levels:
  SAP_ABA     700     0012     SAPKA70012
  SAP_BASIS     700     0012     SAPKB70012
  PI_BASIS     2005_1_700     0012     SAPKIPYJ7C
  ST-PI     2005_1_700     0005     SAPKITLQI5
  SAP_BW     700     0013     SAPKW70013
  ST-A/PI     01J_BCO700     0000          -
  Any help would be greatly appreciated.
  Many thanks

  Tim
  Did you follow the guide here:
  How to Scale Up SAP Exchange Infrastructure 3.0  
  Learn what the most likely scaled system architecture looks like, and read about a step by step procedure to install additional dialog instances. The guide also walks you through additional configuration steps and the application of Support Package Stacks.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/c3d9d710-0d01-0010-7486-9a51ab92b927
  We followed this guide for XI3.0 and PI7.0 and works successfully!

• OSPF load balancing across multiple port channels

  I have googled/searched for this everywhere but haven't been able to find a solution. Forgive me if I leave something out but I will try to convey all relevant information. Hopefully someone can provide some insight and many thanks in advance.
  I have three switches (A, B, and C) that are all running OSPF and LACP port channelling among themselves on a production network. Each port channel interface contains two physical interfaces and trunks a single vlan (so a vlan connecting each switch over a port channel). OSPF is running on each vlan interface.
  Switch A - ME3600
  Switch B - 3550
  Switch C - 3560G
  This is just a small part of a much larger topology. This part forms a triangle, if you will, where A is the source and C is the destination. A and C connect directly via a port channel and are OSPF neighbors. A and B connect directly via a port channel and are OSPF neighbors. B and C connect directly via a port channel and are OSPF neighbors. Currently, all traffic from A to C traverses B. I would like to load balance traffic sourced from A with a destination of C on the direct link and on the links through B. If all traffic is passed through B, traffic is evenly split on the two interfaces on the port channel. If all traffic is pushed onto the direct A-C link, traffic is evenly balanced on the two interfaces on that port channel. If OSPF load balancing is configured on the two vlans from A (so A-C and A-B), the traffic is divided to each port channel but only one port on each port channel is utilized while the other one passes nothing. So half of each port channel remains unused. The port channel on B-C continues to load balance, evenly splitting the traffic received from half of the port channel from A.
  A and C port channel load balancing is configured for src-dst-ip. B is a 3550 and does not have this option, so it is set to src-mac.
  Relevant configuration:
  Switch A:
  interface Port-channel1
  description Link to B
   port-type nni
   switchport trunk allowed vlan 11
   switchport mode trunk
  interface Vlan11
   ip address x.x.x.134 255.255.255.254
  interface Port-channel3
  description Link to C
   port-type nni
   switchport trunk allowed vlan 10
   switchport mode trunk
  interface Vlan10
   ip address x.x.x.152 255.255.255.254
  Switch B:
  interface Port-channel1
   description Link to A
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 11
   switchport mode trunk
  interface Vlan11
   ip address x.x.x.135 255.255.255.254
  interface Port-channel2
   description Link to C
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 12
   switchport mode trunk
  interface Vlan12
   ip address x.x.x.186 255.255.255.254
  Switch C:
  interface Port-channel1
   description Link to B
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 12
   switchport mode trunk
  interface Vlan12
   ip address x.x.x.187 255.255.255.254
  interface Port-channel3
   description Link to A
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 10
   switchport mode trunk
  interface Vlan10
   ip address x.x.x.153 255.255.255.254

  This is more FYI. 10.82.4.0/24 is a subnet on switch C. The path to it is split across vlans 10 and 11 but once it hits the port channel interfaces only one side of each is chosen. I'd like to avoid creating more vlan interfaces but right now that appears to be the only way to load balance equally across the four interfaces out of switch A.
  ME3600#sh ip route 10.82.4.0
  Routing entry for 10.82.4.0/24
    Known via "ospf 1", distance 110, metric 154, type extern 1
    Last update from x.x.x.153 on Vlan10, 01:20:46 ago
    Routing Descriptor Blocks:
      x.x.x.153, from 10.82.15.1, 01:20:46 ago, via Vlan10
        Route metric is 154, traffic share count is 1
    * x.x.x.135, from 10.82.15.1, 01:20:46 ago, via Vlan11
        Route metric is 154, traffic share count is 1
  ME3600#sh ip cef 10.82.4.0
  10.82.4.0/24
    nexthop x.x.x.135 Vlan11
    nexthop x.x.x.153 Vlan10
  ME3600#sh ip cef 10.82.4.0 internal       
  10.82.4.0/24, epoch 0, RIB[I], refcount 5, per-destination sharing
  sources: RIB 
  ifnums:
  Vlan10(1157): x.x.x.153
  Vlan11(1192): x.x.x.135
  path 093DBC20, path list 0937412C, share 1/1, type attached nexthop, for IPv4
  nexthop x.x.x.135 Vlan11, adjacency IP adj out of Vlan11, addr x.x.x.135 08EE7560
  path 093DC204, path list 0937412C, share 1/1, type attached nexthop, for IPv4
  nexthop x.x.x.153 Vlan10, adjacency IP adj out of Vlan10, addr x.x.x.153 093A4E60
  output chain:
  loadinfo 088225C0, per-session, 2 choices, flags 0003, 88 locks
  flags: Per-session, for-rx-IPv4
  16 hash buckets             
  < 0 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 1 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  < 2 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 3 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  < 4 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 5 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  < 6 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 7 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  < 8 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 9 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  <10 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  <11 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  <12 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  <13 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  <14 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  <15 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  Subblocks:                                                                                  
  None

• Load balancing across DMZs - Revisited

  I know this question has been asked before and the answer is to have separate content switches per DMZ in order to maintain the security policy. There is an option to have the content switch in front of the firewall and then use only one content switch to load balance across multiple DMZs. Is this an acceptable design or the recommendation is to have a separate content switch behind the firewall for each DMZ of the firewall?
  Can a Cisco 6500 with CSM be configured for multiple layer 2 load balanced VLANs thus achieving a mutiple DMZ load balancing scenario with only one switch/CSM?

  How do you connect the router to the firewall ?
  Problem is the response from the server to a client on the internet.
  Traffic needs to get back to the CSS and if the firewall default gateway is the router, the response will not go to the CSS and the CSS will reset it.
  If you configure the default gateway of the firewall to be the CSS, than all traffic from your network to the outside will go through the CSS.
  This could be a concern as well.
  If you don't need to know the ip address of the client for your reporting, you can enable client nat on the CSS to guarantee that server response is sent to the css without having the firewall default gateway pointing at the CSS.
  Gilles.

• IPTV load balancing across broadcast servers.

  I know that across Archive servers in the same cluster that IPTV control server will load balance , is there is a similar function with Broadcast servers. I know broadcast servers use a different delivery mechanism (Multicast). We have multiple broadcast servers that take in an identical live stream, but the only way to advertise thru a URL is a seperate URL per server. Is there some way to hide the multiple URL's to the client population?

  No. There is no way to load balance across multiple broadcast servers for live streams. Since this is going to be multicast, there should not be any additional load on the servers when the number of users are more.

• Load balancing across database connection

  Do you provide load balancing across database connections and allow RDBMS load
  balancing for read only access?
  Thanks in advance.

  Hello, Christina.
  Load balancing with multiple machines is a little bit different than
  in the same machine. One of the important resource in this kind
  of application is network bandwidth, so tuxedo tries to keep the
  traffic among the machines as low as possible. So, it only
  balance the load (call services in other machine) in case all the
  services are busy in the machine where they are call.
  I mean, if you have workstation clients attached only to one
  machine, then tuxedo will call services in this machine untill
  all servers are busy.
  If you want load balancing, try to put one WSL in each machine,
  and the corresponding configuration in your WSC ( with the | to
  make tuxedo randomly choose one or the other) or spread your
  native clients among all the machines.
  And so, be carefull with the routing!
  Ramón Gordillo
  "Christina" <[email protected]> wrote:
  >
  I am looking for assistance in configuring Tuxedo to perform load balancing
  across
  multiple machines. I have successfully performed load balancing for a
  service
  across different servers hosted on one machine but not to another server
  that's
  hosted on a different machine.
  Any assistance in this matter is greatly appreciated.

• Load balancing over multiple E3s

  Hi all,
  For the same VP , can I make load balancing over multiple E3s connected bet the BPX 8600 and MGX 8850.
  Asking the question in another way:
  Is there a possibility for load balancing over multiple LSPs (multiple E3 interfaces) in Cell-Mode MPLS...and if possible,plz provide me with any good links for configuration.

  Following link might be useful to you
  http://www.cisco.com/univercd/cc/td/doc/product/wanbu/bpx8600/9_2/ref92/bpxrtag.htm

• Load balancing across 4 web servers in same datacentre - advice please

  Hi All
  Im looking for some advice please
  The apps team have asked me about load balancing across some servers but im not that well up on it for applications
  Basically we have 4 apache web servers with about 2000 clients connecting to them, they would like to load balance connections to all these servers, they all need the same DNS name etc.
  what load balancing methods would I need for this, I believe they run on Linux
  Would I need some sort of device, or can the servers run some software that can do this, how would it work? and how would load balancing be achieved here?
  cheers

  Carl,
  What you have mentioned sounds very straightforward then everything should go well.
  The ACE is a load balancer which takes a load balancing decisions based on different matching methods like matching virtual address, url, source address, etc then once the load balance decision has been taken then the ACE will load balance the traffic based on the load balance method which you have configured (if you do not configure anything then it will use the default which is "round robin"), then it will send the traffic to the servers which it has available and finally the client should get the content.
  If you want to get some details about the load balancing methods here you have them:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/overview.html#wp1000976
  For ACE deployments the most common designs are the following.
  Bridge Mode
  One Arm Mode
  Routed Mode
  Here you have a link for Bridge Mode and a sample for that:
  http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_Bridged_Mode_on_the_Cisco_Application_Control_Engine_Configuration_Example
  Here you have a link for One Arm Mode and a sample for that:
  http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_One_Arm_Mode_with_Source_NAT_on_the_Cisco_Application_Control_Engine_Configuration_Example
  Here you have a link for Routed Mode and a sample for that:
  http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_Routed_Mode_on_the_Cisco_Application_Control_Engine_Configuration_Example
  Then as you could see in all those links you may end up having a configuration like this:
  interface vlan 40
    description "Default gateway of real servers"
    ip address 192.168.1.1 255.255.255.0
    service-policy input remote-access
    no shutdown
  ip route 0.0.0.0 0.0.0.0 172.16.1.1
  class-map match-all slb-vip
    2 match virtual-address 172.16.1.100 any
  policy-map multi-match client-vips
    class slb-vip
      loadbalance vip inservice
      loadbalance policy slb
  policy-map type loadbalance http first-match slb
    class class-default
      serverfarm web
  serverfarm host web
    rserver lnx1
      inservice
    rserver lnx2
      inservice
    rserver lnx3
      inservice
  rserver host lnx1
    ip address 192.168.1.11
    inservice
  rserver host lnx2
    ip address 192.168.1.12
    inservice
  rserver host lnx3
    ip address 192.168.1.13
    inservice
  Please mark it if it answered you question then other users can use it as reference in the future.
  Hope this helps!
  Jorge

• ACE30 load balancing across two slightly different rservers

  Hi,
  is there a possibility to get a load balancing across two rservers so:
  when client sends http://vip/ and it goes to rserver1 then url is sent without change
  when client sends http://vip/ and it goes to rserver2 then url is modified to http://vip/xyz/
  Or maybe load balancing can be done across two serverfarms ?
  thanks

  Ryszard,
  I hope you are doing great.
  I do not think that´s possible since the ACE just load balance the traffic to the servers and once the load balance decision has been taken it will pass the "ball" to the chosen server.
  Think about this, let´s say user A needs to go to Server1 but guess what? based on the load balance decision it was sent to Server2 which unfortunately does not have what the customer was looking for. OK, fine, user A close the connection and tries again but now the Server1 is down then the only available is Server2 then the ACE sends it to Server2 again then user A just decides to leave, you see how bad that can be.
  A better approach would be to have either 2 VIPs ( different IP addresses) or 2 with the same IP address but hearing on another port, perhaps, one port per server.
  Hope this helps!
  Jorge

• Tuxedo load balancing across system

  Hi there,
  does bea tuxedo version 8 or above has feature like weblogic to configure load balancing/failover across multiple system?
  Thanks,
  Simon

  Simon,
  Tuxedo does offer load balancing. A high-level description of this feature
  for Tuxedo 8.0 is at http://edocs.bea.com/tuxedo/tux80/atmi/intatm24.htm
  A description of the configuration file parameters used to set up load
  balancing is at http://edocs.bea.com/tuxedo/tux80/atmi/rf537.htm ; look for
  the LDBAL, NETLOAD, and LOAD parameters.
  <Simon Leong> wrote in message news:[email protected]..
  Hi there,
  does bea tuxedo version 8 or above has feature like weblogic to configureload balancing/failover across multiple system?
  >
  Thanks,
  Simon

• SA520 load balancing for multiple IPSec connections

  Hello,
  I just would like to ask whether the following is possible or what other people think might be the best way to go.
  Let me describe the current setup:
  Our company has a main office which is connected to the internet through an SA520W appliance, and two satellite offices which have other IPSec routers installed. The SA520W is currently only connected through the main WAN interface to a DSL line (DSL 16000). The tunnels are established and it all works quite well.
  However, we have experienced lags and slow connections when someone transfers a larger file from the main office to the outside (either satellite office or, say, some FTP server on the internet). This is of course due to the limited upload capacity of the DSL line. Therefore, I am thinking about getting another DSL line for use as the optional WAN port of the SA520W.
  My question is: Is it possible to establish two IPSec tunnels from a satellite office to the main office, one to the main WAN port and one to the optional WAN port of the SA520W? The two main hurdles I see with that is that a) the SA520W can only bind IPSec to one port and b) the network mask of each IPSec phase 2 needs to identify the subnet uniquely. Am I correct with the assumption that this cannot be done?
  If so, the only way I can see right now is to bind all IPsec traffic to the optional port and have at least main office <-> internet traffic separated from all IPSec traffic. Or has anyone a better solution to this?
  Thanks in advance,
  Roland

  I honestly don't recall any issues with the load balancing. I've personally never seen an issue, opened a case for one or observed a problem in my lab using multiple T1 lines...
  That's not to say there could be a problem. But as far as I know this aspect of the router is solid.
  The only thing I strongly dislike about most modern DSL deployments, the ISP like to give out "residential" or "business" gateways. These things just make life terrible since it is a router/nat device.
  -Tom
  Please rate helpful posts

• 7.10 installation server, load balancing and multiple installation servers

  Hi
  In the 7.10 GUI installation server, there is no Load balancing option anamore, also there seems to be no option to easily clone the installation server from within the nwsapsetupadmin.exe program.
  If having MANY users at one location, and needing more than one installation server to accomodate the frontend installations, do you need to do this "manually" now ? grouping users and and the logon script directing different user groups to different sapgui installation servers ?
  what about creating multiple installation servers easily, is it possible to simply copy the installation server directory (c:\sapinst f.ex.) to another file server, share the directory and configure the DS and IS services (if needed) ??
  will configured packages and "on end install" scripts and such be copied too to the new installation server ?
  I need to easily create installation servers in 15 countries, this is the reason for my question...

  Hi Kim Sonny,
  hope you're doing fine
  Regarding your question:
  The "Load Balancing" was more a fail-over service and wasn't intended to use for several locations like in your case.
  So the easiest way to do this is to setup one installation server and copy the files to the other servers. On the new Installation servers you only have to setup the service again and that's it.
  Cheers,
  Martin

• Server Load-balancing Across Two Data centers on Layer 3

  Hi,
  I have a customer who would like to load balance two Microsoft Exchange 2010 CAS Servers which are residing across two data centers.
  Which is the best solution for this? Cisco ACE or Cisco ACE GSS or both?

  I would go with source natting the clients ip addresses, so that return traffic from the servers is routed correctly.
  It saves you the trouble with maintaining PBR as well.
  Source NAT can be done on the ACE, by applying the configuration to either the load balancing policy, or adding the configuration to the class-map entries in the multi-match policy.
  Cheers,
  Søren
  Sent from Cisco Technical Support iPad App