One-Armed Load Balancing

Can CSS 11000 load balance multiple server farms, using different load balancing algorithms on the same ip subnet and having multiple VIPs in the one-armed configuration.
I know this is not an ideal configuration but have to do it for a relocation project.
Thank yoi

yes you can.
No need for a trunk.
But you have to keep in mind that the CSS must see both sides of a connection.
So, obviously the traffic from the client will hit the CSS vip, but for the server response, you have to make sure it goes back to the CSS.
This can be done with source nating or policy routing.
Gilles.

Similar Messages

  • One armed VIP and FTP

    I have a need to use the one armed load balance for some servers. I have 4 contens setup using this and I have the four corresponding Groups setup. Two of the contents work fine they are using SSL. The other 2 fail and they are both using FTP. It looks like it is failing on the data channel connection because I can login to the server but cannot get any data. Is there a way to correct this.

    check the following URL:
    http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093de6.shtml
    it explains you need a source group for the ftp data connection.
    Since you also need a group to nat client ip address, you have a problem since you can't do both at the same time.
    The solution is to use ACL and the 'sourcegroup option'.
    So you keep your group but you removed all the service attach inside it.
    Then you create an ACL like this one
    acl 1
    clause 10 permit tcp any destination eq 21 sourgroup
    apply circuit(VLAN-client)
    acl2
    clause 1o permit tcp destination any sourcegroup
    apply circuit(vlan-server)
    This should work.
    If not, make sure to try both passive and active ftp to see if at least one works.
    Gilles.

  • 2 load balancing process in one router ?

    Dear,
    Please I have case and I want your help for this case
    Our enterprise company has 7 modems (adsl+sdsl)
    we want to reach internet access continuty so we will do load balancing betwen this modems by router support feature of load balance
    when I searched about this router I found multi wan router CISC0 RV 016
    that support up to 7 modems load balanced together
    but in reality I want to load balance between the first 3 modems to act as one modem to some users
    and load balance between the other 4 modems to act as one modems for other users
    (I mean I want one router act as 2 routers independent of each other each one do load balancing process)
    So I want router support minmum 2 loadbalancing process
    If CISCO RV 016 support this feature please tell me how?
    and if not,please give me examples to another CISCO routers support this feature
    I appreciate your reply
    Thanks in advance

    Hi,
    you can load-balance per IP prefix  with PBR( not available on RV016 I think) but I'm not sure you can use multiple interfaces for a particular prefix with this method. I'll try to lab it up this evening and let you know.
    Regards.
    Alain

  • Load Balancing and Failover with 10G Standard Edition

    Hi,
    I am new to Oracle Replication and need some help setting up replication for load balancing and failover. Is this possible using Oracle 10G Standard Edition? I plan on having all updates done on the master site and both databases will be for reads. In case of failure of the master site, I would need to be able to failover to the other database.
    Also, if anyone knows of any documention for Basic Replication in 10G, please let me know.
    Thanks.

    Simple nnapshot replication of data would require significant manual effort to configure to load balance or failover. One the load balancing side, you would generally be limited to to static load balancing-- assigning half the users to one machine and the other half of the users to the other machine, regardless of who is actively using the machine. Failover would be a significant manual effort, particularly to bring the failed machine back into the cluster. You would be implementing the guts of multi-master replication.
    Frankly, if you actually have a system which is valuable enough to need load balancing and disaster recovery, I'm going to wager that it will be far cheaper even in the short run to buy more boxes and/or enterprise edition licenses than to try to implement this sort of thing yourself. In the long run, it will be far cheaper, since it will be far easier to maintain. Building all this yourself would probably be penny wise and pound foolish.
    Justin
    Distributed Database Consulting, Inc.
    http://www.ddbcinc.com/askDDBC

  • Servlet load balancing

    I am testing load balancing of servlet on Weblogic 6.0 with Netscape
              Enterprise Server 3.6. I can hit both weblogic servers if I try to hit
              them heavily. However no matter what I do I can not get the round robin
              work.
              Has any one got load balancing work for servlets with 3rd party web
              server? As I understand weblogic only supports round robin for servlets
              load balancing because of DNS rotatioin, am I right?
              Thanks,
              Yong
              

              Yes. I even see this behavior from clients on different hosts.
              Yong
              "Kumar Allamraju" <[email protected]> wrote:
              >round-robin happens for new requests, not for the existing requests.
              >Are you seeing the following behaviour with new clients (i.e. sending
              >requests from different browsers)..
              >
              >--
              >Kumar
              >
              >"Yong Sun" <[email protected]> wrote in message
              >news:[email protected]..
              >> I am testing load balancing of servlet on Weblogic 6.0 with Netscape
              >> Enterprise Server 3.6. I can hit both weblogic servers if I try to
              >hit
              >> them heavily. However no matter what I do I can not get the round
              >robin
              >> work.
              >>
              >> Has any one got load balancing work for servlets with 3rd party web
              >> server? As I understand weblogic only supports round robin for servlets
              >> load balancing because of DNS rotatioin, am I right?
              >>
              >> Thanks,
              >>
              >>
              >> Yong
              >>
              >>
              >
              >
              

  • Network equal load balance

    Hello all
    I need some help, with using quagga and multipath.
    I have Solaris 9 server with stable quagga 0.98.6 and 2 equal routes to one
    network. I have both of these routes in routing table, but the Solaris use
    only first one for traffic. I would like to share traffic. If I have them in
    routing table I suppose the quagga work is done, and now I need tune the
    Solaris OS/kernel?
    Does anybody have any idea, how to reach it?
    Best regards, Agp

    My questions is how to I setup the 2 network interface cards to act as one and load balance the traffic accross both interfaces?
    This is simple link aggregation in System Preferences -> Network
    Click the + button at the bottom and choose new Link Aggregate. Choose the existing interfaces (presumably en0 and en1) and you're set.
    Note that this requires support in the switch the server is connected to (it needs to support LACP), and that you will bounce your network connection when you set this up (so don't do it when the server is actively servicing clients)
    also I was wondering if it was possible to fail over AFP services, so if one server went down the other would pickup file services where it left off?
    It's possible, but you need to be very careful with regards to data integrity. For example, typically each server is going to have a local directory (or directories) that are shared. If Server A fails and Server B takes over, how do you intend to ensure that Server B's data is up-to-date, especially with regard to files that might have been in use at the time?
    It's a tricky problem to solve without putting the data on a shared storage device using something like XSAN to manage arbitration, and now you could be talking serious $$$s.
    I'd recommend looking closely at your file serving needs and work out if it's necessary, or whether you could get by with dividing the load across servers (e.g. some sharepoints are on one server, other sharepoints on the other) so that only a subset of your users are impacted should one server fail.
    File synchronization/replication is a major issue (read $$$$$) for a lot of companies.

  • CSS to transparent Proxy load-balancing

    We have a single bluecoat proxy that is exposed to internet ,  which we need to add another one and load balance traffic to both of them . The problem is that this traffic cannot be routed to proxy explicitly ( i.e not like the Ineternet Explorer ) so this loadbalancing has to be done blindly to the users .
    So is there a way or another that I can loadbalance internet traffic to these proxies with an inline CSS or maybe L2 loadbalancing to the proxies without involving a VIP ?
    I was thinking about making the CSS VIP the default gateway of the clients so that traffic hits by it and make the 2 proxies the two real servers behind this VIP but I'm not sure if this will hit through the rule before routing traffic or not .

    Thank you Gilles , I was hoping that YOU see and reply to this post
    This sounds logical to remove the VIP , but I am not going to connect the CSS physically inline , I will make it the gateway of the clients so that all traffic hits by it and then by the rule .
    Do you have concerns ?

  • Load Balance Network Cards and Fail over services

    Hi,
    Im looking at setting up 2 MAC server each with basic services (ie AFP, Open Driectory, software updates and DHCP)
    Both servers are less then 12 months old and are both attached with GB ports to the RAID where all the user data is stored.
    My questions is how to I setup the 2 network interface cards to act as one and load balance the traffic accross both interfaces?
    also I was wondering if it was possible to fail over AFP services, so if one server went down the other would pickup file services where it left off?
    I know how to fail over OD and the other services dont matter to much.
    Thanks in advance for your assistance

    My questions is how to I setup the 2 network interface cards to act as one and load balance the traffic accross both interfaces?
    This is simple link aggregation in System Preferences -> Network
    Click the + button at the bottom and choose new Link Aggregate. Choose the existing interfaces (presumably en0 and en1) and you're set.
    Note that this requires support in the switch the server is connected to (it needs to support LACP), and that you will bounce your network connection when you set this up (so don't do it when the server is actively servicing clients)
    also I was wondering if it was possible to fail over AFP services, so if one server went down the other would pickup file services where it left off?
    It's possible, but you need to be very careful with regards to data integrity. For example, typically each server is going to have a local directory (or directories) that are shared. If Server A fails and Server B takes over, how do you intend to ensure that Server B's data is up-to-date, especially with regard to files that might have been in use at the time?
    It's a tricky problem to solve without putting the data on a shared storage device using something like XSAN to manage arbitration, and now you could be talking serious $$$s.
    I'd recommend looking closely at your file serving needs and work out if it's necessary, or whether you could get by with dividing the load across servers (e.g. some sharepoints are on one server, other sharepoints on the other) so that only a subset of your users are impacted should one server fail.
    File synchronization/replication is a major issue (read $$$$$) for a lot of companies.

  • ACE 4710 one-arm L4 load balancing removes accept-encoding?

    We have built a simple one-arm PAT config to round robin load balance two Varnish servers. In the "Default L7 load-balancing action" we have left compression to "N/A". It looks like the ACE removes "Accept-Encoding: gzip, deflate" from the client header.
    Is this normal behaviour? We would like the Varnish to do the compression. Do we need modify the headers to get this through the ACE?

    Hi,
    Yes this does seem to be the behavior. Please read below:
    HTTP compression is a capability built into web servers and web browsers to improve site performance by reducing the amount of time required to transfer data between the server and the client. Performing compression on the ACE offloads that work from the server, thereby freeing up the server to provide other services to clients and helping to maintain fast server response times.
    When you enable HTTP compression on the ACE, the appliance overwrites the client request with "Accept-Encoding identity" and turns off compression on the server-side connection. HTTP compression reduces the bandwidth associated with a web content transfer from the ACE to the client.
    So ACE rewrites the ACCEPT-ENCODING header to IDENTITY to indicate to the server that it should not compress the return data. That would be done by ACE.
    Also, default method is used when client comes with both gzip or deflate for "ACCEPT ENCODING". For compression to work, a client must send a request with an ACCEPT-ENCODING method of gzip or deflate. If a client sends both methods, then the ACE uses the configured method(default method).
    Also, you can see if ACE is compressing the packets or in "show service-policy detail.
    switch/Admin#
    show service-policy L7_COMP_SLB_POLICY detail
    Status     : ACTIVE
    Description: -----------------------------------------
    Interface: vlan 1 108
      service-policy: L7_COMP_SLB_POLICY
        class: vip
         VIP Address:    Protocol:  Port:
         2.0.5.1         tcp        eq    80
          loadbalance:
            L7 loadbalance policy: pm
            VIP ICMP Reply       : ENABLED
            VIP state: OUTOFSERVICE
            Persistence Rebalance: ENABLED
            curr conns       : 0         , hit count        : 0
            dropped conns    : 0
            client pkt count : 0         , client byte count: 0
            server pkt count : 0         , server byte count: 0
            conn-rate-limit      : 0         , drop-count : 0
            bandwidth-rate-limit : 0         , drop-count : 0
            L7 Loadbalance policy : pm
              class/match : h
                ssl-proxy client : c
                LB action :
                   primary serverfarm: sf1
                        state: DOWN
                    backup serverfarm : -
                hit count        : 0
                dropped conns    : 0
                compression      : on  <------------------------------ Compression is enabled if the value is "on"
    compression  bytes_in  : 0       bytes_out : 0  <--- Number of bytes transmitted after compressing the server response
    Compression ratio : 0.00%  <------------------------------ Percentage of data compressed
    Gzip: 0               Deflate: 0  <--------------- Number of times the method is used
    compression errors:                                     _
    User-Agent  : 0               Accept-Encoding    : 0   |
    Content size: 0               Content type       : 0   |
    Not HTTP 1.1: 0               HTTP response error: 0   |-- Check these error counters to see if they are increasing
    Let me know if you have any questions.
    Regards,
    Kanwal

  • How to see the Source IP Address of a client using ACE One-armed-mode to load balance HTTP proxy request

    I'm using an Ace 4710 Appliance deployed in One-Armed mode, using Source NAT to loadbalance HTTP request to a couple of Proxy servers.
    Everything is working fine, but the thing is that I can't see the Clients IP addresses on Proxy's logs, so I can't keep track of them.
    The Interfaces and Nat configs are:
    interface vlan 200
      description Server-Side-VLAN
      bridge-group 5
      nat-pool 5 10.1.1.5 10.1.1.5 netmask 255.255.255.0 pat
      service-policy input VIPS
    interface vlan 300
      description Client-Side-VLAN
      bridge-group 5
    interface bvi 5
      ip address 10.1.1.3 255.255.248.0
      description Client-Server-Virtual-Interface
    ip route 0.0.0.0 0.0.0.0 10.1.1.1
    and the policy map looks like this
    policy-map multi-match VIPS
      class Port80
        loadbalance vip inservice
        loadbalance policy Port80
        nat dynamic 5 vlan 200
    Resource assignment:
    sticky ip-netmask 255.255.255.255 address both RESOURCE-CLASS
      timeout 5
      serverfarm Service80
    Any suggestions will be appreciated,
    Thanks

    Hi Kanwal,
    Thanks for your quick reply,
    I've already tried this but it didn't work. The problem is that I don't manage the proxy servers so I rely on their skills to see the logs.
    The Proxies are Squid. Do you know if they need to do something else on the servers to see that field of the HTTP header?
    But I'll try again tomorrow and let you know how it goes.
    Thank you again.

  • Server Load Balance in one network using CSM Cat6509

    I have 2 Web Servers with real IP address 10.1.12.61 and 10.1.12.62 (subnet mask 255.255.255.0). The virtual IP address configured on CSM is 10.1.12.100
    I also have 2 Application Servers with real IP address 10.1.12.81 and 10.1.12.82 (subnet mask 255.255.255.0). The virtual IP address is 10.1.12.120.
    Users will access Web server using the virtual IP address (10.1.12.100) so that the traffic will be load balanced.
    But there is also requirement that those Web Servers access Application Servers using IP address 10.1.12.120 so that the traffic will be load balanced as well.
    Is this requirement feasible?
    Can CSM load balance between servers in one network address?

    Budiman,
    I am building the same situatiuon here. But the most simple part seems not to be working. I have two webservers in the same subnet as my VIP.
    The clients can be everywhere in every subnet.
    This is what happens:
    btpebgw70#sh mod contentSwitchingModule 9 conns
    prot vlan source destination state
    In TCP 401 192.6.53.42:1901 151.183.58.196:80 ESTAB
    Out TCP 401 151.183.58.196:80 192.6.53.42:1901 ESTAB
    ok this is good but:
    btpebgw70#sh mod contentSwitchingModule 9 reals detail
    151.183.58.201, ORBIS, state = OPERATIONAL
    conns = 0, maxconns = 4294967295, minconns = 0
    weight = 8, weight(admin) = 8, metric = 0, remainder = 0
    total conns established = 58, total conn failures = 58
    the failures have the same value as the established. Can you send me your config part of the csm because I am getting tired of this. Please email to [email protected]
    Thanks in advance!

  • Oracle Applications 11i Load Balancing does not work with RAC one Node

    Hi all,
    Could you help me to resolve this issue.
    Architecture environment is :
    - One APPS tier node
    - Two nodes Oracle Database Appliance (Primary node 1 holds INSTANCE_1 et Secondary node is configurured to holds INSTANCE_2), i.e RAC one Node.
    - The primary node have instance_name SIGM_1 and the secondary node have instance_name SIGM_2, but in RAC one node, the secondary instance is not alive.
    We convert our EBS 11i environment to RAC following note ID Using Oracle 11g Release 2 Real Application Clusters with Oracle E-Business Suite Release 11i [ID 823586.1].
    When testing Database failover, Oracle Applications 11i load balancing does not work anymore.
    The root cause is that, when the primary node of the Rac one node is down, the INSTANCE_NAME_1 is automaically relocating to the surviving node,.
    During test failover, we imagine that when the primary node goes down, the secondary node start or relocate database with instance_name SIGM_2, and in that case the Oracle Applications load balancing works.
    Currently, when the primary node goes down, the instance_name SIGM_1 is relocated on the secondary node, which cause failure of Oracle Applications Load Balancing.
    Thank you for your advice.
    Moussa

    This is something I observed a long time ago for Safari (ie: around version 1). I'm not sure this is Safari, per se, but OpenSSL that is responsible for the behavior. I'm pretty sure Chrome does this and I've seen some Linux browsers do it.
    What I have done at the last two companies I've worked for is recommend that our clients do not use SSL SessionID as the way of tracking sticky sessions on web servers, but instead using IP address. This works in nearly all cases and has few downsides. The other solution is to use some sort of session sharing on your web servers to mitigate the issue (which also means that your web servers aren't a point of failure for your users' sessions). (One of the products I supported had no session information stored on the web servers, so we could safely round-robin requests, the other product could be implemented with a Session State Server... but in most cases we just used IP address to load balance with). The other solution is to configure your load balancer to terminate the SSL tunnel. You get some other benefits from this, such as allowing your load balancer to reduce the number of actual connections to the web servers. I've seen many devices setup this way.
    One thing to consider through this is that - due to the way internet standards work - this really can't be termed a bug on anyone's part. There is no guarantee in the SSL/TLS standards that a client will return the same SSL Session ID for each request and there is not requirement that subsequent requests will even use the same tunnel. Remember, HTTP is a stateless protocol. Each request is considered a new request by the web server and everything else is just trickery to try and get it to work the way you want. You can be annoyed at Safari's behavior, but it's been this way for over 5 years by my count, so I don't expect it to change.

  • Multiple WAN connections all through one router with load balancing?

    I am setting up a network in my dormatory for myself and about 20 friends. about half of us have DSL connections at the moment. Is there a way to have all the DSL connections (possibly run through cheap home DSL routers) all connect into a cisco router that then acts as the gateway for our entire network? woudl it be possible for each internet request to go out over the connection that has the least load AND also be able to use some sort of load balancing, so one user cant use all of the outgoing/incoming bandwidth?
    If you have any ideas please let me know

    Hi Ian,
    To get this working, you would either need to use something like PPP to bundle your links together or use a dynamic protocol.
    In bundling the links, you could make them appear as one link, with a single IP address each end and the router takes care of distributing the load. To implement this though, you would need control of both sides of the link, or be terminating with one carrier who is happy to implement this for you.
    The second is to use a dynamic protocol (such as eigrp, ospf, etc), which can build up a map of the network to router from point a to point b. For this you also need control of the link.
    I can't think of another method, unless you can control the link from both sides. Your other option it to pool your money and buy a larger link or a leased line. If you bought a leased line or two, your carrier would be more than happy to talk to you about routing over that, but generally you're looking at mega bucks for that.
    HTH,
    Mark

  • LRT224 Load Balancing with only one ISP

    I found that the LRT224 Load Balancing really increased performance on my network with a single Internet Service Provider.
    Also if your ISP doesn't limit the number of Public IP Addresses your ISP Device can provide to one. You can get two Public IP Address for additional port forwarding and other uses.
    -------------------            OR           ----------------------------
    Please remember to Kudo those that help you.
    Linksys
    Communities Technical Support

    In my case I noticed an immediate improvement in overall performance. When I do a "speedtest.net" test the speeds are always at the maximum throughput even with other heavy users on the internet. Which wasn't the case before. I suspect that the Dual WAN connections are doubling the amount of available full speed connections due to the load balancing.
    It's interesting to watch the ethernet port lights on the ISP Modem blinking like mad as the LRT224 pumps data through the two ethernet ports.
    Please remember to Kudo those that help you.
    Linksys
    Communities Technical Support

  • Load balancing with only one Real Server on CSM

    Other than create a VSERVER with only one real server in it - is there a way of load balancing when you have only one real server now and may be additional servers to be added later?

    the only way is to use the vserver.
    Gilles.

Maybe you are looking for

  • Creation of new merchanize category

    Hi,    Can  some one  explain me process of creatiing new merchandize category in IS-RETAIL.

  • Is there any xi content for R/3 4.7 ? where ?

    Hi All, A while back, we imported SRM content (message definitions, mainly) for SRM 5.5 into our Repositiory. Now I am searching for possible standard content regarding FICO in R/3 4.7. we run XI 3.0 (sp18, soon sp20) But now I cannot find anything o

  • EXTRACT function and Chinese data

    Hi ! I'm working with PL/SQL web applications, and I'm having trouble viewing it on a webpage when I use EXTRACT function for Chinese data. <abccompany> <department> 凯伦·威廉斯是一家小型社区制药厂的所有者,她正考虑开始提供药方递送的服务,同时也已经就此事征求了保险专家鲍勃·布朗的意见。凯伦询问鲍勃,需要购买哪些保险、</depar

  • Will there be a trade-in offered for the New iPad and the iPad with Retina Display?

    I don't really understand what's going on. I bought The New iPad in early August and was told that it was the one with Retina Display and it was the top of the line. I cannot find a "New ipad" on Apple's website. In fact, the only iPad with Retina Di

  • Serial Code Invalid

    Hi, I'm sure this has been asked a LOT! Just downloaded the student version of Adobe Acrobat XI Pro, but it won't allow me to activate the serial number saying it's invalid. On side note, pleased I didn't pay $700 for this product, as Adobe customer