Load balancing, failover and fallback in Non-Clustered WebLogic environment

Similar Messages

• Connection string in listener log file for loading balance/failover

  Hi Experts,
  I have 4 node RAC for oracle 10g2 in rad hate 5.0
  We creaed service dbsale ( sale1,2 as pr imary and sale3/4 as available) with loading balance/failover.
  The remote user created a local TNS as
  localmarket =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 155.206.xxx.xx)(PORT = 1521))
  (LOAD_BALANCE = OFF)
  (CONNECT_DATA = (SERVICE_NAME = dbsale))
  From server side, I saw that user send two request connection string. one fail and another is OK.
  It seems that fail connecting come from failover/loading balance from dbsale3?
  Why do we get two connection string in listener log file?
  Which difference is between two connection string?
  Where does system change these connection string?
  Thanks for your explaining.
  Jim
  ==============listener.log message
  [oracle@sale log]$ cat listener_sale.log|grep pmason
  15-SEP-2009 13:52:24 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54326)) * establish * dbsale * 0
  15-SEP-2009 13:52:25 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))(SERVER=dedicated)(INSTANCE_NAME=sale3)) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54327)) * establish * dbsale * 12520
  15-SEP-2009 13:52:30 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54329)) * establish * dbsale* 0
  15-SEP-2009 13:52:47 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54332)) * establish * dbsale * 0
  15-SEP-2009 13:52:47 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))(SERVER=dedicated)(INSTANCE_NAME=sale3)) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54333)) * establish dbsale 12520
  15-SEP-2009 13:52:49 * (CONNECT_DATA=(SERVICE_NAME=dbsale)(CID=(PROGRAM=oracle)(HOST=rock)(USER=test ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=161.55.xxx.xx)(PORT=54334)) * establish * dbsale * 0
  Edited by: user589812 on Sep 16, 2009 7:21 AM

  Hi Jim,
  I think the best way on this case is create one service with one instance as primary and another 3 as available.
  Or use the connect string with two vip addresses, cause the service has two instances and the tnsnames.ora entry has only one.
  Cheers,
  Rodrigo Mufalani
  http://mufalani.blogspot.com

• LOAD BALANCE (CSS) and Portal Port Number based on Instance Number

  Hi,
  My doubt is about LOAD BALANCE (CSS) and Portal Port Number based on Instance Number.
  I have to install 3 servers machines and 2 servers databases cluster. There will be a HIGH AVAILABILITY environment. There will be a MIGRATION and UPGRADE.
  Today there are 2 servers machines in Windows NLB. Today my production Portal is 6 6.20.
  Once, I did something for LABORATORY TEST. Migration (6 6.40) and Upgrade (7.0)in two other machines. But they were with Windows NLB. When I did the installation, for each server machine and during the instalation I had to give one Instance Number for each and in result there was a different Port Number for each.
  But I accessed both machines throught a virtual url(dns) with a specific port number. And it works!
  NOW, with a HARDWARE LOAD BALANCE _ CSS I don't know how to do.
  A guy who works with it  tell us that couldn't redirect one Port Number for different port numbers. He couldn't configure the CSS like this.
  My question is: Is he write? And if he is, there is a  way to give the same instance number for my 3 new Portal servers machines? Example: 5(02)00.
  Could you understand?
  I need help.
  Regards,
  cheers,
  Nivia

  Nivia,
  I have used F5 for load balancing, I am sure you can do the same with CSS. Yes, you can configure a virtual IP on the load balancer with standard ports (80 or 443) and load balancing the traffic to multiple servers with different ports. You can have different ports for each instance.
  -Regards
  RK

• How a clustered weblogic environment handles orders balanced-wise??

  Hi,
  In a 2 managed clustered weblogic environment with OSM 7.0.3 and an external load balancer to balance the incoming traffic it is noticed from the managed servers that whichever server is scanning for orders and that is understood by the server's logs:
  ####<Oct 16, 2012 2:54:33 PM EEST> <Info> <oms> <> <osm_ms01> <Timer-9> <oms-internal> <> <fab6ae59fd53672b:704b5627:13a64686216:-8000-0000000000000010> <1350388473505> <BEA-000000> <cluster.ClusteredHandlerFactory: Querying for high activity orders across the cluster>
  is the server that will serve a new order.
  Is there a way to achieve a perfect load balance? In a test case of 200 orders all orders where processes by one node and it is the one that scans for new orders.
  We configured the external load balancer to split the traffic..But nothing!! Is there an internal mechanism that gathers all orders that are send to multiple servers and executes them in the server that is currently scanning for orders ???
  Is there in any manual or Oracle Support Document/note on how is decided in a multiple-clustered environment which server will execute orders???
  Thx in advance!

  Hi Alexandros,
  Here's some general information on load balancing:
  1. With OSM order affinity, the managed server instance that receives the order (precisely, creates the OSM order) has sole ownership of the order. Other than specific circumstances, the ownership is not transferred, and thus processing of that order stays with that instance till completion.
  2. The OSM web service (createOrder API) has no load balancing mechanism internally if HTTP is used as the transport. So if you only send orders to one managed server, that instance will create and thus own all these orders. In contrast, if you use JMS as the transport, it is load-balanced by the JMS distributed destination (provided you are not sending instead to member queues of the distribution destination).
  Now, assuming you are using HTTP, you need to ensure that the Load Balancer is really round-robining on the 2 managed servers among HTTP messages of order submissions. Monitor your TCP pipes to verify.
  A problem we've seen, is if you are using SoapUI with pre-emptive authentication disabled, the SOAP request without pre-emptive authentication will be rejected, causing a re-send. Because of LB, all orders ended up in one managed server, as the reject-then-accept SOAP message sequence becomes cyclic with odd-even round-robin. So, enable pre-emptive authentication to avoid that.
  Btw, is your cartridge handling high-activity orders? If not, I have a suspicion that your pasted log message may be a red-herring.
  Cheers,
  Daniel Ho
  OSM Product Management

• Hardware clustering/load balancing/failover with Tomcat

  Hello forum!
  I recently bought a Cisco 1801, and it sure is capable! Anyhow, I've got a hobby website that is getting a fair bit of traffic - approaching too much for one node to handle and it's time to start thinking about distributing the load.
  I'd like to do a little clustering of server nodes running Apache Geronimo, which is J2EE running atop Apache Tomcat. For the sake of keeping things generic, let's just call it Tomcat because it configures the same way.
  I do not run Apache HTTP Server as a proxy, I only run Tomcat directly connected to the internet. I do this for performance reasons.
  Anyhow, I'm wondering if any of you evil geniuses could suggest a way that I could cluster Tomcat nodes directly using the router to serve as a hardware load balancer and have the whole sticky session thing with failover, etc... All of the documents I find on the subject discuss clustering by way of Apache HTTP with Mod_JK.
  I have already asked this question on the hardware side, and got great information about the capable load balancing features my router sports (but limited compared to Cisco CSS products.)
  Now I'm wondering if anyone has experience taking an open source application server like Geronimo or Tomcat or JBoss and clustering it using hardware load balancing. What kinds of Tomcat configurations, if any, do I need to add for things like sticky sessions and failover? Or, is all that automatic?
  Thanks so much for reading and for any replies. If there is a better forum for my question, please direct me there.
  Cheers,
  Dave Woldrich
  http://CardMeeting.com

  This occurs rarely when the Tomcat process is not able to connect to the database. The database connection problem is an internal cause which manifests externally as missing fields in reports.
  Workaround: Restart the Apache process and the Tomcat process. From the CLI on your CiscoWorks Server, enter the following commands in the specified sequence:
  1. pdterm Apache
  2. pdterm Tomcat
  3. pdexec Tomcat
  4. pdexec Apache

• Hardware Load Balancing Configuration and Session Clustering

            I would like to know where I can find any information on Hardware Load Balancing
            Configuration in order to leverage WLS HTTPSession clustering.
            Don Ferguson mentioned white papers on this subject however I can't seem to locate
            them.
            I am particularly interested in Cisco's 11000 Content Service Switch.
            Thanks.
            Mike Jones
            

  Scroll to the bottom of this link. It discusses how to configure Alteon and Big-IP.
            The principles should apply to Cisco as well, but we don't have documentation on
            configuring it, as far as I know.
            http://e-docs.bea.com/wls/docs61/cluster/index.html
            -Don
            Michael Jones wrote:
            > I would like to know where I can find any information on Hardware Load Balancing
            > Configuration in order to leverage WLS HTTPSession clustering.
            > Don Ferguson mentioned white papers on this subject however I can't seem to locate
            > them.
            > I am particularly interested in Cisco's 11000 Content Service Switch.
            >
            > Thanks.
            >
            > Mike Jones
            

• Load Balancing, Server and / or Client ?

  Hi
  I am experiencing a problem with the connection pooling in odp.net. I have a simple test app that creates a connection, executes a query, populates an object then closes the connection. I have found that when I have client side load balancing on via the odp.net connection string property many connections are made unnecessary (sometime the actual number created reaches the max pool size but the numbers differ randomly). It appears that rather than a free connection in the pool being used more connections are being created which defeats the point of having a connection pool. I do have server side load balancing configured correctly also. Due to this finding can someone possibly answer the following questions.
  a) Do I need both server side and client side load balancing set?
  b) If I do why is the above behaviour being seen? If not could you give me a short explanation as to why not?
  Current set up is 11g (patched to 6, awaiting 7 to be applied) RAC, 2 nodes.
  Below is the C# code used while testing this. The table queried is a simple person table containing 16000 rows if data.
  OcConnection = "User Id=XXX; Password=XXX; Connection Lifetime = 60; Data Source=(DESCRIPTION=(ADDRESS_LIST=(FAILOVER=on)(LOAD_BALANCE=off)(ADDRESS=(PROTOCOL=tcp)(HOST=XXX)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=XXX)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=MyFirstTest))); Pooling=true; HA Events = true; Load Balancing = true";
  Code:-
  Oracle.DataAccess.Client.OracleConnection con;
  con = new Oracle.DataAccess.Client.OracleConnection();
  con.ConnectionString =OcConnection;
  con.Open();
  // the command object to use for this test
  OracleCommand cmd = con.CreateCommand();
  cmd.CommandText = "select * from PERSON";
  OracleDataReader rdr = cmd.ExecuteReader();
  List<test> listTest = new List<test>();
  while (rdr.Read())
  test dc = new test();
  if (!rdr.IsDBNull(0))
  dc.id = Convert.ToInt32(rdr.GetValue(0));
  if (!rdr.IsDBNull(1))
  dc.forename = rdr.GetString(1);
  if (!rdr.IsDBNull(2))
  dc.surname = rdr.GetString(2);
  if (!rdr.IsDBNull(3))
  dc.street = rdr.GetString(3);
  if (!rdr.IsDBNull(4))
  dc.city = rdr.GetString(4);
  if (!rdr.IsDBNull(5))
  dc.postcode = rdr.GetString(5);
  if (!rdr.IsDBNull(6))
  dc.country = rdr.GetString(6);
  if (!rdr.IsDBNull(7))
  dc.email = rdr.GetString(7);
  if (!rdr.IsDBNull(8))
  dc.dateadded = rdr.GetDateTime(8);
  if (!rdr.IsDBNull(9))
  dc.randWords = rdr.GetString(9);
  if (!rdr.IsDBNull(10))
  dc.uniqueNumber = Convert.ToInt32(rdr.GetValue(10));
  listTest.Add(dc);
  rdr.Close();
  con.Close();
  rdr.Dispose();
  cmd.Dispose();
  con.Dispose();
  Thanks for your time
  Victoria

  Here are the HTTP Headers as monitored on the client side. Notice the good.txt file includes a GET as it's initial request. All works fine in this case. However, the initial request in the bad.txt is a POST. This is odd since the URL was opened using the same shortcut in both incidents and the browser was closed between each trace that was taken. I've also reviewed the shortcut with notepad to verify it does not include unwanted data such as the JSESSIONID info....etc.
  Once you have reviewed the HTTP headers, I have these questions.
  1. IIS is sending the 100 Continue messages as you mention, but why is the CSS injecting the cookie in a 100 response that is not typically processed by the client? The bad.txt file shows the client receiving two ARPT cookies because the first cookie in the 100 continue response was ignored.
  2. I know Cisco is not really in the business of troubleshooting browser behaviour. But do you know why the browser would behave differently....GET in one request and a POST in the next? We do not wish to get into modifying the browser, so I'm hoping we can provide a solution on the server side that will allow the browser to function this way if it chooses to do so. Do you think it would make sence to push the state management up a level to the cookie handed out by JRUN? This way, the cookie would not be handed back in a 100 response from IIS, and we could tell the CSS to monitor the JRUN cookie. Of course this would require we determine how to manage this cookie either by modifying to cookie to have static data for each server, or by using the right method of hashing...etc.
  Chris

• Load balancing Internet and Site to Site VPN's across Multiple ISP.

  Hi Everyone,
  We  are currently connected to a single ISP with different Internet related  services like mail, web, dns and IPSEC site to site VPN's running. We  would be adding another ISP and do load balancing across these multiple  links. We are using Cisco ASA firewall.
  Can anyone suggest a load  balancer which can not only provide load balancing of the links but  failover as well for mail,web and IPSEC Site to Site VPN's. I came  across Peplink that can achieve this but I guess I will have to  decommision our ASA in order to install Peplink.
  Check attached diagram, this will be our proposed design.
  Regards

  Hi Sundeep,
  The simplest solution would be to put an IOS router (or two with HSRP) between the ASA and the ISPs and do policy-based routing for your flows between the 2 ISPs. Otherwise, any load balancer should work fine with the ASA. If failover of the load balancer is a requirement, you'll need to look at product specific documentation for whichever solution you choose.
  -Mike

• Load Balancing, Tomcat, and SharePoint

  I'm a new BusinessObjects customer and am working on getting all of the hardware in place for a new install.  The initial plan is to have two BOE servers, and two tomcat virtual servers, with a hardware based load balancer (F5 BIG-IP Switch: Local Traffic Manager 1600 4GB, possibly) in front of the tomcat servers to handle the load balancing.
  But, I'm starting to think that it would be a good idea for us to integrate directly in to our SharePoint portal using the SAP SharePoint Integration option.
  So, here's my question.  If we do that, then our users will get to their BusinessObjects information via SharePoint.  So, SharePoint and IIS will be the web server.  Will we still have a need for the Tomcat servers?  Will SharePoint point to the load balancer, then to Tomcat, and finally to the BOE server, or will it go right to the BOE server, thus negating the need for the tomcat servers altogether, and also even negating the need for the load balancer?  If so, can the BOE app servers themselves still be load balanced?
  Hopefully this all makes sense - like I said, we're a new customer, so I don't fully understand all of what the servers are doing.  I've spent several days searching the forums & the web & reading documentation and haven't come up with an answer yet, so I'm reaching out to you all & hoping somebody can clear it up for me.  Thanks!!

  Thank you for your input, Denis, this does help explain things.  Also, thanks for pointing me to that Windows Patterns document.  I hadn't seen that one - since we're starting out on 4.0, I've only been looking at documents under the 4.0 folders...
  It sounds like we may want to utilize this same load balancer to balance the SharePoint traffic as well, while we're at it.  Right now our SharePoint server is clustered using Microsoft Clustering, but not load balanced in any way.  Or maybe we just post a link from within SharePoint to the regular old BI LaunchPad and call it a day!
  So, if I understand correctly, if we utilize SharePoint, any traffic/processing that the Tomcat server would have handled would now be handled by the SharePoint server, which could potentially be significant.  The actual processing of the reports, though, will still get handled by the BOE Cluster, which takes care of its own load balancing, so we'll be fine.  Really the only thing the hardware load balancer does is allow the presentation layer to be load balanced - the layers beyond that get load balanced automatically via CMS.  Is that all somewhat valid?  In the patterns doc, there's Application Servers separate from the BOE Servers.  We were just going to have two BOE servers and two Web servers.  Where do the application servers fall in, and are they load balanced using the hardware piece?
  If we were just concerned about High Availability, it seems like maybe we could more easily use Windows Clustering on those Tomcat servers, and avoid the hardware component altogether.  Do the Web servers really get hammered that hard that we need them load balanced?  It seems like the BOE servers are the ones doing the heavy resource intensive tasks and we get them load balanced without the hardware anyway, so maybe load balancing the web servers is overkill.....  I'm sure a lot of this is tough to answer, I'm just trying to get a feel for it.  I want us to have our best performance & be somewhat future-proofed, but don't want to buy things that I don't need to!  We're probably looking at a small, 10-20 concurrent user setup for starters, and out to say 200 concurrent max once it's fully rolled out...
  Thanks again!!

• Cisco 1921 Dual ADSL Load Balancing/Failover?

  Hello,
  We have purchased a Cisco 1921 with twin ADSL after advice from a Cisco sales rep. However I am having trouble working out the load balancing/fail over config for the device.
  I would like traffic to balance over both ADSL lines and if one goes down not to interrupt connectivity.
  I had a look at ppp multilink but I am unsure our ISP (BT) support this?
  This is my current config which I think only one ADSL line is being used. Some input would be appreciated
  Robbie
  ! Last configuration change at 13:18:34 UTC Tue Mar 29 2011
  version 15.0
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname xxxxxx
  boot-start-marker
  boot-end-marker
  no logging buffered
  enable secret 5 xxxxx
  enable password xxxx
  no aaa new-model
  no ipv6 cef
  ip source-route
  ip cef
  ip name-server 194.74.65.68
  ip name-server 194.72.0.114
  multilink bundle-name authenticated
  crypto pki trustpoint TP-self-signed-xxxxxx
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-xxxxx0
  revocation-check none
  rsakeypair TP-self-signed-xxxxx!
  crypto pki certificate chain TP-self-signed-xxxxxx
  certificate self-signed 02 nvram:IOS-Self-Sig#4.cer
  license udi pid CISCO1921/K9 xxxxx
  username admin privilege 15 secret 5 xxxxxxxxxx/
  interface GigabitEthernet0/0
  description lan$ETH-LAN$
  ip address 10.0.8.1 255.255.248.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  no ip address
  shutdown
  duplex auto
  speed auto
  interface ATM0/0/0
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  no atm ilmi-keepalive
  dsl operating-mode adsl2
  interface ATM0/0/0.1 point-to-point
  description $ES_WAN$$FW_OUTSIDE$
  ip flow ingress
  pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
  interface ATM0/1/0
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  no atm ilmi-keepalive
  dsl operating-mode adsl2
  interface ATM0/1/0.1 point-to-point
  description $ES_WAN$$FW_OUTSIDE$
  ip flow ingress
  pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
  interface Dialer0
  mtu 1483
  ip address negotiated
  ip access-group spalding in
  ip access-group spalding out
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap callin
  ppp chap hostname xxxxx
  ppp chap password 0 xxxxx
  ppp multilink
  ppp multilink links minimum 2
  ppp multilink fragment disable
  ppp timeout multilink link add 2
  no cdp enable
  interface Dialer1
  mtu 1483
  ip address negotiated
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap callin
  ppp chap hostname xxxxx
  ppp chap password 0 xxxxx
  ppp link reorders
  ppp multilink
  ppp multilink links minimum 2
  ppp multilink fragment disable
  ppp timeout multilink link add 2
  no cdp enable
  ip forward-protocol nd
  no ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip nat inside source list 1 interface Dialer0 overload
  ip nat inside source static tcp 10.0.15.201 3389 interface Dialer0 3389
  ip nat outside source static tcp 195.194.75.218 3389 10.0.15.200 3389 extendable
  ip route 0.0.0.0 0.0.0.0 Dialer0
  access-list 1 remark INSIDE_IF=GigabitEthernet0/0
  access-list 1 permit 10.0.0.0 0.254.255.255
  dialer-list 1 protocol ip permit
  control-plane
  line con 0
  line aux 0
  line vty 0 4
  privilege level 15
  login local
  transport input telnet ssh
  line vty 5 15
  privilege level 15
  login local
  transport input telnet ssh
  scheduler allocate 20000 1000
  end

  Hi,
  Can anyone help me with this config?  not very reliable.
  Building configuration...
  Current configuration : 17349 bytes
  ! Last configuration change at 06:08:06 UTC Sun Apr 5 2015 by Shawn
  version 15.4
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname Router
  boot-start-marker
  boot system flash0:c2900-universalk9-mz.SPA.154-3.M2.bin
  boot-end-marker
  security authentication failure rate 3 log
  security passwords min-length 6
  logging buffered 51200
  logging console critical
  enable secret 5 $1$sNeA$GB6.SMrcsxPf51tK2Eo9Z.
  aaa new-model
  aaa authentication login local_authen local
  aaa authorization exec local_author local
  aaa session-id common
  no ip source-route
  ip port-map user-protocol--8 port udp 3392
  ip port-map user-protocol--9 port tcp 3397
  ip port-map user-protocol--2 port udp 3391
  ip port-map user-protocol--3 port tcp 14000
  ip port-map user-protocol--1 port tcp 3391
  ip port-map user-protocol--6 port udp 3394
  ip port-map user-protocol--7 port tcp 3392
  ip port-map user-protocol--4 port udp 14100
  ip port-map user-protocol--5 port tcp 3394
  ip port-map user-protocol--10 port udp 3397
  ip dhcp excluded-address 192.168.1.1 192.168.1.49
  ip dhcp excluded-address 192.168.10.1 192.168.10.49
  ip dhcp pool DHCP_POOL1
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 139.130.4.4 203.50.2.71
   default-router 192.168.1.1
   lease infinite
  ip dhcp pool ccp-pool1
   import all
   network 192.168.10.0 255.255.255.0
   dns-server 139.130.4.4 203.50.2.71
   default-router 192.168.10.1
   lease infinite
  no ip bootp server
  ip host SHAWN-PC 192.168.1.10
  ip host DIAG 192.168.1.5
  ip host MSERV 192.168.1.13
  ip name-server 139.130.4.4
  ip name-server 203.50.2.71
  ip cef
  ip cef load-sharing algorithm include-ports source destination
  no ipv6 cef
  multilink bundle-name authenticated
  cts logging verbose
  crypto pki trustpoint TP-self-signed-1982477479
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1982477479
   revocation-check none
   rsakeypair TP-self-signed-1982477479
  license udi pid 
  license boot module c2900 technology-package securityk9
  license boot module c2900 technology-package datak9
  redundancy
  controller VDSL 0/0/0
   operating mode adsl2+
  controller VDSL 0/1/0
   operating mode adsl2+
  no cdp run
  track timer interface 5
  track 1 interface Dialer0 ip routing
   delay down 15 up 10
  track 2 interface Dialer1 ip routing
   delay down 15 up 10
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  class-map type inspect match-all sdm-nat-user-protocol--7-1
   match access-group 104
   match protocol user-protocol--7
   match access-group 102
  class-map type inspect match-all sdm-nat-user-protocol--4-2
   match access-group 101
   match protocol user-protocol--4
  class-map type inspect match-all sdm-nat-user-protocol--6-1
   match access-group 103
   match protocol user-protocol--6
  class-map type inspect match-all sdm-nat-user-protocol--5-1
   match access-group 103
   match protocol user-protocol--5
  class-map type inspect match-all sdm-nat-user-protocol--4-1
   match access-group 102
   match protocol user-protocol--4
  class-map type inspect match-all sdm-nat-user-protocol--7-2
   match access-group 101
   match protocol user-protocol--7
  class-map type inspect match-all sdm-nat-user-protocol--3-1
   match access-group 102
   match protocol user-protocol--3
  class-map type inspect match-all sdm-nat-user-protocol--2-1
   match access-group 101
   match protocol user-protocol--2
  class-map type inspect match-all sdm-nat-user-protocol--1-2
   match access-group 102
   match protocol user-protocol--1
  class-map type inspect match-all sdm-nat-user-protocol--1-1
   match access-group 101
   match protocol user-protocol--1
  class-map type inspect match-all sdm-nat-user-protocol--2-2
   match access-group 102
   match protocol user-protocol--2
  class-map type inspect match-all sdm-nat-user-protocol--3-2
   match access-group 101
   match protocol user-protocol--3
  class-map type inspect match-all sdm-nat-user-protocol--8-2
   match access-group 101
   match protocol user-protocol--8
  class-map type inspect match-all sdm-nat-user-protocol--9-2
   match access-group 104
   match protocol user-protocol--9
  class-map type inspect match-any ccp-skinny-inspect
   match protocol skinny
  class-map type inspect match-all sdm-nat-user-protocol--9-1
   match access-group 101
   match protocol user-protocol--9
   match access-group 104
  class-map type inspect match-all sdm-nat-user-protocol--8-1
   match access-group 104
   match protocol user-protocol--8
   match access-group 102
  class-map type inspect match-any ccp-h323nxg-inspect
   match protocol h323-nxg
  class-map type inspect match-any ccp-cls-icmp-access
   match protocol icmp
   match protocol tcp
   match protocol udp
  class-map type inspect match-all sdm-nat-user-protocol--10-2
   match access-group 104
   match protocol user-protocol--10
  class-map type inspect match-all sdm-nat-user-protocol--10-1
   match access-group 101
   match protocol user-protocol--10
   match access-group 104
  class-map type inspect match-any ccp-h225ras-inspect
   match protocol h225ras
  class-map type inspect match-any ccp-h323annexe-inspect
   match protocol h323-annexe
  class-map type inspect match-any ccp-cls-insp-traffic
   match protocol pptp
   match protocol dns
   match protocol ftp
   match protocol https
   match protocol icmp
   match protocol imap
   match protocol pop3
   match protocol netshow
   match protocol shell
   match protocol realmedia
   match protocol rtsp
   match protocol smtp
   match protocol sql-net
   match protocol streamworks
   match protocol tftp
   match protocol vdolive
   match protocol tcp
   match protocol udp
  class-map type inspect match-all SDM_GRE
   match access-group name SDM_GRE
  class-map type inspect match-any ccp-h323-inspect
   match protocol h323
  class-map type inspect match-all ccp-invalid-src
   match access-group 100
  class-map type inspect match-any ccp-sip-inspect
   match protocol sip
  class-map type inspect match-all ccp-protocol-http
   match protocol http
  class-map type inspect match-any CCP_PPTP
   match class-map SDM_GRE
  class-map type inspect match-all ccp-insp-traffic
   match class-map ccp-cls-insp-traffic
  class-map type inspect match-all ccp-icmp-access
   match class-map ccp-cls-icmp-access
  policy-map type inspect ccp-inspect
   class type inspect ccp-invalid-src
    drop log
   class type inspect ccp-protocol-http
    inspect
   class type inspect ccp-insp-traffic
    inspect
   class type inspect ccp-sip-inspect
    inspect
   class type inspect ccp-h323-inspect
    inspect
   class type inspect ccp-h323annexe-inspect
    inspect
   class type inspect ccp-h225ras-inspect
    inspect
   class type inspect ccp-h323nxg-inspect
    inspect
   class type inspect ccp-skinny-inspect
    inspect
   class class-default
    drop
  policy-map type inspect sdm-pol-NATOutsideToInside-1
   class type inspect sdm-nat-user-protocol--1-1
    inspect
   class type inspect sdm-nat-user-protocol--2-1
    inspect
   class type inspect sdm-nat-user-protocol--3-1
    inspect
   class type inspect sdm-nat-user-protocol--4-1
    inspect
   class type inspect sdm-nat-user-protocol--5-1
    inspect
   class type inspect sdm-nat-user-protocol--6-1
    inspect
   class type inspect sdm-nat-user-protocol--7-1
    inspect
   class type inspect sdm-nat-user-protocol--8-1
    inspect
   class type inspect sdm-nat-user-protocol--9-1
    inspect
   class type inspect sdm-nat-user-protocol--10-1
    inspect
   class type inspect CCP_PPTP
    pass
   class type inspect sdm-nat-user-protocol--7-2
    inspect
   class type inspect sdm-nat-user-protocol--8-2
    inspect
   class type inspect sdm-nat-user-protocol--1-2
    inspect
   class type inspect sdm-nat-user-protocol--2-2
    inspect
   class type inspect sdm-nat-user-protocol--9-2
    inspect
   class type inspect sdm-nat-user-protocol--10-2
    inspect
   class type inspect sdm-nat-user-protocol--3-2
    inspect
   class type inspect sdm-nat-user-protocol--4-2
    inspect
   class class-default
    drop log
  policy-map type inspect ccp-permit
   class class-default
    drop
  policy-map type inspect ccp-permit-icmpreply
   class type inspect ccp-icmp-access
    inspect
   class class-default
    pass
  zone security in-zone
  zone security out-zone
  zone-pair security ccp-zp-self-out source self destination out-zone
   service-policy type inspect ccp-permit-icmpreply
  zone-pair security ccp-zp-in-out source in-zone destination out-zone
   service-policy type inspect ccp-inspect
  zone-pair security ccp-zp-out-self source out-zone destination self
   service-policy type inspect ccp-permit
  zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
   service-policy type inspect sdm-pol-NATOutsideToInside-1
  interface Null0
   no ip unreachables
  interface Embedded-Service-Engine0/0
   no ip address
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   shutdown
  interface GigabitEthernet0/0
   description $ETH-LAN$
   ip address 192.168.10.1 255.255.255.0
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   duplex auto
   speed auto
   no mop enabled
  interface GigabitEthernet0/1
   no ip address
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   shutdown
   duplex auto
   speed auto
   no mop enabled
  interface ATM0/0/0
   no ip address
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   no atm ilmi-keepalive
  interface ATM0/0/0.1 point-to-point
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   pvc 8/35
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
  interface ATM0/0/0.2 point-to-point
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
  interface Ethernet0/0/0
   no ip address
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   shutdown
   no mop enabled
  interface ATM0/1/0
   no ip address
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   no atm ilmi-keepalive
  interface ATM0/1/0.1 point-to-point
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   pvc 8/35
    encapsulation aal5mux ppp dialer
    dialer pool-member 2
  interface Ethernet0/1/0
   no ip address
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   shutdown
   no mop enabled
  interface GigabitEthernet0/3/0
   no ip address
  interface GigabitEthernet0/3/1
   no ip address
  interface GigabitEthernet0/3/2
   no ip address
  interface GigabitEthernet0/3/3
   no ip address
  interface GigabitEthernet0/3/4
   no ip address
  interface GigabitEthernet0/3/5
   no ip address
  interface GigabitEthernet0/3/6
   no ip address
  interface GigabitEthernet0/3/7
   no ip address
  interface Vlan1
   description $FW_INSIDE$
   ip address 192.168.1.1 255.255.255.0
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nbar protocol-discovery
   ip flow ingress
   ip nat inside
   ip virtual-reassembly in
   zone-member security in-zone
  interface Dialer0
   description $FW_OUTSIDE$
   ip address negotiated
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nbar protocol-discovery
   ip flow ingress
   ip nat outside
   ip virtual-reassembly in
   zone-member security out-zone
   encapsulation ppp
   dialer pool 1
   dialer-group 1
   ppp authentication chap pap callin
   ppp chap hostname [email protected]
   ppp chap password 7 1444405858557A
   ppp pap sent-username [email protected] password 7 135645415F5D54
   ppp multilink
  interface Dialer1
   description $FW_OUTSIDE$
   ip address negotiated
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nbar protocol-discovery
   ip flow ingress
   ip nat outside
   ip virtual-reassembly in
   zone-member security out-zone
   encapsulation ppp
   dialer pool 2
   dialer-group 2
   ppp authentication chap pap callin
   ppp chap hostname [email protected]
   ppp chap password 7 01475E540E5D55
   ppp pap sent-username [email protected] password 7 055F5E5F741A1D
   ppp multilink
  router eigrp as#
  router eigrp 10
   network 192.168.1.1 0.0.0.0
  router rip
   version 2
   network 192.168.1.0
   no auto-summary
  ip forward-protocol nd
  ip http server
  ip http access-class 3
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip dns server
  ip nat inside source static tcp 192.168.1.10 3392 interface Dialer1 3392
  ip nat inside source static udp 192.168.1.10 3392 interface Dialer1 3392
  ip nat inside source static tcp 192.168.1.35 3391 interface Dialer0 3391
  ip nat inside source static udp 192.168.1.35 3391 interface Dialer0 3391
  ip nat inside source static tcp 192.168.1.5 3394 interface Dialer0 3394
  ip nat inside source static udp 192.168.1.5 3394 interface Dialer0 3394
  ip nat inside source static tcp 192.168.1.17 3397 interface Dialer0 3397
  ip nat inside source static udp 192.168.1.17 3397 interface Dialer0 3397
  ip nat inside source static tcp 192.168.1.10 14000 interface Dialer0 14000
  ip nat inside source static udp 192.168.1.10 14100 interface Dialer0 14100
  ip nat inside source route-map ADSL0 interface Dialer0 overload
  ip nat inside source route-map ADSL1 interface Dialer1 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
  ip route 0.0.0.0 0.0.0.0 Dialer1 track 2
  ip access-list extended NAT
   remark CCP_ACL Category=18
   permit ip 192.0.0.0 0.255.255.255 any
  ip access-list extended SDM_GRE
   remark CCP_ACL Category=1
   permit gre any any
   remark CCP_ACL Category=1
  ip access-list extended STATIC-NAT-SERVICES
   permit ip host 192.168.1.35 any
   permit ip host 192.168.1.5 any
   permit ip host 192.168.1.10 any
   permit ip host 192.168.1.17 any
  dialer-list 1 protocol ip permit
  dialer-list 2 protocol ip permit
  route-map ADSL0 permit 10
   match ip address NAT
   match interface Dialer0
  route-map ADSL1 permit 10
   match ip address NAT
   match interface Dialer1
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.1.0 0.0.0.255
  access-list 2 remark HTTP Access-class list
  access-list 2 remark CCP_ACL Category=1
  access-list 2 permit 192.168.1.0 0.0.0.255
  access-list 2 deny   any
  access-list 2 remark HTTP Access-class list
  access-list 2 remark CCP_ACL Category=1
  access-list 3 remark HTTP Access-class list
  access-list 3 remark CCP_ACL Category=1
  access-list 3 permit 192.168.1.0 0.0.0.255
  access-list 3 deny   any
  access-list 10 remark INSIDE_IF=NAT
  access-list 10 remark CCP_ACL Category=2
  access-list 10 permit 192.168.1.0 0.0.0.255
  access-list 100 remark CCP_ACL Category=128
  access-list 100 permit ip host 255.255.255.255 any
  access-list 100 permit ip 127.0.0.0 0.255.255.255 any
  access-list 100 permit ip 139.130.227.0 0.0.0.255 any
  access-list 100 permit ip 203.45.106.0 0.0.0.255 any
  access-list 101 remark CCP_ACL Category=0
  access-list 101 permit ip any host 192.168.1.10
  access-list 101 remark CCP_ACL Category=0
  access-list 101 permit ip any host 192.168.1.35
  access-list 101 permit tcp any any eq www
  access-list 102 remark CCP_ACL Category=0
  access-list 102 permit ip any host 192.168.1.35
  access-list 102 remark CCP_ACL Category=0
  access-list 102 permit ip any host 192.168.1.10
  access-list 103 remark CCP_ACL Category=0
  access-list 103 permit ip any host 192.168.1.5
  access-list 104 remark CCP_ACL Category=0
  access-list 104 permit ip any host 192.168.1.17
  control-plane
  banner login ^CCE-Rescue Systems^C
  line con 0
   login authentication local_authen
   transport output telnet
  line aux 0
   login authentication local_authen
   transport output telnet
  line 2
   no activation-character
   no exec
   transport preferred none
   transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
   stopbits 1
  line vty 0 4
   authorization exec local_author
   login authentication local_authen
   transport input telnet ssh
  line vty 5 15
   authorization exec local_author
   login authentication local_authen
   transport input telnet ssh
  scheduler allocate 20000 1000
  end
  Thanks
  Shawn

• 2 x 2911 HSEC router 3 ADSL connections each Site ti Site VPN Load Balancing Failover

  Hello,
  My senario is as described in Title.
  Site A Headquarters. The router is Cisco 2911HSEC with 3 ADSL connections
  Site B Remote Office. The router is Cisco 2911HSEC with 3 ADSL connections and 10 Users.
  All ADSL connections have static IPs and belong to same ISP.
  Need - Site to Site VPN between the routers.
  Client requests to load balance the traffic, due to poor ADSL speed and have a failover senarion in case an ADSL line goes down.
  Any help will be appreciated.

  I don't believe you will find a One solution for this. 
  An idea would be to have all three ADSLs paired with ADSL on the other side. 
  Have 3 VTI (or GRE) tunnels up all the time (VRF-lite anybody?) and advertise routes to the other side with same metric. 
  This will cause IOS to load balance natively. 
  Potential problem: return path might not be the same as forward path, but it should not matter much for most applications. 
  Potential cool thing you can do: All the "magical" things in routing world (Did I head PfR?). FlexVPN on top to make it more flexible. 
  Benefit: Rely on IKE to bring down connections which are going down. Little-to-no management once it's up and running. 

• Loading balance/failover in JDBC

  Hi experts,
  we have a 4 nodes oracle 10g2 RAC in linux
  we created a service as TNS have info for failover and loading balance
  as
  (LOAD_BALANCE = yes)
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = dbservice)
  (FAILOVER_MODE =
  (TYPE = SELECT)
  (METHOD = BASIC)
  (RETRIES = 180)
  (DELAY = 5)
  it works for no java application
  I saw JDBC as
  URL="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=dbhost1)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=dbhost2)(PORT=1521))(FAILOVER=on)(LOAD_BALANCE=off))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=dbservice)))"
  my question as why are difference setting in TNS and JDBC for load_balance and failover?
  do we nned to copy exactly TNS into JDBC?
  Do we need to set MultiPools for JDBC? this java application use connection pool to connect toRAC database. and seems that failover does not work.
  Thanks for help
  JIm

  Ok, TAF does not work with jdbc-thin: [http://download.oracle.com/docs/cd/B19306_01/java.102/b14355/overvw.htm#sthref18]
  With TAF the client takes care of failover transparent to the application.
  But TAF is not the only feature/function that will help with failover. If you have an application server that employs a connection pool, it will also take care of this. When the connection pool determines that a connection is lost/broken (or it receives a FAN event) it will try to reopen a connection and it will be redirected to a working instance. This should keep the application up but all transactions and sessions that were being executed on the failed node will still crash and generate application errors (a smart application could catch such an exception and re-execute all sql).
  Maybe you can explain more what kind of behavior you expect during failover and why you think it is not working.
  Bjoern

• Site not found using Sharepoint Designer 2013, Load balance URL and the Front end servers.

  Dears,
  My SharePoint farm is with the below configuration in our office :
  Batch processing server the with Central Administration
  Web Front End Sever 1 (http://wfe01)
  Web Front End Sever 2 (http://wfe02)
  I do have the load balance URL as http://finance.mycompany.com and as per the system administrator it seems configured properly.
  In AAM i have mapped the URLs as below for the web application in Central Administration portal:
  http://finance.mycompany.com - Default Zone
  http://wfe01 - Intranet Zone
  http://wfe02 - Internet Zone
  I was able to browse the site via the load balance URL : http://finance.mycompany.com, but couldn't open the site using the Share Point Designer 2013. It always says the site not found.
  please advise,
  thanks,
  Ammar

  What do the wfe01 and wfe02 aams do?
  Are you browsing to the SharePoint site and using SPD on the same computer, is it part of the farm or a seperate client computer?
  thanks Alex a lot for your response and appreciate the same.
  WFE01, WFE01 is connected to the one central admin on Batch Processing Server (central admin URL is http://SharepointCA:5555 and the SharePoint Web Application is hosted under port 80 on the same server). So the AAM configured on the batch processing server
  central admin.
  I can connect to the site using the SPD inside the Batch Processing server if i mention the site urs as http://localhost. But not from other client computers by putting the load balance URL - http://finance.mycompany.com.
  I can browse the sites directly putting http://wfe01, http://wfe02 and as well as the load balance URL (http://finance.mycompany.com). The custom webparts are getting crashed when i put the web application URL as http://finance.mycompany.com.
  thanks,
  Ammar

• ACE Load Balance setup and testing - vip

  Got a new ACE 4710 and am I new to the appliance. I am testing out a senario with load balancing between two servers. In testing when I ping the VIP ip address the replies I see are from the real server ip addresses. I am just wondering if this is the correct normal behavior or should I see the ping replies coming from the VIP ip address?
  Thanks

  Do you use the
      loadbalance vip icmp-reply active
  command?
  policy-map multi-match POL45
    class VStest
      loadbalance vip inservice
      loadbalance policy L7SLBPOLtest
      loadbalance vip icmp-reply active

• Bug with Network Load Balancing Services and SkipAsSource always reverting to true

  Steps to reproduce:
  Add an IP address to the cluster (2 nodes running Windows Server 2012) using the Network Load Balancing Manager
  Using PowerShell set the SkipAsSource flag on the IP Address to true (Set-NetIpAddress -IpAddress 192.168.1.10 -SkipAsSource $true). The flag is correctly set.
  Try to reverse the setting (Set-NetIpAddress -IpAddress 192.168.1.10 -SkipAsSource $false). Flag stays as true.
  It appears as though Network Load Balancing Services is remembering the setting from someone.
  Things I've tried all without success (in no particular order):
  Removing the IP address from the cluster and adding it back in
  Using PowerShell to remove the IP address and add it back in manually (on each host).Flag stays set as true on the 1st node but takes a second before it reverts back to true on the 2nd node.
  Using netsh to remove the IP address and add it back in manually (on each host). Flag stays set as true on the 1st node but takes a second before it reverts back to true on the 2nd node.
  Deleting each host from the cluster (one at a time), removing the registry keys CurrentControlSet\Services\WLBS and
  Removing both hosts from the cluster
  Restarting the hosts
  Using processmon (sysinternals) to try and find a registry entry that might be set when SkipAsSource is set
  Does anyone know:
  How to resolve this issue? I'm guessing resetting the TCP/IP stack would work but that's a last resort as it requires an on sight visit to the datacentre.
  Where the SkipAsSource flag it stored?
  How to reset the master/global cluster config?
  Thank in advance,
  Antony

  Hi Antony,
  I am trying to involve someone familiar with this topic to further look at this issue.
  There might be some time delay. Appreciate your patience.
  Best Regards.
  Steven Lee
  TechNet Community Support