LOADBALANCER & CLUSTER_ISLAND
I have managed to setup a cluster-island of 2 oc4j instances with a shared web-app and a loadbalancer running between apache and the oc4j instances.
However i don't know how to shutdown the loadbalancer and one of the OC4J instances...i can shutdown on oc4j instance but not the other. The error i get is:
"Error: javax.naming.NamingException:
Lookup error: java.net.ConnectException:
Connection refused; nested exception is:
java.net.ConnectException:
Connection refused"
Does anyone know if i'm doing this correctly or if i'm missing some step ?
Also where can you set the number of max http sessions one instance can serve and maintain in memory ?
And finally does anyone know how this performs in a live production environment...
Thanks, any help would be much appreciated
Cheers
Gurinder
TO shutdown the 2 instances use
java -jar admin.jar ormi://localhost:23791 admin welcome -shutdown
There is no such way to shutdown the loadbalancer itself.
There is a performance hit when you are using loadbalancing. However it is worth mentioning that the bigger the session size the bigger the performance hit for loadbalancing. The session state is multicast everytime there is a setAttribute on the session.
Cheers,
Ashok
Similar Messages
-
IIS 6.0 Policyagent not working with AM loadbalancer
Trying to enable SSO for IIS 6.0 website running on port 80 with Access manager 7.0. AM loadbalancer URL is configured on OracleAS webcache.
Everything works fine when policyagent is configured with one of the AM servers instead of load balancer URL. But when configured with AM loadbalancer URL a blank page gets displayed after user gives his credentials on the AM authentication page and submits. Below is the error part of log generated at policyagent's end.
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RequestSet vers="1.0" svcid="auth" reqid="0">
<Request><![CDATA[<?xml version="1.0" encoding="UTF-8"?><AuthContext version="1.0">
<Request authIdentifier="0"><NewAuthContext orgName="/"/></Request></AuthContext>]]></Request>
</RequestSet>
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: BaseService::sendRequest Request line: POST /amserver/authservice HTTP/1.0
2008-04-21 19:08:04.556 Debug 2160:18ef080 AuthService: BaseService::sendRequest Cookie and Headers =Host: am.xxxx.com
2008-04-21 19:08:04.556 Debug 2160:18ef080 AuthService: BaseService::sendRequest Content-Length =Content-Length: 296
2008-04-21 19:08:04.556 Debug 2160:18ef080 AuthService: BaseService::sendRequest Header Suffix =Accept: text/xml
Content-Type: text/xml; charset=UTF-8
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: BaseService::sendRequest(): Total chunks: 9.
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: BaseService::sendRequest(): Sent 9 chunks.
2008-04-21 19:08:04.556 Debug 2160:18ef080 AuthService: HTTP Status = 404 (Not Found)
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Http::Response::readAndParse(): Reading headers.
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Content-Type: text/html; charset=iso-8859-1
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Connection: Close
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.2.0 (N;ecid=1254975795829,0)
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Date: Mon, 21 Apr 2008 13:38:04 GMT
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Http::Response::readAndParse(): Reading body content of length: 73435745963999573
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 all: Connection::waitForReply(): returns with status success.
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Http::Response::readAndParse(): Completed processing the response with status: success
2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL /amserver/authservice was not found on this server.<P>
<HR>
<ADDRESS>Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server Server at INTRANET-WC.xxxx.COM Port 7777</ADDRESS>
</BODY></HTML>
Any idea why it is looking for /amserver/authservice context on the webcache??
Thankscom.sun.am.cookie.name = iPlanetDirectoryPro
# If this property is set to true the cookies set by the agent
# will be marked secure and will only be transmitted if the
# communications channel with the host is a secure one.
com.sun.am.cookie.secure = false
# The URL for the Access Manager Naming service.
com.sun.am.naming.url = http://<Loadbalancerhostname>:7777/amserver/namingservice http://<Loadbalancerhostname>:7777/amserver/namingservice
com.sun.am.ignore.naming_service = true
# The URL of the login page on the Access Manager.
com.sun.am.policy.am.login.url = http://<Loadbalancerhostname>:7777/amserver/UI/Login http://<Loadbalancerhostname>:7777/amserver/UI/Login
# Name of the file to use for logging messages.
com.sun.am.policy.agents.config.local.log.file = D:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1/amAgent
# This property is used for Log Rotation. The value of the property specifies
# whether the agent deployed on the server supports the feature of not. If set
# to false all log messages are written to the same file.
com.sun.am.policy.agents.config.local.log.rotate = true
# Name of the Access Manager log file to use for logging messages to
# Access Manager.
# Just the name of the file is needed. The directory of the file
# is determined by settings configured on the Access Manager.
com.sun.am.policy.agents.config.remote.log = amAuthLog.<Protectedserverhostname>.80
com.sun.am.log.level = all:5
# The org, username and password for Agent to login to AM.
com.sun.am.policy.am.username = lmsagent1
com.sun.am.policy.am.password = HCuUvbq+uuVQ0LA9cDZUsw==
# Name of the directory containing the certificate databases for SSL.
com.sun.am.sslcert.dir = D:/Sun/Access_Manager/Agents/2.2/iis6/cert
# Set this property if the certificate databases in the directory specified
# by the previous property have a prefix.
com.sun.am.certdb.prefix =
# Should agent trust all server certificates when Access Manager
# is running SSL?
# Possible values are true or false.
com.sun.am.trust_server_certs = true
# Should the policy SDK use the Access Manager notification
# mechanism to maintain the consistency of its internal cache? If the value
# is false, then a polling mechanism is used to maintain cache consistency.
# Possible values are true or false.
com.sun.am.notification.enable = true
# URL to which notification messages should be sent if notification is
# enabled, see previous property.
com.sun.am.notification.url = http://<Protectedserverhostname>:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
# This property determines whether URL string case sensitivity is
# obeyed during policy evaluation
com.sun.am.policy.am.url_comparison.case_ignore = true
# This property determines the amount of time (in minutes) a policy entry
# remains valid after it has been added to the cache. The default
# value for this property is 3 minutes.
com.sun.am.policy.am.polling.interval=3
# This property determines the amount of time (in minutes) an sso entry
# remains valid after it has been added to the cache. The default
# value for this property is 3 minutes.
com.sun.am.sso.polling.period=3
# This property allows the user to configure the User Id parameter passed
# by the session information from the access manager. The value of User
# Id will be used by the agent to set the value of REMOTE_USER server
# variable. By default this parameter is set to "UserToken"
com.sun.am.policy.am.userid.param=UserToken
# Profile attributes fetch mode
# String attribute mode to specify if additional user profile attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user profile attributes will be introduced.
# HTTP_HEADER - additional user profile attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user profile attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.profile.attribute.fetch.mode=HTTP_HEADER
# The user profile attributes to be added to the HTTP header. The
# specification is of the format ldap_attribute_name|http_header_name[,...].
# ldap_attribute_name is the attribute in data store to be fetched and
# http_header_name is the name of the header to which the value needs
# to be assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.profile.attribute.map=myuid|my_uid,cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
# Session attributes mode
# String attribute mode to specify if additional user session attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user session attributes will be introduced.
# HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
# HTTP_COOKIE - additional user session attributes will be introduced through cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
# The session attributes to be added to the HTTP header. The specification is
# of the format session_attribute_name|http_header_name[,...].
# session_attribute_name is the attribute in session to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.session.attribute.map=
# Response Attribute Fetch Mode
# String attribute mode to specify if additional user response attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user response attributes will be introduced.
# HTTP_HEADER - additional user response attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user response attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
# The response attributes to be added to the HTTP header. The specification is
# of the format response_attribute_name|http_header_name[,...].
# response_attribute_name is the attribute in policy response to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.response.attribute.map=
# indicate where a load balancer is used for Access Manager
# services.
# true | false
com.sun.am.load_balancer.enable = true
####Agent Configuration####
# this is for product versioning, please do not modify it
com.sun.am.policy.agents.config.version=2.2
# Set the url access logging level. the choices are
# LOG_NONE - do not log user access to url
# LOG_DENY - log url access that was denied.
# LOG_ALLOW - log url access that was allowed.
# LOG_BOTH - log url access that was allowed or denied.
com.sun.am.policy.agents.config.audit.accesstype = LOG_BOTH
# Agent prefix
com.sun.am.policy.agents.config.agenturi.prefix = http://<Protectedserverhostname>:80/amagent
# Locale setting.
com.sun.am.policy.agents.config.locale = en_US
# The unique identifier for this agent instance.
com.sun.am.policy.agents.config.instance.name = unused
# Do SSO only
# Boolean attribute to indicate whether the agent will just enforce user
# authentication (SSO) without enforcing policies (authorization)
com.sun.am.policy.agents.config.do_sso_only = true
# The URL of the access denied page. If no value is specified, then
# the agent will return an HTTP status of 403 (Forbidden).
com.sun.am.policy.agents.config.accessdenied.url =
# This property indicates if FQDN checking is enabled or not.
com.sun.am.policy.agents.config.fqdn.check.enable = true
# Default FQDN is the fully qualified hostname that the users should use
# in order to access resources on this web server instance. This is a
# required configuration value without which the Web server may not
# startup correctly.
# The primary purpose of specifying this property is to ensure that if
# the users try to access protected resources on this web server
# instance without specifying the FQDN in the browser URL, the Agent
# can take corrective action and redirect the user to the URL that
# contains the correct FQDN.
# This property is set during the agent installation and need not be
# modified unless absolutely necessary to accommodate deployment
# requirements.
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
# See also: com.sun.am.policy.agents.config.fqdn.check.enable,
# com.sun.am.policy.agents.config.fqdn.map
com.sun.am.policy.agents.config.fqdn.default = <Protectedserverhostname>
# The FQDN Map is a simple map that enables the Agent to take corrective
# action in the case where the users may have typed in an incorrect URL
# such as by specifying partial hostname or using an IP address to
# access protected resources. It redirects the browser to the URL
# with fully qualified domain name so that cookies related to the domain
# are received by the agents.
# The format for this property is:
# com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
# This property can also be used so that the agents use the name specified
# in this map instead of the web server's actual name. This can be
# accomplished by doing the following.
# Say you want your server to be addressed as xyz.hostname.com whereas the
# actual name of the server is abc.hostname.com. The browsers only knows
# xyz.hostname.com and you have specified polices using xyz.hostname.com at
# the Access Manager policy console, in this file set the mapping as
# com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
# Another example is if you have multiple virtual servers say rst.hostname.com,
# uvw.hostname.com and xyz.hostname.com pointing to the same actual server
# abc.hostname.com and each of the virtual servers have their own policies
# defined, then the fqdnMap should be defined as follows:
# com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
com.sun.am.policy.agents.config.fqdn.map =
# Cookie Reset
# This property must be set to true, if this agent needs to
# reset cookies in the response before redirecting to
# Access Manager for Authentication.
# By default this is set to false.
# Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
com.sun.am.policy.agents.config.cookie.reset.enable=false
# This property gives the comma separated list of Cookies, that
# need to be included in the Redirect Response to Access Manager.
# This property is used only if the Cookie Reset feature is enabled.
# The Cookie details need to be specified in the following Format
# name[=value][;Domain=value]
# If "Domain" is not specified, then the default agent domain is
# used to set the Cookie.
# Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
# token=value;Domain=subdomain.domain.com
com.sun.am.policy.agents.config.cookie.reset.list=
# This property gives the space separated list of domains in
# which cookies have to be set in a CDSSO scenario. This property
# is used only if CDSSO is enabled.
# If this property is left blank then the fully qualified cookie
# domain for the agent server will be used for setting the cookie
# domain. In such case it is a host cookie instead of a domain cookie.
# Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
com.sun.am.policy.agents.config.cookie.domain.list=
# user id returned if accessing global allow page and not authenticated
com.sun.am.policy.agents.config.anonymous_user=anonymous
# Enable/Disable REMOTE_USER processing for anonymous users
# true | false
com.sun.am.policy.agents.config.anonymous_user.enable=false
# Not enforced list is the list of URLs for which no authentication is
# required. Wildcards can be used to define a pattern of URLs.
# The URLs specified may not contain any query parameters.
# Each service have their own not enforced list. The service name is suffixed
# after "# com.sun.am.policy.agents.notenforcedList." to specify a list
# for a particular service. SPACE is the separator between the URL.
com.sun.am.policy.agents.config.notenforced_list = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
# Boolean attribute to indicate whether the above list is a not enforced list
# or an enforced list; When the value is true, the list means enforced list,
# or in other words, the whole web site is open/accessible without
# authentication except for those URLs in the list.
com.sun.am.policy.agents.config.notenforced_list.invert = false
# Not enforced client IP address list is a list of client IP addresses.
# No authentication and authorization are required for the requests coming
# from these client IP addresses. The IP address must be in the form of
# eg: 192.168.12.2 1.1.1.1
com.sun.am.policy.agents.config.notenforced_client_ip_list =
# Enable POST data preservation; By default it is set to false
com.sun.am.policy.agents.config.postdata.preserve.enable = false
# POST data preservation : POST cache entry lifetime in minutes,
# After the specified interval, the entry will be dropped
com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
# Cross-Domain Single Sign On URL
# Is CDSSO enabled.
com.sun.am.policy.agents.config.cdsso.enable=false
# This is the URL the user will be redirected to for authentication
# in a CDSSO Scenario.
com.sun.am.policy.agents.config.cdcservlet.url =
# Enable/Disable client IP address validation. This validate
# will check if the subsequent browser requests come from the
# same ip address that the SSO token is initially issued against
com.sun.am.policy.agents.config.client_ip_validation.enable = false
# Below properties are used to define cookie prefix and cookie max age
com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
# Logout URL - application's Logout URL.
# This URL is not enforced by policy.
# if set, agent will intercept this URL and destroy the user's session,
# if any. The application's logout URL will be allowed whether or not
# the session destroy is successful.
com.sun.am.policy.agents.config.logout.url=
# Any cookies to be reset upon logout in the same format as cookie_reset_list
com.sun.am.policy.agents.config.logout.cookie.reset.list =
# By default, when a policy decision for a resource is needed,
# agent gets and caches the policy decision of the resource and
# all resource from the root of the resource down, from the Access Manager.
# For example, if the resource is http://host/a/b/c, the the root of the
# resource is http://host/. This is because more resources from the
# same path are likely to be accessed subsequently.
# However this may take a long time the first time if there
# are many many policies defined under the root resource.
# To have agent get and cache the policy decision for the resource only,
# set the following property to false.
com.sun.am.policy.am.fetch_from_root_resource = true
# Whether to get the client's hostname through DNS reverse lookup for use
# in policy evaluation.
# It is true by default, if the property does not exist or if it is
# any value other than false.
com.sun.am.policy.agents.config.get_client_host_name = true
# The following property is to enable native encoding of
# ldap header attributes forwarded by agents. If set to true
# agent will encode the ldap header value in the default
# encoding of OS locale. If set to false ldap header values
# will be encoded in UTF-8
com.sun.am.policy.agents.config.convert_mbyte.enable = false
# The following property is to enable encoding of URL special
# chars, if any. If set to true agent will encode URL special
# characters before sending for policy evaluation.
com.sun.am.policy.agents.config.encode_url_special_chars.enable = false
#When the not enforced list or policy has a wildcard '*' character, agent
#strips the path info from the request URI and uses the resulting request
#URI to check against the not enforced list or policy instead of the entire
#request URI, in order to prevent someone from getting access to any URI by
#simply appending the matching pattern in the policy or not enforced list.
#For example, if the not enforced list has the value http://host/*.gif,
#stripping the path info from the request URI will prevent someone from
#getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
#However when a web server (for exmample apache) is configured to be a reverse
#proxy server for a J2EE application server, path info is interpreted in a different
#manner since it maps to a resource on the proxy instead of the app server.
#This prevents the not enforced list or policy from being applied to part of
#the URI below the app serverpath if there is a wildcard character. For example,
#if the not enforced list has value http://host/webapp/servcontext/* and the
#request URL is http://host/webapp/servcontext/example.jsp the path info
#is /servcontext/example.jsp and the resulting request URL with path info stripped
#is http://host/webapp, which will not match the not enforced list. By setting the
#following property to true, the path info will not be stripped from the request URL
#even if there is a wild character in the not enforced list or policy.
#Be aware though that if this is set to true there should be nothing following the
#wildcard character '*' in the not enforced list or policy, or the
#security loophole described above may occur.
com.sun.am.policy.agents.config.ignore_path_info = false
# Override the request url given by the web server with
# the protocol, host or port of the agent's uri specified in
# the com.sun.am.policy.agents.agenturiprefix property.
# These may be needed if the agent is sitting behind a ssl off-loader,
# load balancer, or proxy, and either the protocol (HTTP scheme),
# hostname, or port of the machine in front of agent which users go through
# is different from the agent's protocol, host or port.
com.sun.am.policy.agents.config.override_protocol =
com.sun.am.policy.agents.config.override_host =
com.sun.am.policy.agents.config.override_port =
# Override the notification url in the same way as other request urls.
# Set this to true if any one of the override properties above is true,
# and if the notification url is coming through the proxy or load balancer
# in the same way as other request url's.
com.sun.am.policy.agents.config.override_notification.url =
# The following property defines how long to wait in attempting
# to connect to an Access Manager AUTH server.
# The default value is 2 seconds. This value needs to be increased
# when receiving the error "unable to find active Access Manager Auth server"
com.sun.am.policy.agents.config.connection_timeout =
# Time in milliseconds the agent will wait to receive the
# response from Access Manager. After the timeout, the connection
# will be drop.
# A value of 0 means that the agent will wait until receiving the response.
# WARNING: Invalid value for this property can result in
# the resources becoming inaccessible.
com.sun.am.receive_timeout = 0
# The following property in milliseconds indicates how long the
# socket connection needs to be kept open.
# The default value is 0 which implies no timeout.
com.sun.am.connect_timeout = 0
# This property determines the amount of time (in minutes) after which
# the agent polls whether the primary server is up and running.
# The default value is 5 minutes
com.sun.am.poll_primary_server = 5
# Indicate if the socket option TCP_NODELAY should be enabled.
# Possible values are true or false. Default is false
com.sun.am.tcp_nodelay.enable = false
com.sun.am.policy.agents.config.locale = en_US
# Set the IIS filter priority. The choices are
# HIGH - IIS5 filter priority is HIGH.
# LOW - IIS5 filter priority is LOW.
# MEDIUM - IIS5 filter priority is MEDIUM.
# DEFAULT - IIS5 filter priority is DEFAULT.
com.sun.am.policy.agents.config.iis.filter_priority = HIGH -
Error in New Models Creation - Loadbalancing /Single Server locally
Is there any possibility of below error when Creating New Models with Single Server and but NOT Working with Load balancing Option.
The same code worked when connecting to Single Server locally but doesn't work when New models were created by selection of loadbalancing Option on Remote Server..during development on source from DTR Server(SLD)..
I get below error when New Model created with loadbalancing option
Error - com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException: Error connecting using JCO.Client: null
Edited by: Raghu v on Jan 26, 2008 1:27 PMHi,
In EAS, I am getting some for Planning Outline(Essbase outline is working fine), While starting the Planning service through start menu, it throwing error as
Query Failed: SQL_SYSDB_DELETE_EXPIRED_EXTERNAL_ACTIONS:[100]
java.sql.SQLException: [Hyperion][Oracle JDBC Driver][Oracle]ORA-00932: inconsistent datatypes: expected INTERVAL DAY TO SECOND got NUMBER
at hyperion.jdbc.base.BaseExceptions.createException(Unknown Source)
at hyperion.jdbc.base.BaseExceptions.getException(Unknown Source)
at hyperion.jdbc.oracle.OracleImplStatement.execute(Unknown Source)
at hyperion.jdbc.base.BaseStatement.commonExecute(Unknown Source)
at hyperion.jdbc.base.BaseStatement.executeUpdateInternal(Unknown Source)
at hyperion.jdbc.base.BasePreparedStatement.executeUpdate(Unknown Source)
at com.hyperion.planning.sql.HspSQLImpl.executeUpdate(Unknown Source)
at com.hyperion.planning.sql.HspSQLImpl.executeUpdate(Unknown Source)
at com.hyperion.planning.event.HspSysExtChangeHandler.actionPoller(Unknown Source)
at com.hyperion.planning.event.HspSysExtChangeHandler.run(Unknown Source)
Error encountered with Database connection, recreating connections.
Nested Exception: java.sql.SQLException: [Hyperion][Oracle JDBC Driver][Oracle]ORA-00932: inconsistent datatypes: expected INTERVAL DAY TO SECOND got NUMBER
Thanks,
CP -
Cisco ACE loadbalancing matching more than one header in L7 class map
Dear All,
This is regarding Cisco ACE loadbalancing matching more than one header in L7 class map. I have a small setup with ACE 30 module in Cisco6500. I have got three webservers. Presently I have following configuration where I am mathing one url header.
class-map type http loadbalance match-all L7_WEB_HEADER_MATCH
description MATCH THE HOST HEADER OF HTTP REQUEST
2 match http header Host header-value ".*abhisar.com*"
So for above configuration, when traffic is coming for abhisar.com, it is working fine.
Now, I have following headers and DNS entry is pointing to same virtual IP for all http url header same as abhisar.com
abhisarindia.com
indiaabhi.com
So new configuration will be
class-map type http loadbalance match-any L7_WEB_HEADER_MATCH
description MATCH THE HOST HEADER OF HTTP REQUEST
2 match http header Host header-value ".*abhisar.com*"
4 match http header Host header-value ".*abhisarindia.com*"
6 match http header Host header-value ".*indiaabhi.com*"
So just want to confirm if this is fine.
Thank You,
Abhisar.Dear Rajesh,
Thank you for reply. I will let you know once I carry out this activity.
Thank You,
Abhisar. -
LoadBalancer and BIG IP Setting for Workspace/Planning
Hi,
I recently migrated our Planning applications from System 9.3.1 to System 11.1.2.1 successfully. One of the things we setup in this process was a virtual IP Address to which two server IPs were assigned as well as the 19000 port. This was done to divert reduce the load of logins on one server as well as prepare for a server crash.
The virtual IP address was created successfully and the loadbalancer is able to divert multiple connections to a default algorithm set on the loadbalancer hardware.
However, when i login to the Workspace via my IE. I see that under Navigate->Planning->Application, there is a long string that is displayed instead of "Planning". I was asked to ensure "Persistence" is setup on the loadbalancer and it was confirmed that indeed "cookie persistence" was setup. However, the issue still exists.
I also tried to change a few files residing in the Oracle Folder on the Planning server and the issue still exists. Lastly, i changed the "cookie persistence" to "IP Persistence" with "Source address"persistence as the default setting. The issue still exists.
I have asked Oracle for any documentation that recommends the proper setting and unfortunately there is one and it is for "EPMA" and not for Planning (As i assume the issue is with the "Planning" label.
Anyone else who has come across this issue and what is the best way to resolve this?Hi,
we had also some difficulties with that buttons and now we solved it with a command bar with different buttons and menus coded in vba.
Was a bit tricky but its was the best way to have a lot of functions on a single workbook.
We used the standard analyzer buttons to do maintain the sequences on a hiden sheet and in vba we connected the buttons/menu entries with vba:
For generatig a command bar in vba but in a module:
Set sb = CommandBars.Add("NAME_OF_COMMANDBAR")
With sb
.Visible = True
.Top = 400
.Left = 400
End With
Set TopMenu = CommandBars("NAME_OF_COMMANDBAR")
With TopMenu
.Controls.Add(Type:=msoControlButton, before:=1).Caption = "SAVE" '4
.Controls("Sichern").FaceId = 270
.Controls("Sichern").OnAction = "Tabelle4.BUTTON_11_Click"
End With
Best Regards,
Thomas -
Hi ,
Can I deploy a webapp or application on two nodes in a cluster such that they are the whole webapp is failed over when one node goes down , but the app is not load balanced. That is I want the webapp to work only on one node at a time. When this node goes down , all requests to the webapp are routed to the next node only , even if node one were to be recovered after some time.No, there is no easy way to have failover without loadbalancing. But, assuming that you are only using one application, you may be able to get close.
Setup loadbalancing with weighted round robin and assign the "primary" with a very large weight. (You may even be able to assign the "secondary" a weight of zero, but I haven't tested this.) Then setup the application with sticky loadbalancing.
This will force nearly all of the requests to be sent to the primary. But in a failover condition all requests will be sent to the remaining server. The sticky loadbalancing will enforce your second requirement: that once node 1 resumes that requests continue to node 2. -
Forms6i Server (9iAS R1.x) loadbalancing using Oracle Web Cache
Hello,
I have read that it's possible to use Oracle Web Cache as a software load balancer between multiple Application Servers.
We are running Oracle9iAS R1.0.2.2.2a, with Forms/Reports6i servers on 2 Win2k boxes i.e our Forms6i application is deployed on two seperate boxes in two distinct locations. Users at each location, use their respective App Server url.
Since the application is the same i.e. Forms6i code/fmx is the same for both locations, I am looking into loadbalancing and failover capability that Web Cache might be able to provide.
So basically all users from both locations will point their browser to this Web Cache and the Web Cache will direct each connection to either of the two boxes. So, if either of the boxes dies, Web Cache will divert the requests to the other box.
My concern is whether Web Cache supports this for the Forms requests that it will receive from the users. We are using Servlet Deployment of Forms.
Has anyone done this or has any ideas as to whether it's going to work or not?
Thanks,
ManishManish,
we tested this but came across problem with Webcache that have to do with the jsession Forms uses. This is fixed for Oracle9iAS 9.0.2.x. So if you want to run Forms with Webcache in front, then please do this using the latest version of Oracle9iAS V2 Webcache. For Oracle9iAS V1 and Forms Services we recommend not to use Webcache but do the load balancing via JServ.
Frank -
Best practice SSL End-to-End in Exchange 2010 CAS loadbalancing
Hi,
I was wondering if there is a best practice for deploying SSL End-to-End in Exchange 2010 CAS loadbalancing.
We have ACE modules A5(1.1) and ANM 5.1(0), although there seems to be a template available in ANM it doesn't work. It throws a error when deploying, i believe the template is corrupt.
As I am undersome pressure to deploy this asap I am looking for a sample config. I found one for SSL offloading, but I need one for End-to-End SSL.
Thanks in advance,
DionHi Dion,
You can open up a case with TAC to have that template reviewed and confirm if the problem is at the ACE or ANM side.
In the meantime here is a nice example for End-To-End SSL that can help you to get that working:
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
For CAS load balancing there's nothing special other than opening the right ports, I'd advise you to get SSL working first and take it from there, if any problem comes up you can post it here and we'll give you a hand.
HTH
Pablo -
ACE 4710 Loadbalancer Weblogic Issues
Hi Guys,
Having some issues with my Loadbalancer and weblogic. Eventually i want to SSL Forwarding and everything set up but as of now I can only access the VIP under port 7001 (default weblogic port.) How would i get it so I can access via HTTP. My Config is below.
PA-ACE-4700-SLB/Admin# changeto Prod-Support
PA-ACE-4700-SLB/Prod-Support# show run
Generating configuration....
access-list allow line 8 extended permit ip any any
probe icmp PROBE_SERVICE_ICMP
interval 5
passdetect interval 5
receive 5
probe tcp TCP443_PROBE
port 443
interval 5
passdetect interval 5
receive 5
connection term forced
open 2
probe tcp TCP7001_PROBE
port 7001
interval 5
passdetect interval 5
receive 3
connection term forced
open 2
probe tcp TCP80_PROBE
interval 5
passdetect interval 5
receive 3
connection term forced
open 2
rserver host 228-WLS11host1
ip address 192.168.211.228
inservice
rserver host 229-WLS11host2
ip address 192.168.211.229
inservice
serverfarm host WLS11-7001
probe TCP7001_PROBE
rserver 228-WLS11host1
inservice
rserver 228-WLS11host1 7001
rserver 229-WLS11host2
inservice
rserver 229-WLS11host2 7001
sticky http-cookie ACE_COOKIE-7001 7001_STICKY
cookie insert browser-expire
replicate sticky
serverfarm WLS11-7001
class-map type http loadbalance match-any L5
2 match http url .*
class-map match-all WLS11-7001-CLASS
2 match virtual-address 192.168.211.50 tcp any
policy-map type loadbalance first-match WLS11-7001-Policy
class L5
sticky-serverfarm 7001_STICKY
policy-map multi-match WLS11-SLB
class WLS11-7001-CLASS
loadbalance vip inservice
loadbalance policy WLS11-7001-Policy
loadbalance vip icmp-reply active
nat dynamic 1 vlan 1000
interface vlan 1000
ip address 192.168.211.226 255.255.255.0
access-group input allow
nat-pool 1 192.168.211.50 192.168.211.50 netmask 255.255.255.255 pat
service-policy input WLS11-SLB
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.211.235
Thanks for any help you can provide.Hummm,
Andy
1) Can you modify this?
class-map type http loadbalance match-any L5
2 match http url .*
to look like this:
class-map type http loadbalance match-any L5
2 match http url /.*
2)Can you do this:
serverfarm host WLS11-7001
probe TCP7001_PROBE
rserver 228-WLS11host1 7001
inservice
rserver 229-WLS11host2 7001
inservice
3)Can you clear all the browser´s cookies and/or open a new browser window? It might be possible that some clients are stuck to the servers with does not have hardcoded the port.
4)Can you do: clear stats loadbalance?(won´t affect anything)
5)Then generate traffic
6)Then get:
#show service-policy WLS11-SLB class-map WLS11-7001-CLASS detail
#show stat http
Jorge -
Do i need JCO Destination XI to Backend when the Systems are loadbalanced?
Hi there,
i have a problem. A company is sending data to our ECC System over our XI System.
In our consolidation System all works perfect.. no problems.. the consolidation Systems are single Instances. No load balancing or something.
I now transported the whole Scenario to our production Systems
XI Production and Backend ECC Production
Our Production ECC is loadbalanced.
Now the company gets an error when they want to connect to our Systems.
In the XI i see the following error:
<SAP:AdditionalText>com.sap.aii.af.ra.ms.api.DeliveryException: RfcAdapter: receiver channel has static errors: can not instantiate RfcPool caused by: com.sap.aii.af.rfc.RfcAdapterException: error initializing RfcClientPool:com.sap.aii.af.rfc.core.repository.RfcRepositoryException: can not connect to destination system due to: com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to message server host failed Connect_PM TYPE=B MSHOST=10.2.22.93 GROUP=MF_ALL R3NAME=MFP MSSERV=sapmsMFP PCS=1 LOCATION CPIC (TCP/IP) on local host with Unicode ERROR service 'sapmsMFP' unknown TIME Tue May 12 16:01:28 2009 RELEASE 700 COMPONENT NI (network interface) VERSION 38 RC -3 MODULE nixxhsl.cpp LINE 776 DETAIL NiHsLGetServNo: service name cached as unknown COUNTER 1</SAP:AdditionalText>
I checked the etc/services also the SLD connection etc...
it works all fine.
In our Consolidation System there are NO JCO Destinations from our XI to our backend.
Do i need JCO Destination to our backend if the backend is loadbalanced?
Please help
Thanks
BjoernHi Bjoern,
The error that I see here, I suppose is from the communication channel as seen in the SXI_MONITOR.
When the XI system connects to the ECC system through the RFC communication channel, it uses the JCO connections.
As you have mentioned , the Production ECC system is Load Balanaced, the communication channel settings and configurations will be different than Quality and the development environment.
Refer the following link for configuring the communication channel for Load Balanced systems:
http://help.sap.com/saphelp_nw70/helpdata/EN/c8/e80440a832e369e10000000a155106/content.htm
Regards,
Alka. -
Standby cisco ACE loadbalancer issues (network connectivity)
Hi ALL,
We are having issues with the secondary (standby) load balancer ACE module on a 6500 switch. We see that the loadblanacer is not able to get onto the network which leads to problem with fault tolerance as well. Following is the ft status found on the load balancer for one of the contexts (this is the same pattern seen on all the contexts).
switch/Admin# sh ft group status
FT Group : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
Peer State : FSM_FT_STATE_UNKNOWN
Peer Id : 1
No. of Contexts : 1
Sh arp on all the contexts shows the gateway/rserver to be unreachable. Please find the screenshot below for one of the contexts (the same pattern is seen on the LB for all other contexts)
switch/1_Context# sh arp
Context CSD_Context
================================================================================
IP ADDRESS MAC-ADDRESS Interface Type Encap NextArp(s) Status
================================================================================
172.21.128.97 00.00.00.00.00.00 vlan942 GATEWAY - dn
172.21.128.103 00.0b.fc.fe.1b.09 vlan942 ALIAS LOCAL _ up
172.21.128.105 00.12.43.dc.93.23 vlan942 INTERFACE LOCAL _ up
7.0.0.4 00.0b.fc.fe.1b.09 vlan943 NAT LOCAL _ up
- 7.0.0.6
172.21.147.196 00.0b.fc.fe.1b.09 vlan943 ALIAS LOCAL _ up
172.21.147.198 00.12.43.dc.93.24 vlan943 INTERFACE LOCAL _ up
172.21.147.200 00.00.00.00.00.00 vlan943 RSERVER - * 3 req dn
172.21.147.202 00.00.00.00.00.00 vlan943 RSERVER - * 2 req dn
172.21.147.204 00.00.00.00.00.00 vlan943 RSERVER - dn
172.21.147.206 00.00.00.00.00.00 vlan943 RSERVER - dn
172.21.147.208 00.00.00.00.00.00 vlan943 RSERVER - * 3 req dn
172.21.147.210 00.00.00.00.00.00 vlan943 RSERVER - * 2 req dn
172.21.147.212 00.00.00.00.00.00 vlan943 RSERVER - * 1 req dn
172.21.147.214 00.00.00.00.00.00 vlan943 RSERVER - * 1 req dn
172.21.147.216 00.00.00.00.00.00 vlan943 RSERVER - * 3 req dn
7.0.0.1 00.0b.fc.fe.1b.09 vlan943 NAT LOCAL _ up
- 7.0.0.3
The problem is that we see the problem only on the secondary loadbalancer. primary is just running file
also i can see some traffic denial in admin context for resource usage
switch/Admin# sh resource usage
Allocation
Resource Current Peak Min Max Denied
Context: Admin
conc-connections 9 9 160000 6560000 0
mgmt-connections 0 46 2000 82000 0
proxy-connections 0 4 20972 859830 0
xlates 0 0 20972 859830 0
bandwidth 0 17715713 10000000 535000000 5799749
throughput 0 17710993 10000000 410000000 5799749
mgmt-traffic rate 0 4720 0 125000000 0
connection rate 0 43 20000 820000 0
ssl-connections rate 0 0 100 4100 0
mac-miss rate 0 1 40 1640 0
inspect-conn rate 0 0 120 4920 0
acl-memory 56336 56336 1570072 64460552 6
sticky 0 0 83886 0 0
regexp 0 0 20972 859832 0
syslog buffer 82944 82944 82944 3447808 0
syslog rate 0 44 2000 82000 25
Context: INTEGRATION_Context
conc-connections 0 3934 160000 0 0
mgmt-connections 0 98 2000 0 0
proxy-connections 0 33 20972 0 0
xlates 0 0 20972 0 0
bandwidth 0 10019910 10000000 125000000 40857
throughput 0 10000000 10000000 0 40857
mgmt-traffic rate 0 19910 0 125000000 0
connection rate 0 49 20000 0 0
ssl-connections rate 0 0 100 0 0
mac-miss rate 0 32 40 0 0
inspect-conn rate 0 58 120 0 0
acl-memory 11920 11920 1570072 0 0
sticky 0 1 83886 0 0
regexp 0 0 20972 0 0
syslog buffer 0 82944 82944 3447808 0
syslog rate 0 312 2000 0 0
these above 2 contexts are the only one which has bandwidth resource usage exceeding the limit. but i somehow am not sure if this is the issue. as there is just no traffic on the secondary .. then how can the bandwidth reach the threshold? can anyone throw some light on the below issue?
thanks and regards
kiranvlan on Standby_ACE switch
svclc multiple-vlan-interfaces
svclc module 1 vlan-group 1,4,12,13,
svclc vlan-group 1 968
svclc vlan-group 12 132
svclc vlan-group 13 367-372,374,375,379,380,538,805,807,808,818,913,915
svclc vlan-group 13 917-920,922-924,933,934,937,938,942-949,972,976-979,983
svclc vlan-group 13 984
ip subnet-zero
no ip source-route
vlans on standby ACE
switch/Admin# sh vlans
Vlans configured on SUP for this module
vlan132 vlan360 vlan367-375 vlan379-380 vlan538 vlan805 vlan807-808 vlan818 vlan913 vlan91
5 vlan917-920 vlan922-924 vlan930 vlan933-934 vlan937-938 vlan942-949 vlan968 vlan971-972 v
lan976-979 vlan983-984
switch/Admin#
Active_LB_host_switch is the switch hosting the active ACE thats connected on ten7/4 and 8/4 which is bundeled and made into
port-channel (po72)
CDP neighbor hosting the active ACE
Active_LB_host_switch
Ten 7/4 148 R S I WS-C6513 Ten 7/4
Active_LB_host_switch
Ten 8/4 156 R S I WS-C6513 Ten 8/4
Po72 allows all the vlans which is the configured for ACE modules.
Port Vlans allowed on trunk
Po72 132,140,181,359-383,538,668,702,805-808,815-816,818-820,836,907,909-920,922-925,
929-935,937-949,967-973,976-984,987,3212
vlan 968 is the FT vlan and the same hass been allowed on the trunk port.
everything looks good to me but still not sure why isnt the ACE module not coming to the network. it was working fine
a few months back but all of a sudden it lost the network connectivity. i am not even able to ping the physical ip of the
ACE module.
thanks and regards
kiran -
ACE MODULE IN BRIDGE MODE NOT LOADBALANCING
Hi,
I setup an ace module in bridge mode as follows:
mfsc(vla80) > (vla80)outside fwsm, fwsm inside(vla40) > (vla40)ace-clientside, aceserverside(vla41)
and the servers have the fwsm svi(vla40) as their gateway. But, the ace is not loadbalancing.
The config script is attached. Is their anything I am missing?
AttachCheck my troubleshooting guide on this forum.
There are few things to do to narrow down the issue.
Gilles. -
Using HTTPS between loadbalancer and appserver 70
Hi,
Sorry to spam the forums but I feel that the original poster should have posted this here.
http://swforums.sun.com/jive/thread.jspa?threadID=49584
ThanksI get the exact same error.
I have setup two instances of access manager on two different machines and set them up on SSL using internally created certificates. Stand-alone, these two work perfectly.
When I setup Load Balancer on two OTHER AM's running on http, the load balancer ALSO works fine (as in the document at: http://developers.sun.com/prodtech/identserver/reference/techart/load-balancing.html)
However, if I specify the two servers in the loadbalancer.xml in the config for web-server instance with the load balancer plugin as the SSL enabled access managers, I receive the following error:
[26/Jul/2006:11:23:31] failure (17309): AttributeInstanceListeners.cpp@95: reports: lb.router: XML_VALIDATOR_WARNING: No listeners configured on the instance. For the instance instance1 to be considered for Load Balancing, at least one listener needs to be configured. [26/Jul/2006:11:23:31] info (17309): reports: lb.runtime: RNTM3003 : Error servicing the request : No server to handle
Any help on this would be appreciated. -
Loadbalancing HTTPS with stickyness
Hi all,
We 'd like to do HTTPS loadbalancing with stickyness ( cookie stickyness).
Is it possible ? how to configure It.
I've tryed to configure as following but it seems that the client does not receive the cookie.
sticky http-cookie INAMI-OWA-PRD INAMI-OWA-STICKY
cookie insert browser-expire
timeout 60
replicate sticky
serverfarm ISA-PRD-EXCHANGE-OWA-SF
serverfarm host ISA-PRD-EXCHANGE-OWA-SF
description Serverfarm used for Exchange OWA (portal.inami.be) in production
probe ICMP-PROBE-ALL
probe ISA-PRD-HTTPS-EXCHANGE-OWA-PROBE
rserver ISA-DMZ-PRD-1
inservice
rserver ISA-DMZ-PRD-2
inservice
rserver ISA-DMZ-PRD-3
inservice
class-map match-any ISA-VIP-PRD-EXCHANGE-OWA
2 match virtual-address xxx.xxx.xxx.xxx tcp eq https
policy-map type loadbalance first-match SLB-PRD-EXCHANGE-OWA
class class-default
sticky-serverfarm INAMI-OWA-STICKY
policy-map multi-match ISA-PRD-LOADBALANCING
class ISA-VIP-PRD-EXCHANGE-OWA
loadbalance vip inservice
loadbalance policy SLB-PRD-EXCHANGE-OWA
loadbalance vip icmp-reply
nat dynamic 117 vlan 117
Could someone help us on implementing the sticky on https traffic?
Thanks a lot.
FrédéricHello Frédéric,
If you are load-balaning SSL, then you can not perform sticky via a Cookie (insert / learning). The reason for this is that the SSL data is encrypted and the ACE will not be able to insert a Cookie or learn a Cookie with encrypted data. If you are performing SSL termination or End-to-End SSL (termination and initiation) then you would be able to perform sticky via Cookie (insert / learning). When load-balancing SSL, your sticky options are either sticky via SSL Session ID or via SRC IP.
The one major issue with SSL Session ID sticky is that some older I.E. browsers may re-negotiate SSL Session ID every two minutes which may cause the SSL user to get load-balanced to a different Rserver. This is also explained in via the following knowledge base article http://support.microsoft.com/kb/265369
Here are a couple of examples covering both SSL Session id sticky as well as SRC IP sticky:
SSL Session ID Example:
parameter-map type generic SSLID_PARAMMAP
set max-parse-length 70
serverfarm host ISA-PRD-EXCHANGE-OWA-SF
description Serverfarm used for Exchange OWA (portal.inami.be) in production
probe ICMP-PROBE-ALL
probe ISA-PRD-HTTPS-EXCHANGE-OWA-PROBE
rserver ISA-DMZ-PRD-1
inservice
rserver ISA-DMZ-PRD-2
inservice
rserver ISA-DMZ-PRD-3
inservice
sticky layer4-payload SSL-STICKY
timeout 30
serverfarm ISA-PRD-EXCHANGE-OWA-SF
response sticky
layer4-payload offset 43 length 32 begin-pattern "\x20"
policy-map type generic first-match SLB-PRD-EXCHANGE-OWA
class class-default
sticky-serverfarm SSL-STICKY
policy-map multi-match ISA-PRD-LOADBALANCING
class ISA-VIP-PRD-EXCHANGE-OWA
loadbalance vip inservice
loadbalance policy SLB-PRD-EXCHANGE-OWA
loadbalance vip icmp-reply
appl-parameter generic advanced-options SSLID-PARAMMAP
nat dynamic 117 vlan 117
SRC IP Example::
serverfarm host ISA-PRD-EXCHANGE-OWA-SF
description Serverfarm used for Exchange OWA (portal.inami.be) in production
probe ICMP-PROBE-ALL
probe ISA-PRD-HTTPS-EXCHANGE-OWA-PROBE
rserver ISA-DMZ-PRD-1
inservice
rserver ISA-DMZ-PRD-2
inservice
rserver ISA-DMZ-PRD-3
inservice
sticky ip-netmask 255.255.255.255 address source SRCIP-STICKY
timeout 30
serverfarm ISA-PRD-EXCHANGE-OWA-SF
policy-map type generic first-match SLB-PRD-EXCHANGE-OWA
class class-default
sticky-serverfarm SRCIP-STICKY
policy-map multi-match ISA-PRD-LOADBALANCING
class ISA-VIP-PRD-EXCHANGE-OWA
loadbalance vip inservice
loadbalance policy SLB-PRD-EXCHANGE-OWA
loadbalance vip icmp-reply
nat dynamic 117 vlan 117
I hope this information helps.
Thank you,
Antonios -
CSS 11500 - how does Firewall loadbalancing works
Hi,
can someone explain me, how firewall loadbalancing exactly works ?
1. how is the algorithm to choose which FW is used (src address, destination address or ports) ?
2. how can I troubleshoot or view an active firewall loadbalanced flow ?
Is there a kind of sticky table which I can view ?
3. Are there some documents, which describe the fw loadbalancing issue ?
thanks in advanceHello,
1. The CSS uses the source and destination IP addresses in the algorithm to calculate which firewall to use for each flow.
2. show flow srcip dstip allows you to see which flow goes on which firewall.
3. basic description here: http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080157803.html
Maybe you are looking for
-
PDF exported from Pages (mountain lion) results in jagged font not smooth
I am using Mac air mid-2012 + Mountain Lion (OS X 10.9.4) + Pages (5.2) I used Arial - Regular - font 12 pt to write a resume. After I export to PDF the font on pdf looks anti-aliased, jagged not smooth on 100% scale. The font in Pages is ok. I expor
-
File icons on desktop sometimes vary appearance!!
I notice randomly that PDF files on my DT appear either as the std Adobe PDF graphic, but also as the preview of the PDF itself (which I'd have thought is how they're supposed to appear). It's not a great deal, but more concerning as to why it random
-
Test box web item not exporting to PDF
HI all I am new to WAD , i have developed a report and published in portal , my client want to pass some comments about the report and export it to PDF through portal. I have used a Textbox webitem to write comments but it not getting exported to PDF
-
hi forms gurus, we use forms 9i on a LINUX/IAS server.But since 2 days ago, the following errors appeared when we try to access to our application using the browser: FRM-92100:Your connection to the server was interrupted oracle.forms.net.ConnectionE
-
Preserving whitespace in Run element
When formatting a paragraph as so - <RichTextBlock><Paragraph xmlns='http://schemas.microsoft.com/winfx/2006/xaml/presentation'> <Run></Run> <InlineUIContainer><TextBlock >Words here</TextBlock></InlineUIContainer> <Run xml:space="preserve"> </Run> <