Load Balancing layer 4
Im not udnerstanding why i would want to use a Layer 4 HLB device for Exchange 2013? From my understanding Layer 4 doesnt have the ability to look at what the client is requesting from the serer and make decisions accordinly. We have multiple services running
on Exchange 2013, (OWA,EAS,EWS) if one of the services went down, for example EWS, would a layer 4 load balancer be able to route EWS request from clients to a working EWS service while still distributing traffic evenly for the reamining working services across
the CAS arrays? If not i think i would stick with using a layer 7 HLB
Thanks
Bulls on Parade
Hello,
It is recommended that you visit the vendor's web site for the latest information regarding product specifications, capacity, country support and documentation including release
notes and known issues.
We can start from the following link:
Exchange Server 2010 load balancer deployment
http://technet.microsoft.com/en-us/exchange/gg176682.aspx
Thanks,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support
Similar Messages
-
Routing and caching layer vs. F5 load balancer or both.
We have 4 WFE servers farm, For load balancing, I can see following option.
Purchase the F5 load balancer, don't use the RM.
Have a one more server that will do Routing using RM and caching. Don't use the
F5 load balancer.
Have both F5 load balancer and RM
I am wondering what approach we should take. I have read a lot of articles in MSDN, all suggests that we should have a routing & caching layer at front of WFE server. Considering we have just 4 WFE Servers do we need to have a separate routing and cache
layer along with F5 load balancer. I am really confused here.
Regards Restless SpiritUsing Request Management isn't a replacement for using a hardware load balancer. It will be used internally within SharePoint to route things appropriately. It depends on the number of users your farm will support, but you may or may not need
a dedicated distributed cache / request management layer. Refer to this
diagram to see where your farm fits in.
Corey Roth - SharePoint Server MVP blog:
www.dotnetmafia.com twitter: @coreyroth |
SP2 Apps -
Server Load-balancing Across Two Data centers on Layer 3
Hi,
I have a customer who would like to load balance two Microsoft Exchange 2010 CAS Servers which are residing across two data centers.
Which is the best solution for this? Cisco ACE or Cisco ACE GSS or both?I would go with source natting the clients ip addresses, so that return traffic from the servers is routed correctly.
It saves you the trouble with maintaining PBR as well.
Source NAT can be done on the ACE, by applying the configuration to either the load balancing policy, or adding the configuration to the class-map entries in the multi-match policy.
Cheers,
Søren
Sent from Cisco Technical Support iPad App -
SAP GLM Print Request - Load Balancing of WWI server
Hi GLM Experts,
I am using new GLM + module that generates labels based on Print Requests. I am unable to understand how I can load balance the WWI services when there are multiple label printing requests.
In GLM + we associate a WWI to a Print Station and which can then be associated with a printer. So in the configuration we are tying up a printer a WWI.
Also during label printing, if the scenario uses print request module, then the use need to select a print station and printer. What happens if the WWI related to the print station is down?
For example I have two services in WWI server GENPC1 and GENPC2. I created WWII and WWI2 as two print stations. I will associate my printer PRNWWI to both the print stations WWI1 and WWI2.
During label printing if the user picks and WWI1 and Printer PDNWWI and if the GENPC1 WWI server assocaited with print status WWI1 is busy and down I want WWI GENPC2 to generate the label?
How to setup the above load balancing or fall back? Please let me know.
Thanks
PugalDear Pugal
we are not using GLM + and I am not sure about the technqiue used there to handle load balancing. Regarding general WWI setup I assume you know this Note: EH&S: Availability and performance of WWI and Expert servers
On the top there is a further SAP Note abvailable which might be of interest. This is referenced here:
http://de.scribd.com/doc/191576739/011000358700000861002013-e
May be check OSS note: 1958655; OSS Note 1155294 is more related to normal WWI stuff; but may be check it as well. May be 1934253 might help better
May be this might help.
C.B.
PS: may be check as well: consolut - EHS_MD_140_01 - EH&S-Management-Server einrichten
The load balancing of synchron WWi servers is donein the "RFC" layer, therefore you have no inffluence here, for asynchron WWI servers you can do a lot to manage the WWI load balancing by using "exits" etc. -
How to control a Load Balanced set in IaaS VMs using Text files
Hi,
I would like to control the Load Balanced nodes Using a resource to probe like active.txt in IIS than a Endpoint on the Management Portal.
The reason i need this is because the engineers in my team will have access to VMs but not to Management servers.
Any info on it is very helpful.
ThanksHi,
You can Control the access to the Load Balanced Set by using Network ACL. A Network Access Control List (ACL) is a security enhancement available for your Azure deployment. An ACL provides the ability to selectively permit or deny traffic for a virtual machine
endpoint. This packet filtering capability provides an additional layer of security.
Using Network ACLs, you can do the following:
Selectively permit or deny incoming traffic based on remote subnet IPv4 address range to a virtual machine input endpoint.
Blacklist IP addresses
Create multiple rules per virtual machine endpoint
Specify up to 50 ACL rules per virtual machine endpoint
Use rule ordering to ensure the correct set of rules are applied on a given virtual machine endpoint (lowest to highest)
Specify an ACL for a specific remote subnet IPv4 address.
Network ACLs can be specified on a Load balanced set (LB Set) endpoint. If an ACL is specified for a LB Set, the Network ACL is applied to all Virtual Machines in that LB Set. For example, if a LB Set is created with “Port 80” and the LB Set contains 3 VMs,
the Network ACL created on endpoint “Port 80” of one VM will automatically apply to the other VMs.
Hope this helps !
Regards,
Sowmya -
With Ajay Kumar and Telmo Pereira
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about configuration and troubleshooting the Cisco Application Control Engine (ACE) load balancer with Cisco expert Ajay Kumar and Telmo Pereira. The Cisco ACE Application Control Engine Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is a next-generation load-balancing and application-delivery solution. A member of the Cisco family of Data Center 3.0 solutions, the module: Helps ensure business continuity by increasing application availability Improves business productivity by accelerating application and server performance Reduces data center power, space, and cooling needs through a virtualized architecture Helps lower operational costs associated with application provisioning and scaling
Ajay Kumar is a customer support engineer in the Cisco Technical Assistance Center in Brussels, covering content delivery network technologies including Cisco Application Control Engine, Cisco Wide Area Application Services, Cisco Content Switching Module, Cisco Content Services Switches, and others. He has been with Cisco for more than four years, working with major customers to help resolve their issues related to content products. He holds DCASI and VCP certifications.
Telmo Pereira is a customer support engineer in the Cisco Technical Assistance Center in Brussels, where he covers all Cisco content delivery network technologies including Cisco Application Control Engine (ACE), Cisco Wide Area Application Services (WAAS), and Digital Media Suite. He has worked with multiple customers around the globe, helping them solve interesting and often highly complex issues. Pereira has worked in the networking field for more than 7 years. He holds a computer science degree as well as multiple certifications including CCNP, DCASI, DCUCI, and VCP
Remember to use the rating system to let Ajay know if you have received an adequate response.
Ajay and Telmo might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community discussion forum Application Networking shortly after the event.
This event lasts through July 26, 2013. Visit this forum often to view responses to your questions and the questions of other community members.Hello Krzysztof,
Another set of good/interesting questions posted. Thanks!
I will try to clarify your doubts.
In the output below both resources (proxy-connections and ssl-connections rate) are configured with a min percentage of resources (column Min), while 'Max' is set to equal to the min.
ACE/Context# show resource usage
Allocation
Resource Current Peak Min Max Denied
-- outputs omitted for brevity --
proxy-connections 0 16358 16358 16358 17872
ssl-connections rate 0 626 626 626 23204
Most columns are self explanatory, 'Current' is current usage, 'Peak' is the maximum value reached, and the most important counter to monitor 'Denied' represents the amount of packets denied/dropped due to exceeding the configured limits.
On the resources themselves, Proxy-connections is simply the amount of proxied connections, in other words all connections handled at layer 7 (SSL connections are proxied, as are any connections with layer 7 load balance policies, or inspection).
So in this particular case for the proxy-connections we see that Peak is equal to the Max allocated, and as we have denies we can conclude that you have surpassed the limits for this resource. We see there were 17872 connections dropped due to that.
ssl-connections rate should be read in the same manner, however all values for this resource are in bytes/s, except for Denied counter, that is simply the amount of packets that were dropped due to exceeding this resource.
For your particular tests you have allocated a min percentage and set max equal to min, this way you make sure that this context will not use any other additional resources.
If you had set the max to unlimited during resource allocation, ACE would be allowed to use additional resources on top of those guaranteed, if those resources were available.
This might sound a great idea, but resource planning on ACE should be done carefully to avoid any sort of oversubscription, specially if you have business critical contexts.
We have a good reference for ACE resource planning that contains also description of all resources (this will help to understand the output better):
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/virtualization/guide/config.html#wp1008224
1) When a resource is utilized to its maximum limit, the ACE denies additional requests made by any context for that resource. In other words, the action is to Drop. ACE should in theory silently drop (No RST is sent back to the client). So unless we changed something on the code, this is what you should see.
To give more context, seeing resets with SSL connections is not necessarily synonym of drops. As it is usual to see them during normal transactions.
For instance Microsoft servers are usually ungracefully terminating SSL connections with RESET. Also when there is renegotiation during an SSL transaction you may see RESETS, but this will pass unnoticed for end users.
2) ACE will simply drop/ignore new connections when we reach the maximum amount of proxied connections for that context. Exisiting connections will continue there.
As ACE doesn't respond back, client would simply retransmit, and if he is lucky maybe in the next attempt he will be able to establish the connection.
To overcome the denies, you will definitely have to increase the resource allocation. This of course, assuming you are not reaching any physical limit of the box.
As mentioned setting max as unlimited might work for you, assuming there are a lot of unused resources on the box.
3) If a new connection comes in with a sticky value, that matches the sticky entry of a real server, which is already in MAXCONNS state, then both the ACE module/appliance should reject the connection and that sticky entry would be removed.
The client would at that point reestablish a new connection and ACE would associate a new sticky entry with the flow for a new RSERVER after the loadbalancing decision.
I hope this makes things clearer! Uff...
Regards,
Telmo -
Load Balancing Health Check Probes
Are these values correct for setting up a load balancer with Exchange 2013 Layer 7? Trying to go over this article from Ross Smith:
http://blogs.technet.com/b/exchange/archive/2014/03/05/load-balancing-in-exchange-2013.aspx
OWA: https:/mail.company.com/owa/healthcheck.htm
ECP: https://mail.company.com/ecp/healthcheck.htm
EWS: https://mail.company.com/ews/healthcheck.htm
EAS: https://mail.company.com/Microsoft-Server-ActiveSync/healthcheck.htm
OAB: https://mail.company.com/OAB/healthcheck.htm
RPC: https://mail.company.com/rpc/healthcheck.htm
MAPI: ?
AutoD: https://autodiscover.company.com/Autodiscover/healthcheck.htm
MCITP Exchange 2010 | MCTS Exchange 2007 | MCITP Lync Server 2010 | MCTS Windows 2008 | MCSE 2003Easy enough to check. Paste each into a browser. If you get a 200 response ( assuming the health probes are active), then you know you are using the correct URLs.
If you are using 2013 SP1 and have MAPI/HTTP enabled it would be https://mail.company.com/mapi/healthcheck.htm
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied. -
Windows Server 2012 R2 - ADFS/Windows Network Load Balancing Converging Issue
Hello,
My name is Brandon. We have started upgrading our servers to Windows Server 2012 R2. We have some powerful servers for running ESXI 5.5 as the OS with the Guest Operating Systems as Windows Server 2012 R2. As far of our migrations/upgrades we have configured
ADFS 2012 R2 into a Server Farm with Windows Network Load Balancing to add redundancy in the event a server goes down.
I have been having issues with a Node with the Cluster getting stuck in the Status of Converging. The only way I have been able to get it back up is to restart the virtual server completely and it is temporary. When I first configure the Cluster the two
virtual servers get added to the Node with no problems and fully converge. However, after some time a node will end up in Converging and this takes Authentication for ADFS down as the nodes can not be contacted over Port 443.
Error: Host: server.domain.com Unable to connect to "server name"
System
Provider
[ Name]
Microsoft-Windows-NLB
[ Guid]
{F22AF71F-C4C3-425D-9653-B2F47B85DD30}
EventID
21
I have tried using 1 & 2 Virtual NICs on the machines and still end up with communication issues. Could someone assist me with why I am having this issue? This is not an issue with a firewall. If it was a firewall it would never communicate the first
time. Has anyone had experience with a similar configuration and how were you able to make it work?
Below is my configuration.
Static ARP Entry for Cluster IP Address has been added to our Layer 3 switch.
Physical Server 1:
ESXI 5.5 HOST
1 NIC CONNECTED (shared with virtual guest)
IP ADDRESS: 192.168.0.5
SUBNET: 255.255.255.0
DGW: 192.168.0.1
Virtual Server 1 (Guest OS)
Physical Server 2:
ESXI 5.5 HOST
1 NIC CONNECTED (shared with virtual guest)
IP ADDRESS: 192.168.0.6
SUBNET: 255.255.255.0
DGW: 192.168.0.1
Virtual Server 2 (Guest OS)
Virtual Servers
Virtual Server 1
MS SERVER 2012 R2 (VIRTUAL)
NLB NODE 2
VIRTUAL NETWORK ADAPTERS
VNIC1 IP ADDRESS 192.168.0.10
SUBNET: 255.255.255.0
DGW: 192.168.0.1
VNIC 2 (NLB)
IP ADDRESS: 192.168.0.11
SUBNET: 255.255.255.0
Virtual Server 2
MS SERVER 2012 R2 (VIRTUAL)
NLB NODE 2
VIRTUAL NETWORK ADAPTERS
VNIC1
IP ADDRESS 192.168.0.20
SUBNET: 255.255.255.0
DGW: 192.168.0.1
VNIC 2 (NLB)
IP ADDRESS: 192.168.0.21
SUBNET: 255.255.255.0
Cluster Configuration/Properties
CLUSTER PROPERTIES CLUSTER IP: 192.168.0.30
CLUSTER SUBNET: 255.255.255.0
FULL INTERNET NAME: FS.DOMAIN.COM
CLUSTER OPERATION MODE: MULTICAST
PORT RULES:
CLUSTER IP ADDRESS
START
END
PROTOCAL
MODE
PRIORITY
LOAD
AFFINITY
ALL
80
80
BOTH
MULTIPLE
EQUAL
NONE
ALL
443
443
BOTH
MULTIPLE
EQUAL
NONE
CLUSTER NODES:
1.) SERVER1.DOMAIN.COM
a. IP: 192.168.0.11
2.) SERVER2.DOMAIN.COM
a. IP: 192.168.0.21Hi,
According to your description, my understanding is that:2 ESXI 5.5 physical devices (192.168.0.5 and 192.168.0.6), each of them has a virtual WS 2012 R2(192.168.0.10 and 192.168.0.20). Cluster the 2 virtual servers successfully, but they corrupt with event
ID 21, and a restart of virtual device will resolve this problem temporarily.
Event ID 21 means that NLB failed to converge due to inconsistencies in the port rules between this host and cluster host. This will occur if the number of port rules or the type of port rules are different between hosts.
Ensure that all NLB hosts have identical port rules. Detailed steps you may reference:
Event ID 21 — NLB Port Rules Configuration
https://technet.microsoft.com/en-us/library/dd364034%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Windows Server 2012 R2 - Windows Network Load Balancing Converging Issue
Hello,
My name is Brandon. We have started upgrading our servers to Windows Server 2012 R2. We have some powerful servers for running ESXI 5.5 as the OS with the Guest Operating Systems as Windows Server 2012 R2. As far of our migrations/upgrades we have configured
ADFS 2012 R2 into a Server Farm with Windows Network Load Balancing to add redundancy in the event a server goes down.
I have been having issues with a Node with the Cluster getting stuck in the Status of Converging. The only way I have been able to get it back up is to restart the virtual server completely and it is temporary. When I first configure the Cluster the two
virtual servers get added to the Node with no problems and fully converge. However, after some time a node will end up in Converging and this takes Authentication for ADFS down as the nodes can not be contacted over Port 443.
Error: Host: server.domain.com Unable to connect to "server name"
System
Provider
Name]
Microsoft-Windows-NLB
Guid]
{F22AF71F-C4C3-425D-9653-B2F47B85DD30}
EventID
21
I have tried using 1 & 2 Virtual NICs on the machines and still receive this error even if only 1 VNIC is assigned to the virtual machine. Could someone assist me with why I am having this issue? Has anyone had experience with a similar configuration
and how were you able to make it work?
Below is my configuration.
Static ARP Entry for Cluster IP Address has been added to our Layer 3 switch.
Physical Server 1:
ESXI 5.5 HOST
1 NIC CONNECTED (shared with virtual guest)
IP ADDRESS: 192.168.0.5
SUBNET: 255.255.255.0
DGW: 192.168.0.1
Virtual Server 1
Physical Server 2:
ESXI 5.5 HOST
1 NIC CONNECTED (shared with virtual guest)
IP ADDRESS: 192.168.0.6
SUBNET: 255.255.255.0
DGW: 192.168.0.1
Virtual Server 2
Virtual Servers
Virtual Server 1
MS SERVER 2012 R2 (VIRTUAL)
NLB NODE
2 – VIRTUAL NETWORK ADAPTERS
VNIC1
IP ADDRESS 192.168.0.10
SUBNET: 255.255.255.0
DGW: 192.168.0.1
VNIC 2 (NLB)
IP ADDRESS: 192.168.0.11
SUBNET: 255.255.255.0
Virtual Server 2
MS SERVER 2012 R2 (VIRTUAL)
NLB NODE
2 – VIRTUAL NETWORK ADAPTERS
VNIC1
IP ADDRESS 192.168.0.20
SUBNET: 255.255.255.0
DGW: 192.168.0.1
VNIC 2 (NLB)
IP ADDRESS: 192.168.0.21
SUBNET: 255.255.255.0
Cluster Configuration/Properties
CLUSTER PROPERTIES
CLUSTER IP: 192.168.0.30
CLUSTER SUBNET: 255.255.255.0
FULL INTERNET NAME: FS.DOMAIN.COM
CLUSTER OPERATION MODE: MULTICAST
PORT RULES:
CLUSTER IP ADDRESS START END PROTOCAL MODE PRIORITY LOAD AFFINITY
ALL 80 80 BOTH MULTIPLE .. EQUAL NONE
ALL 443 443 BOTH MULTIPLE .. EQUAL NONE
CLUSTER NODES:
1.) SERVER1.DOMAIN.COM
a. IP: 192.168.0.11
2.) SERVER2.DOMAIN.COM
a. IP: 192.168.0.21Thank you for your response. It took me a while to figure it out, but the whole issue was related to the type of Virtual Network Adapter I was selecting.
I changed the network adapter from E1000 to VMXNET 3 and have not had a single error in the event logs or Windows NLB.
I read somewhere that VMXNET 3 is preferred for Windows Server 2012 R2.
https://communities.vmware.com/thread/433792
Leyuka May 23, 2013 6:14 AM
"Just a help for everyone with this problem :
After 10 days of research for our virtual datacenter behind a vcloud as iias , i found a solution .
I only run windows 2012 server .
Install vmware tools , remove e1000 network card after a vm stop, add a card same vswitch etc BUT with a vmxnet3 TYPE . DONT USE DEFAULT CARD
Start and enjoy this solution . E1000 and E1000e are just unstable in windows8 / windows 2012 , the network card reset randomly with or without heavy IO. No log in windows , and as a vcloud user i don"t have esxi logs (damn i don't like cloud) and provider
don"t know why ..." -
ACE load balancing based on URL
I am trying to send traffic to one server or another based on the URL. I want traffic to foo.com/selfserv to direct to server A and traffic to foo.com/webui to direct to server B. I found URL inspection etc but I am not sure how to apply it the scenario as I do not want the ACE to inspect all inbound HTTP requests.
The ACE performs regular expression matching against the received packet data from a particular connection based on the HTTP URL string. To configure a class map to make Layer 7 SLB decisions based on the URL name and, optionally, the HTTP method, use the match http url command in class-map HTTP load balance configuration mode.
The ACE performs regular expression matching against the received packet data from a particular connection based on the RTSP URL string. You can configure a class map to make Layer 7 SLB decisions based on the URL name and optionally, the RTSP method, by using the match rtsp url command in class-map RTSP load balance configuration mode.
Configuring Traffic Policies for Server Load Balancing:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html -
Hardware load balancing for 9iAS Release 1 (1.0.2.2.2)?
Hello - we are hoping to deploy a Forms 6i application (SungardSCT Internet Native Banner) with on a group of Solaris V490s behind a pair of F5 BigIP 1500s using SSL. Have done several searches and can only find info for 9iAS Rel 2 and 10g. Can anyone point me to information for 1.0.2.2.2 - in particular if we should be using layer 4 or layer 7 load balancing and what the preferred method of maintaining session is?
thanks
Shelly Feran, McGill UniversityI solved (partially) my problem manually copying from another application server (W2k) the
directory <oracle_home>\806 and all the subdirectory; manually creating the register and manually export and import the HKEY_LOCAL_MACHINE\oracle.
Now Form Server is working but it not coesist with Form Builder that is in a different Oracle Home.
I have to swich from one situation to the other double-clicking on the exported .reg file (one for Form Builder and one for Application Server).
So the problem was only the installer.
Now I have to search to put right value on the registry in order to avoid this manual switch.
Many thanks to the community.!
Fausto -
I am new to CSS. I have CSS 1150 with IOS 7.3. I want to load balancing two servers 192.168.210.55 and 192.168.210.56 on port 80.
My CSS is connected in single arm configuration. Core switch is dong the Inter VLAN routing and CSS is connected in the VLAN 200 access Port.
Servers and CSS are connected to same Layer 3 switch.
CSS is in VLAN 200 (192.168.200.10)
Servers are in VLAN 210
Below is the configuration of my CSS
================================================================================
CSS11501(config)# show run
!Generated on 04/03/2011 16:47:41
!Active version: sg0730106
configure
!*************************** GLOBAL ***************************
username net des-password xxxxxx superuser
logging subsystem flowmgr level debug-7
logging disk log.log
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2
interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD
interface e4
bridge port-fast enable
phy 100Mbits-FD
interface e8
bridge port-fast enable
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.200.10 255.255.255.0
!************************** SERVICE **************************
service Citrix_Xenapp
ip address 192.168.210.55
keepalive port 80
active
service Citrix_Xenapp_2
ip address 192.168.210.56
keepalive port 80
active
!*************************** OWNER ***************************
owner ENOC_Citrix_XENAPP
content Citrix_XENAPP
add service Citrix_Xenapp
add service Citrix_Xenapp_2
vip address 192.168.200.52
protocol tcp
port 80
active
CSS11501(config)# show service
Services (3 entries):
Name: Citrix_Xenapp Index: 0
Type: Local State: Alive
Rule ( 192.168.210.55 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:38:49
Mtu: 1500 State Transitions: 14
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: Citrix_Xenapp_2 Index: 6
Type: Local State: Alive
Rule ( 192.168.210.56 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:39:40
Mtu: 1500 State Transitions: 12
Total Local Connections: 1 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 1 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
CSS11501(config)# sh version
Version: sg0730106 (07.30.1.06)
Flash (Locked): 07.20.2.06
Flash (Operational): 07.30.1.06
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
CSS11501(config)# sh run
!Generated on 04/03/2011 17:39:46
!Active version: sg0730106
configure
!*************************** GLOBAL ***************************
username net des-password xxxxx superuser
logging subsystem flowmgr level debug-7
logging disk log.log
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2
interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD
interface e4
bridge port-fast enable
phy 100Mbits-FD
interface e8
bridge port-fast enable
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.200.10 255.255.255.0
!************************** SERVICE **************************
service Citrix_Xenapp
ip address 192.168.210.55
keepalive port 80
active
service Citrix_Xenapp_2
ip address 192.168.210.56
keepalive port 80
active
!*************************** OWNER ***************************
owner ENOC_Citrix_XENAPP
content Citrix_XENAPP
add service Citrix_Xenapp
add service Citrix_Xenapp_2
vip address 192.168.200.52
protocol tcp
port 80
active
CSS11501(config)# show service
Services (3 entries):
Name: Citrix_Xenapp Index: 0
Type: Local State: Alive
Rule ( 192.168.210.55 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:38:49
Mtu: 1500 State Transitions: 14
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: Citrix_Xenapp_2 Index: 6
Type: Local State: Alive
Rule ( 192.168.210.56 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/03/2011 16:39:40
Mtu: 1500 State Transitions: 12
Total Local Connections: 1 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 1 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
CSS11501(config)# show content
Content Database:
Pieces of content for module: 1
Total Content: 56
CSS11501(config)# show owner
Owner Configuration:
Name: ENOC_Citrix_XENAPP
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
CSS11501(config)# show owner ?
<cr> Execute command
ENOC_Citrix_XENAPP
CSS11501(config)# show owner ENOC_Citrix_XENAPP ?
<cr> Execute command
statistics Show owner statistical information
CSS11501(config)# show owner ENOC_Citrix_XENAPP
Owner Configuration:
Name: ENOC_Citrix_XENAPP
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
CSS11501(config)# show owner ENOC_Citrix_XENAPP statistics
Owner Statistics for <ENOC_Citrix_XENAPP>:
DNS Policy: None Case Sensitivity: Off
Hits: 1 Reject Overload: 0
Bytes: 52 Reject No Services 0
Frames: 1 Drops 0
Redirects 0 NAT Translations: 0
Spoofs: 0
CSS11501(config)#
The load balaning IP is 192.168.200.52 but I cant ping this virtual IP and cant telnet on port 80 on this IP address.
CSS11501(config)# ping 192.168.205.55
Pinging 192.168.205.55 1 time(s)...
Working(-) 0/1
0% Success.
%% Ping Failure
CSS11501(config)# ping 192.168.210.55
Pinging 192.168.210.55 1 time(s)...
Working(-) 1/1
100% Success.
CSS11501(config)# ping 192.168.210.56
Pinging 192.168.210.56 1 time(s)...
Working(-) 1/1
100% Success.
CSS11501(config)# ping 192.168.210.1
Pinging 192.168.210.1 1 time(s)...
Working(-) 1/1
100% Success.
CSS11501(config)# ping 192.168.200.1
Pinging 192.168.200.1 1 time(s)...
Working(-) 1/1
100% Success.
Network connectivity is there. Please let me know what I am missing and how to solve this problem.
Thanks in advance.Thanks for the reply, But I have modified my configuration. Now I am load balancing VLAN 200 Servers where the CSS also located in the same VLAN. Attach is the updated configuration.
I can only ping the VIP but not able to telnet on VIP (192.168.200.65 80).
configure
!*************************** GLOBAL ***************************
username net des-password net@dmin superuser
no restrict web-mgmt
logging subsystem flowmgr level debug-7
logging disk log.log
ip route 0.0.0.0 0.0.0.0 192.168.200.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2
interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD
interface e4
bridge port-fast enable
phy 100Mbits-FD
interface e8
bridge port-fast enable
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.200.10 255.255.255.0
!************************** SERVICE **************************
service Citrix_Xenapp
ip address 192.168.210.55
keepalive port 80
active
service Citrix_Xenapp_2
ip address 192.168.210.56
keepalive port 80
active
service ENOC_EFAX_1
ip address 192.168.200.66
keepalive type none
protocol tcp
port 80
active
service ENOC_EFAX_2
ip address 192.168.200.67
keepalive type none
port 80
protocol tcp
active
!*************************** OWNER ***************************
owner ENOC_Citrix_XENAPP
content Citrix_XENAPP
add service Citrix_Xenapp
add service Citrix_Xenapp_2
vip address 192.168.200.52
protocol tcp
port 80
active
owner ENOC_EFAX
content EFAX
add service ENOC_EFAX_2
add service ENOC_EFAX_1
vip address 192.168.200.65
protocol tcp
port 80
active
!*************************** GROUP ***************************
group EFAX
vip address 192.168.200.65
add service ENOC_EFAX_1
add service ENOC_EFAX_2
active
=====================
CSS11501(config)# show flow
flow-timeout Display flow-timeout values.
flows Show flow summary information
CSS11501(config)# show flow 0.0.0.0
^
%% Invalid input detected at '^' marker.
CSS11501(config)# show flows 0.0.0.0
Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort
192.168.80.89 4567 192.168.200.65 80 192.168.200.67 TCP e8 e8
192.168.200.67 80 192.168.80.89 4567 192.168.80.89 TCP e8 e8
192.168.80.89 2474 192.168.200.10 23 0.0.0.0 TCP e8 Ipv4
CSS11501(config)# show service
Services (5 entries):
Name: Citrix_Xenapp Index: 0
Type: Local State: Alive
Rule ( 192.168.210.55 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: Citrix_Xenapp_2 Index: 6
Type: Local State: Alive
Rule ( 192.168.210.56 ANY ANY )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (ICMP 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: ENOC_EFAX_1 Index: 1
Type: Local State: Alive
Rule ( 192.168.200.66 TCP 80 )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (NONE 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 1 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 1 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
Name: ENOC_EFAX_2 Index: 2
Type: Local State: Alive
Rule ( 192.168.200.67 TCP 80 )
Session Redundancy: Disabled
Redirect Domain:
Redirect String:
Keepalive: (NONE 5 3 5 )
Last Clearing of Stats Counters: 04/04/2011 21:57:17
Mtu: 1500 State Transitions: 0
Total Local Connections: 2 Total Backup Connections: 0
Current Local Connections: 1 Current Backup Connections: 0
Total Connections: 2 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 2
DFP: Disable
CSS11501(config)# show service summary
Service Name State Conn Weight Avg State
Load Transitions
Citrix_Xenapp Alive 0 1 2 0
Citrix_Xenapp_2 Alive 0 1 2 0
ENOC_EFAX_1 Alive 0 1 2 0
ENOC_EFAX_2 Alive 1 1 2 0
CSS11501(config)# show rule
Content Rules:
///\\\ The Duke of Url.
{ O--O }
[||]
>>>>>>>>
Name: EFAX Owner: ENOC_EFAX
State: Active Type: HTTP
Balance: Round Robin Failover: N/A
Persistence: Enabled Param-Bypass: Disabled
Session Redundancy: Disabled
IP Redundancy: Not Redundant
L3: 192.168.200.65
L4: TCP/80
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: ENOC_EFAX_1-Alive, S-1
2: ENOC_EFAX_2-Alive, S-1
>>>>>>>>
Name: Citrix_XENAPP Owner: ENOC_Citrix_XENAPP
State: Active Type: HTTP
Balance: Round Robin Failover: N/A
Persistence: Enabled Param-Bypass: Disabled
Session Redundancy: Disabled
IP Redundancy: Not Redundant
L3: 192.168.200.52
L4: TCP/80
Url:
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: Citrix_Xenapp-Alive, S-1
2: Citrix_Xenapp_2-Alive, S-1
CSS11501(config)# show content
Content Database:
Pieces of content for module: 1
Total Content: 56
CSS11501(config)# show owner
Owner Configuration:
Name: ENOC_EFAX
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
Name: ENOC_Citrix_XENAPP
Billing Info:
Address:
Email Address:
DNS Policy: none
Case Matching: Insensitive
CSS11501(config)#
Please let me know what I am missing and also one link is not working.
To configure source nat you can refer to the following:
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/configuration/content_lb/guide/SGrp.html -
Load balancing across DMZs - Revisited
I know this question has been asked before and the answer is to have separate content switches per DMZ in order to maintain the security policy. There is an option to have the content switch in front of the firewall and then use only one content switch to load balance across multiple DMZs. Is this an acceptable design or the recommendation is to have a separate content switch behind the firewall for each DMZ of the firewall?
Can a Cisco 6500 with CSM be configured for multiple layer 2 load balanced VLANs thus achieving a mutiple DMZ load balancing scenario with only one switch/CSM?How do you connect the router to the firewall ?
Problem is the response from the server to a client on the internet.
Traffic needs to get back to the CSS and if the firewall default gateway is the router, the response will not go to the CSS and the CSS will reset it.
If you configure the default gateway of the firewall to be the CSS, than all traffic from your network to the outside will go through the CSS.
This could be a concern as well.
If you don't need to know the ip address of the client for your reporting, you can enable client nat on the CSS to guarantee that server response is sent to the css without having the firewall default gateway pointing at the CSS.
Gilles. -
11i load balancing web nodes without use of Hardware http load balancer
I am looking at note 217368.1 (Advanced Configurations and Topologies for Enterprise Deployments of E-Business Suite 11i) and some other notes on load balancing but some aspects are not clear.
Aim is to implement load balancing traffic to web nodes without using Hardware ( BigIP, cisco etc) for HTTP layer load balancing.
Which is more preferable between dns or Apache Jserv load balancer ?
Need details like failover capabilities, death detection of node, functionality testing and ways to monitor Apache Jserv load balancer.
Any help in this regard is welcome .
thx
arunOracle recommends using loadbalancing hardware rather than using DNS. If you want the features you mention above, you will need a hardware loadbalancer.
http://blogs.oracle.com/stevenChan/2006/06/indepth_loadbalancing_ebusines.html
http://blogs.oracle.com/stevenChan/2009/01/using_cisco_ace_series_hardware_load-balancers_ebs12.html
HTH
Srini -
Load Balancing with OSPF and maximum-paths command
Hello,
Just a quick query really, we have a disribution layer 3 switch, in its routing table it has 3 default routes all with the same metric from the core router, this is because the core router is setup with the comamnd "default-information originate always metric 50" which obviously proagates the default route around the area and the metric never changes from 50.
So i have a routing table that looks like this:
O*E2 0.0.0.0/0 [110/50] via 77.95.176.9, 06:44:51, GigabitEthernet4/9
[110/50] via 77.95.176.17, 06:44:51, Vlan903
[110/50] via 91.203.72.5, 06:44:51, Vlan262
Three default routes with the same metric, does this mean that the router IOS will load balance traffic over all three routes evenly? I mean i have been reading up on it and appartemtly i dont have the command "maximum-paths 3" under my ospf process?
I have been doing some traceroutes from this switch to the internet (various sites) and all the traffic seems to be going out over the first route in the table that next hop is 77.95.176.9
My question is how can i verify that load balancing is taking place, or if its not then i need to add this "maximum-paths 3" command to the ospf on the local switch? I would say load balancing is not taking place but im sure i have seen traffic from one customer being routes over all 3 paths due to matching spikes on the SNMP sensors?
Many Thanks.
MattDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Yes, your traffic should use all three paths, as Rick notes, OSPF, on Cisco, normally defaults to using up to 4 equal cost paths.
As Rick also notes mentioning CEF, how actual traffic is forwarded across ECMP can vary. Often, the device will keep all traffic for the same flow on the same egress port, and attributes selected for actual egress port selection might be deterministic. I.e. it's possible same traffic flow will always be sent to the same egress port. (This means even with ECMP, you may not see an equal load distribution.)
Maybe you are looking for
-
How can I get a replacement laptop battery for my Compac Presario CQ61?
My computer alerted me to the fact that I had to replace my laptop battery ( it had a cross whenever i was charging it), then my computer went dead and i haven't been able to turn it on. Can I buy a laptop battery from the HP website? Product name Co
-
I have tried to recovery in itunes and restore it but it keeps giving me the error message the message that it cant connect. I am connected to the internet but it says it cant find it. I dont know whats wrong. I did see another message about changing
-
Hi All I have to read ATTACHMENT LIST for one Accounting document(Tcode FB03). Any poniters on how to read GOS\ATTACHMENT LIST. Thanks in advance
-
Hi guys... I need to create Pop up windows with a scroll like this sample web (click READ MORE): SAMPLE Anyone knows about a tutorial?? Thanks in advance
-
Where are _correct_ directions for installing the Adobe Flash Reader plug-in
There are directions for installing Adobe Flash Player in its new Firefox incarnation as a plug-in rather than its old incarnation as a stand-alone program. Unfortunately, the directions are not for the current versions of either Firefox or Adobe Fla