MPLS TE load-balancing --- CEF Problem

Dears
Would like your assistance please regarding below issue
We are having 5 TE tunnels going to same destination and we are doing load-balancing between these 5 LSPs TE tunnels.
Command "mls ip cef load-sharing full simple" is configured so that CEF will use L4 ports in its algorithm
Problem that due to CEF behavior, 2 link are v.highly utilized and the other 3 utilization are below average
What I am thinking of but not sure If this will help or not is to have 2 TE tunnels instead of 5
1 TE tunnel load balancing on 3 links ( This can be done by using static route to tail loopback poiting to the 3 links) and another TE tunnel load balancing on the other 2 links
By doing this, I think CEF would be used 2 times; first to determine which TE tunnel to use then to determine which link within the tunnel
Will this help ?
For example
interface Tunnel1
ip unnumbered Loopback0
mpls ip
tunnel destination 10.0.0.1
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 dynamic
tunnel mpls traffic-eng fast-reroute
ip route 10.0.0.1 255.255.255.255 link-1
ip route 10.0.0.1 255.255.255.255 link-2
ip route 10.0.0.1 255.255.255.255 link-3

Hello Sherif,
traffic of a single TE tunnel will not be load balanced over multiple physical links as the TE tunnel is setup using a reservation and the path will use only one link for each router hop.
So moving to two TE tunnels is not an option for you.
Hope to help
Giuseppe

Similar Messages

  • What is load balancing "stickyness" problem

    We are getting this error " Failed to send alert messages to browser " on the interaction centre after saving the ticket followed by  the END button.
    There is a similar thread with the same issue [CRM 2007-IC Web Interface Message - Failed to send Alert Message to Browser;
    in the observations one of the solution for the issue was load balancing "stickyness" problem
    If any one can share some knowledge on load balancing "stickyness" problem it is really appreciated  and points will be awarded.
    regards
    Kumar
    Edited by: S Kumar on Jun 16, 2011 11:28 AM

    Clustering : is the use of multiple computers to provide a single service.
    Load Balancing: Technique implemented to spread "load" between alike computers for service availability via unshared system resources increasing  system availability and performance.
    Please refer to this link to gather more about :
    http://en.wikipedia.org/wiki/Load_balancing_%28computing%29

  • ACE load-balancing-Cookie problem

    In our other load-balancing environments the load-balancer-cookie contains the encrypted (real) servername or ip-address.
    We think it's the same on the cisco, for that reason it's in theory not possible, that there are two 'green'-cookies with different values in the same request.
    There are only two possibilities how this could happen:
    a) The healthmonitor (http_probe) fails, the loadbalancer 'thinks' that the realserver is down and redistributes the traffic.
    But in that case we would expect, that the old cookie will be overwritten by the new one and not simply added to the http-header.
    b) The predictor in the serverfarm chooses a new realserver within the same request.
    If that is really the cause of that problem this would be bug in the cisco ace.
    What we found out, is that the loadbalancer performs a 'Set-Cookie'-Operation an every request even if the client submits the cookie correctly.
    For example:
    GET /ips-opdata/scripts/jquery.js HTTP/1.1
    Host: www.xxxxx.com
    User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15
    Accept: */*
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive
    Referer: http://www.xxxxx.com/
    Cookie: green=R339366665; JSESSIONID=28D91FC6FD62A3921354BB36826294C4
    HTTP/1.1 200 OK
    Set-Cookie: green=R339366665; path=/; expires=Tue, 29-Mar-2011 06:33:00 GMT
    Server: Apache-Coyote/1.1
    X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
    ETag: W/"72181-1298537508000"
    Last-Modified: Thu, 24 Feb 2011 08:51:48 GMT
    Content-Type: text/javascript
    Content-Length: 72181
    Date: Mon, 28 Mar 2011 06:15:19 GMT
    As you can see the cookies: green=R339366665 is transmitted from the client, but the loadbalancer does a Set-Cookie Operation of the same cookie once again. This is an unexpected behaviour.
    We hope that this helps you to figure out the reason of the problem.

    The cookie is sent by the ACE on each response to refresh the timeout value on the client. The value of the cookie doesn't change. This is the expected behaviour and shouldn't break anything in the application / browser.
    For browser-based applications, don't forget to add the "browser-expire" parameter to your cookie-based stickyness config.

  • Load balancing Client problem

    Hi ,
    This is my environment two 5508 in HA with release 7.4.121, ap 2600 and  ap 3600, in flex-connect wan up local switching.
    I put client windows size field to 1 and maximum denial count to 1. i connect many client and when i sniff autentication response on busy AP (ap with many client connected) i can't receive status code 17 from AP ? why ? how cani verify if i client don't honore status code 17 on association response ?
    When i enable debug dot11 load-balancing enable i receive for example this log
    *apfMsConnTask_4: Jun 23 16:48:12.798: 00:e3:b2:38:d1:52 Load Balancing mobile 00:e3:b2:38:d1:52 on AP c4:14:3c:ca:f4:a0(0) band 1 has 2 users - Good: rssi (antenna-A -73) (antenna-B -73), snr = 23
    *apfMsConnTask_4: Jun 23 16:48:12.798: 00:e3:b2:38:d1:52 Load Balancing mobile 00:e3:b2:38:d1:52 on AP 28:34:a2:59:4b:00(0) band 1 has 1 users - Good: rssi (antenna-A -62) (antenna-B -60), snr = 30
    *apfMsConnTask_4: Jun 23 16:48:12.798: 00:e3:b2:38:d1:52 Load Balancing mobile 00:e3:b2:38:d1:52 could not find acceptable 802.11a candidate -- defaulting all
    *apfMsConnTask_4: Jun 23 16:48:12.798: 00:e3:b2:38:d1:52 Load Balancing mobile 00:e3:b2:38:d1:52 is permitted to associate with AP 28:34:a2:59:4b:00(0) (on Good  count=0)
    but in association response i receive every time status code 0 (success)
    *apfMsConnTask_4: Jun 23 16:48:12.800: 00:e3:b2:38:d1:52 Sending Assoc Response to station on BSSID 28:34:a2:59:4b:05 (status 0) ApVapId 6 Slot 0
    who can explain me this problem ? and how can i test this feature better ?

    I will try to be clear, How can i verify if my client honore status code 17 on association response ? I try sniffing 802.11 packet but i can't see anything...status code is every time successfull.
    My environment is with flexconnect wan up local switching, wlc 5508, ap 3600/2600/1600/1142.

  • Load balancing algorithm problems with servlets

    All,
    We have a simple servlet which looks up an RMI object from JNDI and invokes
    one of its methods in a loop. The RMI object is the HelloClusterImpl
    example provided by WebLogic. The servlet basically copies the code from
    the HelloClusterClient. In the cluster property file, our load algorithm is
    setup to be round-robin. We are using IIS as our web server. If we start
    up both servers in the cluster and then use another machine as our client to
    call the HelloClusterClient, we see that the calls to HelloClusterImpl
    alternate between the two clustered servers. In fact, it is done perfectly
    at 50% for each server. When we run the servlet from with the client's
    browser, however, it seems as if which ever server in the cluster that
    receives the servlet request then takes 100% of the calls to
    HelloClusterImpl and there is never any alternating. Although we can verify
    that different servers in the cluster receive the servlet request, it seems
    as if there is never any altering between the servers during the method
    invocations on the HelloClusterImpl servant. Does this seem right?
    Shouldn't there be alternating between the servers? Any help would be
    greatly appreciated.
    Thanks,
    -Jon

    I have to try this and I will let you.
    Thanks
    Jon Eagles wrote:
    All,
    We have a simple servlet which looks up an RMI object from JNDI and invokes
    one of its methods in a loop. The RMI object is the HelloClusterImpl
    example provided by WebLogic. The servlet basically copies the code from
    the HelloClusterClient. In the cluster property file, our load algorithm is
    setup to be round-robin. We are using IIS as our web server. If we start
    up both servers in the cluster and then use another machine as our client to
    call the HelloClusterClient, we see that the calls to HelloClusterImpl
    alternate between the two clustered servers. In fact, it is done perfectly
    at 50% for each server. When we run the servlet from with the client's
    browser, however, it seems as if which ever server in the cluster that
    receives the servlet request then takes 100% of the calls to
    HelloClusterImpl and there is never any alternating. Although we can verify
    that different servers in the cluster receive the servlet request, it seems
    as if there is never any altering between the servers during the method
    invocations on the HelloClusterImpl servant. Does this seem right?
    Shouldn't there be alternating between the servers? Any help would be
    greatly appreciated.
    Thanks,
    -Jon

  • Load-balancing in MPLS Core

    How is load-balancing achieved in MPLS L3 vpns and equal cost multiple links exist to reach egress PE along with per-destination load-balancing enabled on interfaces.
    I have tried to simulate the network below
    Ingress PE--->P1--->>P2--->Egress PE
    Multiple equal cost links exist between P1 and P2, cisco platform,LDP, IGP-ospf being used.

    Hi,
    Destination based load balancing in MPLS L3VPNs can be categorized into two scenarios:
    1) multiple pathes between two PE routers
    2) multiple access links to a single CE or site
    Your question as I understand it was about the first scenario. So let me first quickly review how customer traffic is forwarded between VRFs on two different PE routers.
    The VRF routing table will have BGP entries for the routes learned from the remote PE usually with next hop addresses being the remote PE loopback IP used for PE-to-PE BGP peering.
    The traffic will be forwarded across P routers using the label for the BGP next hop.
    Thus the load balancing accross the MPLS core in a first step is decided by the IGP, which has to insert several equal cost pathes into the global routing table for the BGP next hop networks (PE loopbacks).
    Side note: MPLS traffic engineering in the core would allow for unequal cost load balancing.
    The decision, which labeled packet to send across which path in the core is done by CEF using a hash algorithm. To achieve the same load balancing as with unlabeled IP traffic, a Cisco MPLS enabled router will look for the bottom label - the one with bottom-of-stack bit set to 1 - and try to determine, if the transported packet behind the bottom label is IP. If so, the hash is calculated for the customer IP header like for normal IP traffic. This ensures all traffic for a certain customer destination will always go through the same path. No unwanted packet reordering will occur.
    Be aware, that the customer IP packet header will only be used for CEF hash calculation, no IP lookup will be performed, as core routers in MPLS L3VPNs do not have any knowledge about customer addresses.
    As a side note: if the traffic transported is not IP (e.g. Ethernet over MPLS), the bottom label will be used for the CEF load balancing (e.g. the VC label).
    For the second scenario - CE load balancing with multihomed CE/sites - it is first required to have two equal cost entries in the VRF routing tables. The difference will be the two different PE BGP next hop addresses. The first load balancing decision is the performed by CEF based on the IP packet received by the CE and the VRF routing table entries. Once CEF decided, which VRF entry to use, the required BGP next hop label (and the VPN label) is applied and the packet is transported across the MPLS core. load balancing there is done as described above.
    Hope this helps! Please rate all posts.
    Regards, Martin

  • Load balancing error 88

    Dear all,
    We are suddenly  facing a problem in the PRD system. There user are getting the below error and if they restart there system than  it is solved
    Load balancing error 88: Cannot connect to message server (rc=9)  
    few days back  We have upgrade the system from ecc5 to ecc6 and its only
    Please suggest why the error is coming and how to solved it
    Regards,
    Kumar

    check the /etc/services file for a proper port setting for the R/3 message server "sapms<sid>" at 36xx. You can try connecting the SAPgw directly to the dispatcher at port 32xx where XX is the instance number. If that connection is good, then it appears to be a logon load balancing configuration problem which uses the message server.
    This is usually because it cannot connect to the message server. Please check the dev_ms for any errors. if it is intermittent it is likely to be a network problem ( see note 500235 Network Diagnosis with NIPING.
    Check following SApnotes :
    #n21559: Examination of SAPGUI problems  could be useful.
    Please also check the note 882741 for the more info about this problem.
    following links will help you :
    Logon Load Balancing
    http://help.sap.com/saphelp_nw70/helpdata/EN/c4/3a64c1505211d189550000e829fbbd/frameset.htm
    Message Server-Based Logon and Load Balancing (Redirection)
    http://help.sap.com/saphelp_nw70/helpdata/EN/43/a95d83e27417b9e10000000a1553f6/frameset.htm
    Best Regards
    Niraj

  • LOAD BALANCE BEHAVIOR FOR 7600 ON ETHERCHANNELS

    Hi Everyone,
    Currently I'm planning to implement ether-channels on 7600 routers, but there's something that's still not clear to me, regarding the load balancing behavior, for L2VPN and L3VPN.
    I've read that 7600 in MPLS default load balance behavior is to take  the SIP and DIP if present and the bottom of the stack label or the 5th label depending upon the number of labels on the stack. In l2VPN scenarios when ether-channel is used, if no IP traffic is present what is the default behavior of the etherchannel to calculate the load balancing hash function to select a given link on the bundle.
    I'll appreciate any feedback regarding this.

    Hi Louis, you could set default routes on the ASA's with tracking, and use ospf downstream to inject the default route in to the network with default information originate - this will only advertise out a default route if it has it in the routing table. With SLA you can track internet reachability by IP SLA echo to something like 8.8.8.8. Both sides can advertise this in to the network, if one goes then there is one left. Just be mindful of the policies and NAT required, you will have to duplicate the rules on the ASA's. With the NAT you have to ensure, that outgoing traffic comes back in the same path it left so it doesn't break connections.

  • MPLS Load Balancing/Sharing with TE or CEF or Both?

    So I am just playing around in GNS3 trying to set up multiple ECMP links between to P routers like this;
    CE1 -- PE1 -- P1 == P2 -- PE2 -- CE2
    (There are actually four links between P1 & P2!)
    I have set up a pseudoswire xconnect from PE1 to PE2 so CE1 & 2 can ping each other on the same local subnet range. That works just fine.
    My question is this:
    I have configured "ip load-sharing per-packet" on each of the four interfaces on P1 and P2 that are facing each other (I know per-packet balancing is frowned upon but lets not talk about that right now!) and this works, traffic is distributed across all links (I can see with packet captures in GNS3).
    Where does "ip load-sharing per-packet" fit in to the chain of events with regards to MPLS and CEF etc?; So, with MPLS enabled everywhere the two P routers are forwarding based on labels and not IP address. With MPLS enabled, does this command force the P routers to load-balance each MPLS frame as it comes in, round-robbin'ing the ingress frames across all links, the same as it would if it were a plain IP packet? So the command is ignorate of the kind of traffic being used? Or is the P router looking down into the MPLS frame for the IP in the IP packet?
    Also, in order to get the same sort of performance boost you get from per-packet load balancing, seeing as I am using MPLS here, should I be using some francy MPLE TE to do this instead of that interface sub-command?
    If I remove that command, I seem to always use link 2 for sending traffic towards P2 from P1, and link 3 for receiving the return traffic from P2 to P1. This is presumably because the ICMP packets have nothing to hash on except the source and destination IP addresses, so they always hash to the same physical links. Without using that command how else can I make use of the four links?

    Hello Jwbensley,
    first of all,
    "ip load-sharing per-packet" is not a viable option as it causes out  of order issues.
    Real world devices perform load balancing based on the second (more internal ) label value so to achieve some load balancing for example multiple pseudowires must be defined between the same pair of PE nodes.
    L3 VPN use different internal labels for different customer prefixes of the same VRF site ( unless some special command is used to say use one label per VRF site)
    >> f I remove that command, I seem to always use link 2 for sending traffic towards P2 from P1, and link 3 for receiving the return traffic from P2 to P1
    This is the expected behaviour in this scenario.
    With MPLS TE you can achieve results similar to the use of multiple pseudowires /LSPs : forms of load sharing not true load balancing. In all cases in MPLS world flow based and not per packet
    Hope to help
    Giuseppe

  • MPLS TE equal or unequal load balancing doesn't work? - step2

    Previous question in thread:
    Dear Sir!
    I've two MPLS TE tunnels from one PE to another PE.
    And there are traffic share count between them
    (as tunnel mpls traffic-eng load-share command define).
    But in real life all traffic from the same source to the same destination go through only one tunnel
    (as CEF define - i.e. how sh ip cef exact-route says).
    PEs are 3660 platforms with c3660-jk9o3s-mz.123-8.T
    installed.
    How can I correct this problem?
    But this answer does not solved my issue:
    hritter - Network Consulting Engineer, CISCO SYSTEMS, CCIE
    Aug 4, 2004, 7:20am PST
    This is expected behavior since CEF is used at the head end to perform label imposition. I wouldn't recommend changing the default bahavior to per=packet loadsharing since this could lead to of of sequence packets, which could lower the overall performance.
    Hope this helps,
    so my secound question:
    Dear Sir!
    I'm agree with you as MPLS TE tunnels are opened from PE to PE, so CEF does it work.
    But if I open this tunnels from P to PE, ONLY ONE of this tunnels are used instead of load-sharing, if traffic go from one source (of site1 of VPN1) to the same destination (located at site2 of VPN1).
    Why? Packet through P-devices swithes by labels, so I mean that CEF cannot does src-dst load sharing?
    My problem are that I must to do load sharing between this two tunnels in the case above.
    Q: How can I solve this problem?
    Best regards,
    Maxim Denisov

    The per session load-balancing is also used by MPLS when multiple paths are available. Changing this behavior to per-packet is still not recommended.
    Hope this helps,

  • MPLS/VPN network load balancing in the core

    Hi,
    I've an issue about cef based load-balancing in the MPLS core in MPLS/VPN environment. If you consider flow-based load balancing, the path (out interface) will be chosen based on source-destination IP address. What about in MPLS/VPN environment? The hash will be based on PE router src-dst loopback addresses, or vrf packet src-dst in P and PE router? The topology would be:
    CE---PE===P===PE---CE
    I'm interested in load balancing efficiency if I duplicate the link between P and PE routers.
    Thank you for your help!
    Gabor

    Hi,
    On the PE router you could set different types and 2 levels of load-balancing.
    For instance, in case of a DUAL-homed site, subnet A prefix for VPN A could be advertised in the VPN by PE1 or PE2.
    PE1 receives this prefix via eBGP session from CE1 and keep this route as best due to external state.
    PE2 receives this prefix via eBGP session from CE2 and keep this route as best due to external state.
                                 eBGP
                         PE1 ---------CE1
    PE3----------P1                          Subnet A
                         PE2----------CE2 /
                                eBGP
    Therefore from PE3 point of view, 2 routes are available assuming that IGP metric for PE3/PE1 is equal to PE3/PE2.
    The a 1rst level of load-sharing can be achieve thanks to the maximum-paths ibgp number command.
    2 MP-BGP routes are received on PE3:
    PE3->PE1->CE1->subnet A
    PE3->PE2->CE2->subnet A
    To use both routes you must set the number at 2 at least : maximum-paths ibgp 2
    But gess what, in the real world an MPLS backbone hardly garantee an equal IGP cost between 2 Egress PE for a given prefix.
    So it is often necessary to ignore the IGP metric by adding the "unequal-cost" keyword: maximum-paths unequal-cost ibgp 2
    By default the load-balancing is called "per-session": source and destination addresses are considered to choose the path and the outgoing interface avoiding reordering the packets on the target site. Overwise it is possible to use "per-packet" load-balancing.
    Then a 2nd load-sharing level can occur.
    For instance:
             __P1__PE1__CE1
    PE3           \/                   Subnet A
            \ __P2__PE2__CE2
    There is still 2 MP-BGP paths :
    PE3->P1->PE1->CE1->subnet A
    PE3->P1->PE2->CE2->subnet A
    But this time for 2 MP-BGP paths 4 IGP path are available:
    PE3->P1->PE1->CE1->subnet A
    PE3->P1->PE2->CE2->subnet A
    PE3->P2->PE1->CE1->subnet A
    PE3->P2->PE2->CE2->subnet A
    For a load-balancing to be active between those 4 paths, they must exist in the routing table thanks to the "maximum-path 4 "command in the IGP (ex OSPF) process.
    Therefore if those 4 paths are equal-cost IGP paths then a 2nd level load-balancing is achieved. the default behabior is the same source destination mechanism to selected the "per-session" path as mentionned before.
    On an LSP each LSR could use this feature.
    BR

  • CEF and per-packet load balancing

    We have four OC3 links across the atlantic and I was looking for a solution which would allow load balacing across the four links on a per-packet basis (not session). The objective is both resiliency i.e. being able to handle link failures transparently & balancing the load across all the links. BGP multptah looked like the ideal soultion. However, I was told that the CEF packet based load balancing is no longer supported by CISCO. Is this correct ? Is it applicable for all models ? Are there any other potential solutions?
    Appreciate a response from the experts.

    Hello Rittick,
    an MPLS pseudowire will use only one link of the 4 links based on inner MPLS label, it cannot be spread over multiple parallel links.
    The MPLS pseudowire can travel within an MPLS TE LSP that can be protected by FRR.
    per packet load balancing does not apply to your scenario.
    You need to mark traffic of the critical application with an appropriate EXP settings. The EXP bits are copied to the outer (external) label.
    On the OC-3 physical interfaces you will configure a CBWFQ scheduler providing 100 Mbps of bandwidth to traffic with specific EXP marking. This is elastic and over unused links bandwidth will be left available to other traffic.
    On the LAN interface you need to mark the EXP bits in received packets using a policy-map
    access-list 101 permit tcp host x.x.x.x host y,y,y,y
    class CLASSIFY-BACKUP
    match access-group 101
    policy-map MARKER
    class CLASSIFY-BACKUP
    set mpls exp 3
    class class-default
    set mpls exp 0
    int gex/y/z
    service-policy in MARKER
    class-map BACKUP
    match mpls exp 3
    policy-map SCHED-OC3
    class BACKUP
    bandwidth 100000
    class class-default
    fair-queue
    int posx/y/z
    service-policy out SCHED-OC3
    applied on all pos interfaces.  The MPLS pseudowire will use one link only. Different pseudowires can use different OC-3 links. Load balancing of MPLS traffic is based on internal label (the VC label of the pseudowire)
    Note:
    you should check if it is possible to mark traffic received on the incoming interface of the pseudowire otherwise you need to mark IP precedence nearer to the host.
    Hope to help
    Giuseppe

  • Problem with WLIOTimeoutSecs in weblogic and apche  CSS load balancer

    Hi,
    We are using Weblogic 11g, apache 2.2 and CSS load balancer for load balancing.
    we have huge reports which take minutes to generate and hence we need higher value for WLIOTimeoutSecs. This works fine when we use server url but WLIOTimeoutSecs is not working when we use CSS load balancer.
    We checked with our load balancing team they said CSS load balancer will not repost the request.
    Here is the plugin configuration
    <Location /*****>
    SetHandler weblogic-handler
    PathTrim /
    WebLogicHost 'serevrip'
    WebLogicPort 'port'
    WLIOTimeoutSecs 3600
    Idempotent OFF
    WLProxySSL ON
    DefaultFileName /***/***/index.jsp
    Debug On
    WLLogFile /***/***/***/***.log
    </Location>
    Could some please help me on this.
    Thanks in advance
    Regards,
    Venkat

    Hi Tarun,
    The problem occurs when the SSL is enabled on apache. If I access the same URL over HTTP, the parameter WLIOTimeOut works fine.
    Also I observed that, none of the parameters are getting applied to the plugin. I had switched on 'DebugConfigInfo'. With this the HTTP URL with ?__WebLogicBridgeConfig as query parameter returned the complete configuration. However when accessed with HTTPS the server did not return the configuration.
    Is there a specific configuration to be applied when apache is used with SSL?
    Thanks for your help,
    Shashi

  • Wgate Load Balancing Problem

    Hi Folks,
    We have ITS 6.20 Patch level 33 installed which connects to our R/3 system. We are trying to add multiple Agate servers (not multiple Agate processes) to one Wgate. We installed agates on two hosts, host1 and host2. We then installed wgate on host1 which we connected during the time of installation to agate on host2. It connected fine and we were able to get the webgui and also able to login to R/3 system. At that time we had problem in going to native ADM instance as we were getting http 500 error (we had re-installed ADM instance on both the hosts after the whole exercise of installating agate and wgate). Hoping that we can solve native ADM problem later, we added the the second agate which is on hosts1(the same host on which wgate is) by adding the entry for agate 2 in the wgate registry xml file.
    <key name="Agates">
          <key name="Agate1">
           <value name="Host" type="text">host2</value>
           <value name="PortAGate" type="text">sapavw00_******</value>
           <value name="PortMManager" type="text">sapavwmm_******</value>
           <value name="Type" type="text">1</value>
           <value name="SncNameAGate" type="text"/>
           <value name="SncNameWGate" type="text"/>
           <value name="MultiProcess" type="text">no</value>
           <value name="Available" type="text">yes</value>
          </key>
          <key name="Agate2">
           <value name="Host" type="text">host1</value>
           <value name="PortAGate" type="text">sapavw00_******</value>
           <value name="PortMManager" type="text">sapavwmm_******</value>
           <value name="Type" type="text">1</value>
           <value name="SncNameAGate" type="text"/>
           <value name="SncNameWGate" type="text"/>
           <value name="MultiProcess" type="text">no</value>
           <value name="Available" type="text">yes</value>
          </key>
    The second agate added fine and is doing load balancing as well as we can see requests getting routed to both the agate in the load balancing screen. However we are not able to access the global.srvc file under configuration->Performance->global services->All settings as we are getting the following message:
    Error loading service file "global.srvc"!
    Also when we go to services under configuration, we are getting a message "error accessing services directory!"
    In default R/3 system also all the fields are empty although we had given the application server details while installing both the agates.
    We are getting the below messages in diagnostics.log file:
      2010-11-22T12:30:04.401 --- log opened -
    A 2010-11-23T13:55:53.346 [agate,sapdiag ] 00, s00000000061DB140, CsRead returned rd=-100
      2010-11-23T14:17:06.863 --- log closed -
      2010-11-23T14:17:07.753 --- log opened -
    A 2010-11-23T14:30:48.618 [agate,sapdiag ] 00, s00000000061DB220, Cannot handle request from login
    A 2010-11-23T14:38:45.615 [agate,        ] 00, s0000000000000000, WorkDoGetReq:  ContReceiveContainer() failed, rc=0xffffffff
    A 2010-11-23T14:38:45.615 [agate,        ] 00, s0000000000000000, WorkDoWork:  WorkDoGetReq() failed, rc=0xffffffff
    A 2010-11-23T14:38:45.677 [agate,sapxgdk ] 00, s0000000000000000, ContSendContainer:  FAILED, send length is 0
    A 2010-11-23T14:38:50.958 [agate,        ] 00, s0000000000000000, WorkDoGetReq:  ContReceiveContainer() failed, rc=0xffffffff
    A 2010-11-23T14:38:50.958 [agate,        ] 00, s0000000000000000, WorkDoWork:  WorkDoGetReq() failed, rc=0xffffffff
    A 2010-11-23T14:38:50.974 [agate,sapxgdk ] 00, s0000000000000000, ContSendContainer:  FAILED, send length is 0
    Please let me know if this procedure of adding the agate was wrong or there are some parameter settings that we may have missed. Would it have been better to go for a single host wgate+agate installation on host1 and then add agate2 on host2?

    Hi Edgar,
    Thanks for the reply. I had re-installed ADM instance on both the hosts after the whole exercise of installing agate and wgate.
    Anyways, Now we have uninstalled the earlier instances on both hosts and installed wgate+agate on host1 as a single host installation and agate2 on host2. Then we added agate2 to wgate1 and load balancing is working fine. Now the issue of not being able to access the service file and directories, etc has also been resolved. The only problem that remains is that we are not able to go into the native ADM. We get a http 500 error, although the redirect URL is correct. Is the any additional setting required for that to happen?

  • ACE Load Balancing Problem

    Hi,
    I have ACE 4701 with c4710ace-mz.A3_2_2.bin image. In the current setup ACE is located in the center of network where all the WAN, Intenret and LAN is connected and ACE has default towards Internet and All other segment has default route towards ACE appliance. ACe is only redirecting the port 80 traffic to my Proxy server and bypass my lan subnet on port 80.
    Internet
    i
    i
    i
    i
    i
    ACE--------------------------------WAN
    i
    i
    i
    i
    LAN
    I want to use ACE for the load balancing of two servers. Today I did the load balancing configuration but as soon as I applied the policy map on the interface vlan 200 and 300, my complete network reachability went down. When I remove the policy my network came back to normal.
    192.168.200.66  FAX Server-1
    192.1168.200.67 FAX Server-2
    192.168.200.65   Virtual IP address
    Attached is the configuration that I did on ACE for the load balancing and below is the current configuration of the ACE appliance.
    access-list acl-in remark ACCESS LIST FOR ACE-INSIDE
    access-list acl-in line 1 extended permit ip any any
    access-list acl-out remark ACCESS LIST FOR ACE-OUTSIDE
    access-list acl-out line 1 extended permit ip any any
    access-list acl-proxy remark ACCESS LIST FOR PROXY SEGMENT
    access-list acl-proxy line 1 extended permit ip any any
    access-list acl-wan remark ACCESS LIST FOR WAN SEGMENT
    access-list acl-wan line 1 extended permit ip any any
    probe tcp PROBE_5050
    port 5050
    interval 15
    passdetect interval 60
    open 1
    probe tcp PROBE_5101
    port 5101
    interval 15
    passdetect interval 60
    open 1
    probe tcp PROBE_TCP
    port 80
    interval 15
    passdetect interval 60
    open 1
    parameter-map type http PARAMAP_CASE
    case-insensitive
    no persistence-rebalance
    rserver host RS_BCPR01
    ip address 192.168.0.103
    inservice
    rserver host RS_BCPR02
    ip address 192.168.0.104
    inservice
    rserver host RT_fax1
    description Right Fax Server-1
    ip address 192.168.200.66
    rserver host RT_fax2
    description Right Fax Server-2
    ip address 192.168.200.67
    serverfarm host SF_BCPR
    transparent
    probe PROBE_5050
    probe PROBE_5101
    probe PROBE_TCP
    rserver RS_BCPR01
    inservice
    rserver RS_BCPR02
    inservice
    serverfarm host SF_RT_fax
    rserver RT_fax1
    rserver RT_fax2
    sticky ip-netmask 255.255.255.255 address source STICKY-SOURCE
    replicate sticky
    serverfarm SF_BCPR
    sticky ip-netmask 255.255.255.255 address source FAX-STICKY
    replicate sticky
    serverfarm SF_RT_fax
    class-map type management match-any CM_ALL
    2 match protocol snmp any
    3 match protocol http any
    4 match protocol https any
    5 match protocol icmp any
    6 match protocol telnet any
    class-map match-any CM_BYPASS_FOR_LAN
    3 match virtual-address 100.1.1.0 255.255.255.0 tcp eq www
    8 match virtual-address 10.0.0.0 255.0.0.0 tcp eq www
    9 match virtual-address 172.16.0.0 255.255.0.0 tcp eq www
    10 match virtual-address 192.168.0.0 255.255.0.0 tcp eq www
    class-map match-any CM_BYPASS_SUBNET
    9 match virtual-address 100.0.0.0 255.0.0.0 tcp eq www
    13 match virtual-address 10.0.0.0 255.0.0.0 tcp eq www
    14 match virtual-address 172.16.0.0 255.255.0.0 tcp eq www
    15 match virtual-address 192.168.0.0 255.255.0.0 tcp eq www
    class-map match-any CM_IM
    2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq 5050
    3 match virtual-address 0.0.0.0 0.0.0.0 tcp eq 1080
    4 match virtual-address 0.0.0.0 0.0.0.0 tcp eq 5101
    class-map match-all CM_SF_BCPR
    255 match virtual-address 0.0.0.0 0.0.0.0 tcp eq www
    class-map match-any RT_FAX
    2 match virtual-address 192.168.200.65 0.0.0.0 any
    policy-map type management first-match PM_ALL
    class CM_ALL
    permit
    policy-map type loadbalance http first-match PM_L7_BYPASS_FOR_LAN_HTTP
    class class-default
    forward
    policy-map type loadbalance http first-match PM_L7_BYPASS_HTTP
    class class-default
    forward
    policy-map type loadbalance first-match PM_LB_RT_FAX
    class class-default
    sticky-serverfarm FAX-STICKY
    policy-map type loadbalance http first-match PM_LB_SF_BCPROXY
    class class-default
    sticky-serverfarm STICKY-SOURCE
    policy-map multi-match PM_BYPASS_FOR_LAN_HTTP
    class CM_BYPASS_FOR_LAN
    loadbalance vip inservice
    loadbalance policy PM_L7_BYPASS_FOR_LAN_HTTP
    policy-map multi-match PM_BYPASS_HTTP
    class CM_BYPASS_SUBNET
    loadbalance vip inservice
    loadbalance policy PM_L7_BYPASS_HTTP
    policy-map multi-match PM_MAIN_BCPROXY
    class CM_SF_BCPR
    loadbalance vip inservice
    loadbalance policy PM_LB_SF_BCPROXY
    loadbalance vip icmp-reply active
    appl-parameter http advanced-options PARAMAP_CASE
    class CM_IM
    loadbalance vip inservice
    loadbalance policy PM_LB_SF_BCPROXY
    policy-map multi-match PM_RT_FAX
    class RT_FAX
    loadbalance vip inservice
    loadbalance policy PM_LB_RT_FAX
    service-policy input PM_ALL
    interface vlan 100
    description FW-INSIDE CONTEXT RACK1
    ip address 192.168.0.5 255.255.255.224
    alias 192.168.0.11 255.255.255.224
    peer ip address 192.168.0.6 255.255.255.224
    mac-address autogenerate
    no icmp-guard
    access-group input acl-out
    no shutdown
    interface vlan 200
    description WAN-VLAN CONTEXT RACK1
    ip address 192.168.0.33 255.255.255.224
    alias 192.168.0.43 255.255.255.224
    peer ip address 192.168.0.34 255.255.255.224
    mac-address autogenerate
    access-group input acl-wan
    service-policy input PM_BYPASS_HTTP
    service-policy input PM_MAIN_BCPROXY
    no shutdown
    interface vlan 300
    description ACE-INSIDE CONTEXT RACK1
    ip address 192.168.0.65 255.255.255.224
    alias 192.168.0.73 255.255.255.224
    peer ip address 192.168.0.66 255.255.255.224
    mac-address autogenerate
    access-group input acl-in
    service-policy input PM_BYPASS_FOR_LAN_HTTP
    service-policy input PM_BYPASS_HTTP
    service-policy input PM_MAIN_BCPROXY
    no shutdown
    interface vlan 301
    description BC-VLAN CONTEXT RACK1
    ip address 192.168.0.97 255.255.255.224
    alias 192.168.0.107 255.255.255.224
    peer ip address 192.168.0.98 255.255.255.224
    mac-address autogenerate
    access-group input acl-proxy
    no shutdown
    ft track interface TRACKING_FOR_FT_VLAN
    track-interface vlan 300
    peer track-interface vlan 300
    priority 255
    peer priority 255
    ip route 0.0.0.0 0.0.0.0 192.168.0.1
    Please help me out what i am missing. Is there any limitation on policy map or my bypass subnet list is creating problem. 

    I did these changes this time nothing disconnected but I am not able to do the Remote desktop on the virtual IP address. Real IP has Remote desktop enabled even VIP is not ping able for me.
    rserver host RT_fax1
      description Right Fax Server-1
      ip address 192.168.200.66
      inservice
    rserver host RT_fax2
      description Right Fax Server-2
      ip address 192.168.200.67
      inservice
    serverfarm host SF_RT_fax
      rserver RT_fax1
        inservice
      rserver RT_fax2
        inservice
    policy-map type loadbalance rdp first-match PM_LB_RT_FAX
      class class-default
        serverfarm SF_RT_fax
    policy-map multi-match PM_RT_FAX
      class RT_FAX
        loadbalance vip inservice
        loadbalance policy PM_LB_RT_FAX
        loadbalance vip icmp-reply active
    interface vlan 200
      description WAN-VLAN CONTEXT RACK1
      ip address 192.168.0.33 255.255.255.224
      alias 192.168.0.43 255.255.255.224
      peer ip address 192.168.0.34 255.255.255.224
      mac-address autogenerate
      access-group input acl-wan
      service-policy input PM_BYPASS_HTTP
      service-policy input PM_MAIN_BCPROXY
      service-policy input PM_RT_FAX
      no shutdown
    interface vlan 300
      description ACE-INSIDE CONTEXT RACK1
      ip address 192.168.0.65 255.255.255.224
      alias 192.168.0.73 255.255.255.224
      peer ip address 192.168.0.66 255.255.255.224
      mac-address autogenerate
      access-group input acl-in
      service-policy input PM_BYPASS_FOR_LAN_HTTP
      service-policy input PM_BYPASS_HTTP
      service-policy input PM_MAIN_BCPROXY
      service-policy input PM_RT_FAX
      no shutdown
    But nothing is working for me. Please help me out. This time i didnt configure the sticky. But in real I will go with sticky and complete IP protocol will be use a VIP. Please help me out.

Maybe you are looking for

  • BI Integration in Portal (Where to configure Port, problems with km-integr)

    Hello, I am new to BI and started to integrate BI into the portal or rather tried it. When I open my Bex-Excel-Workbook and try to create a document (right mouse -> jump -> documents) an error occurs that the service is not reachable. This is because

  • Process chain is not visible in Quality after TR transport

    Hi, I have transported process chain to Qua, but its not visible, only the technical id of process chain is displayed in RSPC tcode. I've tried activating through RSPC_CHAIN_ACTIVE_REMOTE, but still, its not visible in rspc tcode.

  • Video rewind 5 seconds

    Is there a way to add a button which rewinds the video 5 seconds?  For viewing on iPad....

  • Adobe Acrobat Pro Xl

    I have downloaded Adobe Acrobat Pro Xl on my MacBook Pro I have a trial version Now I'd like to use the sware How to proceed? Thank you

  • WebDynpro ABAP for the first time u2013 it is not working at all

    Dear all, I imported in my IDES system the demos from the course NET310. 1). When I activate, for example the NET310_ALV_D1 application, I get error: u2018Field u201CWDCTX_CONNECTIONu201D unknownu2019.  I have the same problem in the rest of the demo