Multiple VIPs in cluster

Similar Messages

• Multiple VIPs per VR

  hello,
  is it possible to configure multiple VIPs for the same virtual-router on a particular circuit configuration which uses the same redundant-interfaces instead of having to configure redundant-interfaces for each VIP that's added?
  I want to do something along the lines of:
  ip virtual-router 1 priority 200 preempt
  ip redundant-interface 1 192.168.3.254
  ip redundant-vip 1 192.168.3.100
  ip redundant-vip 1 192.168.3.120
  ip redundant-vip 1 192.168.3.140
  and then do different things for traffic going to each of these VIPs in my content rules, i.e. have different content-rules for each VIP so different operations can be performed on them.
  Currently, although the CSS lets me do this kind of thing, AND the newly created VIPs can be seen in the ARP tables of other network devices in that broadcast domain, I can't seem to ping these VIPs.
  Thanks in advance

  Hi Gilles, thx for that. So basically what you're saying is that if I have a VIP configured but the content rule that uses this is inactive/suspended OR say the backend server is dead or unreachable for any reason, the ping to the VIP will not be replied to? For some reason I was under the impression that if I configure the VIP in the circuit, I will be able to ping it but now the other way makes more sense.
  Now the other question is, if I have all these VIPs as in my original question, and they ALL need SSL termination on the CSS AND they all point to different sub-domains AND I have a wildcard SSL cert for that parent domain, then can I create multiple ssl-server entries in my ssl-proxy-list BUT use the same certificate for each ssl-server in the list?
  Not sure if that's clear, let me know and I will provide more detail
  Thanks in advance

• Stickyness across multiple VIPs

  I was wondering if anyone knows if it is possible to implement stickyness across multiple VIPs. In other words, if a client hits a specific VIP on a specific TCP port, then hits a different VIP on a different tcp port, can stickyness be configured to stick that client to the same server?
  Thanks!

  Hi,
  u talk about stickineess on the CSM? it's possible :), but be careful...
  example:
  vserver1: vip1:port1
  rserver1: rserver_ip1:portX
  vserver2: vip2:port2
  rserver2: rserver_ip1:portY
  and one sticky group for both server farms (one for rserver1, second for rserver2).
  first session is established to vserver1:
  - sticky is recorded to rserver1 (rserver_ip1:portX)
  second session is established to vserver2:
  - sticky exists (client matched the sticky rule)
  - session is not load-balanced, but connected to rserver by sticky record (!), in other words, session is directed to rserver_ip1:portX and no to :portY
  ^^^ answer to your question: it's possible :), but be careful... in other words, it's possible if the service on the server side is running on the same real server and port (portX=portY). other, use different sticky group for second server farm.
  is it answer to your question?
  regards,
  martin

• ACE-SLB Multiple VIPs to Same Rservers

  ACE module (on C6509) is currently configured to support client/server connections to several application servers.
  VIP#1 on ACE exists within a single client side subnet (int vlan111)
  Real servers exist on a separate server side subnet (int vlan555)
  ACE is configured with a single default route pointing to a router on the client side subnet (int vlan111)
  Customer wants to add a new VIP#2 that will exist on a new client side subnet (int vlan222)
  Customer wants this new VIP#2 to be load balanced to the same application servers, exactly the same as VIP#1.
  The problem I suspect is that the ACE's existing default route (via int vlan111) will cause all VIP#2 server-to-client traffic flows to be forwarded via int vlan111 instead of int vlan222 and thereby break the VIP#2 server-to-client traffic flows.
  Assuming I'm correct, is there an ACE based solution to this, or is this desired environment just not possbile.
  NOTE: since both VIP#1 and VIP#2 clients will be any public IP addressed hosts, I cannot define multiple routes based on discrete destination network addresses; therefore a single default route is all that's possible to use.

  You should be able to configure VIP#2 on the same client-interface (Vlan111), even if the new VIP doesn't belong to the address-range Vlan111 resides in. That way all client traffic is forwarded to the same interface and your routing issue should be erdicated.
  Simply configure your VIP#2 class and apply the same lb-policies etc. in your multimatch-policy, which is already applied to Vlan111. Then, add a static route on your router, using the Vlan111-address (or alias-address) as next-hop. This should work, I've configured this myself.
  hth

• Multiple VIPs in Different Subnets

  Is there any way to setup the CSS with VIPs in different subnets. If we were using an inline configuration, I don't see how this would be possible.
  Let's assume three subnets A, B, and C. We would like to have a VIP in subnet A pointing to all the web servers in subnet A. Same for subnets B and C.
  I guess we could configure a trunk port with a CIRCUIT interface in each of the subnets A, B, and C. This would allow clients to route to the VIP in each subnet. My concern is the return traffic. With only one default route in the CSS, all return traffic would traverse one CIRCUIT interface. Am I correct, or am I misunderstanding something?
  Thanks!
  Tom

  I believe you are correct. We have practically the same scenario working here. I have a /29 allocated to the front-end of the CSS and the upstream HSRP routers (call that vlan 10). Then I have multiple subnets for backend servers behind the CSS setup as an 802.1q trunk vlans (call them VLAN 100, 101, 102, etc). I route for those subnets belonging to VLANs 101, 102, etc on the upstream routers to point to the VRRP address of the CSS (the VRRP address of the CSS in VLAN 10). I also route whatever IP used as a virtual to the CSS VRRP address as well. So my upstream routes will have routes to the VIPs and the backend VLANs all pointing to the CSS's VRRP address.
  Casey

• Combining multiple VIP addresses in Mail

  Is there a way to combine multiple email addresses under the same VIP in Mountain lion's Mail? I have 4 or 5 email addresses for a contact and as such have 5 different VIP inboxes for this person when one would be perfect.
  Any help would be great.
  thanks!

  This solved it for me: before, two VIPs with same name, but was same person with two different email addresses; added both email addresses to that person in Contacts, restarted mail, and voila now one entry in VIP list for this guy.  Thanks ddarby08!

• Add iSCSI LUN to Multiple Hyper-V Cluster Hosts?

  Is there a way to connect multiple Hyper-V hosts to a CSV LUN without manually logging into each and opening the iSCSI Initiator GUI?

  Is there a way to connect multiple Hyper-V hosts to a CSV LUN without manually logging into each and opening the iSCSI Initiator GUI?
  Here's a good step-by-step guide on how to do everything you want using just PowerShell. Please see:
  Configuring iSCSI storage for a Hyper-V Cluster
  http://www.hypervrockstar.com/qs-buildingahypervcluster_part3/
  This part is should be of a particular interest of yours. See:
  Connect Nodes to iSCSI Target
  Once the target is created and configured, we need to attach the iSCSI initiator in each node to the storage. We will use MPIO to
  ensure best performance and availability of storage.  When we enable the MS
  DSM to claim all iSCSI LUNs we must reboot the node for the setting to take affect. MPIO is utilized by creating a persistent connection to the target for each data NIC on the target server and from all iSCSI initiator NICs on our hyper-v
  server.  Because our hyper-v servers are using converged networking, we only have 1 iSCSI NIC.  In our example resiliency is provided by the LBFO team we created in the last video.
  PowerShell Commands
  1
  2
  3
  4
  5
  6
  7
  8
  9
  Set-Service -Name
  msiscsi -StartupType Automatic
  Start-Service msiscsi
  #reboot requres after claim
  Enable-MSDSMAutomaticClaim -BusType
  iSCSI
  Set-MSDSMGlobalDefaultLoadBalancePolicy
  -Policy RR
  New-IscsiTargetPortal –TargetPortalAddress 192.168.1.107
  $target = Get-IscsiTarget
  -NodeAddress *HyperVCluster*
  $target| Connect-IscsiTarget
  -IsPersistent $true -IsMultipathEnabled
  $true -InitiatorPortalAddress
  192.168.1.21 -TargetPortalAddress 10.0.1.10
  $target| Connect-IscsiTarget-IsPersistent$true-IsMultipathEnabled$
  You'll find a reference to "Connect-IscsiTarget" PowerShell cmdlet here:
  Connect-IscsiTarget
  https://technet.microsoft.com/en-us/library/hh826098.aspx
  Set of samples on how to control MSFT iSCSI initiator with PowerShell could be found here:
  Managing iSCSI Initiator with PowerShell
  http://blogs.msdn.com/b/san/archive/2012/07/31/managing-iscsi-initiator-connections-with-windows-powershell-on-windows-server-2012.aspx
  Good luck and happy clustering :)
  StarWind Virtual SAN clusters Hyper-V without SAS, Fibre Channel, SMB 3.0 or iSCSI, uses Ethernet to mirror internally mounted SATA disks between hosts.

• OSB ftp reading same file multiple times in cluster

  We have 3 nodes osb cluster
  osb1,obs2, osb3
  file based proxy is deployed to cluster with 'poll managed server' as osb1 and post read action as Archive
  We see same file is being read hundreds of times and archiving same hundreds of times
  Does anybody faced similar issue?

  We have faced similar issue in the past.
  When you create the subscribing service ,create in based on XML Schema which it has to poll.
  In case of WSDL based service it polls indefinitely

• Reload applications multiple instances in cluster

  Apologies if this in another post but could not find
  anything.
  I am looking for strategies to reload app vars across
  instances in a cluster.
  Any suggestions?
  thanks,
  Mike

  Grizzly9279 wrote:
  > Say you have a web server, let's call it "WEB1". WEB1
  could be hosting IIS,
  > Apache, etc. It doesn't really matter.
  Let's say IIS with a wwwroot at c:\inetpub\wwwroot. So the
  index.cfm of
  the application is located at c:\inetpub\wwwroot\index.cfm
  > Now let's say you have two CF application servers, let's
  call them "APP1", and
  > "APP2". Each application server hosts 2 CF instances. So
  APP1 has two CF
  > instances on port 8301 and 8302. APP2 has two CF
  instances on port 8303 and
  > 8304.
  Ans each of those instances has its own webroot at the root
  dir of the
  CF WAR file, which is (in UNC notation):
  \\APP1\c$\JRun4\servers\instance1\cfusion.ear\cfusion.war\
  \\APP1\c$\JRun4\servers\instance2\cfusion.ear\cfusion.war\
  \\APP2\c$\JRun4\servers\instance1\cfusion.ear\cfusion.war\
  \\APP2\c$\JRun4\servers\instance2\cfusion.ear\cfusion.war\
  > "Normal" requests to the site are sent to WEB1, which in
  turn forwards CFM
  > requests to the CF cluster, which could fall on any one
  of 4 possible CF
  > instances (8301, 8302, 8303, and 8304).
  Correct.
  > Under this schema, you can make DIRECT requests to the
  application on the
  > internal network as follows:
  > -
  http://app1:8301/
  > -
  http://app1:8302/
  > -
  http://app2:8303/
  > -
  http://app2:8304/
  You can make requests to those locations indeed. And they
  will arrive at
  the internal JRun server. And the internal JRun server will
  resolve them
  relative to its own webroot, not relative to the IIS webroot.
  To get this to work, you have several options:
  - make the JRun webroot equal to the IIS webroot (change its
  location in
  the xml config file);
  - place a bootstrap file in each JRun webroot that call the
  application
  through cfmodule / cfinvoke / cfinclude;
  - switch on sticky sessions in your cluster and include a
  jsessionid in
  your http request that is specific to the instance you want
  to hit
  (first 4 characters of the jsessionid equal to the serv
  er.if).
  > Does that make sense? Is there something particularly
  exotic or unique about
  > your current infrastructure that prevents you from
  individually referencing
  > each cluster instance internally?
  Nothing exothic. In fact, I would say that the majority of
  the clusters
  have a JRun webroot that is not the same as the IIS / Apache
  webroot.
  Jochem
  Jochem van Dieten
  Adobe Community Expert for ColdFusion

• Live Migration between two WS2012 R2 Clusters with SCVMM 2012 R2 creates multiple objects on Cluster

  Hi,
  I'm seeing an issue when migrating VM's between two 2012 R2 Hyper-V Clusters, using VMM 2012 R2, that have their Storage provided by a 4 Node Scale Out File Server Cluster that the two clusters share.
  A migration between the two clusters is successful and the VM is operation but I'm left with two roles added to the cluster the VM has moved to instead of the expected one.
  For example: Say I have a VM that was created on cluster A with SCVMM, resulting in a name of : "SCVMM Test-01 Resources"
  I then do a live migration to Cluster B which has access to the same storage and then I end up with two new roles instead of one.
  "SCVMM abw-app-fl-01 Resources" and "abw-app-fl-01"
  The "SCVMM abw-app-fl-01 Resources" is left in an unknown state and "abw-app-fl-01" is operational.
  I can safely delete "SCVMM abw-app-fl-01 Resources" and everything still works but it looks like something is failing during the process.
  Has anyone else seen this?
  I'll probably have one of my guys open a support ticket in the new year but was wondering if anyone else is seeing this.
  Kind regards,
  Jas :)

  In my case the VMs where created in VMM in my one and only Hyper-V cluster (that's been created and is managed by VMM).
  All Higly Available VM:s have a FCM role named "SCVMM vmname" where vmname is the name if the VM in VMM. On top of that a lot
  of VM:s, but not all,  have a second role name named vmname. Lots of name in that sentence.
  All VMs that have duplicates are using the role named vmname.
  I thought it had to do with whether a VM had been migrated so I took one that never had been migrated and did. It did not get a duplicate.
  Is there any progress on this?

• Question about multiple listeners and vip addresses in rac.

  We have a 2 node rac cluster running 10.2.0.3 on rhel4 on the itanium platform. We have a need where we want to connect the 2 hosts up to another network temporarily by configuring an additional network interface on each server so that we can test some connections from a different network.
  My question is can you configure multiple listeners on the same server in which the newly added listener can be configured to service requets on the new network interface?
  Because it's rac would you need to configure an additional vip address? I am not sure that you can have multiple vip's on a server?
  Has anyone configured rac in such a way, any help is appreciated.

  can you configure multiple listeners on the same server in which the newly added listener can be configured to service requets on the new network interface?Yes, you can but you should not be doing this. Listener is a node specific resource and one listener can server multiple services. You actually can create multiple services within the database for different set of users and all can be registered to the same listener.
  Because it's rac would you need to configure an additional vip address? What do you mean by additional IP?
  You have installed 10g RAC where you have already configured virtual IPs. Why do you want to have additional one? node1 - static ip1, vip1, pvtip1
  node2 - static ip2 vip2, pvtip2
  total 6
  I am not sure that you can have multiple vip's on a server?Nothing to do with the server, they are based on public IP. Yes you can create multiples vip's based on same public IP. This is possible, But you do not need to do this in RAC environment.

• RAC: Multiple Databases / Instances with network seperation

  Dear all,
  We are planning to run our oracle 11g DB on RAC, with two instances both on seperate networks. Is this possible?
  here is what i mean
  Instance 1 including RAC DB is configured in e.g VLAN 12 with subnet 192.168.120.0/24. Instance 2 is configured in VLAN 22 with subnet 192.168.122.0/24. Servers of instance 2 send their data also to instance 1 RAC DB at subnet 192.168.120.0/24. Traffic between them is routed by a Cisco router.
  i searched the net for similar implementations and found a couple of people running similar configurations on RAC,
  but i want to know any downsides/pros cons of running such a setup.
  THanks in advance
  Saad

  Hi Saad,
  The problem in my case is clusterware configuration. While creating the cluster CRS asks for public IP,Private IP and VIP for both nodes. I can do it for one database environment which we call here pre-prod.
  The prod environment also uses the same hardware but is in different subnet and will use same cluster. Can i put vips for that environment when clusterware asks for public ip,private ip and vips.
  Or as you suggested,create cluster using ip of one subnet and create database for it and for second network create just database and in listerner.ora enter vips of prod environment. My current hosts file looks like this
  # Do not remove the following line, or various programs
  # that require network functionality will fail.
  127.0.0.1 localhost.localdomain localhost
  ::1 localhost6.localdomain6 localhost6
  #Production
  10.88.118.200 cps-oracle-vip.fedex.com cps-oracle-vip
  10.88.118.201 cps-oracle-1.fedex.com cps-oracle-1
  10.88.118.202 cps-oracle-2.fedex.com cps-oracle-2
  10.88.118.203 cps-oracle-1-vip.fedex.com cps-oracle-1-vip
  10.88.118.204 cps-oracle-2-vip.fedex.com cps-oracle-2-vip
  #Pre-Production
  10.88.119.200 cps-pre-oracle-vip.fedex.com cps-pre-oracle-vip
  10.88.119.201 cps-pre-oracle-1.fedex.com cps-pre-oracle-1
  10.88.119.202 cps-pre-oracle-2.fedex.com cps-pre-oracle-2
  10.88.119.203 cps-pre-oracle-1-vip.fedex.com cps-pre-oracle-1-vip
  10.88.119.204 cps-pre-oracle-2-vip.fedex.com cps-pre-oracle-2-vip
  #Internal
  192.168.101.1 cps-oracle-1-priv.fedex.com cps-oracle-1-priv
  192.168.101.2 cps-oracle-2-priv.fedex.com cps-oracle-2-priv
  Does 11G provide facility to enter multiple vips in CRS.

• How VIP works ?

  Would like to know, If one of the node goes down, How the future and existing connections on that node get transfered to the surviving node. I read lot that VIP will do that for us. I am not understanding concept of multiple IP stack. also when i do netstat -a | grep <VIP node> as well as <host ip node> both says listens.
  But this means to me.
  thanks in advance

  thanks for your response, I read the document what it
  is not clear to me is How VIP relocates to the
  available nodes.which process does this work ?I have discussed these concepts in detail my RAC Book. Here is the relavant part..
  From Oracle Database 10g RAC Handbook Chapter 3 (ISBN:007146509X)
  Oracle Virtual IP
  Virtual IP is required to ensure that applications can be designed to be highly available. To design this, system needs to eliminate single point of failures. In oracle we need to ensure that clients connected to a RAC database, survives a node failure. Clientapplications connect to the oracle instance and access the database through the instance. So a node failure will bring down the instance to which the client might have connected.
  The first design available from Oracle was Transparent Application Failover
  (TAF). With TAF a session can failover to the surviving instances and continue
  processing. Various limitations existed with TAF; only query failover is supported. Also to achieve less latency in failing over to the surviving node, we had to tweak the tcp timeout (platform dependent, defaults to 10 minutes in most UNIX ports). It wouldn’t be a good idea to design a system where a client takes 10 mins to detect that there is no response from the node to which it has connected.
  To address this, 10g introduced a new feature called cluster virtual IPs (VIPs).
  VIP is cluster virtual IP address, which would be used by outside world to connect to the database and this IP address needs to be different from the set of IP addresses, within the cluster. Traditionally listeners would be listening on the public IP of the box. and clients would contact the listener on this IP. If the node dies, then the client would take the tcp timeout value to detect the death of the node. In 10g each node of the cluster has a VIP configured in the same subnet of the public IP. Virtual IP name and addresses must be registered in the DNS in addition to the standard static IP information. Listeners would be configured to listen on VIPs instead of the public IP.
  When a node is down, the VIP is automatically failed over to the one of the other
  nodes. During the failover, the node, which gets the VIP, will re-arp to the world
  indicating the new MAC address of the VIP. Clients who have connected to this VIP will immediately get a reset packet sent. This results in clients getting errors immediately rather than waiting for the tcp timeout value. When one node goes down in cluster and client is connecting to same node, in this case client connection will be refused by down node and client application will chose next available node from tns descriptor list to get connection. Applications need to be written such that they catch the reset errors and handle them. Typically for queries, they should see ORA-3113 error.
  <Begin Side Bar Topic>
  In computer networking the Address Resolution Protocol (ARP) is the method of
  finding the host’s hardware address (MAC address) when only IP address
  is known. ARP is used by the hosts when they want to communicate
  each other in the same network. It also used by routers to forward a
  packet from one host through another router. In cluster Virtual IP failovers,
  the new node which gets the VIP advertises the new ARP Address to the
  world. This is typically known as gracious-arp and during this operation,
  the old hardware address is invalidated in the ARP cache and all the new
  connections will get the new hardware address.
  <End Side Bar Topic>

• Local Cache Visibility from the Cluster

  Hi, can you give me an explanation for the following Coherence issue, please ?
  I found in the documentation that the Coherence local cache is just that: a cache that is local to (completely contained within) a particular cluster node and is accessible from a single JVM.
  On te other hand, I also found the following statement:
  “ Clustered caches are accessible from multiple JVMs (any cluster node running the same cache service). The cache service provides the capability to access local caches from other cluster nodes.”
  My questions are:
  If I have local off-heap NIO memory cache or NIO File Manager cache on the one Coherence node, can it be visible from other Coherence nodes as a clustered cache  ?
  Also, if I have NIO File Manager cache on a shared disk, is it possible to configure all nodes to work with that cache ?
  Best Regards,
  Tomislav Milinovic

  Tomislav,
  I will answer your questions on top of your statements, OK?
  "Coherence local cache is just that: a cache that is local to (completely contained within) a particular cluster node and is accessible from a single JVM"
  Considering the partitioned (distributed) scheme, Coherence is a truly peer-to-peer technology in which data is spread across a cluster of nodes, the primary data is stored in a local JVM of one node, and its backup is stored in another node, preferably in another site, cluster or rack.
  "Clustered caches are accessible from multiple JVMs (any cluster node running the same cache service). The cache service provides the capability to access local caches from other cluster nodes"
  Yes, no matter if the data is stored locally in a single node of the cluster, but when you access that data through its key, Coherence automatically finds that data in the cluster and brings to you. Its transparently for the developer the location of data, but one thing is certain: you have a global view of caches, meaning that from every single member, you have access to all data stored. This is one of the magic that the Coherence protocol (called TCMP) does for you.
  "If I have local off-heap NIO memory cache or NIO File Manager cache on the one Coherence node, can it be visible from other Coherence nodes as a clustered cache  ?"
  As I said earlier, yes, you can access all the data stored from any node of the cluster. The way in which each node store its data (called as backing map scheme) can differ. One node can use an elastic data as backing map scheme, and another node can use Off-Heap NIO Memory Manager as backing map. This is just the way about each node store its data. For the architectural point of view, its a nice choice to use the same backing map scheme across multiple nodes, because each backing map scheme can have different behaviors when you read and/or write data. One could be faster and another could be slower.
  "Also, if I have NIO File Manager cache on a shared disk, is it possible to configure all nodes to work with that cache ?"
  There is no need for that, since data is available to all cluster nodes without any effort. Having said that, this would be a bad strategy choice. Coherence is a shared-nothing technology which uses that model to scale and give you predictable latency. If you start using a shared-disk as storage for data, you will lose the essence of shared-nothing benefits, and create a huge bottleneck in the data mgmt layer, since will occur dispute per I/O in each read/write.
  Cheers,
  Ricardo Ferreira

• Multiple SSL terminations - 1 CSS11506

  Well the questions keep coming.
  Can anyone point me in the right direction for setting up multiple SSL terminations, 443 port for them all and multiple VIPS. So far I have one SSL site working but when i try to make my 2nd ssl proxy list active it says only one active at a time. So looking for sample configs to make this happen.
  Cheers
  Dave

  Thanks man, I read up a bit more and figured that out..Here is my config so far...
  ssl associate rsakey myrsakey1 CSSrsakey1
  ssl associate cert myrsacert1 CSScertfile1
  ssl associate rsakey myrsakey2 CSSrsakey2
  ssl associate cert myrsacert2 CSScertfile2
  ip route 0.0.0.0 0.0.0.0 192.168.20.1 1
  !************************** CIRCUIT **************************
  circuit VLAN1
  ip address 192.168.20.20 255.255.255.0
  !*********************** SSL PROXY LIST ***********************
  ssl-proxy-list ssl-list
  ssl-server 90
  ssl-server 90 vip address 192.168.20.100
  ssl-server 90 cipher rsa-with-des-cbc-sha 192.168.20.50 80
  ssl-server 90 cipher rsa-with-3des-ede-cbc-sha 192.168.20.50 80
  ssl-server 90 cipher rsa-with-rc4-128-sha 192.168.20.50 80
  ssl-server 90 cipher rsa-with-rc4-128-md5 192.168.20.50 80
  ssl-server 90 rsacert myrsacert1
  ssl-server 90 rsakey myrsakey1
  ssl-server 90 urlrewrite 22 www.test.com
  ssl-server 91
  ssl-server 91 vip address 192.168.20.101
  ssl-server 91 cipher rsa-with-des-cbc-sha 192.168.20.60 80
  ssl-server 91 cipher rsa-with-3des-ede-cbc-sha 192.168.20.60 80
  ssl-server 91 cipher rsa-with-rc4-128-sha 192.168.20.60 80
  ssl-server 91 cipher rsa-with-rc4-128-md5 192.168.20.60 80
  ssl-server 91 rsacert myrsacert2
  ssl-server 91 rsakey myrsakey2
  ssl-server 91 urlrewrite 23 www.test1.com
  active
  !************************** SERVICE **************************
  service SSLWWW
  type ssl-accel
  slot 6
  keepalive type none
  add ssl-proxy-list ssl-list
  active
  service rprox1
  ip address 192.168.20.50
  protocol tcp
  port 80
  active
  service rprox2
  ip address 192.168.20.60
  protocol tcp
  port 80
  active
  !*************************** OWNER ***************************
  owner CMPA
  content HTTP_rule
  protocol tcp
  add service rprox1
  port 80
  url "//www.test.com/*"
  vip address 192.168.20.100
  content SSLrule2
  protocol tcp
  vip address 192.168.20.101
  application ssl
  add service SSLWWW
  port 443
  active
  content ssl
  vip address 192.168.20.100
  application ssl
  add service SSLWWW
  port 443
  protocol tcp
  active