Load-balancing vs Load-sharing (L2/L3)

Similar Messages

• Discussion on load-balance and load-sharing

  Hi, I found a article, which discuss the difference between load-balance and load-sharing. I think the explanation is pretty good, please see below. But I still have a question: how can we decide to choose one the both balance in the production environment ?  Thank you
  "In short, load balancing tries to distribute traffic evenly over multiple paths, whereas, load sharing intends to do it (for the lack of a better term) equally.  True load balancing is difficult to achieve.  For example, let's say there were two links (100 mbps and 300 mpbs) and a router needed to send out 600 mbps of traffic.  Load balancing would distribute the traffic evenly, sending 300 mbps on each link.  On the contrary, load sharing would divide the traffic equally based on the available resources, sending 200 mbps on the slower link and 400 mbps on the faster one. "

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  That's not how Cisco uses the terms, and generically they are often used almost interchangeably.
  Cisco uses load balancing as the catch all for how a single L3 device routes across multiple paths to the same destination.  Equal metrics or equal actual load distribution are not required.  Most often, load balancing will be discussed with ECMP, but unequal path loading balancing will include Cisco's proprietary IGPs, such as EIGRP.
  Cisco uses load sharing when using multiple paths when a single L3 devices doesn't normally route across multiple paths or multiple L3 devices are involved.  Cisco load sharing discussions usually revolve around BGP.
  Generically, I would say load balancing has more of a dynamic aspect to it, i.e. something is trying to actively balance traffic across multiple paths, while load sharing might mean multiple paths are utilized but not actively dynamically balanced.
  I'm unsure what's your question with a production environment.

• Network Load Balancing for AFP Sharing

  Dear all,
  Anyone can kindly teach me how can I configure network load balancing with 2 xserve?
  Currently I success to bond 6 ethernet port with a virtual IP in a single machine and I have a link aggregation setup in my switch. It works fine.
  How to configure 2 xserve with 6 ethernet port per each to have a single virtual IP?
  my switch do not support link aggregation with a virtual IP to do the load balancing so I just can consider to do it in software level.
  Anyone know whether OS Leopard/Snow Leopard can do it? Or any suggestion for 3rd party software can perform this?
  Thanks expert!
  Karl

  It sounds like you need a load balancer. There's nothing built-in to Mac OS X Server that's going to support one virtual IP address shared across multiple physical servers.
  Your problem, though, is likely to be one of throughput - I don't know any cheap load balancers that will sustain that kind of throughput, so you may be looking at some serious $$$$s.
  There are some software-based load balancers that might be able to handle the load balancing side of things but many of them are designed around HTTP so might not work so well for other protocols.
  In addition, the software load balancer is going to suffer the same bottleneck as your AFP server, but doubly so - two servers with 6 x 1gbps links each you have a theoretical limit of 12gbps.
  To run that through a load balancer, the load balancer will need double that - 12gbps for the client-side, plus 12gbps for the server side. In reality you're probably looking at needing 10gbps interfaces and switches if you're really pulling that much bandwidth.

• Load balancing and session sharing

  Hi,
  in my company we have the following situation:
  We have 2 instances of the same web application on differend servers.
  An external load balancer (Alteon) routes the requests to these instances.
  The problem:
  If one instance is shutting down, all the sessions of this app are gone. These users has to login again.
  The question:
  Is it possible to avoid this?
  Is is possible to keep these session, so the users don't have to login again?
  Maybe with a kind of session sharing between these 2 instances?
  using:
  oc4j standalone - 10.1.3.1
  OS: Windows
  thank you
  Marcus

  The solution:
  Multicast IP replication is the default replication protocol used in a standalone OC4J installation
  see: http://download.oracle.com/docs/cd/B32110_01/web.1013/b28950/cluster.htm#BABBHGHJ
  -> Configuring Multicast Replication

• Load Balancing not load balancing!

  Hi,
  We have inherited a 6.3 2005 Q1 installation of Access Manager that has the following problem.
  All logons appear to be load balanced correctly however all Policy Agent requests are expressing a preference for one or other node at a time.
  For example, during the last 4 days all PA traffic has been hitting Srv01. This leads to an 80/20 balance. This morning on Srv01 an error in the amSession logs appeared on Srv01, "SessionRequestHandler NullPointerException" and from this point on Srv02 started to take the Policy Agent requests. So now the traffic is still 80/20 but wth Srv02 handling the 'lion's share'.
  Can anyone point me to documentation that describes in detail how Load Balancing working in the products?
  Thanks,
  EddieT

  Hi,
  Sorry I should have been more specific. The error we are seeing has been reported before but no resolution posted.
  Thanks.
  29/05/2009 08:57:05:119 AM IST: Thread[service-j2ee,11,main]
  ERROR: SessionRequestHandler encounterd exception
  com.iplanet.sso.SSOException: Session was not obtained.
  at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:177)
  at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:305)
  at com.sun.identity.session.util.RestrictedTokenContext.unmarshal(RestrictedTokenContext.java:125)
  at com.iplanet.dpro.session.service.SessionRequestHandler.processRequest(SessionRequestHandler.java:139)
  at com.iplanet.dpro.session.service.SessionRequestHandler.process(SessionRequestHandler.java:112)
  at com.iplanet.services.comm.server.PLLRequestServlet.handleRequest(PLLRequestServlet.java:195)
  at com.iplanet.services.comm.server.PLLRequestServlet.doPost(PLLRequestServlet.java:147)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:767)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
  at sun.reflect.GeneratedMethodAccessor203.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
  at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
  at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257)
  at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
  at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
  at java.security.AccessController.doPrivileged(Native Method)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
  at com.sun.enterprise.web.connector.httpservice.HttpServiceProcessor.process(HttpServiceProcessor.java:234)
  at com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2124)

• Load Balancing vs Load Distributed

  Hi,
  What is difference of these?

  Hi,
  It seems that you have posted this question in the forum before:
  https://social.technet.microsoft.com/Forums/en-US/4db5f816-880e-4f0c-b361-2f245e080014/nlb-vs-load-distributed?forum=winserverClustering
  "From the load distribution definition in Exchange service, the load distribution is in distributing the load evenly when all servers are available. However, when one or more servers are unavailable, the load distribution may become uneven among
  the remaining servers, especially if your organization is distributed across multiple Active Directory sites.
  Network Load Balancing (NLB) is one of the load distribution technologies. Network Load Balancing has many advantages over other load balancing solutions that can introduce single points of failure or performance bottlenecks. Because there are no special
  hardware requirements for Network Load Balancing, you can use any industry standard compatible computer in a Network Load Balancing cluster.
  What Is Network Load Balancing
  http://technet.microsoft.com/en-us/library/cc779570(v=WS.10).aspx"
  Since you had marked the reply above as an answer, do you have any other details you want to know? In addition, if the answer above is not helpful, I would appreciate it if you can explain the meaning of "Load Distributed".
  Best regards,
  Susie

• Load balancing using multiple default routes

  Hi Guys,
  I just want to ask does creating multiple default routes on my router provides load-balancing on my WAN side? As far as i know, for example if I have two default routes on my router and let say I have two users connecting to the internet, the first one might go to the first WAN link while the second user might go to the second WAN link.
  Thank you so much
  Rex

  there are the difference between, load balancing and load sharing..which we need to understand.
  load sharing means you have 2 users, user A and User B, user A wants to use ISP1 and user B wants to use ISP2. this is called load sharing. and can be achieved via PBR (Policy based routing).
  we should not try to use load balancing for Internet traffic with 2 different ISPs.

• OSB jms clustering - load balancing seems to be not working

  Hi All,
  I have one admin server and two managed servers running ( one of these managed server is running in the remote linux machine) in a cluster
  I have connectionfactory created with load balance enabled with round robin
  and server affinity is disabled
  I have queue created as uniformly distributed Q
  I have a proxy service with load balancing as roundrobin and endpoint URL as below
  jms://rdoelapp001011:61703,rdoelapp001013:61703/synergyConnectionFactory1/MM_gridQ0
  If I execute this proxy sending messages it always go to one server only. There is no message going to the other server.
  If I shutdown the server that receives messages then the other server is receiving messages. Seems like fail-over is working but not the load-balancing
  There is one point may be worth mentioning here is, from the admin console if I look at the servers for the clusters it has below information
  Name      State      Drop-out Frequency      Remote Groups Discovered      Local Group Leader      Total Groups      Discovered Group Leaders      Groups      Primary      
  synergyOSBServer1     RUNNING     Never     0     synergyOSBServer1     1     synergyOSBServer1     *{synergyOSBServer1}*     0          
  synergyOSBServer2     RUNNING     Never     0     synergyOSBServer1     1     synergyOSBServer1     *{synergyOSBServer1, synergyOSBServer2}* 0
  one server has groups as {synergYOSBServer1} instead of {synergyOSBServer1, synergyOSBServer2}. Does that look correct?
  here is my jms xml file
  <?xml version='1.0' encoding='UTF-8'?>
  <weblogic-jms xmlns="http://xmlns.oracle.com/weblogic/weblogic-jms" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-jms http://xmlns.oracle.com/weblogic/weblogic-jms/1.1/weblogic-jms.xsd">
  *<connection-factory name="synergyConnectionFactory1">*
  *<sub-deployment-name>synergySubDeploy1</sub-deployment-name>*
  *<default-targeting-enabled>false</default-targeting-enabled>*
  *<jndi-name>synergyConnectionFactory1</jndi-name>*
  *<client-params>*
  *<client-id-policy>Restricted</client-id-policy>*
  *<subscription-sharing-policy>Exclusive</subscription-sharing-policy>*
  *<messages-maximum>10</messages-maximum>*
  *</client-params>*
  *<transaction-params>*
  *<xa-connection-factory-enabled>false</xa-connection-factory-enabled>*
  *</transaction-params>*
  *<load-balancing-params>*
  *<load-balancing-enabled>true</load-balancing-enabled>*
  *<server-affinity-enabled>false</server-affinity-enabled>*
  *</load-balancing-params>*
  *<security-params>*
  *<attach-jmsx-user-id>false</attach-jmsx-user-id>*
  *</security-params>*
  *</connection-factory>*
  <uniform-distributed-queue name="errorQ">
  <sub-deployment-name>synergySubDeploy1</sub-deployment-name>
  <default-targeting-enabled>false</default-targeting-enabled>
  <jndi-name>errorQ</jndi-name>
  <load-balancing-policy>Round-Robin</load-balancing-policy>
  <forward-delay>-1</forward-delay>
  <reset-delivery-count-on-forward>true</reset-delivery-count-on-forward>
  </uniform-distributed-queue>
  <uniform-distributed-queue name="undlvQ">
  <sub-deployment-name>synergySubDeploy1</sub-deployment-name>
  <default-targeting-enabled>false</default-targeting-enabled>
  <jndi-name>undlvQ</jndi-name>
  <load-balancing-policy>Round-Robin</load-balancing-policy>
  <forward-delay>-1</forward-delay>
  <reset-delivery-count-on-forward>true</reset-delivery-count-on-forward>
  </uniform-distributed-queue>
  *<uniform-distributed-queue name="MM_gridQ0">*
  *<sub-deployment-name>synergySubDeploy1</sub-deployment-name>*
  *<default-targeting-enabled>false</default-targeting-enabled>*
  *<jndi-name>MM_gridQ0</jndi-name>*
  *<load-balancing-policy>Round-Robin</load-balancing-policy>*
  *<forward-delay>5</forward-delay>*
  *<reset-delivery-count-on-forward>true</reset-delivery-count-on-forward>*
  *</uniform-distributed-queue>*
  <saf-imported-destinations name="synergySAFImportedDest1">
  <sub-deployment-name>synergySubDeploy1</sub-deployment-name>
  <default-targeting-enabled>false</default-targeting-enabled>
  <saf-queue name="gridQ0">
  <remote-jndi-name>MB_gridQ0</remote-jndi-name>
  <local-jndi-name>gridQ0</local-jndi-name>
  <non-persistent-qos>At-Least-Once</non-persistent-qos>
  <time-to-live-default>0</time-to-live-default>
  <use-saf-time-to-live-default>false</use-saf-time-to-live-default>
  <unit-of-order-routing>Hash</unit-of-order-routing>
  </saf-queue>
  <jndi-prefix>MB_</jndi-prefix>
  <saf-remote-context>synergySAFContext1</saf-remote-context>
  <saf-error-handling>synergySAFErrorHndlr1</saf-error-handling>
  <time-to-live-default>0</time-to-live-default>
  <use-saf-time-to-live-default>false</use-saf-time-to-live-default>
  <unit-of-order-routing>Hash</unit-of-order-routing>
  </saf-imported-destinations>
  <saf-remote-context name="synergySAFContext1">
  <saf-login-context>
  <loginURL>t3://rdoelapp001013:7001</loginURL>
  <username>weblogic</username>
  <password-encrypted>{AES}z9VY/K4M7ItAr2Vedvhx+j9htR/HkbY2LRh1ED+Cz5Y=</password-encrypted>
  </saf-login-context>
  <compression-threshold>2147483647</compression-threshold>
  </saf-remote-context>
  <saf-error-handling name="synergySAFErrorHndlr1">
  <policy>Log</policy>
  <log-format xsi:nil="true"></log-format>
  <saf-error-destination xsi:nil="true"></saf-error-destination>
  </saf-error-handling>
  </weblogic-jms>
  Any help will be greatly appriciated
  Edited by: 818591 on Feb 16, 2011 11:28 AM

  I am not getting you here "the right approach is to make OSB run on the man server cluster and not on admin server. "
  I have a jms proxy service that I created from admin console
  And also I have gone thru the step 5 in the link below
  http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/deploy/config.html#wp1524235
  If I am not wrong, the proxy service endpoint URI determines where it is pointing to. If it is a cluster environment, it should point to a clustered address
  My proxy has below endpoint URI
  jms://rdoelapp001011:61703,rdoelapp001013:61703/synergyConnectionFactory1/MM_gridQ0
  and rdoelapp001011:61703,rdoelapp001013:61703 is my cluster address
  As per your suggestion "To fix your problem, *make osb to run on the cluster* and specify the same URL for the jms proxy service"
  Could you please provide some instruction how would I "make osb jms proxy service to run in a cluster"
  As a note, I have Q defined as a distributed Q and connection factory targets to the cluster. UDQ also targtes to the cluster.
  Just for a testing I have created another manged server running local to the machine where my admin server is running
  And I created a proxy by following steps as I mentioned above and with endpoint URI as below
  jms://rdoelapp001011:61703,rdoelapp001013:61703,*rdoelapp001011:61700*/synergyConnectionFactory1/MM_gridQ0
  where the new address of my cluster is rdoelapp001011:61703,rdoelapp001013:61703,rdoelapp001011:61700
  It did create consumers in both the managed servers in the cluster that are running locally, but no consumers in the remote managed server.
  So I am kind of leaning towards thinking that there is some incorrect setup for the remote managed server and may be admin server is not able to communicate to the remote server for some reason but not sure about it..
  As a note the cluster is setup to communicate using "unicast" channel
  and I created a channel in each manged server with the same name
  here is the cluster configuration
  <name>synergyCluster1</name>
  <cluster-address>rdoelapp001011:61703,rdoelapp001013:61703,rdoelapp001011:61700</cluster-address>
  <default-load-algorithm>round-robin</default-load-algorithm>
  *<cluster-messaging-mode>unicast</cluster-messaging-mode>*
  *<cluster-broadcast-channel>synergyChannel1</cluster-broadcast-channel>*
  *<number-of-servers-in-cluster-address>3</number-of-servers-in-cluster-address>*
  </cluster>
  here are the twoOSBserver configuration
  <server>
  <name>synergyOSBServer1</name>
  <machine xsi:nil="true"></machine>
  <listen-port>61703</listen-port>
  <cluster>synergyCluster1</cluster>
  <web-server>
  <web-server-log>
  <number-of-files-limited>false</number-of-files-limited>
  </web-server-log>
  </web-server>
  <server-debug>
  <debug-scope>
  <name>weblogic.jms.saf</name>
  <enabled>true</enabled>
  </debug-scope>
  <debug-jmssaf>true</debug-jmssaf>
  <debug-saf-sending-agent>true</debug-saf-sending-agent>
  </server-debug>
  <listen-address>localhost</listen-address>
  <network-access-point>
  *<name>synergyChannel1</name>*
  *<protocol>cluster-broadcast</protocol>*
  *<listen-address>localhost</listen-address>*
  *<listen-port>61702</listen-port>*
  <http-enabled-for-this-protocol>true</http-enabled-for-this-protocol>
  <tunneling-enabled>false</tunneling-enabled>
  *<outbound-enabled>true</outbound-enabled>*
  *<enabled>true</enabled>*
  <two-way-ssl-enabled>false</two-way-ssl-enabled>
  <client-certificate-enforced>false</client-certificate-enforced>
  </network-access-point>
  <jta-migratable-target>
  <user-preferred-server>synergyOSBServer1</user-preferred-server>
  <cluster>synergyCluster1</cluster>
  </jta-migratable-target>
  </server>
  <server>
  <name>synergyOSBServer2</name>
  <ssl>
  <enabled>false</enabled>
  </ssl>
  <machine xsi:nil="true"></machine>
  <listen-port>61703</listen-port>
  <listen-port-enabled>true</listen-port-enabled>
  <cluster>synergyCluster1</cluster>
  <web-server>
  <web-server-log>
  <number-of-files-limited>false</number-of-files-limited>
  </web-server-log>
  </web-server>
  <listen-address>rdoelapp001013</listen-address>
  <network-access-point>
  *<name>synergyChannel1</name>*
  *<protocol>cluster-broadcast</protocol>*
  *<listen-address>rdoelapp001013</listen-address>*
  *<listen-port>61702</listen-port>*
  <http-enabled-for-this-protocol>true</http-enabled-for-this-protocol>
  <tunneling-enabled>false</tunneling-enabled>
  *<outbound-enabled>true</outbound-enabled>*
  *<enabled>true</enabled>*
  <two-way-ssl-enabled>false</two-way-ssl-enabled>
  <client-certificate-enforced>false</client-certificate-enforced>
  </network-access-point>
  <java-compiler>javac</java-compiler>
  <jta-migratable-target>
  <user-preferred-server>synergyOSBServer2</user-preferred-server>
  <cluster>synergyCluster1</cluster>
  </jta-migratable-target>
  <client-cert-proxy-enabled>false</client-cert-proxy-enabled>
  </server>
  <server>
  Edited by: 818591 on Feb 18, 2011 11:26 AM

• Network Load Balancing setup giving RPC errors

  I am attempting to set up Windows NLB on a pair of 2012 R2 Web servers, and cannot get it to work.Environment: Two non-domain IIS web servers with 2 NICs each, one NIC for management and on NIC for NLB. Not assigning dedicated IP to NLB NIC, only Cluster IP. Will manage through other NIC, which will not be part of NLB. All servers below can Ping each other fine. They can RPCPing each other fine. They are all on the same IP Subnet. All servers can RDP to each other fine.
  Scenario 1: 1st Web server. Using NLB Manager to Create New Cluster on itself. Works fine. Try to add second host, and it can't connect to other Web server through NLB Manager.Scenario 2: 2nd Web server. Same as above.Scenario 3: Installed NLB Manager on a third server. Try to Create a New Cluster on one of the remote Web cluster servers. Can't connect to either of the...
  This topic first appeared in the Spiceworks Community

  It sounds like you need a load balancer. There's nothing built-in to Mac OS X Server that's going to support one virtual IP address shared across multiple physical servers.
  Your problem, though, is likely to be one of throughput - I don't know any cheap load balancers that will sustain that kind of throughput, so you may be looking at some serious $$$$s.
  There are some software-based load balancers that might be able to handle the load balancing side of things but many of them are designed around HTTP so might not work so well for other protocols.
  In addition, the software load balancer is going to suffer the same bottleneck as your AFP server, but doubly so - two servers with 6 x 1gbps links each you have a theoretical limit of 12gbps.
  To run that through a load balancer, the load balancer will need double that - 12gbps for the client-side, plus 12gbps for the server side. In reality you're probably looking at needing 10gbps interfaces and switches if you're really pulling that much bandwidth.

• ASR1k default routes load-balancing.

  Hi cisco community team,
  I would like to balance outgoing traffic forwarding to the standalone NAT servers.
  Does anyone try to balance by default routes with the same metric on ASR1k?
  For example:
  0.0.0.0 0.0.0.0 x.x.x.x
  0.0.0.0 0.0.0.0 y.y.y.y
  0.0.0.0 0.0.0.0 z.z.z.z
  Regards,
  Konstantin

  there are the difference between, load balancing and load sharing..which we need to understand.
  load sharing means you have 2 users, user A and User B, user A wants to use ISP1 and user B wants to use ISP2. this is called load sharing. and can be achieved via PBR (Policy based routing).
  we should not try to use load balancing for Internet traffic with 2 different ISPs.

• Load balance and Back up

  Hi,
  We have configured load balancing for a serial link in OSPF. We are using one PRI channel for that. Is is possible to configure a back up for this serial link from PRI channel. ( using unused channel from PRI ).
  we have used follwoing commad in serial link configuration.
  backup load 60 40 ( for load balancing )
  backup interface dialer 100 ( one of the PRI channel for load balancing ).
  can i asign one channel from PRI as a backup if this serial line fails. Or if serial line fails load balance channel will trigger and act as a backup ? Can i configure both load balance as well as backup , if leased serial line fails.
  Thanks in advance
  Bapat

  Bapat
  When you configure load balancing (or load sharing) you automatically get backup. With load balancing there will be two separate paths to the destination in the routing table. If one of the paths fails and is withdrawn from the routing table then all traffic will be sent on the remaining path.
  The configuration that you have posted here is defining a channel of the PRI as backup (with the backup interface command) and by using the backup load command you have also indicated that if the primary link gets over a configured load threshold that the PRI should activate and share the load.
  So this gives you both backup and load share.
  HTH
  Rick

• Problem with WLIOTimeoutSecs in weblogic and apche  CSS load balancer

  Hi,
  We are using Weblogic 11g, apache 2.2 and CSS load balancer for load balancing.
  we have huge reports which take minutes to generate and hence we need higher value for WLIOTimeoutSecs. This works fine when we use server url but WLIOTimeoutSecs is not working when we use CSS load balancer.
  We checked with our load balancing team they said CSS load balancer will not repost the request.
  Here is the plugin configuration
  <Location /*****>
  SetHandler weblogic-handler
  PathTrim /
  WebLogicHost 'serevrip'
  WebLogicPort 'port'
  WLIOTimeoutSecs 3600
  Idempotent OFF
  WLProxySSL ON
  DefaultFileName /***/***/index.jsp
  Debug On
  WLLogFile /***/***/***/***.log
  </Location>
  Could some please help me on this.
  Thanks in advance
  Regards,
  Venkat

  Hi Tarun,
  The problem occurs when the SSL is enabled on apache. If I access the same URL over HTTP, the parameter WLIOTimeOut works fine.
  Also I observed that, none of the parameters are getting applied to the plugin. I had switched on 'DebugConfigInfo'. With this the HTTP URL with ?__WebLogicBridgeConfig as query parameter returned the complete configuration. However when accessed with HTTPS the server did not return the configuration.
  Is there a specific configuration to be applied when apache is used with SSL?
  Thanks for your help,
  Shashi

• Load Balancing Directory Servers with Access Manager - Simple questions

  Hi.
  We are in the process of configuring 2 Access Manager instances (servers) accessing the same logical LDAP repository (comprising physically of two Directory Servers working together with Multi-Master Replication configured and tested) For doing this, we are following guide number 819-6258.
  The guide uses BigIP load balancer for load balancing the directory servers. However, we intend to use Directory Proxy Server. Since we faced some (unresolved) issues last time that we used DPS, there are some simple questions that I would be very grateful to have answers to:
  1. The guide, in section 3.2.10 (To configure Access Manager 1 with the Directory Server load balancer), talks about making changes at 4 places, and replacing the existing entry (hostname and port) with the load balancer's hostname and port (assuming that the load balancer has already been configured). It says that changes need not be made on Access Manager 2 since the LDAPs are in replication, and hence changes will be replicated at all places. However, the guide also states that changes have to be made in two files, namely AMConfig.properties, and the serverconfig.xml file. But these changes will not be reflected on Access Manager 2, since these files are local on each machine.
  Question 1. Do changes have to be made in AMConfig.properties and serverconfig.xml files on the other machine hosting Access Manager 2?
  Question 2: What is the purpose of putting these values here? Specifically, what is achieved by specifying the Directory server host and port in AMConfig.properties, as well as in serverconfig.xml?
  Question 3. In the HTTP console, there is the option of specifying multiple primary LDAP servers, as well as multiple secondary LDAP servers. What is the purpose of these? Are secondary servers attempted when none of the list in the primary list are accessible? Also, if there are multiple entries in the primary server list, are they accessed in a round robin fashion (hereby providing rudimentary load balancing), or are other servers accessed only when the one mentioned first is not reachable etc.?
  2. Since I do not have a load balancer setup yet, I tried the following deviation to the above, which, according to me, should have worked. If viewed in the HTTP console, LDAP / Membership / MSISDN and Policy configuration all pointed to the DS on host 1. When I changed all these to point to the directory server on host 2 (and made AMConfig.properties and serverconfig.xml on host 1 point to DS of host 2 as well), things should have worked fine, but apparently Access manager 1 could not be started. Error from Webserver:
  [14/Aug/2006:04:30:36] info (13937): WEB0100: Loading web module in virtual server [https-machine_1_FQDN] at [search]
  [14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: Exception in thread "EventService" java.lang.ExceptionInInitializerError
  [14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at com.iplanet.services.ldap.event.EventServicePolling.run(EventServicePolling.java:132)
  [14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at java.lang.Thread.run(Thread.java:595)
  [14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: Caused by: java.lang.InterruptedException
  [14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at com.sun.identity.sm.ServiceManager.<clinit>(ServiceManager.java:74)
  [14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: ... 2 more
  In effect, AM on 1 did not start. On rolling back the changes, things again worked like previously.
  Will be really grateful for any help / insight / experience on dealing with the above.
  Thanks!

  Update to the above, incase anyone is reading:
  We setup a similar setup in Windows, and it worked. Here is a detailed account of what was done:
  1. Host 1: Start installer, install automatically, chose Directory server, Directory Administration server, Directory Proxy server, Web server, Access Manager.
  All installed, and worked fine. (AMConfig.properties, serverconfig.xml, and the info in LDAP service, all pointed to HOST1:389)
  2. Host 2: Start installer, install automatically, chose Directory server, Directory Administration server, Directory Proxy server, Web server, Access Manager.
  All installed, and worked fine. (AMConfig.properties, serverconfig.xml, and the info in LDAP service, all pointed to HOST2:389)
  3. Host 1: Started replication. Set to Master
  4. Host 2: Started replication. Set to Master
  5. Host 1: Setup replication agreement to Host 2
  6. Host 2: Setup replication agreement to Host 1
  7. Initiated the remote replica from Host 1 ----> Host 2
  Note that since default installation uses abc.....xyz as the encryption key, setting this to same was not an issue.
  9. Started webserver for Host 1 and logged into AM as amadmin.
  10. Added Host 2 FQDN in DNS Aliases / Realms
  11. Added http://HOST2_FQDN:80 in the Platform server (instance) list.
  12. Started Host 2 webserver. Logged in AM on Host 2, things worked fine.
  At this stage, note the following:
  a) Host 1:
  AMConfig.properties file has
  com.iplanet.am.directory.host=host1_FQDN
  and
  com.iplanet.am.directory.port=389
  serverconfig.xml has:
  <Server name="Server1" host="host1_FQDN" port="389" type="SIMPLE" />
  b) Host 2:
  AMConfig.properties file has
  com.iplanet.am.directory.host=host2_FQDN
  and
  com.iplanet.am.directory.port=389
  serverconfig.xml has:
  <Server name="Server1" host="host2_FQDN" port="389" type="SIMPLE" />
  c) If one logs into AM, and checks LDAP servers for LDAP / Policy Configuration / Membership etc services, they all contain Host2_FQDN:389 (which makes sense, since replica 2 was initialized from 1)
  Returning back to the configuations:
  13. On Host 1, login into the Admin server console of the Directory server. Navigate to the DPS, and confgure the following:
  a) Network Group
  b) LDAP servers
  c) Load Balancing
  d) Change Group
  e) Action on-bind
  f) Allow all actions (permit modification / deletion etc.).
  g) any other configuations required - Am willing to give detailed steps if someone needs them to help me / themselves! :)
  So now, we have DPS configured and running on Host1:489, and distributing load to DS1 and DS2 on a 50:50 basis.
  14. Now, log into AM on Host 1, and instead of Host1_fqdn:389 (for DS) in the following places, specify Host1_fqdn:489 (for the DPS)--
  LDAP Authentication
  MSISDN server
  Membership Service
  Policy configuation.
  Verified that this propagated to the Policy Configuration service and the LDAP authentication service that are already registered with the default organization.
  15. Log out of AM. Following the documentation, modify directory.host and directory.port in AMConfig.properties to point to Host 1_FQDN and 489 respectively. Make this change in AMConfig.properties of both Host 1 as well as 2.
  16. Edit serverconfig.xml on both hosts, and instead of they pointing to their local directory servers, point both to host1_FQDN:489
  17. When you start the webserver, it will refuse to start. Will spew errors such as:
  [https-host1_FQDN]: Sun ONE Web Server 6.1SP5 B06/23/2005 17:36
  [https-host1_FQDN]: info: CORE3016: daemon is running as super-user
  [https-host1_FQDN]: info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.5.0_04] from [Sun Microsystems Inc.]
  [https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amserver]
  [https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
  [https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [ampassword]
  [https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
  [https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amcommon]
  [https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amconsole]
  [https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
  [https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [search]
  [https-host1_FQDN]: warning: CORE3283: stderr: netscape.ldap.LDAPException: error result (32); matchedDN = dc=sun,dc=com; No such object (DN changed)
  [https-host1_FQDN]: warning: CORE3283: stderr: Got LDAPServiceException code=-1
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getConnection(DSConfigMgr.java:357)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewFailoverConnection(DSConfigMgr.java:314)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewConnection(DSConfigMgr.java:253)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewProxyConnection(DSConfigMgr.java:184)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewProxyConnection(DSConfigMgr.java:194)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.initLdapPool(DataLayer.java:1248)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.(DataLayer.java:190)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.getInstance(DataLayer.java:215)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.getInstance(DataLayer.java:246)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ldap.SMSLdapObject.initialize(SMSLdapObject.java:156)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ldap.SMSLdapObject.(SMSLdapObject.java:124)
  [https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  [https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  [https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
  [https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
  [https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.Class.newInstance0(Class.java:350)
  [https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.Class.newInstance(Class.java:303)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.SMSEntry.(SMSEntry.java:216)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ServiceSchemaManager.(ServiceSchemaManager.java:67)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.am.util.AMClientDetector.getServiceSchemaManager(AMClientDetector.java:219)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.am.util.AMClientDetector.(AMClientDetector.java:94)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.mobile.filter.AMLController.init(AMLController.java:85)
  [https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:262)
  [https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:322)
  [https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:120)
  [https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3271)
  [https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3747)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
  [https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  [https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
  [https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  [https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
  [https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
  [https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
  [https-host1_FQDN]: failure: WebModule[amserver]: WEB2783: Servlet /amserver threw load() exception
  [https-host1_FQDN]: javax.servlet.ServletException: WEB2778: Servlet.init() for servlet LoginLogoutMapping threw exception
  [https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:949)
  [https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
  [https-host1_FQDN]: at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
  [https-host1_FQDN]: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
  [https-host1_FQDN]: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
  [https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  [https-host1_FQDN]: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
  [https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  [https-host1_FQDN]: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
  [https-host1_FQDN]: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
  [https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
  [https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
  [https-host1_FQDN]: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
  [https-host1_FQDN]: ----- Root Cause -----
  [https-host1_FQDN]: java.lang.NullPointerException
  [https-host1_FQDN]: at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
  [https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
  [https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
  [https-host1_FQDN]: at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
  [https-host1_FQDN]: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
  [https-host1_FQDN]: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
  [https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  [https-host1_FQDN]: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
  [https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  [https-host1_FQDN]: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
  [https-host1_FQDN]: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
  [https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
  [https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
  [https-host1_FQDN]: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
  [https-host1_FQDN]:
  [https-host1_FQDN]: info: HTTP3072: [LS ls1] http://host1_FQDN:58080 [i]ready to accept requests
  [https-host1_FQDN]: startup: server started successfully
  Success!
  The server https-host1_FQDN has started up.
  The server infact, didn't start up (nothing even listening on 58080).
  However, if AMConfig.properties is left as it originally was, and only serverconfig.xml files were changed as mentioned above, web servers started fine, and things worked all okay. (Alright, except for some glitches when viewed in /amconsole. If /amserver/console is accessed, all is good. Can this mean that all is still not well? I am not sure).
  So far so good. Now comes the sad part. When the same is done on Solaris 9, things dont work. You continue to get the above error, OR the following error, and the web server will refuse to start:
  Differences in Solaris and Windows are as follows:
  1. Windows hosts have 1 IP and hostname. Solaris hosts have 3 IPs and hostnames (for DS, DPS, and webserver).
  No other difference from an architectural perspective.
  Any help / insight on why the above is not working (and why the hell does the documentation seem so sketchy / insecure / incorrect).
  Thanks a bunch!

• Any concern on persistent search through a load balancer?

  We have access manager 7 installed which make use of persistent search. My understanding is that persistent search required to maintain a connection so that the server can refresh/update the client whenever entry in the result set changed. If we configure the system to connect to ldap through load balancer, will that cause any problem? What will happen if the load balancer refresh connection after a period of time? Or , if the original ldap server failed and the load balancer try load balance the client to another ldap server, will the persistent search still works?
  Also, if the ldap server that the persistent search initially established connection with crashed, will the client get error message and in that case, is it the client's responsibility to re-run/retry the persistent search with other failover ldap server?
  Thanks,

  Your best bet, even when using a hardware load balancer, is to front your DS instances with a pair of load-balanced Directory Proxy Servers. This way, you have physical redundancy at the load balancer level, and intelligent LDAP-aware load balancing at the proxy server level. DPS 6 is very nice in that you can split binds, searches, and updates amongst several backend DS instances, and the connection state is maintained by the proxy, not the DS instance (i.e. if an instance fails, you really shouldn't be forced to rebind, the proxy fails-over to another DS for searching).
  We have our Directory Servers on a pair of Solaris 10 systems, each with a zone for a replicated Master DS, and another zone each for a DPS instance. The DPS instances are configured to round-robin binds/searches/updates/etc. among the DS master zones. This works out very well for us.

• Software load balancer

  Hi,
  os platform= oracle linux
  database = 11g 11.1.0.7
  apps = 12.1.2
  regarding choosing load balancer which load balancer is good for Ebusiness suite instance
  Hardware level or software level
  kibndly advice

  If we want to go with hardware level do we have to do something with Apache loadbalancer or skip that step?Which configuration you are planning to go with? You still need to do configuration changes at the application tier nodes.
  If we choose Hardware level load balancer its configuration has few steps compare to software level ?Going with hardware load balancer still requires many changes and configurations at the application tier nodes as well as the hardware load balancer and I would say the steps are not less comparing to software load balancer.
  what is the major difference between hardware level and software levelI believe this is not answered in any of the docs/links referenced above, so please log a SR to get the correct/proper answer.
  Thanks,
  Hussein