Load balancing LDAP Servers
Hi
Load balancing to be achieved on two LDAP Servers.
In CSS, round robin configuration is carried out between the LDAP Servers.
My query is when the client initiates the tcp connection to CSS VIP Address and which in turn redirected the request to server A termed as LDAP binding. During that and any activities like LDAP modify comunication from the client will the CSS sees that as different request and redirect it to the Server B( as Round robin configuration carried out) ?
Any help on this higly appreciated.
Thanks & regards
R.Sundara Rajan
If I am reading your question correctly, it sounds like you are asking if, once a TCP session is established to the VIP, if subsequent LDAP transactions from that connecting client will be load balanced.
The answer is no, once the TCP session is established, you will continue to use the same backend server until the TCP session ends(fin or rst or whatever).
Simply described in a healthy system, from TCP SYN to FIN everything will be directed to the same server.
Similar Messages
-
Load Balance HTTPS servers with redirection
Hello,
I have been tasked with ACE configuration at work as the prior go-to guy for load balancing is no longer available. Trouble is, I have little idea what I’m doing when it comes to the ACE. So, forgive me if the question I have is super basic. After doing some research I put together a LB config, but its not working.
I was trying to load balance 10 servers, split into groups of 2 using 5 VIPS (1 VIP for each group of 2 servers). The servers serve an ssl web app.
Below is my configuration. What am I doing wrong? Does the config have any glaring errors? I've been staring at this thing on and off for a week and searching these forums trying to figure it out.
Any help provided will greatly appreciated.
probe tcp probe_443
port 443
interval 30
passdetect interval 5
probe https probe_https_test
interval 30
passdetect interval 5
ssl version all
request method get url /test.html
expect status 200 200
rserver host QA-1.1
ip address 10.200.162.126
inservice
rserver host QA-1.2
ip address 10.200.162.127
inservice
rserver redirect QA-group_1_redirect_rserver
webhost-redirection https://10.37.5.73/ 302
inservice
rserver host QA-2.1
ip address 10.200.162.22
inservice
rserver host QA-2.2
ip address 10.200.162.240
inservice
rserver redirect QA-group_2_redirect_rserver
webhost-redirection https://10.37.5.74/ 302
inservice
rserver host QA-3.1
ip address 10.200.162.181
inservice
rserver host QA-3.2
ip address 10.200.162.50
inservice
rserver redirect QA-group_3_redirect_rserver
webhost-redirection https://10.37.5.75/ 302
inservice
rserver host QA-4.1
ip address 10.200.162.23
inservice
rserver host QA-4.2
ip address 10.200.162.241
inservice
rserver redirect QA-group_4_redirect_rserver
webhost-redirection https://10.37.5.76/ 302
inservice
rserver host QA-5.1
ip address 10.200.162.182
inservice
rserver host QA-5.2
ip address 10.200.162.51
inservice
rserver redirect QA-group_5_redirect_rserver
webhost-redirection https://10.37.5.77/ 302
inservice
serverfarm host SF_QA-group_1_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-1.1 443
inservice
rserver QA-1. 2 443
inservice
serverfarm host SF_QA-group_2_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-2.1 443
inservice
rserver QA-2. 2 443
inservice
serverfarm host SF_QA-group_3_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-3.1 443
inservice
rserver QA-3. 2 443
inservice
serverfarm host SF_QA-group_4_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-4.1 443
inservice
rserver QA-4. 2 443
inservice
serverfarm host SF_QA-group_5_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-5.1 443
inservice
rserver QA-5. 2 443
inservice
serverfarm redirect SF_ QA-group_1_REDIRECT
rserver QA-group_1_redirect_rserver
inservice
serverfarm redirect SF_ QA-group_2_REDIRECT
rserver QA-group_2_redirect_rserver
inservice
serverfarm redirect SF_ QA-group_3_REDIRECT
rserver QA-group_3_redirect_rserver
inservice
serverfarm redirect SF_ QA-group_4_REDIRECT
rserver QA-group_4_redirect_rserver
inservice
serverfarm redirect SF_ QA-group_5_REDIRECT
rserver QA-group_5_redirect_rserver
inservice
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_1_STICKY
serverfarm SF_ QA-group_1_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_2_STICKY
serverfarm SF_ QA-group_2_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_3_STICKY
serverfarm SF_ QA-group_3_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_4_STICKY
serverfarm SF_ QA-group_4_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_5_STICKY
serverfarm SF_ QA-group_5_HTTPS
timeout 30
replicate sticky
class-map match-all QA-group_1_HTTP
3 match virtual-address 10.37.5.73 tcp eq www
class-map match-all QA-group_1_HTTPS
3 match virtual-address 10.37.5.73 tcp eq https
class-map match-all QA-group_2_HTTP
3 match virtual-address 10.37.5.74 tcp eq www
class-map match-all QA-group_2_HTTPS
3 match virtual-address 10.37.5.74 tcp eq https
class-map match-all QA-group_3_HTTP
3 match virtual-address 10.37.5.75 tcp eq www
class-map match-all QA-group_3_HTTPS
3 match virtual-address 10.37.5.75 tcp eq https
class-map match-all QA-group_4_HTTP
3 match virtual-address 10.37.5.76 tcp eq www
class-map match-all QA-group_4_HTTPS
3 match virtual-address 10.37.5.76 tcp eq https
class-map match-all QA-group_5_HTTPS
3 match virtual-address 10.37.5.77 tcp eq www
class-map match-all QA-group_5_HTTPS
3 match virtual-address 10.37.5.77 tcp eq https
class-map type management match-any remote-management
2 match protocol http any
3 match protocol https any
4 match protocol icmp any
5 match protocol snmp any
6 match protocol ssh any
policy-map type management first-match remote-access
class remote-management
permit
policy-map type loadbalance first-match QA-group_1_REDIRECT
class class-default
serverfarm SF_ QA-group_1_REDIRECT
policy-map type loadbalance first-match QA-group_2_REDIRECT
class class-default
serverfarm SF_ QA-group_2_REDIRECT
policy-map type loadbalance first-match QA-group_3_REDIRECT
class class-default
serverfarm SF_ QA-group_3_REDIRECT
policy-map type loadbalance first-match QA-group_4_REDIRECT
class class-default
serverfarm SF_ QA-group_4_REDIRECT
policy-map type loadbalance first-match QA-group_5_REDIRECT
class class-default
serverfarm SF_ QA-group_5_REDIRECT
policy-map multi-match SERVICE_VIPS
class QA-group_1_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_1_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_1_HTTP
loadbalance vip inservice
loadbalance policy QA-group_1_REDIRECT
class QA-group_2_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_2_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_2_HTTP
loadbalance vip inservice
loadbalance policy QA-group_2_REDIRECT
class QA-group_3_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_3_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_3_HTTP
loadbalance vip inservice
loadbalance policy QA-group_3_REDIRECT
class QA-group_4_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_4_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_4_HTTP
loadbalance vip inservice
loadbalance policy QA-group_4_REDIRECT
class QA-group_5_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_4_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_5_HTTP
loadbalance vip inservice
loadbalance policy QA-group_4_REDIRECT
interface vlan 25
ip address 10.37.5.72 255.255.255.0
access-group input everyone
service-policy input remote-access
service-policy input SERVICE_VIPS
no shutdown
ip route 0.0.0.0 0.0.0.0 10.37.5.1Fnu,
Thank you so much for your reply.
At this point I can get to the real server IP's via ping and https in a browser from my PC. I can also ping the gateway and all the real server IP's from the ACE context i'm working on. However, the VIPS are not working. When I attempt to use one of the VIPS in the browser, the request times out. When I issue the command ":show service-policy" I see a hit count (which increments every time I try and reach the VIP via the browser) but the dropped counter is equal to the hit counter. I will paste the running config from the context I’m working in along with the output from the show service-policy command.
Any suggestions on how I can get this working would be greatly appreciated.
csc# show run
Generating configuration....
access-list Servers line 3 extended permit tcp any any eq https
access-list Servers line 5 extended permit tcp any any eq www
access-list everyone line 1 extended permit ip any any
access-list everyone line 2 extended permit icmp any any
probe tcp probe_443
port 443
interval 30
passdetect interval 5
rserver host QA-1.1
ip address 10.37.5.111
inservice
rserver host QA-1.2
ip address 10.37.5.88
inservice
rserver host QA-2.1
ip address 10.37.5.84
inservice
rserver host QA-2.2
ip address 10.37.5.89
inservice
rserver host QA-3.1
ip address 10.37.5.85
inservice
rserver host QA-3.2
ip address 10.37.5.90
inservice
rserver host QA-4.1
ip address 10.37.5.86
inservice
rserver host QA-4.2
ip address 10.37.5.81
inservice
rserver host QA-5.1
ip address 10.37.5.87
inservice
rserver host QA-5.2
ip address 10.37.5.92
inservice
rserver redirect QA-group_1_redirect_rserver
webhost-redirection https://10.37.5.93/ 302
inservice
rserver redirect QA-group_2_redirect_rserver
webhost-redirection https://10.37.5.94/ 302
inservice
rserver redirect QA-group_3_redirect_rserver
webhost-redirection https://10.37.5.95/ 302
inservice
rserver redirect QA-group_4_redirect_rserver
webhost-redirection https://10.37.5.96/ 302
inservice
rserver redirect QA-group_5_redirect_rserver
webhost-redirection https://10.37.5.97/ 302
inservice
serverfarm host SF_QA-group_1_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-1.1 443
inservice
rserver QA-1.2 443
inservice
serverfarm redirect SF_QA-group_1_REDIRECT
rserver QA-group_1_redirect_rserver
inservice
serverfarm host SF_QA-group_2_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-2.1 443
inservice
rserver QA-2.2 443
inservice
serverfarm redirect SF_QA-group_2_REDIRECT
rserver QA-group_2_redirect_rserver
inservice
serverfarm host SF_QA-group_3_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-3.1 443
inservice
rserver QA-3.2 443
inservice
serverfarm redirect SF_QA-group_3_REDIRECT
rserver QA-group_3_redirect_rserver
inservice
serverfarm host SF_QA-group_4_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-4.1 443
inservice
rserver QA-4.2 443
inservice
serverfarm redirect SF_QA-group_4_REDIRECT
rserver QA-group_4_redirect_rserver
inservice
serverfarm host SF_QA-group_5_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-5.1 443
inservice
rserver QA-5.2 443
inservice
serverfarm redirect SF_QA-group_5_REDIRECT
rserver QA-group_5_redirect_rserver
inservice
serverfarm host SF_QA-group_HTTPS
serverfarm host SF_QA-group__HTTPS
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_1_STICKY
serverfarm SF_QA-group_1_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_2_STICKY
serverfarm SF_QA-group_2_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_3_STICKY
serverfarm SF_QA-group_3_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_4_STICKY
serverfarm SF_QA-group_4_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_5_STICKY
serverfarm SF_QA-group_5_HTTPS
timeout 30
replicate sticky
class-map match-all QA-group_1_HTTP
3 match virtual-address 10.37.5.93 tcp eq www
class-map match-all QA-group_1_HTTPS
3 match virtual-address 10.37.5.93 tcp eq https
class-map match-all QA-group_2_HTTP
3 match virtual-address 10.37.5.94 tcp eq www
class-map match-all QA-group_2_HTTPS
3 match virtual-address 10.37.5.94 tcp eq https
class-map match-all QA-group_3_HTTP
3 match virtual-address 10.37.5.95 tcp eq www
class-map match-all QA-group_3_HTTPS
3 match virtual-address 10.37.5.95 tcp eq https
class-map match-all QA-group_4_HTTP
3 match virtual-address 10.37.5.96 tcp eq www
class-map match-all QA-group_4_HTTPS
3 match virtual-address 10.37.5.76 tcp eq https
class-map match-all QA-group_5_HTTP
3 match virtual-address 10.37.5.97 tcp eq www
class-map match-all QA-group_5_HTTPS
3 match virtual-address 10.37.5.97 tcp eq https
class-map type management match-any remote-management
2 match protocol http any
3 match protocol https any
4 match protocol icmp any
5 match protocol snmp any
6 match protocol ssh any
policy-map type management first-match remote-access
class remote-management
permit
policy-map type loadbalance first-match QA-group_1_REDIRECT
class class-default
policy-map type loadbalance first-match QA-group_2_REDIRECT
class class-default
serverfarm SF_QA-group_2_REDIRECT
policy-map type loadbalance first-match QA-group_3_REDIRECT
class class-default
serverfarm SF_QA-group_3_REDIRECT
policy-map type loadbalance first-match QA-group_4_REDIRECT
class class-default
serverfarm SF_QA-group_4_REDIRECT
policy-map type loadbalance first-match QA-group_5_REDIRECT
class class-default
serverfarm SF_QA-group_5_REDIRECT
policy-map multi-match SERVICE_VIPS
class QA-group_1_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_1_REDIRECT
loadbalance vip icmp-reply
class QA-group_1_HTTP
loadbalance vip inservice
loadbalance policy QA-group_1_REDIRECT
class QA-group_2_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_2_REDIRECT
loadbalance vip icmp-reply
class QA-group_2_HTTP
loadbalance vip inservice
loadbalance policy QA-group_2_REDIRECT
class QA-group_3_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_3_REDIRECT
loadbalance vip icmp-reply
class QA-group_3_HTTP
loadbalance vip inservice
loadbalance policy QA-group_3_REDIRECT
class QA-group_4_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_4_REDIRECT
loadbalance vip icmp-reply
class QA-group_4_HTTP
loadbalance vip inservice
loadbalance policy QA-group_4_REDIRECT
class QA-group_5_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_5_REDIRECT
loadbalance vip icmp-reply
class QA-group_5_HTTP
loadbalance vip inservice
loadbalance policy QA-group_5_REDIRECT
interface vlan 25
ip address 10.37.5.98 255.255.255.0
access-group input everyone
service-policy input remote-access
service-policy input SERVICE_VIPS
no shutdown
ip route 0.0.0.0 0.0.0.0 10.37.5.1
csc# show service-policy SERVICE_VIPS
Status : ACTIVE
Interface: vlan 25
service-policy: SERVICE_VIPS
class: QA-group_1_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_1_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP state: OUTOFSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: DISABLED
curr conns : 0 , hit count : 122
dropped conns : 122
conns per second : 0
client pkt count : 122 , client byte count: 6164
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_1_HTTP
loadbalance:
L7 loadbalance policy: QA-group_1_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP state: OUTOFSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: DISABLED
curr conns : 0 , hit count : 58
dropped conns : 58
conns per second : 0
client pkt count : 58 , client byte count: 3628
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_2_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_2_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 13
dropped conns : 0
conns per second : 0
client pkt count : 74 , client byte count: 7648
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_2_HTTP
loadbalance:
L7 loadbalance policy: QA-group_2_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 3
dropped conns : 0
conns per second : 0
client pkt count : 12 , client byte count: 1398
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_3_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_3_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 34
dropped conns : 0
conns per second : 0
client pkt count : 201 , client byte count: 23495
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_3_HTTP
loadbalance:
L7 loadbalance policy: QA-group_3_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 5
dropped conns : 0
conns per second : 0
client pkt count : 20 , client byte count: 1907
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_4_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_4_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 0
dropped conns : 0
conns per second : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_4_HTTP
loadbalance:
L7 loadbalance policy: QA-group_4_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 2
dropped conns : 0
conns per second : 0
client pkt count : 8 , client byte count: 697
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_5_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_5_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 0
dropped conns : 0
conns per second : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_5_HTTP
loadbalance:
L7 loadbalance policy: QA-group_5_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 0
dropped conns : 0
conns per second : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0 -
Load Balancing Linux servers with CSS 11050 series
We would like to load balance Linux FTP and Web servers with a CSS 11050 series device. Does the content switch use SNMP to load balance the servers? If so, which MIBs need to be loaded on the servers?
I dont believe that the CSS supports any SNMP load balancing mechanism.
There is basically two factors involved in load balancing. One: the state of the servers which can be done via a range of mechanisms including ping, TCP connection, Application request, etc. Two: the way a server is chosen when a request comes in including round-robin, least connections, ACA etc.
Checkout these links:-
http://www.cisco.com/warp/customer/117/basic_css_lb_config.html
http://www.cisco.com/warp/customer/117/methods_load_bal.html -
Load balancing sftp servers on css11503
I have an 11503 and I am trying to load balance sftp servers behind it. not sure why it's not working.
here is the content rule:
content test_sftp
add service www1_sftp
add service www2_sftp
port 22
protocol tcp
balance aca
advanced-balance sticky-srcip
vip address 172.17.0.248
active
here are the service rules:
service www1_sftp
ip address 172.17.0.27
protocol tcp
keepalive port 22
keepalive type tcp
active
service www2_sftp
ip address 172.17.0.25
protocol tcp
keepalive port 22
keepalive type tcp
active
couple of questions:
1) do I need to set up a source group like I would have to for ftp? Does the return traffic from the servers need to be NAT'd back out as the VIP?
2) the content rule and service rules are all set for port 22 only....is that enough ports open for the control and data channels? I think sftp uses port 22 for both.
Any assistance would be greatly appreciated.
Thanks!
SandeepYou definitely need a group to nat the data-channel.
But I'm not even sure that will make it work.
You can give it a try so.
Gilles. -
Load balance LDAP with the CSS 501
I'm trying to setup a content rule to test load balancing LDAP traffic via the CSS but it doesn't seem to be working. Here's my configuration:
service 10.125.5.56:389
ip address 10.125.5.56
protocol tcp
port 389
keepalive type script ap-kal-ldap "10.125.5.56"
active
content test-ldap:389
vip address 10.124.155.50
add service 10.125.5.56:389
protocol tcp
balance aca
port 389
advanced-balance sticky-srcip-dstport
active
Anything I'm doing wrong? I see somebody posted a similar issue but doesn't seem like a solution was provided (see below):
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Data%20Center&topic=Application%20Networking&topicID=.ee7814f&fromOutline=true&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dda3585/2What's the issue ?
Get a sniffer trace simultanously on client and server and see what's going on.
G. -
ACE to load balance Citrix servers
Hello,
Have anyone configured ACE Modules to load balance Citrix Servers (HTTP) ?
Any special considerations needed?
Many thanks,HI Javier,
There is one complete design guide available on ciso site.
Kindly go through the below mentioned URL for complete config for ACE to load balance CITRIX as follows:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/App_Networking/citrixdg_final.html
You will get othe design guides also which can be very useful:
http://www.cisco.com/en/US/netsol/ns751/networking_solutions_design_guidances_list.html
Sachin Garg -
Load Balancing Directory Servers with Access Manager - Simple questions
Hi.
We are in the process of configuring 2 Access Manager instances (servers) accessing the same logical LDAP repository (comprising physically of two Directory Servers working together with Multi-Master Replication configured and tested) For doing this, we are following guide number 819-6258.
The guide uses BigIP load balancer for load balancing the directory servers. However, we intend to use Directory Proxy Server. Since we faced some (unresolved) issues last time that we used DPS, there are some simple questions that I would be very grateful to have answers to:
1. The guide, in section 3.2.10 (To configure Access Manager 1 with the Directory Server load balancer), talks about making changes at 4 places, and replacing the existing entry (hostname and port) with the load balancer's hostname and port (assuming that the load balancer has already been configured). It says that changes need not be made on Access Manager 2 since the LDAPs are in replication, and hence changes will be replicated at all places. However, the guide also states that changes have to be made in two files, namely AMConfig.properties, and the serverconfig.xml file. But these changes will not be reflected on Access Manager 2, since these files are local on each machine.
Question 1. Do changes have to be made in AMConfig.properties and serverconfig.xml files on the other machine hosting Access Manager 2?
Question 2: What is the purpose of putting these values here? Specifically, what is achieved by specifying the Directory server host and port in AMConfig.properties, as well as in serverconfig.xml?
Question 3. In the HTTP console, there is the option of specifying multiple primary LDAP servers, as well as multiple secondary LDAP servers. What is the purpose of these? Are secondary servers attempted when none of the list in the primary list are accessible? Also, if there are multiple entries in the primary server list, are they accessed in a round robin fashion (hereby providing rudimentary load balancing), or are other servers accessed only when the one mentioned first is not reachable etc.?
2. Since I do not have a load balancer setup yet, I tried the following deviation to the above, which, according to me, should have worked. If viewed in the HTTP console, LDAP / Membership / MSISDN and Policy configuration all pointed to the DS on host 1. When I changed all these to point to the directory server on host 2 (and made AMConfig.properties and serverconfig.xml on host 1 point to DS of host 2 as well), things should have worked fine, but apparently Access manager 1 could not be started. Error from Webserver:
[14/Aug/2006:04:30:36] info (13937): WEB0100: Loading web module in virtual server [https-machine_1_FQDN] at [search]
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: Exception in thread "EventService" java.lang.ExceptionInInitializerError
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at com.iplanet.services.ldap.event.EventServicePolling.run(EventServicePolling.java:132)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at java.lang.Thread.run(Thread.java:595)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: Caused by: java.lang.InterruptedException
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at com.sun.identity.sm.ServiceManager.<clinit>(ServiceManager.java:74)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: ... 2 more
In effect, AM on 1 did not start. On rolling back the changes, things again worked like previously.
Will be really grateful for any help / insight / experience on dealing with the above.
Thanks!Update to the above, incase anyone is reading:
We setup a similar setup in Windows, and it worked. Here is a detailed account of what was done:
1. Host 1: Start installer, install automatically, chose Directory server, Directory Administration server, Directory Proxy server, Web server, Access Manager.
All installed, and worked fine. (AMConfig.properties, serverconfig.xml, and the info in LDAP service, all pointed to HOST1:389)
2. Host 2: Start installer, install automatically, chose Directory server, Directory Administration server, Directory Proxy server, Web server, Access Manager.
All installed, and worked fine. (AMConfig.properties, serverconfig.xml, and the info in LDAP service, all pointed to HOST2:389)
3. Host 1: Started replication. Set to Master
4. Host 2: Started replication. Set to Master
5. Host 1: Setup replication agreement to Host 2
6. Host 2: Setup replication agreement to Host 1
7. Initiated the remote replica from Host 1 ----> Host 2
Note that since default installation uses abc.....xyz as the encryption key, setting this to same was not an issue.
9. Started webserver for Host 1 and logged into AM as amadmin.
10. Added Host 2 FQDN in DNS Aliases / Realms
11. Added http://HOST2_FQDN:80 in the Platform server (instance) list.
12. Started Host 2 webserver. Logged in AM on Host 2, things worked fine.
At this stage, note the following:
a) Host 1:
AMConfig.properties file has
com.iplanet.am.directory.host=host1_FQDN
and
com.iplanet.am.directory.port=389
serverconfig.xml has:
<Server name="Server1" host="host1_FQDN" port="389" type="SIMPLE" />
b) Host 2:
AMConfig.properties file has
com.iplanet.am.directory.host=host2_FQDN
and
com.iplanet.am.directory.port=389
serverconfig.xml has:
<Server name="Server1" host="host2_FQDN" port="389" type="SIMPLE" />
c) If one logs into AM, and checks LDAP servers for LDAP / Policy Configuration / Membership etc services, they all contain Host2_FQDN:389 (which makes sense, since replica 2 was initialized from 1)
Returning back to the configuations:
13. On Host 1, login into the Admin server console of the Directory server. Navigate to the DPS, and confgure the following:
a) Network Group
b) LDAP servers
c) Load Balancing
d) Change Group
e) Action on-bind
f) Allow all actions (permit modification / deletion etc.).
g) any other configuations required - Am willing to give detailed steps if someone needs them to help me / themselves! :)
So now, we have DPS configured and running on Host1:489, and distributing load to DS1 and DS2 on a 50:50 basis.
14. Now, log into AM on Host 1, and instead of Host1_fqdn:389 (for DS) in the following places, specify Host1_fqdn:489 (for the DPS)--
LDAP Authentication
MSISDN server
Membership Service
Policy configuation.
Verified that this propagated to the Policy Configuration service and the LDAP authentication service that are already registered with the default organization.
15. Log out of AM. Following the documentation, modify directory.host and directory.port in AMConfig.properties to point to Host 1_FQDN and 489 respectively. Make this change in AMConfig.properties of both Host 1 as well as 2.
16. Edit serverconfig.xml on both hosts, and instead of they pointing to their local directory servers, point both to host1_FQDN:489
17. When you start the webserver, it will refuse to start. Will spew errors such as:
[https-host1_FQDN]: Sun ONE Web Server 6.1SP5 B06/23/2005 17:36
[https-host1_FQDN]: info: CORE3016: daemon is running as super-user
[https-host1_FQDN]: info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.5.0_04] from [Sun Microsystems Inc.]
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amserver]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [ampassword]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amcommon]
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amconsole]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [search]
[https-host1_FQDN]: warning: CORE3283: stderr: netscape.ldap.LDAPException: error result (32); matchedDN = dc=sun,dc=com; No such object (DN changed)
[https-host1_FQDN]: warning: CORE3283: stderr: Got LDAPServiceException code=-1
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getConnection(DSConfigMgr.java:357)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewFailoverConnection(DSConfigMgr.java:314)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewConnection(DSConfigMgr.java:253)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewProxyConnection(DSConfigMgr.java:184)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewProxyConnection(DSConfigMgr.java:194)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.initLdapPool(DataLayer.java:1248)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.(DataLayer.java:190)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.getInstance(DataLayer.java:215)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.getInstance(DataLayer.java:246)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ldap.SMSLdapObject.initialize(SMSLdapObject.java:156)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ldap.SMSLdapObject.(SMSLdapObject.java:124)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.Class.newInstance0(Class.java:350)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.Class.newInstance(Class.java:303)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.SMSEntry.(SMSEntry.java:216)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ServiceSchemaManager.(ServiceSchemaManager.java:67)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.am.util.AMClientDetector.getServiceSchemaManager(AMClientDetector.java:219)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.am.util.AMClientDetector.(AMClientDetector.java:94)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.mobile.filter.AMLController.init(AMLController.java:85)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:262)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:322)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:120)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3271)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3747)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]: failure: WebModule[amserver]: WEB2783: Servlet /amserver threw load() exception
[https-host1_FQDN]: javax.servlet.ServletException: WEB2778: Servlet.init() for servlet LoginLogoutMapping threw exception
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:949)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
[https-host1_FQDN]: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]: ----- Root Cause -----
[https-host1_FQDN]: java.lang.NullPointerException
[https-host1_FQDN]: at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
[https-host1_FQDN]: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]:
[https-host1_FQDN]: info: HTTP3072: [LS ls1] http://host1_FQDN:58080 [i]ready to accept requests
[https-host1_FQDN]: startup: server started successfully
Success!
The server https-host1_FQDN has started up.
The server infact, didn't start up (nothing even listening on 58080).
However, if AMConfig.properties is left as it originally was, and only serverconfig.xml files were changed as mentioned above, web servers started fine, and things worked all okay. (Alright, except for some glitches when viewed in /amconsole. If /amserver/console is accessed, all is good. Can this mean that all is still not well? I am not sure).
So far so good. Now comes the sad part. When the same is done on Solaris 9, things dont work. You continue to get the above error, OR the following error, and the web server will refuse to start:
Differences in Solaris and Windows are as follows:
1. Windows hosts have 1 IP and hostname. Solaris hosts have 3 IPs and hostnames (for DS, DPS, and webserver).
No other difference from an architectural perspective.
Any help / insight on why the above is not working (and why the hell does the documentation seem so sketchy / insecure / incorrect).
Thanks a bunch! -
Error while load balancing two servers
i have two Solaris servers running 9iAS R2 OC4j.
current patch level is 9.0.2.3
i'm trying to load balance the instances according
to the instructions in this document:
Oracle9i Application Server: mod_oc4j Technical Overview
all i should need to do is run the command:
dcmctl addOPMNLink <IP>:<PORT>
but when i do this i get this error:
ADMN-906026
i could not find any info on this error with searches of:
Google, Google Groups, Oracle MetaLink, Oracle OTN.
ideas? suggestions? anything?
thanks,
.richi just tried running a "dcmctl getError", and got this:
ADMN-906026
This Oracle9iAS instance is currently using a database repository to store configuration information. The OPMN link functionality is not supported when a database repository is being used. An Oracle9iAS cluster should be created to associate Oracle9iAS instances when using a repository.
the two OC4J instances in question are associated with an Infrastructure instance on their respective servers. do i need to de-couple the OC4J instances? or create a "cluster of one" instance?
.rich -
Configuring ACE 4710 for Load Balancing Speech servers
Hello, I'm configuring ACE 4710's for the first time and I want to load balance my Nuance speech servers on port 554. Here's my configuration on ACE01:
hostname ace471001
interface gigabitEthernet 1/1
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
shutdown
interface gigabitEthernet 1/3
shutdown
interface gigabitEthernet 1/4
shutdown
access-list ALL line 8 extended permit ip any any
rserver host nss01
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
interface vlan 1000
ip address 10.20.17.21 255.255.248.0
access-group input ALL
service-policy input remote_mgmt_allow_policy
no shutdown
How would I configure my speech server to isten on 554?
Thanks in advanceHello Reginald
Currently you have only basic network configuration, there is no loadbalancing config
I'm not sure what exactly you're asking about , but basically you need to have
- real servers configured on ACE (
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp999495)
- serverfarm configured on ACE (
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp1014522)
- L7 policy map (
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1171109 ,
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1027248 )
- L4 policy map , class-map (
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1027819)
And then apply it on necessary interface.
This is a general configuration, in your specific case you may need to configure some additinal features (e.g. I think you will need to have stickiness enabled
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/sticky.html but it depends on your application)
links are for old config guids , but basic is pretty much the same for all versions.
Please check them and try to narrow down your question a bit. -
Load-balancing using ServerIrons or NetApp Netcaches
Dear all,
From a cursory search, this one has been asked loads of times, but I can't find
an answer....
We're adding a Weblogic cluster into a resilient environment which has Netcache
boxes doing reverse proxy and content caching, and Foundry ServerIrons doing the
load-balancing. We could add in a pair of Apache servers load-balanced by the
serverIrons and a pair of weblogic boxes in a cluster. However, this is not only
a bit of overkill, but also adds quite a bit of latency to requests. We also
already have the Netcache boxes. So, we want to get rid of Apache, and use a
proposed 3 tier environment:
Netcache
|
| (possibly via a serverIron)
v
Weblogic Cluster
|
|
v
Oracle
Will this work? Does anyone have any experience extracting the session ID on
a serverIron (or even on a netcache itself)? Has anyone found a way of doing
session failover using a serverIron?
Words of wisdom are needed for a flagging technical consultant...
Thanks
Simon Redding
Technical Specialist
Environment Agency
Good day Simon,
We have the same setup and have the same questions. Did you find how to implement this?
Any help would be great!
Cheers -
External Load Balancing OAM11g Servers
With OAM 11g, DB 11.2.0.1, RHEL5.6, and WLS 10.3.5... we have clustered the managed servers and all that displays, starts, stops as expected -- hosts are H1 and H2. We also have an external load balancer (haproxy). By "external", I mean that the host (PRHost) where the protected resource (PR) resides is outside the LB and all of the OAM infrastructure is inside the LB. We actually have 2 layers of LB because we are also trying to create a disaster recovery site, but for now we'll concentrate on the just the webgate and the LB.
We have installed WLS 10.3.5, OHS 11.1.1.2, and have deployed a PR on the PRHost. We then installed the 11g webgate on PRHost and instantiated the webgate within the OAM Server on H1 and moved the artifacts to the PRHost.
The question is fairly simple -- at least from my perspective -- the webgate gets its connection information from the ObAccessClient.xml artifact created when the webgate was added to the OAM Server. The only connection the webgate understands is the listing of the primary/secondary OAM Servers within that artifact.
QUESTION:+ When we access the protected resource, how will it know to go through the external LB if the only connection information it has is the OAM Server? We realize that there is LB information within the OAM Server setup, but this means that in order to determine where the LB is, we need to first access the OAM Server setup. We require the PR to first go through the LB to find an available OAM server, but there appears to be nothing on the PR webgate to inform it how to find the LB.Luis,
you need the command 'portmap disable' available in 5.01 and 5.03
gilles. -
i have two Solaris servers running 9iAS R2 OC4j.
current patch level is 9.0.2.3
i'm trying to load balance the instances according
to the instructions in this document:
Oracle9i Application Server: mod_oc4j Technical Overview
all i should need to do is run the command:
dcmctl addOPMNLink <IP>:<PORT>
but when i do this i get this error:
ADMN-906026
i could not find any info on this error with searches of:
Google, Google Groups, Oracle MetaLink, Oracle OTN.
ideas? suggestions? anything?
thanks,
.richRich -- if you have installed the Oracle9iAS instances and associated them with the infrastructure, then you don't need to perform the manual clustering operations which are contained in the doc you reference.
By associating with the infrastructure (as the error message indicates you have done), the components should all be associated with one another and you'll be working in what we call a managed cluster mode.
If you do have the instances associated with the infrastructure, then what you need to do is use the management console (or dcmctl) to create a cluster and then add the two instances to the cluster. This will then mean that the same applications get deployed to the two instances, and will add an Oc4jMount point to OHS that will allow the incoming requests to be dispatched to the two backend instances.
There should be a guide on OTN (HA Guide, Concepts Guide) which explains the concepts behind these terms if you need.
Here's the dcmctl commands to create a cluster then add the instances to the cluster (this is from my 904 instance, I don't have a 902 instance installed)
[oracle@peterman ~]$ dcmctl -help createcluster
createCluster
Creates a managed Oracle Application Server cluster.
Note
Oracle recommends that Oracle Application Server Clusters using a file based repository contain four (4) or less than four instances.
Type
Configuration Management
Syntax
createCluster -cl cluster_name
Description
A managed cluster is created.
Notes for using createCluster:
You must issue this command in the Oracle home of an instance that
belongs to a farm (that is, is associated with a metadata repository).
The cluster will be created in that farm.
The cluster has no members when created. You can add members using
joinCluster.
You can create an unlimited number of clusters.
Example
dcmctl createCluster -cl cluster1
[oracle@peterman ~]$ dcmctl -help joincluster
joinCluster
Adds an Oracle Application Server instance to the named managed cluster.
Notes for using Oracle Application Server clusters:
Oracle Application Server supports heterogeneous instances as part of the same farm. For example, an instance running on Solaris Operating System, an instance running on a Linux system, and an instance running on an HP-UX system can reside in the same farm.
Oracle Application Server instances that you want to be part of a cluster must be installed on identical operating systems
Oracle recommends that Oracle Application Server Clusters using a file based repository contain four (4) or less than four instances.
If you are using Oracle Enterprise Manager Application Server Control, then, after issuing the dcmctl joinCluster command, you must stop and then start Oracle Enterprise Manager Application Server Control using the commands:
%emctl stop iasconsole
%emctl start iasconsole
Type
Configuration Management
Syntax
joinCluster -cl cluster_name [-i instance_name]
Description
Adds an application server instance to the managed Oracle Application Server cluster specified with the -cl option. By default, this command uses the local instance. You can specify a different instance with the -i option. The instance must be a member of the same farm as the
cluster. There is no limit to the number of instances you can add to a cluster. An instance is stopped after being added to a cluster, so you must manually start it.
Example
To add the local application server instance to cluster1 and restart
it:
dcmctl joinCluster -cl cluster1
dcmctl start
To add instance1 to cluster1 and restart it:
dcmctl joinCluster -cl cluster1 -i instance1
dcmctl start -i instance1
cheers
-steve- -
ACE to load balance proxy servers
Hi,
i have a set of 4 proxy servers that are already load balanced. But they are using a incorrectly configured health probe on the ace. I need to know a good configuration for a heath probe that will send a http request over port 80 , wait for response, and read it? I searched the forum and the cisco pages but could not find a proper answer.
the current probe is as follows:
probe http HTTPGET
description Tests that www.gmail.com returns 302 redirect
interval 10
request method get url http://www.gmail.com
expect status 302 302
-GordonHi Gordon,
This is what you want to achieve :
I need to know a good configuration for a heath probe that will send a http request over port 80 , wait for response, and read it?
So ideally you have to choose what content you want to request and what you expect as response.
Any HTTP request will assume that the request is going to the web server or the device can understand HTTP and respond accordingly.
If you ask me I would say that the probes which you are using make sense.
If the probe fails that means the proxy is unable to reach "www.gmail.com" which is almost as good as proxy is not working.
Let me know your thought about it.
regards,
Ajay Kumar -
I have a CSS 11501. I have the ethernet management port on 192.168.0.X /24. I have two services set up one being 209.172.1XX.X51 and the other being 209.172.1XX.X52. I have the VIP set to be 209.172.1XX.X53. I have the 2 web server plugged into e7 and e8. Then I have a straight ethernet cable that goes from e6 to my gigabit switch. All of these interfaces are on the same VLAN. Is that correct?
What is IP interface for a circuit and what relation does it have with the VIP?
My problem over all is, I can't access my VIP from an external location. I can only access the VIP from a computer with the same 209.172.1XX.XXX address, but i can access the web servers separately from the outside, just not the VIP.
My Ip interface for the circuit is completely different from my VIP and my services, is that correct? The status is says "no circuit"
Why cant the outside world access the VIP but they can access the individual IPs of the web servers?the e6,e7 and e8 interfaces would all go in the same vlan.
Under your circuit vlan, you need an ip address that will belong to the same subnet as your servers.
You need an ip address on the circuit, for the probes, and also to configure a default gateway.
Because you also need a default gateway if you want to connect from a remote subnet.
Gilles. -
Shared home directories between load-balancing sunray servers.
Our current setup is we have 2 sunray servers in the login group and both systems mount a single filesystem rw via an nfs share from our veritas cluster farm. The file system is a SAN LUN mounted to our veritas cluster farm then shared via a NFS veritas cluster service. The problem is once the nfs service fails the cluster rolls the LUN and the NFS service to another server in the farm. this results in a changed source MAC address and the nfs client service goes whacky (forcing a manual re-mount somtimes nfsclient stop-start). anyone know of an alternitive method of sharing user home directories maybe shared access to the lun and cut out the middle man (the nfs service from the cluster) ?
ThanksYep, I always get an error "The home directory could not be created because an error occurred". Always had that, even on the original /Users share that worked.
Kind of found a way around, have written a script to run at login that checks to see if Pictures, Movies, etc folders are present, and if it doesn't it just makes a new directory with that name. It's a bit of a bodge, but seems to still work. Would still love to have another proper fix eventually, but for the time being it's solved the immediate problem I had!
Thanks for your advice.
Maybe you are looking for
-
Schedule lines with no confirmed qty
The client needs schedule lines generated with no confirmed quantity please assist if itss possible Regards Maddy
-
Cannot Restore Apps On Older iPhones
I am still a happy user of an iPhone 2G, running iOS 3.1.3 (the latest compatible iOS version). Some time ago, possibly after a faulty App Store update, my Slovoed application (a German dictionary bought 2-3 years ago for $20) stopped working. I firs
-
hp Windows XP ok i bought a tv show from itunes and its not showing up on my ipod nano..can you even watch tv show/movies on ipod nanos?
-
My AppleTV (2nd gen) crashed last night with the latest update and now all I have a flashing light. What to do? It showed a USB symbol point toward an iTunes symbol and won't reset after resetting with the remote. Same thing.
-
Can someone review my working program and..
Let me know if I wrote this out clearly and if it seems to be written alright for someone with a few days of Java. Just looking for advice or comments. Do not need anything fixed or anything like that its working how I need it to. Thanks you guys are