Load Balancing Linux servers with CSS 11050 series
We would like to load balance Linux FTP and Web servers with a CSS 11050 series device. Does the content switch use SNMP to load balance the servers? If so, which MIBs need to be loaded on the servers?
I dont believe that the CSS supports any SNMP load balancing mechanism.
There is basically two factors involved in load balancing. One: the state of the servers which can be done via a range of mechanisms including ping, TCP connection, Application request, etc. Two: the way a server is chosen when a request comes in including round-robin, least connections, ACA etc.
Checkout these links:-
http://www.cisco.com/warp/customer/117/basic_css_lb_config.html
http://www.cisco.com/warp/customer/117/methods_load_bal.html
Similar Messages
-
Load Balance HTTPS servers with redirection
Hello,
I have been tasked with ACE configuration at work as the prior go-to guy for load balancing is no longer available. Trouble is, I have little idea what I’m doing when it comes to the ACE. So, forgive me if the question I have is super basic. After doing some research I put together a LB config, but its not working.
I was trying to load balance 10 servers, split into groups of 2 using 5 VIPS (1 VIP for each group of 2 servers). The servers serve an ssl web app.
Below is my configuration. What am I doing wrong? Does the config have any glaring errors? I've been staring at this thing on and off for a week and searching these forums trying to figure it out.
Any help provided will greatly appreciated.
probe tcp probe_443
port 443
interval 30
passdetect interval 5
probe https probe_https_test
interval 30
passdetect interval 5
ssl version all
request method get url /test.html
expect status 200 200
rserver host QA-1.1
ip address 10.200.162.126
inservice
rserver host QA-1.2
ip address 10.200.162.127
inservice
rserver redirect QA-group_1_redirect_rserver
webhost-redirection https://10.37.5.73/ 302
inservice
rserver host QA-2.1
ip address 10.200.162.22
inservice
rserver host QA-2.2
ip address 10.200.162.240
inservice
rserver redirect QA-group_2_redirect_rserver
webhost-redirection https://10.37.5.74/ 302
inservice
rserver host QA-3.1
ip address 10.200.162.181
inservice
rserver host QA-3.2
ip address 10.200.162.50
inservice
rserver redirect QA-group_3_redirect_rserver
webhost-redirection https://10.37.5.75/ 302
inservice
rserver host QA-4.1
ip address 10.200.162.23
inservice
rserver host QA-4.2
ip address 10.200.162.241
inservice
rserver redirect QA-group_4_redirect_rserver
webhost-redirection https://10.37.5.76/ 302
inservice
rserver host QA-5.1
ip address 10.200.162.182
inservice
rserver host QA-5.2
ip address 10.200.162.51
inservice
rserver redirect QA-group_5_redirect_rserver
webhost-redirection https://10.37.5.77/ 302
inservice
serverfarm host SF_QA-group_1_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-1.1 443
inservice
rserver QA-1. 2 443
inservice
serverfarm host SF_QA-group_2_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-2.1 443
inservice
rserver QA-2. 2 443
inservice
serverfarm host SF_QA-group_3_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-3.1 443
inservice
rserver QA-3. 2 443
inservice
serverfarm host SF_QA-group_4_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-4.1 443
inservice
rserver QA-4. 2 443
inservice
serverfarm host SF_QA-group_5_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-5.1 443
inservice
rserver QA-5. 2 443
inservice
serverfarm redirect SF_ QA-group_1_REDIRECT
rserver QA-group_1_redirect_rserver
inservice
serverfarm redirect SF_ QA-group_2_REDIRECT
rserver QA-group_2_redirect_rserver
inservice
serverfarm redirect SF_ QA-group_3_REDIRECT
rserver QA-group_3_redirect_rserver
inservice
serverfarm redirect SF_ QA-group_4_REDIRECT
rserver QA-group_4_redirect_rserver
inservice
serverfarm redirect SF_ QA-group_5_REDIRECT
rserver QA-group_5_redirect_rserver
inservice
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_1_STICKY
serverfarm SF_ QA-group_1_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_2_STICKY
serverfarm SF_ QA-group_2_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_3_STICKY
serverfarm SF_ QA-group_3_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_4_STICKY
serverfarm SF_ QA-group_4_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_5_STICKY
serverfarm SF_ QA-group_5_HTTPS
timeout 30
replicate sticky
class-map match-all QA-group_1_HTTP
3 match virtual-address 10.37.5.73 tcp eq www
class-map match-all QA-group_1_HTTPS
3 match virtual-address 10.37.5.73 tcp eq https
class-map match-all QA-group_2_HTTP
3 match virtual-address 10.37.5.74 tcp eq www
class-map match-all QA-group_2_HTTPS
3 match virtual-address 10.37.5.74 tcp eq https
class-map match-all QA-group_3_HTTP
3 match virtual-address 10.37.5.75 tcp eq www
class-map match-all QA-group_3_HTTPS
3 match virtual-address 10.37.5.75 tcp eq https
class-map match-all QA-group_4_HTTP
3 match virtual-address 10.37.5.76 tcp eq www
class-map match-all QA-group_4_HTTPS
3 match virtual-address 10.37.5.76 tcp eq https
class-map match-all QA-group_5_HTTPS
3 match virtual-address 10.37.5.77 tcp eq www
class-map match-all QA-group_5_HTTPS
3 match virtual-address 10.37.5.77 tcp eq https
class-map type management match-any remote-management
2 match protocol http any
3 match protocol https any
4 match protocol icmp any
5 match protocol snmp any
6 match protocol ssh any
policy-map type management first-match remote-access
class remote-management
permit
policy-map type loadbalance first-match QA-group_1_REDIRECT
class class-default
serverfarm SF_ QA-group_1_REDIRECT
policy-map type loadbalance first-match QA-group_2_REDIRECT
class class-default
serverfarm SF_ QA-group_2_REDIRECT
policy-map type loadbalance first-match QA-group_3_REDIRECT
class class-default
serverfarm SF_ QA-group_3_REDIRECT
policy-map type loadbalance first-match QA-group_4_REDIRECT
class class-default
serverfarm SF_ QA-group_4_REDIRECT
policy-map type loadbalance first-match QA-group_5_REDIRECT
class class-default
serverfarm SF_ QA-group_5_REDIRECT
policy-map multi-match SERVICE_VIPS
class QA-group_1_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_1_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_1_HTTP
loadbalance vip inservice
loadbalance policy QA-group_1_REDIRECT
class QA-group_2_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_2_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_2_HTTP
loadbalance vip inservice
loadbalance policy QA-group_2_REDIRECT
class QA-group_3_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_3_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_3_HTTP
loadbalance vip inservice
loadbalance policy QA-group_3_REDIRECT
class QA-group_4_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_4_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_4_HTTP
loadbalance vip inservice
loadbalance policy QA-group_4_REDIRECT
class QA-group_5_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_4_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_5_HTTP
loadbalance vip inservice
loadbalance policy QA-group_4_REDIRECT
interface vlan 25
ip address 10.37.5.72 255.255.255.0
access-group input everyone
service-policy input remote-access
service-policy input SERVICE_VIPS
no shutdown
ip route 0.0.0.0 0.0.0.0 10.37.5.1Fnu,
Thank you so much for your reply.
At this point I can get to the real server IP's via ping and https in a browser from my PC. I can also ping the gateway and all the real server IP's from the ACE context i'm working on. However, the VIPS are not working. When I attempt to use one of the VIPS in the browser, the request times out. When I issue the command ":show service-policy" I see a hit count (which increments every time I try and reach the VIP via the browser) but the dropped counter is equal to the hit counter. I will paste the running config from the context I’m working in along with the output from the show service-policy command.
Any suggestions on how I can get this working would be greatly appreciated.
csc# show run
Generating configuration....
access-list Servers line 3 extended permit tcp any any eq https
access-list Servers line 5 extended permit tcp any any eq www
access-list everyone line 1 extended permit ip any any
access-list everyone line 2 extended permit icmp any any
probe tcp probe_443
port 443
interval 30
passdetect interval 5
rserver host QA-1.1
ip address 10.37.5.111
inservice
rserver host QA-1.2
ip address 10.37.5.88
inservice
rserver host QA-2.1
ip address 10.37.5.84
inservice
rserver host QA-2.2
ip address 10.37.5.89
inservice
rserver host QA-3.1
ip address 10.37.5.85
inservice
rserver host QA-3.2
ip address 10.37.5.90
inservice
rserver host QA-4.1
ip address 10.37.5.86
inservice
rserver host QA-4.2
ip address 10.37.5.81
inservice
rserver host QA-5.1
ip address 10.37.5.87
inservice
rserver host QA-5.2
ip address 10.37.5.92
inservice
rserver redirect QA-group_1_redirect_rserver
webhost-redirection https://10.37.5.93/ 302
inservice
rserver redirect QA-group_2_redirect_rserver
webhost-redirection https://10.37.5.94/ 302
inservice
rserver redirect QA-group_3_redirect_rserver
webhost-redirection https://10.37.5.95/ 302
inservice
rserver redirect QA-group_4_redirect_rserver
webhost-redirection https://10.37.5.96/ 302
inservice
rserver redirect QA-group_5_redirect_rserver
webhost-redirection https://10.37.5.97/ 302
inservice
serverfarm host SF_QA-group_1_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-1.1 443
inservice
rserver QA-1.2 443
inservice
serverfarm redirect SF_QA-group_1_REDIRECT
rserver QA-group_1_redirect_rserver
inservice
serverfarm host SF_QA-group_2_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-2.1 443
inservice
rserver QA-2.2 443
inservice
serverfarm redirect SF_QA-group_2_REDIRECT
rserver QA-group_2_redirect_rserver
inservice
serverfarm host SF_QA-group_3_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-3.1 443
inservice
rserver QA-3.2 443
inservice
serverfarm redirect SF_QA-group_3_REDIRECT
rserver QA-group_3_redirect_rserver
inservice
serverfarm host SF_QA-group_4_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-4.1 443
inservice
rserver QA-4.2 443
inservice
serverfarm redirect SF_QA-group_4_REDIRECT
rserver QA-group_4_redirect_rserver
inservice
serverfarm host SF_QA-group_5_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-5.1 443
inservice
rserver QA-5.2 443
inservice
serverfarm redirect SF_QA-group_5_REDIRECT
rserver QA-group_5_redirect_rserver
inservice
serverfarm host SF_QA-group_HTTPS
serverfarm host SF_QA-group__HTTPS
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_1_STICKY
serverfarm SF_QA-group_1_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_2_STICKY
serverfarm SF_QA-group_2_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_3_STICKY
serverfarm SF_QA-group_3_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_4_STICKY
serverfarm SF_QA-group_4_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_5_STICKY
serverfarm SF_QA-group_5_HTTPS
timeout 30
replicate sticky
class-map match-all QA-group_1_HTTP
3 match virtual-address 10.37.5.93 tcp eq www
class-map match-all QA-group_1_HTTPS
3 match virtual-address 10.37.5.93 tcp eq https
class-map match-all QA-group_2_HTTP
3 match virtual-address 10.37.5.94 tcp eq www
class-map match-all QA-group_2_HTTPS
3 match virtual-address 10.37.5.94 tcp eq https
class-map match-all QA-group_3_HTTP
3 match virtual-address 10.37.5.95 tcp eq www
class-map match-all QA-group_3_HTTPS
3 match virtual-address 10.37.5.95 tcp eq https
class-map match-all QA-group_4_HTTP
3 match virtual-address 10.37.5.96 tcp eq www
class-map match-all QA-group_4_HTTPS
3 match virtual-address 10.37.5.76 tcp eq https
class-map match-all QA-group_5_HTTP
3 match virtual-address 10.37.5.97 tcp eq www
class-map match-all QA-group_5_HTTPS
3 match virtual-address 10.37.5.97 tcp eq https
class-map type management match-any remote-management
2 match protocol http any
3 match protocol https any
4 match protocol icmp any
5 match protocol snmp any
6 match protocol ssh any
policy-map type management first-match remote-access
class remote-management
permit
policy-map type loadbalance first-match QA-group_1_REDIRECT
class class-default
policy-map type loadbalance first-match QA-group_2_REDIRECT
class class-default
serverfarm SF_QA-group_2_REDIRECT
policy-map type loadbalance first-match QA-group_3_REDIRECT
class class-default
serverfarm SF_QA-group_3_REDIRECT
policy-map type loadbalance first-match QA-group_4_REDIRECT
class class-default
serverfarm SF_QA-group_4_REDIRECT
policy-map type loadbalance first-match QA-group_5_REDIRECT
class class-default
serverfarm SF_QA-group_5_REDIRECT
policy-map multi-match SERVICE_VIPS
class QA-group_1_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_1_REDIRECT
loadbalance vip icmp-reply
class QA-group_1_HTTP
loadbalance vip inservice
loadbalance policy QA-group_1_REDIRECT
class QA-group_2_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_2_REDIRECT
loadbalance vip icmp-reply
class QA-group_2_HTTP
loadbalance vip inservice
loadbalance policy QA-group_2_REDIRECT
class QA-group_3_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_3_REDIRECT
loadbalance vip icmp-reply
class QA-group_3_HTTP
loadbalance vip inservice
loadbalance policy QA-group_3_REDIRECT
class QA-group_4_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_4_REDIRECT
loadbalance vip icmp-reply
class QA-group_4_HTTP
loadbalance vip inservice
loadbalance policy QA-group_4_REDIRECT
class QA-group_5_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_5_REDIRECT
loadbalance vip icmp-reply
class QA-group_5_HTTP
loadbalance vip inservice
loadbalance policy QA-group_5_REDIRECT
interface vlan 25
ip address 10.37.5.98 255.255.255.0
access-group input everyone
service-policy input remote-access
service-policy input SERVICE_VIPS
no shutdown
ip route 0.0.0.0 0.0.0.0 10.37.5.1
csc# show service-policy SERVICE_VIPS
Status : ACTIVE
Interface: vlan 25
service-policy: SERVICE_VIPS
class: QA-group_1_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_1_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP state: OUTOFSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: DISABLED
curr conns : 0 , hit count : 122
dropped conns : 122
conns per second : 0
client pkt count : 122 , client byte count: 6164
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_1_HTTP
loadbalance:
L7 loadbalance policy: QA-group_1_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP state: OUTOFSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: DISABLED
curr conns : 0 , hit count : 58
dropped conns : 58
conns per second : 0
client pkt count : 58 , client byte count: 3628
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_2_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_2_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 13
dropped conns : 0
conns per second : 0
client pkt count : 74 , client byte count: 7648
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_2_HTTP
loadbalance:
L7 loadbalance policy: QA-group_2_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 3
dropped conns : 0
conns per second : 0
client pkt count : 12 , client byte count: 1398
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_3_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_3_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 34
dropped conns : 0
conns per second : 0
client pkt count : 201 , client byte count: 23495
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_3_HTTP
loadbalance:
L7 loadbalance policy: QA-group_3_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 5
dropped conns : 0
conns per second : 0
client pkt count : 20 , client byte count: 1907
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_4_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_4_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 0
dropped conns : 0
conns per second : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_4_HTTP
loadbalance:
L7 loadbalance policy: QA-group_4_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 2
dropped conns : 0
conns per second : 0
client pkt count : 8 , client byte count: 697
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_5_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_5_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 0
dropped conns : 0
conns per second : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_5_HTTP
loadbalance:
L7 loadbalance policy: QA-group_5_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 0
dropped conns : 0
conns per second : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0 -
Load Balancing Directory Servers with Access Manager - Simple questions
Hi.
We are in the process of configuring 2 Access Manager instances (servers) accessing the same logical LDAP repository (comprising physically of two Directory Servers working together with Multi-Master Replication configured and tested) For doing this, we are following guide number 819-6258.
The guide uses BigIP load balancer for load balancing the directory servers. However, we intend to use Directory Proxy Server. Since we faced some (unresolved) issues last time that we used DPS, there are some simple questions that I would be very grateful to have answers to:
1. The guide, in section 3.2.10 (To configure Access Manager 1 with the Directory Server load balancer), talks about making changes at 4 places, and replacing the existing entry (hostname and port) with the load balancer's hostname and port (assuming that the load balancer has already been configured). It says that changes need not be made on Access Manager 2 since the LDAPs are in replication, and hence changes will be replicated at all places. However, the guide also states that changes have to be made in two files, namely AMConfig.properties, and the serverconfig.xml file. But these changes will not be reflected on Access Manager 2, since these files are local on each machine.
Question 1. Do changes have to be made in AMConfig.properties and serverconfig.xml files on the other machine hosting Access Manager 2?
Question 2: What is the purpose of putting these values here? Specifically, what is achieved by specifying the Directory server host and port in AMConfig.properties, as well as in serverconfig.xml?
Question 3. In the HTTP console, there is the option of specifying multiple primary LDAP servers, as well as multiple secondary LDAP servers. What is the purpose of these? Are secondary servers attempted when none of the list in the primary list are accessible? Also, if there are multiple entries in the primary server list, are they accessed in a round robin fashion (hereby providing rudimentary load balancing), or are other servers accessed only when the one mentioned first is not reachable etc.?
2. Since I do not have a load balancer setup yet, I tried the following deviation to the above, which, according to me, should have worked. If viewed in the HTTP console, LDAP / Membership / MSISDN and Policy configuration all pointed to the DS on host 1. When I changed all these to point to the directory server on host 2 (and made AMConfig.properties and serverconfig.xml on host 1 point to DS of host 2 as well), things should have worked fine, but apparently Access manager 1 could not be started. Error from Webserver:
[14/Aug/2006:04:30:36] info (13937): WEB0100: Loading web module in virtual server [https-machine_1_FQDN] at [search]
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: Exception in thread "EventService" java.lang.ExceptionInInitializerError
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at com.iplanet.services.ldap.event.EventServicePolling.run(EventServicePolling.java:132)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at java.lang.Thread.run(Thread.java:595)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: Caused by: java.lang.InterruptedException
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at com.sun.identity.sm.ServiceManager.<clinit>(ServiceManager.java:74)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: ... 2 more
In effect, AM on 1 did not start. On rolling back the changes, things again worked like previously.
Will be really grateful for any help / insight / experience on dealing with the above.
Thanks!Update to the above, incase anyone is reading:
We setup a similar setup in Windows, and it worked. Here is a detailed account of what was done:
1. Host 1: Start installer, install automatically, chose Directory server, Directory Administration server, Directory Proxy server, Web server, Access Manager.
All installed, and worked fine. (AMConfig.properties, serverconfig.xml, and the info in LDAP service, all pointed to HOST1:389)
2. Host 2: Start installer, install automatically, chose Directory server, Directory Administration server, Directory Proxy server, Web server, Access Manager.
All installed, and worked fine. (AMConfig.properties, serverconfig.xml, and the info in LDAP service, all pointed to HOST2:389)
3. Host 1: Started replication. Set to Master
4. Host 2: Started replication. Set to Master
5. Host 1: Setup replication agreement to Host 2
6. Host 2: Setup replication agreement to Host 1
7. Initiated the remote replica from Host 1 ----> Host 2
Note that since default installation uses abc.....xyz as the encryption key, setting this to same was not an issue.
9. Started webserver for Host 1 and logged into AM as amadmin.
10. Added Host 2 FQDN in DNS Aliases / Realms
11. Added http://HOST2_FQDN:80 in the Platform server (instance) list.
12. Started Host 2 webserver. Logged in AM on Host 2, things worked fine.
At this stage, note the following:
a) Host 1:
AMConfig.properties file has
com.iplanet.am.directory.host=host1_FQDN
and
com.iplanet.am.directory.port=389
serverconfig.xml has:
<Server name="Server1" host="host1_FQDN" port="389" type="SIMPLE" />
b) Host 2:
AMConfig.properties file has
com.iplanet.am.directory.host=host2_FQDN
and
com.iplanet.am.directory.port=389
serverconfig.xml has:
<Server name="Server1" host="host2_FQDN" port="389" type="SIMPLE" />
c) If one logs into AM, and checks LDAP servers for LDAP / Policy Configuration / Membership etc services, they all contain Host2_FQDN:389 (which makes sense, since replica 2 was initialized from 1)
Returning back to the configuations:
13. On Host 1, login into the Admin server console of the Directory server. Navigate to the DPS, and confgure the following:
a) Network Group
b) LDAP servers
c) Load Balancing
d) Change Group
e) Action on-bind
f) Allow all actions (permit modification / deletion etc.).
g) any other configuations required - Am willing to give detailed steps if someone needs them to help me / themselves! :)
So now, we have DPS configured and running on Host1:489, and distributing load to DS1 and DS2 on a 50:50 basis.
14. Now, log into AM on Host 1, and instead of Host1_fqdn:389 (for DS) in the following places, specify Host1_fqdn:489 (for the DPS)--
LDAP Authentication
MSISDN server
Membership Service
Policy configuation.
Verified that this propagated to the Policy Configuration service and the LDAP authentication service that are already registered with the default organization.
15. Log out of AM. Following the documentation, modify directory.host and directory.port in AMConfig.properties to point to Host 1_FQDN and 489 respectively. Make this change in AMConfig.properties of both Host 1 as well as 2.
16. Edit serverconfig.xml on both hosts, and instead of they pointing to their local directory servers, point both to host1_FQDN:489
17. When you start the webserver, it will refuse to start. Will spew errors such as:
[https-host1_FQDN]: Sun ONE Web Server 6.1SP5 B06/23/2005 17:36
[https-host1_FQDN]: info: CORE3016: daemon is running as super-user
[https-host1_FQDN]: info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.5.0_04] from [Sun Microsystems Inc.]
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amserver]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [ampassword]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amcommon]
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amconsole]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [search]
[https-host1_FQDN]: warning: CORE3283: stderr: netscape.ldap.LDAPException: error result (32); matchedDN = dc=sun,dc=com; No such object (DN changed)
[https-host1_FQDN]: warning: CORE3283: stderr: Got LDAPServiceException code=-1
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getConnection(DSConfigMgr.java:357)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewFailoverConnection(DSConfigMgr.java:314)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewConnection(DSConfigMgr.java:253)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewProxyConnection(DSConfigMgr.java:184)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewProxyConnection(DSConfigMgr.java:194)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.initLdapPool(DataLayer.java:1248)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.(DataLayer.java:190)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.getInstance(DataLayer.java:215)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.getInstance(DataLayer.java:246)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ldap.SMSLdapObject.initialize(SMSLdapObject.java:156)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ldap.SMSLdapObject.(SMSLdapObject.java:124)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.Class.newInstance0(Class.java:350)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.Class.newInstance(Class.java:303)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.SMSEntry.(SMSEntry.java:216)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ServiceSchemaManager.(ServiceSchemaManager.java:67)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.am.util.AMClientDetector.getServiceSchemaManager(AMClientDetector.java:219)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.am.util.AMClientDetector.(AMClientDetector.java:94)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.mobile.filter.AMLController.init(AMLController.java:85)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:262)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:322)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:120)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3271)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3747)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]: failure: WebModule[amserver]: WEB2783: Servlet /amserver threw load() exception
[https-host1_FQDN]: javax.servlet.ServletException: WEB2778: Servlet.init() for servlet LoginLogoutMapping threw exception
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:949)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
[https-host1_FQDN]: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]: ----- Root Cause -----
[https-host1_FQDN]: java.lang.NullPointerException
[https-host1_FQDN]: at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
[https-host1_FQDN]: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]:
[https-host1_FQDN]: info: HTTP3072: [LS ls1] http://host1_FQDN:58080 [i]ready to accept requests
[https-host1_FQDN]: startup: server started successfully
Success!
The server https-host1_FQDN has started up.
The server infact, didn't start up (nothing even listening on 58080).
However, if AMConfig.properties is left as it originally was, and only serverconfig.xml files were changed as mentioned above, web servers started fine, and things worked all okay. (Alright, except for some glitches when viewed in /amconsole. If /amserver/console is accessed, all is good. Can this mean that all is still not well? I am not sure).
So far so good. Now comes the sad part. When the same is done on Solaris 9, things dont work. You continue to get the above error, OR the following error, and the web server will refuse to start:
Differences in Solaris and Windows are as follows:
1. Windows hosts have 1 IP and hostname. Solaris hosts have 3 IPs and hostnames (for DS, DPS, and webserver).
No other difference from an architectural perspective.
Any help / insight on why the above is not working (and why the hell does the documentation seem so sketchy / insecure / incorrect).
Thanks a bunch! -
Load balancing sftp servers on css11503
I have an 11503 and I am trying to load balance sftp servers behind it. not sure why it's not working.
here is the content rule:
content test_sftp
add service www1_sftp
add service www2_sftp
port 22
protocol tcp
balance aca
advanced-balance sticky-srcip
vip address 172.17.0.248
active
here are the service rules:
service www1_sftp
ip address 172.17.0.27
protocol tcp
keepalive port 22
keepalive type tcp
active
service www2_sftp
ip address 172.17.0.25
protocol tcp
keepalive port 22
keepalive type tcp
active
couple of questions:
1) do I need to set up a source group like I would have to for ftp? Does the return traffic from the servers need to be NAT'd back out as the VIP?
2) the content rule and service rules are all set for port 22 only....is that enough ports open for the control and data channels? I think sftp uses port 22 for both.
Any assistance would be greatly appreciated.
Thanks!
SandeepYou definitely need a group to nat the data-channel.
But I'm not even sure that will make it work.
You can give it a try so.
Gilles. -
ACE to load balance Citrix servers
Hello,
Have anyone configured ACE Modules to load balance Citrix Servers (HTTP) ?
Any special considerations needed?
Many thanks,HI Javier,
There is one complete design guide available on ciso site.
Kindly go through the below mentioned URL for complete config for ACE to load balance CITRIX as follows:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/App_Networking/citrixdg_final.html
You will get othe design guides also which can be very useful:
http://www.cisco.com/en/US/netsol/ns751/networking_solutions_design_guidances_list.html
Sachin Garg -
Load balancing outgoing mail with 3 outgoing servers
We are trying to balance our mail out with 3 separate mail servers from our incoming server. Our organization sends alot of mail and we wanted to balance it with 3 outgoing SMTP servers. We have them all working, in the zone for the primary DNS and incoming mail server. And we can get mail to go out on the three servers, BUT and this is a problem if the mail includes any messages to the network (hence the incoming server) then the SMTP servers complain they cannot find it and give a error message about not being able to connect to deliver any local mails out of the bulk mail we send. Any ideas how to get the SMTP to see the incoming mail server (which is the DNS server for network) and deliver mail to accounts on the network? Maybe we are doing something that OS X SNL server cannot do? Any ideas.
I will post the error message later but I need to leave for meeting for now.
Thanks
RussHere is error message we get:
Mar 17 21:34:45 mailout1 postfix/smtp[32307]: connect to mail.vineyardil.net [173.161.44.97]:25 Operation timed out
Mar 17 21:34:45 mailout1 postfix/smtp[32307]: DE90A1AF591: to =<[email protected]>, relay=none, delay=23732, delays=23701/0.01/30/0, dsn4.4.1, status=deferred (connect to mail.vineyardil.net [173.161.44.97]:25 Operation timed out)
To explain mailout1 is the first one in priority of outgoing separate SMTP servers we set up in the zone of mail.vineyardil.net which is the DNS server. They send out ok all outgoing mail to other addresses as we wanted them (rather than having mail.vineyardil.net do it) but when we send to an address with vineyardil.net on it then we get this same message.
It seems like mailout1 cannot send to the incoming server. Note the ip address it gives is the ip of the cable modem on this network not the ip address locally in the net we have.
Our MX records all look good and things work with mail if we use it both as incoming and outgoing (SMTP) but when we use the secondary servers for outgoing they seem to not be able to send to this server. Is there something we should look for?
Is SL server not capable of what we are trying? Any feedback would be most appreciated. We would like to really use this setup as I explained to do load balancing of mail as part of our attempt on this new network to get our bulk mailing split up between the 3 outgoing servers so we will not be labeled spam by the security systems out there these days like it was on our old network.
Thanks for your time.
Russ Jacobson -
FRM-92101: Load Balancing Forms 10g with Web Cache
Hi,
I´m having some problems with Oracle Forms and Webcache 10g and I was wondering if you
could help.
Machines: (Pentium IV 2.6 GHz; 2GB RAM; 80GB HD)
A. Red Hat Linux AS 2.1
Oracle AS 10g - Infrastructure Installation
B. Windows 2000 Server - Service Pack 4
Oracle AS 10g - BI and Forms Installation (Using Infrastructure on machine A)
C. Windows 2000 Server - Service Pack 4
Oracle AS 10g - BI and Forms Installation (Using Infrastructure on machine A)
I didn´t apply any Patchsets of Oracle AS 10g. My current version is 9.0.4.0 .
Goal:
Use Oracle Webcache 10g on machine B for Load Balancing an Oracle Forms Application
on machines B and C.
Facts:
The Oracle AS 10g installation on the 3 machines was made without problems.
The Forms Applications are running without problems on both Forms servers in machine B and C.
Symptoms:
I´m getting the following error when I try to acces the forms application through Webcache:
FRM-92101: There was a failure in the forms server during startup.
This could happen due to invalid configuration.
Please look in the web-server log file for details.
But, this error happens ONLY when BOTH OC4J_BI_Forms instances (machines B and C) are
running.
When just one of the OC4J_BI_Forms is running everything works fine.
Webcache Configuration:
I´ve followed Metalink note 207668.1: Configuring Web Cache as a Load Balancer for Application Servers
step by step to make the configuration of the following components:
1. Configuration of the origin servers
2. Configuration of Site definitions
3. Configuration of Site to server mapping
After that, I´ve follwed the Metalink note 229900.1: Integrating and using Web Cache with Forms 9i for Load Balancing
step by step to make the configuration of the following components:
4. Session Binding
Then I try to test the Load Balancing and I got the error FRM-92101 when both OC4J_BI_Forms
instance were running.
I´ve searched Metalink and found note 268830.1: Webcache Won't Load Balance 2 Forms Instances.
Following the note instructions I did the following changes:
Added these lines at the end of HTTPD.conf (machine B):
CookieTracking On
CookieName myformscookie1
Added these lines at the end of HTTPD.conf (machine C):
CookieTracking On
CookieName myformscookie2
In Webcache configuration:
I´ve Changed the default session binding from JSESSIONID to "ANY SET COOKIE" for the
site's session binding.
But even after these changes I´m getting FRM-92101 error on the same conditions.
How can I solve this problem ?
Thank you in advance.
Marcus Santos.
([email protected])Just ran into this problem last Tuesday, Nov.30 and applied the changes today.
My configuration is similar to yours: 9.0.4 web cache on machine A, 9.0.4 10gAS forms and reports standalone on machine B and C (not a cluster, no infra).
I appended the Cookie lines you mentioned in httpd.conf located in $ORACLE_HOME/Apache/Apache/conf in both machines B and C.
One important thing you may have missed. After changing httpd.conf in each 9iAS instance, you need to make the change known to dcmctl so issue:
dcmctl updateConfig -ct ohs
Then do the following for each 9iAS instance and it should be ready for webcache:
dcmctl stop
dcmctl start
Setup Any-set-Cookie in webcache instead of JSESSIONID and the whole thing should now work. You can run a form through machine A which will load balance to either machine B or C (which can both be up). Then, try shutting down 9iAS on machine B or C and run a form again. They now all work.
HTH,
Raffy -
FRM-92101: Load Balancing Forms 10g with Webcache
Hi,
I´m having some problems with Oracle Forms and Webcache 10g and I was wondering if you
could help.
Machines: (Pentium IV 2.6 GHz; 2GB RAM; 80GB HD)
A. Red Hat Linux AS 2.1
Oracle AS 10g - Infrastructure Installation
B. Windows 2000 Server - Service Pack 4
Oracle AS 10g - BI and Forms Installation (Using Infrastructure on machine A)
C. Windows 2000 Server - Service Pack 4
Oracle AS 10g - BI and Forms Installation (Using Infrastructure on machine A)
I didn´t apply any Patchsets of Oracle AS 10g. My current version is 9.0.4.0 .
Goal:
Use Oracle Webcache 10g on machine B for Load Balancing an Oracle Forms Application
on machines B and C.
Facts:
The Oracle AS 10g installation on the 3 machines was made without problems.
The Forms Applications are running without problems on both Forms servers in machine B and C.
Symptoms:
I´m getting the following error when I try to access the forms application through Webcache:
FRM-92101: There was a failure in the forms server during startup.
This could happen due to invalid configuration.
Please look in the web-server log file for details.
But, this error happens ONLY when BOTH OC4J_BI_Forms instances (machines B and C) are
running.
When just one of the OC4J_BI_Forms is running everything works fine.
Webcache Configuration:
I´ve followed Metalink note 207668.1: Configuring Web Cache as a Load Balancer for Application Servers
step by step to make the configuration of the following components:
1. Configuration of the origin servers
2. Configuration of Site definitions
3. Configuration of Site to server mapping
After that, I´ve follwed the Metalink note 229900.1: Integrating and using Web Cache with Forms 9i for Load Balancing
step by step to make the configuration of the following components:
4. Session Binding
Then I try to test the Load Balancing and I got the error FRM-92101 when both OC4J_BI_Forms
instance were running.
I´ve searched Metalink and found note 268830.1: Webcache Won't Load Balance 2 Forms Instances.
Following the note instructions I did the following changes:
Added these lines at the end of HTTPD.conf (machine B):
CookieTracking On
CookieName myformscookie1
Added these lines at the end of HTTPD.conf (machine C):
CookieTracking On
CookieName myformscookie2
In Webcache configuration:
I´ve Changed the default session binding from JSESSIONID to "ANY SET COOKIE" for the
site's session binding.
But even after these changes I´m getting FRM-92101 error on the same conditions.
How can I solve this problem ?
Thank you in advance.
Marcus Santos.
([email protected])Did you ever Get this to work?
I am having some problems trying to load balance with Oracle Forms, Discover and reports Oracle Application Server Release 10g (9.0.4.0.2) and I was wondering if you could help. Has any one ever got this to work consistently? We are an ERP product written mostly in forms (904) and are trying to implement are largest customer there performance issue so we need the load balancing to work. Will also accept other recommendation as cost effective as solutions.
Site 1:
A: SERVER
Host as1.xyzco.local
Version 10.1.2.0.2
Installation Type Identity Management and Metadata Repository
Oracle Home E:\oracle\inf_1012
Farm as1db.xyzco.net
o HTTP_Server
o Internet Directory
o OC4J_SECURITY
o Single Sign-On:orasso
o Management
B SERVER
Host as2. xyzco.local
Version 9.0.4.0.2
Installation Type Business Intelligence and Forms
Oracle Home E:\oracle\mid_904
Farm as2db. xyzco.net
o Discoverer
o Forms
o home
o HTTP_Server
o OC4J_BI_Forms
o Reports Server
o Web Cache
o Management
C SERVER
Host as3. xyzco.local
Version 9.0.4.0.2
Installation Type Business Intelligence and Forms Discoverer and Reports
Oracle Home E:\oracle\mid_904
Farm as2db. xyzco.net
o Discoverer
o Forms
o home
o HTTP_Server
o OC4J_BI_Forms
o Reports Server
o Web Cache
o Management
All servers Are:
Windows 2003 Standard Server with current service packs
Xeon Dual Processor with 4GB ram
Raid 0 drives 2 for OS and 2 for Oracle
Daniel Brody
[email protected] -
i have two Solaris servers running 9iAS R2 OC4j.
current patch level is 9.0.2.3
i'm trying to load balance the instances according
to the instructions in this document:
Oracle9i Application Server: mod_oc4j Technical Overview
all i should need to do is run the command:
dcmctl addOPMNLink <IP>:<PORT>
but when i do this i get this error:
ADMN-906026
i could not find any info on this error with searches of:
Google, Google Groups, Oracle MetaLink, Oracle OTN.
ideas? suggestions? anything?
thanks,
.richRich -- if you have installed the Oracle9iAS instances and associated them with the infrastructure, then you don't need to perform the manual clustering operations which are contained in the doc you reference.
By associating with the infrastructure (as the error message indicates you have done), the components should all be associated with one another and you'll be working in what we call a managed cluster mode.
If you do have the instances associated with the infrastructure, then what you need to do is use the management console (or dcmctl) to create a cluster and then add the two instances to the cluster. This will then mean that the same applications get deployed to the two instances, and will add an Oc4jMount point to OHS that will allow the incoming requests to be dispatched to the two backend instances.
There should be a guide on OTN (HA Guide, Concepts Guide) which explains the concepts behind these terms if you need.
Here's the dcmctl commands to create a cluster then add the instances to the cluster (this is from my 904 instance, I don't have a 902 instance installed)
[oracle@peterman ~]$ dcmctl -help createcluster
createCluster
Creates a managed Oracle Application Server cluster.
Note
Oracle recommends that Oracle Application Server Clusters using a file based repository contain four (4) or less than four instances.
Type
Configuration Management
Syntax
createCluster -cl cluster_name
Description
A managed cluster is created.
Notes for using createCluster:
You must issue this command in the Oracle home of an instance that
belongs to a farm (that is, is associated with a metadata repository).
The cluster will be created in that farm.
The cluster has no members when created. You can add members using
joinCluster.
You can create an unlimited number of clusters.
Example
dcmctl createCluster -cl cluster1
[oracle@peterman ~]$ dcmctl -help joincluster
joinCluster
Adds an Oracle Application Server instance to the named managed cluster.
Notes for using Oracle Application Server clusters:
Oracle Application Server supports heterogeneous instances as part of the same farm. For example, an instance running on Solaris Operating System, an instance running on a Linux system, and an instance running on an HP-UX system can reside in the same farm.
Oracle Application Server instances that you want to be part of a cluster must be installed on identical operating systems
Oracle recommends that Oracle Application Server Clusters using a file based repository contain four (4) or less than four instances.
If you are using Oracle Enterprise Manager Application Server Control, then, after issuing the dcmctl joinCluster command, you must stop and then start Oracle Enterprise Manager Application Server Control using the commands:
%emctl stop iasconsole
%emctl start iasconsole
Type
Configuration Management
Syntax
joinCluster -cl cluster_name [-i instance_name]
Description
Adds an application server instance to the managed Oracle Application Server cluster specified with the -cl option. By default, this command uses the local instance. You can specify a different instance with the -i option. The instance must be a member of the same farm as the
cluster. There is no limit to the number of instances you can add to a cluster. An instance is stopped after being added to a cluster, so you must manually start it.
Example
To add the local application server instance to cluster1 and restart
it:
dcmctl joinCluster -cl cluster1
dcmctl start
To add instance1 to cluster1 and restart it:
dcmctl joinCluster -cl cluster1 -i instance1
dcmctl start -i instance1
cheers
-steve- -
Error while load balancing two servers
i have two Solaris servers running 9iAS R2 OC4j.
current patch level is 9.0.2.3
i'm trying to load balance the instances according
to the instructions in this document:
Oracle9i Application Server: mod_oc4j Technical Overview
all i should need to do is run the command:
dcmctl addOPMNLink <IP>:<PORT>
but when i do this i get this error:
ADMN-906026
i could not find any info on this error with searches of:
Google, Google Groups, Oracle MetaLink, Oracle OTN.
ideas? suggestions? anything?
thanks,
.richi just tried running a "dcmctl getError", and got this:
ADMN-906026
This Oracle9iAS instance is currently using a database repository to store configuration information. The OPMN link functionality is not supported when a database repository is being used. An Oracle9iAS cluster should be created to associate Oracle9iAS instances when using a repository.
the two OC4J instances in question are associated with an Infrastructure instance on their respective servers. do i need to de-couple the OC4J instances? or create a "cluster of one" instance?
.rich -
Load Balancing Forms Services with an effective healthcheck
I am in the process of configuring two forms 11.1.2 servers running with weblogic 10.3.5 with multiple forms applications clustered across both physical servers. We are looking to load balance to the various forms applications using a hardware load balancer. Can anyone comment on their experience with setting up effective application healthchecks using either hardware or software load balancers?
For example say that we have 3 applications clustered across 2 servers with the following
URLs:
http://server01:7777/forms/frmservlet?config=myapp1
http://server01:7777/forms/frmservlet?config=myapp2
http://server01:7777/forms/frmservlet?config=myapp3
http://server02:7777/forms/frmservlet?config=myapp1
http://server02:7777/forms/frmservlet?config=myapp2
http://server02:7777/forms/frmservlet?config=myapp3
We would need a checking mechanism on the load balancer that could tell if myapp2 was down on say server01 and therefore block traffic to that application yet keep traffic open for the other 2 apps on the same server.
A specific difficulty with forms is that when the database behind the application is down forms services will return an error message within a displayed error form. From the load balancer's point of view the forms services are "up". We need to find a way of detecting that the application is actually available and not just that the forms services themselves are available. To detect that the forms services are available we might normally use the status check:
http://server01:7777/forms/frmservlet?ifcmd=status
however this will only tell use the availability of the forms services on a physical server and not whether any actual applications are available.
I am aware that f5 do a BIGIP offering that includes some Oracle Forms specific components. Can anyone comment on how they have setup Oracle Forms healthchecks using various load balancing methods. In particular if a load balancer is limited to using WGET commands to check HTTP returned content is there a way of checking a forms application's availability and if not how have other people achieved an effective healthcheck?
Many thanks,
PhilippeDid you ever Get this to work?
I am having some problems trying to load balance with Oracle Forms, Discover and reports Oracle Application Server Release 10g (9.0.4.0.2) and I was wondering if you could help. Has any one ever got this to work consistently? We are an ERP product written mostly in forms (904) and are trying to implement are largest customer there performance issue so we need the load balancing to work. Will also accept other recommendation as cost effective as solutions.
Site 1:
A: SERVER
Host as1.xyzco.local
Version 10.1.2.0.2
Installation Type Identity Management and Metadata Repository
Oracle Home E:\oracle\inf_1012
Farm as1db.xyzco.net
o HTTP_Server
o Internet Directory
o OC4J_SECURITY
o Single Sign-On:orasso
o Management
B SERVER
Host as2. xyzco.local
Version 9.0.4.0.2
Installation Type Business Intelligence and Forms
Oracle Home E:\oracle\mid_904
Farm as2db. xyzco.net
o Discoverer
o Forms
o home
o HTTP_Server
o OC4J_BI_Forms
o Reports Server
o Web Cache
o Management
C SERVER
Host as3. xyzco.local
Version 9.0.4.0.2
Installation Type Business Intelligence and Forms Discoverer and Reports
Oracle Home E:\oracle\mid_904
Farm as2db. xyzco.net
o Discoverer
o Forms
o home
o HTTP_Server
o OC4J_BI_Forms
o Reports Server
o Web Cache
o Management
All servers Are:
Windows 2003 Standard Server with current service packs
Xeon Dual Processor with 4GB ram
Raid 0 drives 2 for OS and 2 for Oracle
Daniel Brody
[email protected] -
Hi
Load balancing to be achieved on two LDAP Servers.
In CSS, round robin configuration is carried out between the LDAP Servers.
My query is when the client initiates the tcp connection to CSS VIP Address and which in turn redirected the request to server A termed as LDAP binding. During that and any activities like LDAP modify comunication from the client will the CSS sees that as different request and redirect it to the Server B( as Round robin configuration carried out) ?
Any help on this higly appreciated.
Thanks & regards
R.Sundara RajanIf I am reading your question correctly, it sounds like you are asking if, once a TCP session is established to the VIP, if subsequent LDAP transactions from that connecting client will be load balanced.
The answer is no, once the TCP session is established, you will continue to use the same backend server until the TCP session ends(fin or rst or whatever).
Simply described in a healthy system, from TCP SYN to FIN everything will be directed to the same server. -
External Load Balancing OAM11g Servers
With OAM 11g, DB 11.2.0.1, RHEL5.6, and WLS 10.3.5... we have clustered the managed servers and all that displays, starts, stops as expected -- hosts are H1 and H2. We also have an external load balancer (haproxy). By "external", I mean that the host (PRHost) where the protected resource (PR) resides is outside the LB and all of the OAM infrastructure is inside the LB. We actually have 2 layers of LB because we are also trying to create a disaster recovery site, but for now we'll concentrate on the just the webgate and the LB.
We have installed WLS 10.3.5, OHS 11.1.1.2, and have deployed a PR on the PRHost. We then installed the 11g webgate on PRHost and instantiated the webgate within the OAM Server on H1 and moved the artifacts to the PRHost.
The question is fairly simple -- at least from my perspective -- the webgate gets its connection information from the ObAccessClient.xml artifact created when the webgate was added to the OAM Server. The only connection the webgate understands is the listing of the primary/secondary OAM Servers within that artifact.
QUESTION:+ When we access the protected resource, how will it know to go through the external LB if the only connection information it has is the OAM Server? We realize that there is LB information within the OAM Server setup, but this means that in order to determine where the LB is, we need to first access the OAM Server setup. We require the PR to first go through the LB to find an available OAM server, but there appears to be nothing on the PR webgate to inform it how to find the LB.Luis,
you need the command 'portmap disable' available in 5.01 and 5.03
gilles. -
How to load-balance LotusNotes "Sametime" with CSS11500
I have 2 redundant CSS since a while, working fine. Recently I wanted to add load-balancing for the Chat service of LotusNotes Sametime. The problem is that the chat conversations are disconeected some how. On a first configuration, I didn't configure sticky mode on this content. Since then I added sticky mode "srcip" and a long sticky timeout (600 mn or 10 h.). But th eproblem is still the same. Can someone help ? Thank you. note : you'll find attached the configuration for the chat content.
Hi,
The CSS 11500 uses the ArrowPoint Content Aware (ACA) service to gather response time data for every flow for building statistical averages/variances for every service and content rule. The best servers are used, while the slow servers are pruned from the eligible list. This service also can manage persistent connections for e-commerce based on IP addresses (range), Secure Socket Layer (SSL) application IDs, and cookies.
As you are having only 2 servers for load-balance.
As your keepalive time is 30 sec which is quite high.
I suppose you should change your keepalive frequency 30 to
keepalive frequency 5
try this
as
using the default values of a 5-second keepalive frequency interval, a 5-second retry period interval, and maximum of three failures, a service can transition from the alive state to the dead state in 15 seconds; a 5-second interval between a keepalive response and the initial keepalive failure based on the keepalive frequency, and two failures, each occurring at 5-second intervals based on the retry period. -
Client Load balancing in AS with RAC
Friends,
1. Is an application servers cluster supports client load balancing.
If not....
2. if RAC is configured with appplication servers:
client -> appl sever -> rac_node -> shared database
is there a possibility to configure CLIENT load balancing with the aid of any of the above
components (or smth else that i missed) i.e. avoid using hardware client load balancing
or third party software client load balancing???
Thanks much for help.Hi, I have the same question.
I am using RAC (11.1.0.7) and would like to load balance two application servers in the same way, for apache, forms and reports using 10.2.0.4 iAS FAR.
If I could load balance the apache connection, I'm sure it would be simple from there, again, I only have software load balancing available.
Could you point me to a doco?
Thank you very much.
Maybe you are looking for
-
Windows 7 Compatability with Labview 8.0 and missing files while interfacing the FPGA with LV
I am trying to use an FPGA (PCI-7830R) with Labview 8.0. The computer has Windows 7 OS. I installed LV 8.0 in the proper order with the FPGA Module and labview is able to see the FPGA when I open a .lvproj (the FPGA is in the tree) however there is a
-
I am using a MacBook Pro. I simply cannot find a way to attach images adjusted in Lightroom as attachments and/or without massive degradation in quality. I follow the LR attach email process as specified by LR, the photos appear in the email seemin
-
Hi my name is Ike Wiggins. I'm exploring loading the BI Publisher API's as jar file. The end result is that my TestConfiguration class is still invalid.......It's driving me nuckin futs :-). If anyone has any idea's or suggestions or would like me to
-
Java plugin crashing Safari 4.0.3
When I try opening a webpage with and applet in it, Safari freezes, and if I try to stop it or open a new webpage it crashes. I have tried everything suggested in other threads and nothing has worked so far. I disabled all plugins in Safari preferenc
-
Hi Is anybody familiar with this error, We get this error in production environment when the the dimensional mapping is getting executed. We are using OWB 9.2 and Database 9.2.0.5. I thought it was database issue, but I was curious to see something r