Load balancing within the same ACE across two different contexts residing on the same vlan

Similar Messages

• Load-balancing in the same IP subnet

  Can I use load-balancing in the same IP subnet? I have the servers and client in the same IP subnet. I'd like to load-balance client traffic to server traffic. I also need to load balance traffic between servers. Is possible to configure it only in one VLAN?
  For example:
  CSS:
  interface 4/2
  circuit VLAN1
  ip address 10.0.0.10 255.255.255.0
  service s1
  ip address 10.0.0.101
  active
  service s2
  ip address 10.0.0.102
  active
  service s3
  ip address 10.0.0.103
  active
  service s4
  ip address 10.0.0.104
  active
  owner test
  content client
  vip address 10.0.0.3
  add service s1
  add service s2
  active
  content servers
  vip address 10.0.0.4
  add service s3
  add service s4
  active
  Cat6500:
  interface FastEthernet4/1 - clients
  no ip address
  switchport
  switchport mode access
  spanning-tree portfast
  interface FastEthernet4/2 - servers
  no ip address
  switchport
  switchport mode access
  spanning-tree portfast
  interface FastEthernet4/3 - CSS
  no ip address
  switchport
  switchport mode access
  spanning-tree portfast
  interface Vlan1
  ip address 10.0.0.1 255.255.255.0
  ip policy route-map pokus
  access-list 101 permit tcp any eq 80 any
  route-map pokus permit 10
  match ip address 101
  set ip next-hop 10.0.0.10
  Thank you
  Roman

  yes, it's possible - use trunk with two VLANs (slide 9). or you can use 'transparent' mode (slide 11 - your attachment).
  answer to your question (I have the problem to understand why there are two links with the same VLAN on the picture):
  on the switch are two port interfaces in *switchport* mode (not trunk). now is it clearly?
  result:
  both methods (bridge mode with two vlans, or transparent bridge mode) use two vlans. it's on you, which type is for you preferred.
  my recommendation is - use first method - one link to CSS with trunk configured in bridge mode (one ip subnet, two vlans, default gw for servers isn't css, but parent router)
  martin

• Load balancing by the proxy plugin

  Has anyone encountered this before:
  I have a cluster of two WLS 5.1 servers, hosting servlets that serve web
  requests. The requests are proxied through a web server ( I have tried
  Weblogic, Apache as well as IIS). I also have a tool that simulates
  concurrent web requests and fires them to the proxy server.
  As per documentation, as the load balancing while proxying requests to
  servlets is round robin, I expect that the requests are uniformly
  distributed across the two weblogic servers. But what I see is a bit
  different. In one case I fired 15 requests and found that 11 went to first
  server and 4 went to the other.
  Second time when I fired again 2 of them went to the first server and 13 to
  the second one. I would expect that around half of the total requests
  should be routed to each server everytime so that there is a proper load
  balancing done by the proxy. I have not changed any configuration related
  to the default load balancing algorithm. So I expect it is round-robin.
  Has anyone encountered this before ? This happens to me irrespective of
  which proxy server I use (i.e which proxy plugin I use). Is there some
  other configuration required and I am missing something or is there some
  inherent problem with the load balancing of the proxy plugins. Any info
  would be highly appreciated.
  Thanks
  Mainak

  Could you post this in weblogic.developer.interest.plug-in? This group is for
  ejb related questions. Thanks.
  Bill
  Mainak Datta wrote:
  Has anyone encountered this before:
  I have a cluster of two WLS 5.1 servers, hosting servlets that serve web
  requests. The requests are proxied through a web server ( I have tried
  Weblogic, Apache as well as IIS). I also have a tool that simulates
  concurrent web requests and fires them to the proxy server.
  As per documentation, as the load balancing while proxying requests to
  servlets is round robin, I expect that the requests are uniformly
  distributed across the two weblogic servers. But what I see is a bit
  different. In one case I fired 15 requests and found that 11 went to first
  server and 4 went to the other.
  Second time when I fired again 2 of them went to the first server and 13 to
  the second one. I would expect that around half of the total requests
  should be routed to each server everytime so that there is a proper load
  balancing done by the proxy. I have not changed any configuration related
  to the default load balancing algorithm. So I expect it is round-robin.
  Has anyone encountered this before ? This happens to me irrespective of
  which proxy server I use (i.e which proxy plugin I use). Is there some
  other configuration required and I am missing something or is there some
  inherent problem with the load balancing of the proxy plugins. Any info
  would be highly appreciated.
  Thanks
  Mainak

• Web Dispatcher not doing the load balancing on the portal

  Hi Experts
  I am having a production issue where the SAP web dispatcher is not doing the load balancing on the portal.
  We have ESS/MSS portal with 1 Message server and 2 Application servers. The Web dispatcher is installed on the message server itself. Here is my Web disp profile file
  Profile generated by sapwebdisp bootstrap
  unique instance number
  SAPSYSTEM = 16
  add default directory settings
  DIR_EXECUTABLE = .
  DIR_EXECUTABLE = F:\usr\sap\<SID>\sapwebdisp
  DIR_INSTANCE = .
  Accessibility of Message Servers
  rdisp/mshost = <hostname>.com
  ms/http_port = 8111
  #Log and Trace
  rdisp/TRACE = 2
  SAP Web Dispatcher Parameter
  wdisp/auto_refresh = 120
  wdisp/max_servers = 100
  wdisp/shm_attach_mode = 6
  configuration as per SAP note 538405
  icm/max_conn      = 7000
  icm/max_sockets   = 14000
  icm/req_queue_len = 6000
  icm/min_threads   = 100
  icm/max_threads   = 300
  mpi/total_size_MB = 500
  mpi/max_pipes       = 14000
  wdisp/HTTPS/max_pooled_con = 7000
  SAP Web Dispatcher Ports
  icm/server_port_0 = PROT=HTTP,PORT=8888
  SSL
  icm/server_port_1 = PROT=ROUTER,PORT=443, TIMEOUT=60
  SAP Web Dispatcher Web Administration
  icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=icmauth.txt
  wdisp/enable_j2ee_groups = TRUE
  wdisp/HTTPS/sticky_mask = 255.255.255.255
  In my Web dispatcher Admin page, I see all the three application servers, however the requests are going to only 1 App server. We are using ENd to End SSL configuration for the web dispatcher.
  We also have a reverse proxy in the landscape and reverse proxy is forwarding all the requests to the Web dispatcher. In Web disp Admin page>Dispatching Module>SSL End to END dispatching, I see only ONE table entry in the dispatching table and it is our Reverse Proxy.
  As all the requests are coming from only one source (Reverse proxy), it seems to me that the sap web dispatcher  is forwarding those to the same Application server every time.
  Can anyone please advise ?
  I also tried to configure logon group in NWA, the web dispatcher is detecting the logon group and all the app servers in the logon group. It still not doing the load balancing.
  I would greatly appreciate any help.
  Thanks
  Viny

  Vincent, can you please elaborate more ?  Is the web dispatcher not able to recognize stateful and stateless application requests ?
  I saw that the procedure for configuring SSL Termination on Web dispatcher is long and complicated and looks like SAP web dispatcher needs to have SSL certificate of its own. As we have no ABAP servers and only Java servers, I can not even create the PSEs using STRUST (as described in SAP help -http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/99c388d7c46bb9e10000000a42189d/frameset.htm
  We already have SSL certificates for Java App servers.
  I suppose there should be a way for web dispatcher to identify the incoming requests and forward to appropriate application servers.
  Any help is much appreciated.
  Thanks
  Viny

• Load balancing from the BI portal

  Hi everybody,
  We have a BW system with two application servers.
  When we use BEx, the load balancing leads the user to the application server that is used less.
  When we use the portal, everything goes over the central server.
  Does anybody know how we can set up load balancing from the BI portal ?
  Kind regards,
  Marc van Eijndt

  The web dispatcher for your portal should do the load balancing... usually the scenario is the other way round - BEX tends to use the server irrespective of its load and Portal will hit the load balancer and hence lead to better performance ....

• MPLS/VPN network load balancing in the core

  Hi,
  I've an issue about cef based load-balancing in the MPLS core in MPLS/VPN environment. If you consider flow-based load balancing, the path (out interface) will be chosen based on source-destination IP address. What about in MPLS/VPN environment? The hash will be based on PE router src-dst loopback addresses, or vrf packet src-dst in P and PE router? The topology would be:
  CE---PE===P===PE---CE
  I'm interested in load balancing efficiency if I duplicate the link between P and PE routers.
  Thank you for your help!
  Gabor

  Hi,
  On the PE router you could set different types and 2 levels of load-balancing.
  For instance, in case of a DUAL-homed site, subnet A prefix for VPN A could be advertised in the VPN by PE1 or PE2.
  PE1 receives this prefix via eBGP session from CE1 and keep this route as best due to external state.
  PE2 receives this prefix via eBGP session from CE2 and keep this route as best due to external state.
                               eBGP
                       PE1 ---------CE1
  PE3----------P1                          Subnet A
                       PE2----------CE2 /
                              eBGP
  Therefore from PE3 point of view, 2 routes are available assuming that IGP metric for PE3/PE1 is equal to PE3/PE2.
  The a 1rst level of load-sharing can be achieve thanks to the maximum-paths ibgp number command.
  2 MP-BGP routes are received on PE3:
  PE3->PE1->CE1->subnet A
  PE3->PE2->CE2->subnet A
  To use both routes you must set the number at 2 at least : maximum-paths ibgp 2
  But gess what, in the real world an MPLS backbone hardly garantee an equal IGP cost between 2 Egress PE for a given prefix.
  So it is often necessary to ignore the IGP metric by adding the "unequal-cost" keyword: maximum-paths unequal-cost ibgp 2
  By default the load-balancing is called "per-session": source and destination addresses are considered to choose the path and the outgoing interface avoiding reordering the packets on the target site. Overwise it is possible to use "per-packet" load-balancing.
  Then a 2nd load-sharing level can occur.
  For instance:
           __P1__PE1__CE1
  PE3           \/                   Subnet A
          \ __P2__PE2__CE2
  There is still 2 MP-BGP paths :
  PE3->P1->PE1->CE1->subnet A
  PE3->P1->PE2->CE2->subnet A
  But this time for 2 MP-BGP paths 4 IGP path are available:
  PE3->P1->PE1->CE1->subnet A
  PE3->P1->PE2->CE2->subnet A
  PE3->P2->PE1->CE1->subnet A
  PE3->P2->PE2->CE2->subnet A
  For a load-balancing to be active between those 4 paths, they must exist in the routing table thanks to the "maximum-path 4 "command in the IGP (ex OSPF) process.
  Therefore if those 4 paths are equal-cost IGP paths then a 2nd level load-balancing is achieved. the default behabior is the same source destination mechanism to selected the "per-session" path as mentionned before.
  On an LSP each LSR could use this feature.
  BR

• Cache and Load Balancing for the Oracle APEX Listener

  Hi,
  I intend to use only HTTP access.
  My database is Oracle 11gR2, SE, 32 bit.
  How to implement a Cache and Load Balancing with the Oracle APEX Listener?
  Is it possible to do with the the standalone running APEX Listener?
  Thanks by advance for any tips/documentation/references.
  Kind Regards.

  Error. To be closed.

• Load balancing in the process chains

  HI friends
  I have 6 subchains in 1 metachain . we are facing a problem  where we have to 2 servers . but when we run the process chains they are  occuping all the DIA process  in only one server . the other server is empty . so is there a way  that we can do the load balancing in the process chains . so that the process chains can occupy all the resources in both servers than only one . please do reply . this is very important . thankyou  for all your replies .
  *Points will be rewarded *.

  Hi,
  check this out: https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes/sdn_oss_bc_ccm/~form/handler
  additionally some information.
  You can specify a server on which the chain will run, but this is not really load balancing. Load balancing must be set up by a basis person.
  regards
  Siggi

• Problem with same application under two different context root

  JDev 11.1.1.6
  Does anyone have experience with such one scenario, so same app, but with two diff context root ?
  At a certain point, since both start to be used (and just in that case), at times there was a drastic deceleration, as if something is blocking some period. Subsequently, after some time, the application start to behave normally. I also periodically comes to acceleration and deceleration. In the log files there is no trace, no exception happens, nothing.
  And all this in a situation where both applications use only one user per app (so, the resources are not concerned)
  Any comments ?

  same app, but with two diff context root ?
  A web app packaged in WAR can have only one context root. Package a web app in two different WARs for two different context roots.
    weabpp1.war web.xml
  <?xml version='1.0' encoding='UTF-8'?>
  <weblogic-web-app>
    <context-root>context-1</context-root>
  </weblogic-web-app>
    weabpp2.war web.xml
  <?xml version='1.0' encoding='UTF-8'?>
  <weblogic-web-app>
    <context-root>context-2</context-root>
  </weblogic-web-app>

• FWSM and CSM (Load Balance) in the same chassi

  Folks,
  Is there any type of best practice (you ** must ** do like this) when you are going to implement the FWSM and the CSM modules on the same 6509 chassi ?
  PS: The CSM is not doing FW loadbalance, it is doing loadbalance to servers located in a DMZ
  PATH:
  (outside) FWSM (inside) -> MSFC -> (inside) PIX (dmz) -> CSM  , CSM -> (dmz) PIX (inside) -> MSFC -> (inside) FWSM
  My main doubts:
  1) FWSM using multi-context, Is there any integration problem with CSM ?
  2) FWSM and CSS in routed mode, Is there any integration problem with both modules ?
  3) Is it really necessary to operate the FWSM module in bus mode when using CSM in the same chassi (fabric switching-mode force bus) ?
  Cisco Says:
  "The CSM line card operates in bus mode. When using the CSM in conjunction with the FWSM line card,
  Cisco recommends forcing the FWSM to operate in bus mode using the
  fabric switching-mode force bus command. When service modules such as the CSM and the FWSM
  operate in bus mode, traffic from DFC-enabled line cards still use the fabric connection."
  In past it was a workaround due a bug, but I have found this recommendadon and know I am a little confused.
  Tks !!!

  Luis-
  You will want to used a routed mode on the CSM so that the Firewall contexts don't see eachothers MAC Addresses for any traffic not destine to to a VIP.  On the CSM VLANs, you will want to create alias IPs to use as the next hop destination between contexts for non-VIP traffic. Other than that, the CSM has no concept of contexts, so as long as the traffic is symetric when it flows through the CSM VLANs, it will be happy.
  Regards,
  Chris

• Using the network load balancing from the nodes itself

  I have installed a 2 node Sun Cluster 3.2, configured a shared ip resource and attached to it a scalable network aware resource working on the two nodes. I have crashed the process on one of the node in such a way that the cluster could not restart it again
  In this status I tried to open a connection from another server and the load balancer always sent the traffic to the node that was up which is as expected...
  If I try to open a connection from the node on which the process is failed then I get a connection refused meaning that the load balancer is not working in this circumstance.
  Is this a bug/ a mis-configuration/ or just an inherent cluster problem.
  Is there a solution to this issue?
  Regards
  Daniel

  To answer your first question, no, there isn't anything you can do.
  Here is what my colleague suggested while I was away:
  Zone-clusters scalable services still require shared-IP zones, which means requests from one app to another would still bounce back due to loopback. Probably wouldn't help here.
  They could isolate the services that must talk to other services into their own failover group on exclusive-IP zones. Other services can be setup as originally planned. But maybe there are too many such "dependent services" for this to be useful. Also, each failover service must have its own IP address.
  Finally, can these  web services be configured so that it tries multiple addresses. In that case, if the shared address foo for service X bounces back (due to X having crashed on the local node), the app itself would retry with address bar for service X? This allows for uniform configuration across all services, namely:
      - try shared address
      - try node 1's own address (either public or clusternode1-priv)
      - try node 2's own address
  You can fine tune it so that configurations on node 1 only use node 2's address as backup, and vice versa. I don't know if that is any help.
  As for your second question, the answer is that Solaris Container Clusters allow for consolidation and isolation of clusters onto a single set of nodes. Normal containers don't really allow you to consolidate complete clusters in quite the same way. See http://www.sun.com/offers/details/820-7351.html for more.
  Tim
  ---

• Firewall Load Balance using bridged mode ACE

  Dear Folks,
  I 'd like to load balance 2 ASA using 3 ACE [ Inside,outside,dmz network zone]
  I 've seen sample configuration, all of them are running the ACE in the route mode, and asa are running in route mode
  Would it be possible to run the ACE in the bridge Mode, because the ip subneted problem, We don't have enough to split,,
  by the way if possible,All server that install behind ACE, what is default gateway should Server Point to [ in our case we have 2 independent firewall ] should I create the VIP for both firewall ? or should I just simply set the server's gateway to BVI interface, ?
  Please Help Thanks

  Thank you very much Gilles,
  You 're the man. ;-)
  Another question in my case I try to load balance 3 interface firewall [inside,outside,dmz] in order to make the packet return the same firewall it has passed earlier,
  What kind of hashing technique do I need to use and Do i need to use mac sticky command ???
  I tried to find some configuration sample from cisco website , but i only found with only 2 interface with ACE running source hash and destination hash in each ends,
  Thank you very much

• Lync 2013 Enterprise load balancing on the front end and edge pool

  Hi,
  I am setting up a Lync 2013 Enterprise deployment consisting of a Front End pool (x2 FE servers) and an Edge pool (x2 Edge servers).  I'm seeing some conflicting advice regarding load balancing using hardware or DNS for the front end and the edge.
  On the front end I have 2 internal DNS records 'lyncfepool1.contoso.local' each of which map to one of the IPs of the FE servers.  I've used my details to populate the Detailed Design Planner excel spreadsheet and am told that I require a HLB to load
  balance my front end pool.  I'm aware of the need to load balance HTTPS traffic internally (which will be done by TMG) however other traffic to the front end (SIP, etc) can be balanced by DNS only, and not require a HLB?
  Can someone clarify the front end requirement?
  Also - looking now at the edge pool - this site again have two edge servers in a pool.  We are using a total of six private IP addresses, two per edge service (2 x av.contoso.com, 2 x sip.contoso.com and 2 x webcon.contoso.com).  These will be
  NAT'ed by the external firewall and directed to the respective external (DMZ) IP addresses on the Edge servers on port 443.  I know this isn't true roundrobin due to the intelligence of the Lync client when connecting (in that the Lync client will connect
  to one of the public IPs and if it can't connect, it will know to connect to the other service IP), however I want to clarify this set up, particularly the need to direct the external public IP traffic at the DMZ Edge IP specified in the topology builder.
  I've attached a basic diagram of the external/DMZ/Edge side which hopefully helps with this question
  Persevere, Persevere, Per..

  That is because you will always need HLB for a front-end server since it hosts the Lync webservices which use HTTP/HTTPS traffic.
  The description on the calculation tool also describes this correctly:
  Supports Standard and Enterprise pools (up to 12 nodes), with pure device-based load balancing or a combination of DNS load balancing and device-based load balancing (for
  Lync web services)
  You can use either Hardware or DNS loadbalancing for SIP traffic only, but you will always need a HLB for the webservices.  Both are applicable for the Front-End so you have either
  full HLB for both SIP and HTTP(S) traffic
  DNS LB for SIP traffic and HLB for HTTP(S) traffic
  Hope this is more clear :-)
  Lync Server MVP | MCITP Lync Server 2010 | If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it.

• Load balancing on the local host only (6.40 Java)

  Hello!
  When configuring load balancing for Web AS 6.20 (Java), the property "LocalLoadBalancing" was available in the ServiceManager of the dispatcher. See Note 772561.
  This property is not available in Web AS 6.40 (SP14).
  How can I now ensure that a dispatcher does not connect to a server process on another physical server?
  // Mikael

  Hi Mikael,
  In Web AS 6.40 this property is invalidated by the new <b>instance-based</b> cluster concept. In other words, when installing a Web AS 6.40 system you're installing instances (i.e. one central services instance, one java central instance, and 1-n dialog instances). A Web AS 6.40 instance contains one dispatcher and 1-n servers. The installation software (SAPinst) lets you install an instance on the same physical host only. Therefore, in 6.40 all servers that are behind the J2EE dispatcher are <b>always</b> on the same physical machine => the behavior of the LocalLoadBalancing property.
  In 6.20, the installable unit is a dispatcher/server, and you can choose to distribute them to different physical hosts => the need to have the LocalLoadBalancing property to control remote/local LB.
  Hope this explains things a bit.
  P.S. In case you need more info about the cluster architecture of the Web AS Java 6.40, you can have a look <a href="http://help.sap.com/saphelp_nw04/helpdata/en/2e/611724f410254ca12a3f396ec5ae85/frameset.htm">here</a>.

• Load balancing UDP application in ACE

  Hi all,
  What's the proper way to load balance a UDP application (NTP protocol) using ACE? We used to do it in our CSS using a content to load-balance and a source group to source-NAT the UDP replies from the servers to the VIP. I guess this should be implemented using NAT in the ACE, but I can't find any example.
  According to the manual, src-natting to VIPs is supported only in A1(8) and it is supposed to be used "when there is a limited number of real-world IP addresses on the client-side network".
  This is not our case, we just need to ensure that the client receives the UDP replies as coming from the VIP, not from real IP address of the server. This is not a problem in TCP-based applications, because the NAT from the rserver IP to the VIP is automatic. What is the proper way to obtain this behaviour for UDP applications? Thanks a lot!
  Regards,
  Pedro

  Pedro,
  reverse nating is not required in ACE world.
  This is done automatically.
  So, the server response will be automatically nated to the vip address when going back to the client.
  If you have an appliance and are just deploying now, I would recommend version A3(2.1).
  If you have a module go for A2(1.3).
  Gilles