Load balancing with NAT

Similar Messages

• SRP541W WAN Load Balancing and NAT

  Hello All,
  New to the forums. Thanks for taking the time to read my post. I recently switched my office over from a RV042 to SRP541W. We have 2 DSL lines and have used the Load Balance feature on the RV42 to make the best of the connecton speeds. When setting up the SRP541W when i select load balancing it tells me NAT should be disabled. Why is that? I see a place to input static routes but Im not entirly sure what needs to be done here to set this up correctly. Any input would be appriciated. Also right off the bat we had some issues with access to Google Docs and Mail. I think its becuase those sites dont like seeing access from multiple IPs (fromt the Dual WAN) so I set up a entry in Policy Routing directing all traffic from port 443 to go through one WAN, is this the right way to do this?
  Thanks!
  Mike-

  Dear Mike,
  Thank you and welcome to the Small Business Support Community.
  It is possible to configure load balancing with NAT, however in this case, remote internet servers will potentially see sessions from remote hosts behind the SRP541W coming from different source IP addresses (the WAN IP addresses), causing the sessions to be reset unexpectedly.
  The Policy Routing setting you setup is exactly what I would do in your case.
  I hope these answer your question and please do not hesitate to reach me back if there is anything else I may assist you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• ACE 4710 and load balancing with sticky cookie

  Configuring load balancing with SSL termination and stickiness for a couple of citrix xenapp servers.  I'm doing a source-NAT as the ACE resides in the DMZ and these particular servers reside on the inside arm of the firewall.  The ACE is in bridged mode to load balance web servers that reside in the DMZ.  Everything seems to work just fine, but the cookie stickiness does not seem to be working.

  Hi David,
  As you may know, using Wireshark to look at an HTTPS capture is only useful if you've installed the server SSL key.This is why I find it easier to use something like LiveHTTPHeaders or HTTPWatch.
  When using cookie-insert, the ACE will not create any dynamic cookie entries.  It will simply create one static entry for each rserver with a cookie value, such as R3911631338, and any client that gets load balanced to that rserver will receive a cookie with that value.  So what you see there is what is expected.
  You are correct in that when using location cookies that the server supplies, the ACE will create a dynamic entry when it sees the server response with the cookie.   The cookie is included in the server's response, and the ACE will look for the value as configured.  The cookie will also be sent to the client.  If the cookie is not in the server's first response, you will need enable persistence-rebalance so that it will look in subsequent server responses.  If the browser opens new connections with that cookie, then the ACE will stick to the same server.
  My suggestion would be to get sticky working with cookie-insert first.  Then if that meets your needs, go with that permanently.  If you need to use server cookies, then once cookie insert is working, migrate your sticky to cookie location.
  Sean

• CF 10 Load-Balancing with Remote Instances

  I was reading an article on Clustering/LB/HA using CF8, but have not found any updates for CF10.
  Using VM VirtualBox to setup a few virtual servers, I am looking to setup a load balancing of ColdFusion 10 on 2 remote instances. The goal would be have ColdFusion Cluster Manager be able to point http request to one of the two servers based on load/availability. Not really having a hardware cluster/failover setup, just managing resources on two CF instances instead of a standalone.
  The servers are Windows Server 2008 R2 with IIS7.5 and ColdFusion 10 Enterprise on installed on 3 of these machines. Let's call them CF-LBManager, CF-Web1, and CF-Web 2. In the CF Docs, they show the Cluster Manager adding the local CF instance and "if you want" a remote instance. However, this scenario would require the main instance to be running and not fail for it to direct to the other instance.
  I am trying to set this up now with CF-LBManager as just a manager of the requests coming in. In the Enterprise Manager >> Instance Manager, the local instance is shown and I add the two remote instances with the correct Remote Port, JVM Route, etc. I also made sure the <Cluster>...</Cluster> block was added to the two remote instances (CF-Web1 and CF-Web2) \runtime\conf\server.xml file too, Jetty Services also is running. Now under the Enterprise Manager >> Cluster Manager I add the two remote instances to the cluster, not the local instance on CF-LBManager with Multicast Port and Sticky Sessions enabled. On Submit, I get a green message "You must restart all the server instances and any configured webservers for these changes to take effect.". I go ahead and reboot the servers and come back.
  I now browse to the ColdFusion page as a test on CF-Web1 and CF-Web2 to make sure CF is running properly, they do. I then browse the IP of the CF-LBManager, however it only returns the local IIS web site and not redirect to one of the two cluster members. I am not seeing any message on the coldfusion-out.log on the remote instances. Am I not setting this up correctly or not enabling the Cluster Manager to take over and pass along the requests to those in the cluster?

  Unfortunatley I don't have a lot of experience with CF10 on Windows, but if you are running CF behind IIS I think  you will need to update the Tomcat connector configuraiton to do load balancing. I'm not sure if re-running the wsconfig tool on all of the servers will do this or not, but that is what I would suggest trying first. If that doesn't work you will need to update the Tomcat connector configuraiton manually. You can find more information on load balancing with the Tomcat connector here: http://tomcat.apache.org/connectors-doc/generic_howto/loadbalancers.html.

• CSS Load Balancing with Cookies

  We are trying to load balance 2 backend servers hosted on Websphere with advance balance cookies method.
  Restrictions
  ServerA is unable to accept cookies generated from ServerB.
  ServerA and ServerB are generating random cookies
  Unable to modify cookie string with a constant.
  How can we load balance based on cookies considering the above restrictions?
  We have attempted to do hash based load balancing with cookies but the problem we run into is the servers do not accept cookies generated from another server.
  The configuration we tried is written below:
  service ServerA
  ip address 192.168.10.2
  keepalive type tcp
  keepalive port 80
  active
  service ServerB
  ip address 192.168.20.2
  keepalive type tcp
  keepalive port 80
  active
  content ABC
  url "/*"
  add service ServerA
  string prefix "JSESSIONID="
  advanced-balance cookies
  port 80
  add service ServerB
  string skip-length 5
  string process-length 16
  string operation hash-xor
  protocol tcp
  vip address 172.16.32.1
  active
  Can we change the string prefix to JSESSION instead of JSESSIONID= ?
  The only place the app guys can add a constant string to match on is before the = sign.
  Is it possible for CSS to match on a constant string before = sign e.g below:
  service ServerA
  ip address 192.168.10.2
  keepalive type tcp
  keepalive port 80
  string id567=
  active
  service ServerB
  ip address 192.168.20.2
  keepalive type tcp
  keepalive port 80
  string id123=
  active
  content ABC
  url "/*"
  add service ServerA
  string prefix "JSESSION"
  advanced-balance cookies
  port 80
  add service ServerB
  string skip-length 0
  string process-length 6
  protocol tcp
  vip address 172.16.32.1
  active

  It should work.
  There is no reason for it not to work...
  This is the best method you can have on the CSS for stickyness.
  Get a sniffer trace on the client and server with arrowpoint cookie configured on the CSS and capture a failure so we can see what is going on.
  also send me the config so I can verify everything is ok.
  If you have a service request open with the TAC, you can also give the SR # so I can review what has been done.
  Gilles.

• Cache and Load Balancing with Oracle APEX Listener

  Hi,
  I intend to use only HTTP access.
  How to implement a Cache and Load Balancing with the Oracle APEX Listener?
  Is it possible to do with the the standalone running APEX Listener?
  Thanks by advance for any tips/documentation/references.
  Kind Regards.

  Hi,
  I think this question is best asked in the APEX Listener forum:
  ORDS, SODA & JSON in the Database
  Kind regards
  Sandro

• Load balancing with JSP

  Anyone and everyone,
  When configuring load balancing with Weblogic clusters, does load
  balancing take effect for all services or just EJB and RMI? Or another
  way of saying the same thing, can I setup weighted load balancing for
  the JSP engines across 2 weblogic servers.
  Thanks in advance,
  Mike

  The load-balancing documentation you read describing the different algorithms only applies to RMI stubs (e.g., EJB clients). Please see http://www.weblogic.com/docs51/cluster/concepts.html#1026091 for a description of how load-balancing/clustering works with servlets/JSPs.
  The short answer is that in using servlet clustering, most people want/need/use in-memory replication for HttpSession objects. In WLS 5.1 (and before), in-memory replication requires one or more proxy servers be set-up in front of the cluster. Typically, most people use something like BigIP to load-balance
  across the proxy servers and let the weblogic plug-in for the proxy server handle the routing to the cluster. The plug-in uses round-robin until an HttpSession is established for a user, then it always tries to route to the server where the user's session is located.
  Hope this helps,
  Robert
  Brian Lin wrote:
  All,
  I have a quesiton here regarding load balancing with DNS round robin. As of Chapter Adminstration of Clustering Weblogic server, Weblogic can be configured to balance by weight. How about Weblogic handle weight based balancing after DNS round robin ip response? or just can choose one way instead of both?
  What's the big difference between choosing BigIP and software balancing (WL)?
  Brian
  "Wei Guan" <[email protected]> wrote:
  I don't think you can configure this load balancing in weblogic in current
  release. However, if you have Big-IP or LocalDireoctr, you can set up
  weighted load-balancing there. Otherwise, weblogic proxy will use DNS round
  robin to do the load-balancing between JSP engins.
  My 2 cents.
  Cheers - Wei
  Michael Yakimisky <[email protected]> wrote in message
  news:[email protected]...
  Anyone and everyone,
  When configuring load balancing with Weblogic clusters, does load
  balancing take effect for all services or just EJB and RMI? Or another
  way of saying the same thing, can I setup weighted load balancing for
  the JSP engines across 2 weblogic servers.
  Thanks in advance,
  Mike

• Multihomed eBGP load balancing with 3 ISP's

  We currently peer with 2 ISPs using BGP in an active/failover configuration.  My company wants to move to a 3 ISP model where Internet traffic is split across the 3 providers so that bandwidth is equally distributed on outgoing traffic across our 2 /22 ARIN IP ranges.  This is from our 2 edge switches that have VSS.  
  Within my limited knowledge of BGP, I have determined that we could do load sharing pretty easily by adding multiple default routes and breaking up our /22's into /24 and advertising them that way.  However, I don't think this satisfies the request that downtime must be seamless, should one link drop.  
  Currently, our ISP's advertise default routes.  From the research that I've done, we could get close to load balanced links if we receive full BGP routes and community settings and definitions.  I'm nervous about this because it looks really complicated, and I don't want our AS to turn into a transit AS.  I've been told the same can be accomplished with only partial BGP routes and community settings and definitions.  
  Personally, I think we just need a WAN load balancer.  However, given the request, is there a thread out there that can explain this, or can someone discuss this requested scenario a little bit?  
  Thanks!

  Hi there
  First question would be what is the required reconvergence time for the applications using the Internet? Should an outage occur, when do they lose their state? Once you know that, you then have a target to aim for in terms of recovery
  With regards load-balancing, with BGP we are always talking inbound and outbound.
  The outbound solution is relatively simple - each ISP advertises a default route to your Internet edge router(s). Create an eBGP session from each edge router to the core, advertise the default route and redistribute into the IGP. Ensure the IGP cost to each BGP next hop is equal and you have ECMP for outbound routing.
  Inbound influence is usually via MED (not likely in this case given 3 ISPs), adjusting local-pref in the ISP via BGP EXT communities configured your end, or via AS-PATH prepending for longer prefixes from your /22. Prepending would be simplest, but your unlikely to get an exact inbound traffic split, however a relatively even distribution should be sufficient. 

• Load Balancing with BigIP / SSL question

  I have an oddball question. We're load balancing ColdFusion
  MX7 across 3 servers using a BigIP load balancing server. We
  decided to go the hardware approach and it has been great except
  for one small configuration issue.
  We use a mix of SSL and non SSL pages, prior to the switch
  from a single server to a load balanced setup I used to script that
  would determine if a page that was supposed to be SSL had the
  variable CGI.HTTPS turned on or off. If it was off, the page would
  redirect back to itself with the SSL turned on.
  The problem we have is that we followed BigIP's instruction
  to secure the load balancing hardware instead of the three servers
  running behind it. So what happens is that the traffic goes to the
  load balancer port 441, but then the calls from the load balancer
  to the individual servers is port 80. So even if a page is called
  as HTTPS://... the coldfusion server says that CGI.HTTPS is "off"
  since the traffic is port 80.
  This isn't much of a problem, our SSL pages are linked as
  HTTPS:// and the only problem would actually arise if someone was
  to type in the URL and call it as HTTP rather than HTTPS.
  My questions is this, does anyone know of a way that I can
  detect if the page should be HTTPS and is not without changing our
  configuration and putting SSL certificates on each individual
  server?

  Hey,
  Well the load balancing with the BigIP device is really very
  amazing. I think
  what i liked most was swapping out servers when their lease
  was up, through the
  BigIP manager I just stopped all traffic to a server, shut it
  down, plugged in
  the new one and turned traffic back on. It was really very
  easy.
  The SSL stuff still gives me a headache to think about. but
  I should mention I
  no longer work where I was, plus now I'm all .net C# but
  that's a different
  story.
  I think if I was going to do this all again I would not have
  secured the bigIP
  unit. It was nice to buy one SSL cert for all the servers I
  attached rather
  than one per server, but getting the SSL sites to work
  properly was a headache.
  We also use windows file replication where now I would go
  with like a pair of
  Dell MD1000's mirrored for storage and just have tons of ram
  and cpu on the
  front end units. Depends what you want to spend I guess. I
  think the bigIP unit
  we bought was like 20 grand, i think they are cheaper now
  though.
  Hope I helped.

• How does load-balancing with WebCache work - is there still a bottleneck?

  Hello,
  We're migrating an old Forms 6i app to 10.1.2.0.2 (apps servers = Redhat Linux), and are starting to consider using WebCache to loadbalance between two application servers.
  My question is this - say we have apps servers A and B, both running Forms and Reports Services. We use Webcache on server A (don't have the luxury of a third apps server...) to load balance between A and B. So all initial requests come into A, which in some cases may then be diverted to start a new Forms session on B.
  For those users whose middle-tier sessions are now running on B - will all network traffic for their Forms session continue to be routed through Webcache on A, then to B, over the course of the session? Or does Webcache somehow shunt the whole connection to be straight between the client PC and server B, for the duration of that Forms session?
  If the former, does that mean that the server hosting Webcache can still be a significant bottleneck for network traffic? Have people found load-balancing with Webcache to be useful..?
  Thanks in advance,
  James

  Hi gudnyc,
  Thanks for posting on Adobe forums.
  For HDPI you do not have to do any It will adjust automatically.
  http://helpx.adobe.com/photoshop-elements/using/whats-new.html
  Regards,
  Sandeep

• Load Balancing With Round Robin

  Hi,
  I have two iAS instances, each on their own box, and one iWS instance
  running on a third box. I have setup the web connector to use round
  robin and added the server weights. I believe that is all that is to it
  to do simple load balancing with iAS. The problem is is that the
  requests only go to one iAS instance. The server weights are 1 and 1.
  Am I missing something here?
  Thanks

  Could be lots of things.
  The most common misconfiguration is testing an application that is deployed "local". This application option effectively disables load balancing.
  Another common mistake is to either not update the configuration of the webconnector (if the webconnector
  has a seperate configuration LDAP) or to not restart
  the webconnector after the configuration change.
  Hope this helps. There's more things we could try, but I'll hope its one of these two easy things.

• Load balancing with use of router 881.

  Hello,
  I have two MPLS line and i want load balancing with the help of CISCO router 881. is it necessary that i require two router on both location.? if one location have firewall and one location have cisco router 881 then can i do a load balancing or i require two router each on both location ? What are the basic requirement that i need.
  Thanks,
  Kuntal

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  An 881 should be able to load share across multiple ports.  Many routing protocol support ECMP, including BGP, but you need "special" hidden/secret commands to enable.  EIGRP also supports unequal cost load sharing.
  If an 881 supports OER or PfR, those too will do unequal load sharing, dynamically.

• Load balancing with A-Gate

  Hi All,
  I wish to configure my single W-Gate (Linux) to load balance with 2 A-Gate (Window). Can anyone help?
  Regards
  Lauran

  Hello Lauran,
  I'm assuming that you already have the ITS working with one AGate server.  To load balance between two you need to install the ITS AGate again on the second server with the same ITS instance name.  Then on the WGate server you will need to modify the ItsRegistryWgate.xml.  Under the <key name="Instances"> you will find a section already for this ITS instance name, like ITS1.  You will need to copy and paste the Agate1 section and make it Agate2, change the Host name and the PortAGate and PortMManager and then save and restart.  The finished section should look like:
  - <key name="ITS1">
  - <key name="Values">
    <value name="Available" type="text">yes</value>
    <value name="Name" type="text">ITS1</value>
    <value name="DocumentRoot" type="text">c:\its1081</value>
    <value name="ServerName" type="text">Apache2 (virtual host: default:1081)</value>
    <value name="NIReceiveRetryCount" type="text">0</value>
    <value name="NIReceiveTimeout" type="text">0</value>
    <value name="NISendTimeout" type="text">0</value>
    </key>
  - <key name="Agates">
  - <key name="Agate1">
    <value name="Host" type="text">Hostname1</value>
    <value name="PortAGate" type="text">sapavw00_ITS1</value>
    <value name="PortMManager" type="text">sapavwmm_ITS1</value>
    <value name="Type" type="text">1</value>
    <value name="SncNameAGate" type="text" />
    <value name="SncNameWGate" type="text" />
    <value name="MultiProcess" type="text">no</value>
    <value name="Available" type="text">yes</value>
    </key>
  - <key name="Agate2">
    <value name="Host" type="text">Hostname2</value>
    <value name="PortAGate" type="text">sapavw00_ITS1</value>
    <value name="PortMManager" type="text">sapavwmm_ITS1</value>
    <value name="Type" type="text">1</value>
    <value name="SncNameAGate" type="text" />
    <value name="SncNameWGate" type="text" />
    <value name="MultiProcess" type="text">no</value>
    <value name="Available" type="text">yes</value>
    </key>
    </key>

• T3 Load Balancing with Weblogic Server 6.1

  We are using rwo weblogic 6.1 servers A and B behind a load balancer with a DNS name (eg. www.loadbalancer.com). We are using T3 for Java client to application server communication. The client creates the Initial context with the load balancer url,creates remote objects using the context, closes the initial context and then tries to get a new initial Context. What we noticed is even though the client closes the first context and gets a new one, the client is always hooked on to only one server making load balancing ineffective. Is there a T3 configuration to release the connection when we close the context ? The documentation says only one T3 is established per client JVM.

  Rick,
  You may want to look at the Alteon and F5 configuration we have on edocs.
  Take a look at the following URLs for a possible solution
  http://edocs.bea.com/wls/docs61/cluster/alteon.html#591902
  http://edocs.bea.com/wls/docs61/cluster/bigip.html#591902
  Chuck Nelson
  DRE
  BEA Technical Support

• CSS 11050 Load Balancing with Single VLAN (no NAT)

  We have several CSS 11050's in use on our network, cheifly for load-balancing web servers. In a test network I've set up, I've configured our test servers' IP addresses and our load-balanced IP address to be on the same subnet. This way our developers can easily check both single servers as well as the LB configuration. This got me thinking...
  All the config documentation I've seen on the CSS seems to assume that you are putting the VIP for the content rule on a different VLAN than the IPs for the services. Is there any particular need for this? I'm in the process of setting up another network that will have its services NATed behind a PIX. There are some services (WWW) that I want load balanced and some services (passive FTP with one server) where there's really no need. Would I do any harm by putting the content rules' VIPs on the same subnet as the servers themselves? I can still plug the servers into the other ports on the CSS so that I'm not really doing a "one-arm" configuration.
  -Mark Romer

  You shouldn't have any problem doing this. In addition to load balancing web servers we've also balanced terminal servers that are configured to be accessed by remote users through VPN connections. Because we have over 90 remote locations, I didn't want the services and the VIP addresses to be on different VLAN's because I'd have to reconfigure the routers in all the remote locations. I was in the same position you're in, all the documentation indicated different VLAN's but I thought it would be a worth a try. Everything works perfectly...
  Cody Rowland