MPLS, GRE (with no IPSEC) & Dynamic Routing

Similar Messages

• Dynamic Routing Gateway and ASA

  Greetings,
  We have a requirement to configure a multisite gateway and have run into an issue. According to http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx, dynamic routing gateways are not supported on the ASA platform. Does this simply mean that MS does
  not support this configuration or that this configuration is not possible? I cannot negotiate an ikev2 proposal with a dynamic gateway so I fear that it isn't possible.
  Has anyone here made this work?
  Thanks in advance.

  Hello
  In the link you provided, the combination of ASA with dynamic routing says it is not compatible (it does not say not supported).
  From that I understand that it will not work.
  We have tried a few Juniper combinations in the past with static and dynamic routing that were not on the list you mention - only to find out that they indeed did not work.
  My recommendation is to stick to the supported setup.

• What is the preferred dynamic routing over l2l/ipsec?

  what is the preferred dynamic routing over l2l/ipsec?
  Sent from Cisco Technical Support iPhone App

  Disclaimer
  The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
  Liability Disclaimer
  In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
  Posting
  Pretty much what you might use if not IPSec.
  Do you have some reason why IPSec should have a preferred routing protocol or are you just wondering if there is a preferred routing protocol for IPSec?

• Dynamic routing for a Business Service with multiple operations

  I have two business services with multiple operations. Business service A (bsA) has operations OpA1 and OpA2. Business service B (bsB) has operations OpB1 and OpB2.
  Depending on incoming Proxy message and operation, I have to do one of the following
  1. If someValue = A and operation= Op1 then invoke operation opA1 of bsA
  2. If someValue = B and operation= Op1 then invoke operation opB1 of bsB
  3. If someValue = C and operation= Op1 then invoke operation opA1 of bsA AND* operation opB1 of bsB and return aggregate data of both invocations
  1. If someValue = A and operation= Op2 then invoke operation opA2 of bsA
  2. If someValue = B and operation= Op2 then invoke operation opB2 of bsB
  3. If someValue = C and operation= Op2 then invoke operation opA2 of bsA AND* operation opB2 of bsB and return aggregate data of both invocations
  Using a dynamic route node or dynamic routing options, I am able to achieve cases 1, 2, 4, and 5.
  But for cases 3 & 6, I can not use a route node. When I use a Service call out instead, then I am forced to create a Operational branch but that does not seem like the best design since for every new operation added to the business services, I have to add a new branch to the Operational branch and redo all the functionality for that branch.
  Basically, I am looking to achieve the functionality of the Route node ( no need to specify the operation ).
  Any thoughts/ideas on what the best design would be?
  thanks

  For cases 3 & 6, why don't you route to another proxy service where you can simple do two service callouts, merge output data somehow and return them to the first proxy?
  If you look for "special route feature", that could possibly call two services for a single message, I'm afraid you won't succeed.

• OSB: Static Vs Dynamic Routing With "Get All Headers"

  Hi
  How Static and Dynamic Routing works when calling Business Service pointing to a service inside or out-side the domain with respect to carrying "Get All Headers".
  The scenario is
  I have two BIZ services of http protocol, B1 pointing to a serive with-in the same domain and B2 pointing to a serivce outside the domain.
  Now i am calling both BIZs throught Static and Dynamic Routing
  1. Proxy X calls BIZ1 using Static Routing
  2. Proxy X calls BIZ1 using Dynamic Routing
  3. Proxy X calls BIZ2 using Static Routing
  4. Proxy X calls BIZ2 using Dynamic Routing
  Question: In all 4 cases, does "Get All Headers" get passed to called service?. How is the behaviour?
  Thanks
  Venkata Madhu

  If you're getting errors like -
  ORA-12514: TNS:listener does not currently know of service requested in connect
  And you're database has been started you can -
  'alter system register'
  and that will register the database with the listener.
  If you are trying to start up databases remotely you need to have a static entry (listener.ora entry) otherwise you will not be able to connect to the database and will get the above error. I've seen people connect remotely, shutdown the database, try startup and they are not able to. Good way to shoot yourself in the foot.

• Dynamic Routing with VPN and multiple Peers

  I have several sites that connect to my primary host site (ASA5525-X) via LAN to LAN tunnels and currently all internal host routing is static. I need to implement a backup host site (ASA5520) for the remote sites to connect to. I know that I can add additional peers on each remote site for the host sites. However, I need to be able to do dynamic routing, so that if does not matter which site they are connected to the internal networks will learn where to route the traffic. I am running OSPF on my internal networks at both Primary and Backup host sites and they have an internal connection between the two sites.
  Is there a way to accomplish this on the ASAs?
  Thanks,
  Doug

  To make perhaps my question a little more clear, this is an example of how I would the result to look like
  http://www.latitudes.co.uk/dept_search_pages/search_provence.php
  where the labels with the checkboxes are retrieved from the 'category' table and when one or more boxes are ticked, the corresponding values are used to make the selection in the WHERE statement in the MySQL query.
  Hope someone can help me out.
  Erik

• Good CCIE question: Can multiple site-2-site VPNs support dynamic routing protocols?

  Hi All,
  Was not sure if this should be posted in LAN routing, WAN routing or VPN forums: I have posted here as the VPN tunnels are the limiting factors...
  I am trying to understand if it is possible to have dynamic routing between LANs when using site to site VPNs on three or more ASA55x5-x (9.0).
  To best explain the question I have put together an example scenario:
  Lets say we have three sites, which are all connected via a separate site-2-site IKEv2 VPNs, in a full mesh topology (6 x SAs).
  Across the whole system there would be a 192.168.0.0/16 subnet which is divided up by VLSM across all sites.
  The inside / outside interfaces of the ASA would be static IPs from a /30 subnet.
  Routing on the outside interface is not of concern in this scenario.
  The inside interface of the ASA connects directly to a router, which further uses VLSM to assign additional subnets.
  VLSM is not cleanly summarised per site. (I know this flys against VLSM best practice, but makes the scenario clearer...)
  New subnets are added and removed at each site on a frequent basis.
  EIGRP will be running on each core router, and any stub routers at each site.
  So this results in the following example topology, of which I have exaggerated the VLSM position:
  (http://www.diagram.ly/?share=#OtprIYuOeKRb3HBV6Qy8CL8ZUE6Bkc2FPg2gKHnzVliaJBhuIG)
  Now, using static route redistribution from the ASAs into EIGRP and making the ASAs to be an EIGRP neighbour, would be one way. This would mean an isolated EIGRP AS per site, but each site would only learn about a new remote subnet if the crypto map match ACL was altered. But the bit that I am confused over, is the potential to have new subnets added or removed which would require EIGRP routing processes on the relevant site X router to be altered as well as crypto map ACLs being altered at all sites. This doesn't seem a sensible approach...
  The second method could be to have the 192.168.0.0/16 network defined in the crypto map on all tunnels and allow the ASAs routing table to chose which tunnel to send the traffic over. This would require multiple neighbours for the ASA, but for example in OSPF, it can only support one neighbour over a S2S VPN when manually defined (point-to-point). The only way round this I can see is to share our internal routing tables with the IP cloud, but this then discloses information that would be otherwise protected by the IPSEC tunnel...
  Is there a better method to propagate the routing information dynamically around the example scenario above?
  Is there a way to have dynamic crypto maps based on router information?
  P.S. Diagram above produced via http://www.diagram.ly/

  Hi Guys,
  Thanks for your responses!  I am learning here, hence the post.
  David: I had looked in to the potential for GRE tunnels, but the side-effects could out weight the benifits.  The link provided shows how to pass IKEv1 and ISAKMP traffic through the ASA.  In my example (maybe not too clear?) the IPSEC traffic would be terminated on the ASA and not the core router behind.
  Marcin: Was looking at OSPF, but is that not limited to one neighbour, due to the "ospf network point-to-point non-broadcast" command in the example (needed to force the unicast over the IPSEC tunnel)? Have had a look in the ASA CLI 9.0 config guide and it is still limited to one neighbour per interface when in point-to-point:
  ospf network point-to-point non-broadcastSpecifies the interface as a point-to-point, non-broadcast network.When you designate an interface as point-to-point and non-broadcast, you must manually define the OSPF neighbor; dynamic neighbor discovery is not possible. See the "Defining Static OSPFv2 Neighbors" section for more information. Additionally, you can only define one OSPF neighbor on that interface.
  Otherwise I would agree it would be happy days...
  Any other ideas (maybe around iBGPs like OSPF) which do not envolve GRE tunnels or terminating the IPSEC on the core router please?
  Kindest Regards,
  James.

• Dynamic Routing for Failover L2L VPN

  Hi,
  Can someone offer me some guidance with this issue please?
  I've attached a simple diagram of our WAN for reference.
  Overview
  Firewall is ASA 5510 running 8.4(9)
  Core network at Head Office uses OSPF
  Static routes on ASA are redistributed into OSPF
  Static routes on ASA for VPN are redistributed into OSPF with Metric of 130 so redistributed BGP routes are preferred
  Core network has a static route of 10.0.0.0/8 to Corporate WAN, which is redistributed into OSPF
  Branch Office WAN uses BGP - Routes are redistributed into OSPF
  The routers at the Branch Office use VRRP for IP redundancy for the local clients default gateway.
  Primary Branch Office router will pass off VRRP IP to backup router when the WAN interface is down
  Backup BO router (.253) only contains a default route to internet
  Under normal operation, traffic to/from BO uses Local Branch Office WAN
  If local BO WAN link fails, traffic to/from BO uses IPSec VPN across public internet
  I'm trying to configure dynamic routing on our network for when a branch office fails over to the IPsec VPN. What I would like to happen (not sure if it's possible) is for the ASA to advertise the subnet at the remote end of the VPN back into OSPF at the Head Office.
  I've managed to get this to work using RRI, but for some reason the VPN stays up all the time when we're not in a failover scenario. This causes the ASA to add the remote subnet into it's routing table as a Static route, and not use the route advertised from OSPF from the core network. This prevents clients at the BO from accessing the Internet. If I remove the RRI setting on the VPN, the ASA learns the route to the subnet via the BO WAN - normal operation is resumed.
  I have configured the metric of the static routes that get redistributed into OSPF by the ASA to be higher than 110. This is so that the routes redistributed by BGP from the BO WAN into OSPF, are preferred. The idea being, that when the WAN link is available again, the routing changes automatically and the site fails back to the BO WAN.
  I suppose what I need to know is; Is this design feasible, and if so where am I going wrong?
  Thanks,
  Paul

  Hi Paul,
  your ASA keeps the tunnel alive only because that route exists on ASA.  Therefore you have to use IP-SLA on ASA to push network taffic "10.10.10.0/24" based on the echo-reply, by using IP-SLA
  Please look at example below, in the example below shows the traffic will flow via the tunnel, only in the event the ASA cannot reach network 10.10.10.0/24 via HQ internal network.
  This config will go on ASA,
  route inside 10.10.10.0 255.255.2550 10.0.0.2 track 10
  (assuming 10.0.0.2 the peering ip of inside ip address of router at HO)
  route outside 10.10.10.0 255.255.255.0 254 xxx.xxx.xxx.xxx
  (value 254 is higher cost of the route to go via IPSec tunnel and x =  to default-gateway of ISP)
  sla monitor 99
  type echo protocol ipIcmpEcho 10.10.10.254 interface inside
  num-packets 3
  frequency 10
  sla monitor schedule 99 life forever start-time now
  track 10 rtr 99 reachability
  Let me know, if this helps.
  thanks
  Rizwan Rafeek

• Dynamic routing through VPN on ASA

  I have an environment with multiple remote offices connecting to the an ASA at the core. Currently we create seperate IPSec tunnels to each subnet that the remote office needs to connect to. We would like to enable dynamic routing to allow access to all the networks through one tunnel. The SOHO routers at the remote sites will support RIP V1 and V2. Can I enable RIP in my ASAs in a way that will propogate only the routes coming through the VPN tunnels? I can then redistribute them through EIGRP in my core routers.
  Thanks

  Erick,
  I guess I fall into the hairpinning catagory. Playing with different traceroutes and pings I am going back out the internet via the default route for the concentrator and ASA. If I traceroute from my client back to a system on the inside there are four hops and they make sense. If I traceroute from the client to say google then I have about 16 hops and it does complete. I am now trying to figure out why HTTP to say google does not work. I am thinking that may be somethign up with my cloud firewall provider. That is what started this whole thing in the first place.
  I was just wodering if there was a way to have the default route for just my Address pool point back towards the inside. I guess that would be a NAT to a new VLAN on the inside?
  Brent

• Dell Sonicwall Dynamic Routing Device Support

  Up until November 24, 2014 the known compatible VPN devices here
  http://msdn.microsoft.com/en-us/library/azure/jj156075.aspx listed Dell Sonicwall as compatible. The page was updated November 24, and Dell Sonicwall is now listed as Not Compatible.
  Can someone please explain what changed, and why Sonicwall is no longer compatible?

  Hi All,
  The Device has been removed from the compatibility list for Dynamic Configuration after repeated complaints from customers about intermittent performance.
  On analysis it was gathered that the device works in a dynamic (route-based) mode only when SonicWall VPN initiates the IPSEC negotiations.
  When Azure Gateway initiates the IPSEC negotiations, it fails.
  Also DELL's official Website states Route-Based VPN using Tunnel Interface is not supported for third party devices.
  For details you could refer the following link.
  https://support.software.dell.com/kb/sw7902
  If you still need assistance with the device, you might have to get in touch with DELL Support.
  Regards,
  Malar.

• MPLS-TE with PBR

  Hi,
  I'm trying some configurations MPLS-TE with PBR in 7600 with SRC3 code and has not been able to make it work.
  I have tried CBTS and regular autoroute tunnels and they work fine but not a regular mpls-te with PBR.
  I've been following sample configurations and still not been able to make it work.
  The lab has the following setup:
  CE1->PE1->P->PE2->CE2
  The configuration at PE1 looks like this:
  interface GigaEthernet2/1
  description Connection to CE1
  ip vrf forwarding test
  ip address 10.1.1.1 255.255.255.252
  ip policy route-map PBR_in
  interface Tunnel105
  description MPLS-TE Test
  ip unnumbered Loopback0
  mpls ip !<-- also have tried without mpls
  tunnel destination 172.16.100.22
  tunnel mode mpls traffic-eng
  tunnel mpls traffic-eng priority 3 3
  tunnel mpls traffic-eng bandwidth sub-pool 250
  tunnel mpls traffic-eng affinity 0x0 mask 0x0
  tunnel mpls traffic-eng path-option 1000 dynamic
  no routing dynamic
  route-map PBR_in permit 10
  match ip address CE_Loops
  set mpls-label !<-- also have tried without this
  set interface Tunnel105 !<-- also have tried set ip next-hop <remote-loop>
  route-map PBR_in permit 100
  ip access-list extended CE_Loops
  10 permit ip host 1.1.1.1 host 2.2.2.2
  20 permit ip host 2.2.2.2 host 1.1.1.1
  And I can see the counters of Tunnel 105 going up but no response, nor any debugging related to it.
  sh int tun 104
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Last input never, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
  0 packets input, 0 bytes, 0 no buffer
  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
  2364 packets output, 168564 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 unknown protocol drops
  0 unknown protocol drops
  0 output buffer failures, 0 output buffers swapped out
  I have done "debug mpls packet" and but I can't see anything related to labels going on.
  What am I missing? Is MPLS-TE with PBR really possible? How does it apply labels to the PBR packets?
  William

  Hi Shivlu,
  To have a dedicated tunnel per VPN:
  1- Static routes in the VRF should work by specifying only the tunnel interface as the outgoing interface (no next-hop).
  2- Another solution can be to change the BGP NH for each VPN:
  - You have two VPNs configured on PE1 and PE2
  - You have two TE tunnels T1 and T2 between PE1 and PE2. PE1 is the head-end
  - BGP is build over Loopback0 IP addresses as usual
  The idea is to create two new loopbacks one PE2 (L1 and L2) and to configure PE2 to use those loopbacks as BGP NH:
  ip vrf VPN1
  bgp next-hop loopback 1
  ip vrf VPN2
  bgp next-hop loopback 2
  Now PE1 will receive VPNv4 updates from PE2 with BGP NH set to L1 for VPN1 and L2 for VPN2
  on PE1 just add two static route so each loopback will be reachable via two different TE tunnels:
  ip route L1/32 T1
  ip route L2/32 T2
  If you have other PEs with sites connected to these VPNS as well and you are not using TE tunnels, you need to redistribute L1 and L2 into the IGP so those other PEs will have a LSP to PE2 as well.
  I agree if PBR could be aware of the interface in the GRT, it would be an easier solution.
  Thanks
  Laurent.

• Branch office setup with L3 switch and router with IOS security

  Hello,
  I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
  I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
  Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
  I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
  If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
  Any input would be appreciated.
  Thanks,
  Austin

  Thanks for the input.
  1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
  2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3. 
  3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
  Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid.  

• Issue in Dynamic routing (OSB)

  Hi,
  I implemented dynamic routing in OSB,using xQuery:-
  +<tradingPartnerList xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="C:\bea910\user_projects\eclipse\TradingPartners.xsd">+
  +     <tp>+
  +          <Name>Platinum</Name>+
  +          <URL>DynamicDispatch/p1</URL>+
  +     </tp>+
  +<tp>+
  +          <Name>Gold</Name>+
  +          <URL>DynamicDispatch/p2</URL>+
  +     </tp>+
  +</tradingPartnerList>+
  I am routing it on to another proxy using following xml:-
  <ctx:route>
  <ctx:service isProxy='true'>{$endpoint}</ctx:service>
  <ctx:operation>null</ctx:operation>
  </ctx:route>
  Where the Endpoint is from the above xQuery..
  All work fine but i have a one Issue:-
  In <ctx:service isProxy='true'>{$endpoint}</ctx:service> we specify the folder structure of the proxyservice. but what if i move my proxy in future,if i move some of my proxy to other folder the xquery need to be changed which i feel is vv poor design.
  Is there any way where is can specify URL or URI of the proxy service????

  Is there any way where is can specify URL or URI of the proxy service????First of all, you would not like to move your resources here and there frequently in production. Secondly, if you move the resources, definitely you have to change X-Query/Message flow. There is no alternative.
  If you want this feature to be enhanced, please raise a ER with Oracle Support and if they find it valid, will provide a patch for the same.
  Regards,
  Anuj

• Problem in dynamic routing through ESB

  Hi All,
  I am trying dynamic routing through ESB, So I created routing service in my esb with WSDL of BPEL Process1 and a soap service with same wsdl. Then created a xsl transformation. In this xsl transformation I added below code to route to BPEL process 2.
  <xsl:variable name="LocationIn"
  select="http://PC-HP249:8888/orabpel/default/SyncBPELProcess2/1.0/SyncBPELProcess2"/>
  <xsl:variable name="LocationOut"
  select="ehdr:setOutboundHeader('/shdr:ESBHeader/shdr:location',
  $LocationIn, 'shdr=http://xmlns.oracle.com/esb;')"/>
  But when I am invoking this ESB through another BPEL process, Got below error message:, Is there any solution for that , I am using 10.1..3.4.0, (JDEV, and BPEL).
  receiveInput
  [2010/02/25 17:50:39] Received "inputVariable" call from partner "client" More...
  View xml document
  Invoke_1 (faulted)
  [2010/02/25 17:50:39] Faulted while invoking operation "initiate" on provider "PartnerLink_1".less
  -<messages>
  -<input>
  -<Invoke_1_initiate_InputVariable>
  -<part xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="payload">
  <SyncBPELProcess1ProcessRequest xmlns="http://xmlns.oracle.com/SyncBPELProcess1"/>
  </part>
  </Invoke_1_initiate_InputVariable>
  </input>
  <fault>
  ORABPEL-08034
  JTA Rollback requested.
  The current JTA transaction has been aborted due to rollback request received from partner invocation.
  </fault>
  </messages>
  </sequence>
  [2010/02/25 17:50:39] There is a system exception while performing the BPEL instance, the reason is "Namespace prefix 'http' used but not declared.". Please check the error log file for more infromation. Please try to use bpel fault handlers to catch the faults in your bpel process. If this is a system exception, please report this to your system administrator. Administrator could perform manual recovery of the instance from last non-idempotent activity or dehydration point. More...
  oracle.xml.xpath.XPathException: Namespace prefix 'http' used but not declared.
       at oracle.xml.xslt.XSLBuilder.startElement(XSLBuilder.java:468)
       at oracle.xml.parser.v2.XMLElement.reportStartElement(XMLElement.java:3703)
       at oracle.xml.parser.v2.XMLElement.reportSAXEvents(XMLElement.java:3564)
       at oracle.xml.parser.v2.XMLElement.reportChildSAXEvents(XMLElement.java:3576)
       at oracle.xml.parser.v2.XMLElement.reportSAXEvents(XMLElement.java:3566)
       at oracle.xml.parser.v2.XMLElement.reportChildSAXEvents(XMLElement.java:3576)
       at oracle.xml.parser.v2.XMLElement.reportSAXEvents(XMLElement.java:3566)
       at oracle.xml.parser.v2.XMLElement.reportChildSAXEvents(XMLElement.java:3576)
       at oracle.xml.parser.v2.XMLDocument.reportSAXEvents(XMLDocument.java:1537)
       at oracle.xml.jaxp.JXSAXTransformerFactory.newTemplates(JXSAXTransformerFactory.java:379)
       at oracle.tip.esb.server.service.EsbTransformer.getXSLTTransformer(EsbTransformer.java:147)
       at oracle.tip.esb.server.common.cache.TransformCachePolicy.loadEntry(TransformCachePolicy.java:50)
       at oracle.tip.esb.server.common.cache.Cache.setEntry(Cache.java:306)
       at oracle.tip.esb.server.common.cache.Cache.setEntry(Cache.java:270)
       at oracle.tip.esb.server.common.cache.Cache.getEntry(Cache.java:208)
       at oracle.tip.esb.server.common.cache.Cache.getEntry(Cache.java:181)
       at oracle.tip.esb.server.common.cache.RuntimeCache.getXSLTransformer(RuntimeCache.java:324)
       at oracle.tip.esb.server.service.EsbTransformer.doTransform(EsbTransformer.java:101)
       at oracle.tip.esb.server.service.EsbTransformer.transform(EsbTransformer.java:90)
       at oracle.tip.esb.server.service.EsbTransformer.transform(EsbTransformer.java:83)
       at oracle.tip.esb.server.service.EsbRouterSubscription.transform(EsbRouterSubscription.java:388)
       at oracle.tip.esb.server.service.EsbRouterSubscription.onBusinessEvent(EsbRouterSubscription.java:208)
       at oracle.tip.esb.server.dispatch.EventDispatcher.executeSubscription(EventDispatcher.java:138)
       at oracle.tip.esb.server.dispatch.InitialEventDispatcher.processSubscription(InitialEventDispatcher.java:545)
       at oracle.tip.esb.server.dispatch.InitialEventDispatcher.processSubscriptions(InitialEventDispatcher.java:527)
       at oracle.tip.esb.server.dispatch.EventDispatcher.dispatchRoutingService(EventDispatcher.java:94)
       at oracle.tip.esb.server.dispatch.InitialEventDispatcher.dispatch(InitialEventDispatcher.java:160)
       at oracle.tip.esb.server.dispatch.BusinessEvent.raise(BusinessEvent.java:1988)
       at oracle.tip.esb.server.dispatch.BusinessEvent.raise(BusinessEvent.java:1467)
       at oracle.tip.esb.wsif.WSIFOperation_ESB.executeRequestResponseOperation(WSIFOperation_ESB.java:288)
       at oracle.tip.esb.wsif.WSIFOperation_ESB.executeInputOnlyOperation(WSIFOperation_ESB.java:357)
       at com.collaxa.cube.ws.WSIFInvocationHandler.invoke(WSIFInvocationHandler.java:472)
       at com.collaxa.cube.ws.WSInvocationManager.invoke2(WSInvocationManager.java:437)
       at com.collaxa.cube.ws.WSInvocationManager.invoke(WSInvocationManager.java:251)
       at com.collaxa.cube.engine.ext.wmp.BPELInvokeWMP.__invoke(BPELInvokeWMP.java:826)
       at com.collaxa.cube.engine.ext.wmp.BPELInvokeWMP.__executeStatements(BPELInvokeWMP.java:402)
       at com.collaxa.cube.engine.ext.wmp.BPELActivityWMP.perform(BPELActivityWMP.java:199)
       at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:3698)
       at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1655)
       at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:75)
       at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:217)
       at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:314)
       at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:5765)
       at com.collaxa.cube.engine.CubeEngine.createAndInvoke(CubeEngine.java:1087)
       at com.collaxa.cube.engine.delivery.DeliveryService.handleInvoke(DeliveryService.java:546)
       at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(CubeDeliveryBean.java:342)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.evermind.server.ejb.interceptor.joinpoint.EJBJoinPointImpl.invoke(EJBJoinPointImpl.java:35)
       at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
       at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
       at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
       at com.evermind.server.ejb.interceptor.system.JAASInterceptor$1.run(JAASInterceptor.java:31)
       at com.evermind.server.ThreadState.runAs(ThreadState.java:693)
       at com.evermind.server.ejb.interceptor.system.JAASInterceptor.invoke(JAASInterceptor.java:34)
       at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
       at com.evermind.server.ejb.interceptor.system.TxRequiredInterceptor.invoke(TxRequiredInterceptor.java:50)
       at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
       at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
       at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
       at com.evermind.server.ejb.InvocationContextPool.invoke(InvocationContextPool.java:55)
       at com.evermind.server.ejb.StatelessSessionEJBObject.OC4J_invokeMethod(StatelessSessionEJBObject.java:87)
       at CubeDeliveryBean_LocalProxy_4bin6i8.handleInvoke(Unknown Source)
       at com.collaxa.cube.engine.dispatch.message.invoke.InvokeInstanceMessageHandler.handle(InvokeInstanceMessageHandler.java:37)
       at com.collaxa.cube.engine.dispatch.DispatchHelper.handleMessage(DispatchHelper.java:140)
       at com.collaxa.cube.engine.dispatch.BaseDispatchTask.run(BaseDispatchTask.java:58)
       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
       at java.lang.Thread.run(Thread.java:595)
  [2010/02/25 17:50:39] BPEL process instance "260032" cancelled
  Regards

  In below I changed http://PC-HP249:8888/orabpel/default/SyncBPELProcess2/1.0/SyncBPELProcess2 to http://PC-HP249:8888/orabpel/default/SyncBPELProcess2/1.0 . this is working.
  <xsl:variable name="LocationIn"
  select="http://PC-HP249:8888/orabpel/default/SyncBPELProcess2/1.0/SyncBPELProcess2"/>

• Dynamic routing in OSB

  Environment: OSB 10.3.1
  To avoid manual configuring all published services one-by-one (eg. alter logging), I'd like to implement a generic proxy pattern in OSB. Assume that I have business services at /bs1, /bs2, etc, proxy services at /ps1, /ps2, etc.
  What I'd like to achieve is to publish proxy services which routes to the generic proxy first and then reroute to the original proxy service. For this I published eg. /pps1, /pps2, etc all with an Insert action which saves $inbound/ctx:transport/ctx:uri to . in $header and then route to the genericproxy proxy service.
  Generic proxy starts by executing common logic in the pipeline (log, etc), then should fetch the original routing information from the header and use dynamic routing to direct the message to the right proxy service (/ps1, /ps2, etc).
  Now the questions:
  1. is this the right approach to solve the problem of generic configuration of multiple published services in OSB?
  2. appearently the uri itself is not enough for dynamic routing - what else do I need to save from the original message?
  3. can I construct a <ctx:route><ctx:service..><ctx:operation..> construct with only Insert actions? I'd need a concrete example here accomplishing this.
  Thanks.

  Well you have to add Route Node to your proxy pipeline and inside it add a Dynamic Routing action.
  If you select the Dynamic Routing action you'll see in the Properties view something like:
  Service: <Expression>
  Here is where you have to define the <ctx:route> element. You can basically paste the text here.
  You could also create an XQuery transformation (so you can reuse it later) and invoke it here (with the XQuery Resources tab). But if you're not very familiar with XQuery I'd advise to start with the first option just to see it working.
  At first you could also omit the {$proxy} variable and statically specify the service you want to route to. Or you could use an Assign action to define the $proxy (or any name you want to give it) variable. And then once that's working see if you can get the service path from the headers.
  Hope that helps