Portal Landscape - With 2 CSM (load balance) related question

Similar Messages

• WebAS access via Portal: Web Dispatcher required for load balancing ABAP

  Hi Folks -
  We have EP 6.0 SP18 (Java only, WebAS 6.40, Unix/Solaris).  The portal has a CI/SCS and one DI so we have a Web Dispatcher to load balance the portal servers. This works fine (and provides port 80 access).
  This portal will provide access to HTTP services from an ABAP WebAS (6.20 with 6.40 kernel, Unix/Solaris). A landscape configuration entry has been added to the portal for this ABAP system. The ABAP system has a CI and multiple app servers, all capable of handling HTTP requests.  This will also require port 80 access.
  1. Will we need an additional Web Dispatcher to load balance HTTP requests to the 'backend' ABAP WebAS system, or will the portal be smart enough to handle the load balancing itself (perhaps based on the information in the landscape configuration)?
  2. If the portal itself handles the HTTP load balancing can you point me to documentation (so I can make sure I have proper configuration)? 
  3. Are there any changes to this with NW2004s Portal (we plan to upgrade soon)?
  Thanks in advance!  Jeff

  Jeff,
  Regarding:
  Q1. If you create a system object from the "SAP system with load balancing" template in portal and configure the object to point to your CI (msg server), the LB should be handled.
  Q2. Portal load balancing is handled by the message server.  If you point a test URL to the port of your message server, you will notice that you are issued a redirect the URL of your dialog instance.  The web dispatcher is just a proxy (with some intelligence).  When a request is made to the WD, it makes a connection to the MSG server, the list of active instances is queried, a redirect is made to that instanct.  If you use WD, that connection can be proxied behind a standard URL.   If you connect directly to the MSG Server instead, you will notice your URL change, just as it does on the service marketplace.
  WDs are good for providing services, masked (proxied) behind virtual names.  If you do not want the customer to see a physical URL of the server, use the WD.  There are lots of other solutions that can do this too though such as Apache, ISA, Juniper devices, Cisco LDs.  WDs have a very low performance threshold though, especially if you use SSL. WD is a performance bottleneck and should be benchmarked to see if it is right for your application.
  Q3. No changes this architecture in 04s.
  jwise

• CSM Load Balance redirect

  I have a request to do a redirect on a CSM load balance device and I am not sure how to go about doing it.
  The request is to send traffic destined for https://payments.domain.com to https://www.diffdomain.com/folder/folder/page.jsp. I already have a serverfarm created for www.diffdomain.com, I guess I could create a vserver with a unique IP address for payments.domain.com and point it at the same set of servers, but how would I append the "/folder/folder/page.jsp" on to the request?

  Hi,
  The only way you can do HTTPS to HTTPS redirection is if you have an SSL module or also if this module happens to be a CSM-S. To be able to redirect encrypted traffic the CSM needs to inspect first the L5 information contained on the HTTP header. Once the SSL card has decrypted the traffic you can configure a webhost relocation serverfarm to ask the client to send the request to https://www.diffdomain.com/folder/folder/page.jsp which will be sent to the 443 vserver that is already taking traffic for https://payments.domain.com
  Hope this helps.
  Pablo

• CSM load balancing

  I have an interesting problem. I have a VIP with a two server, serverfarm. Originally the VIP and serverfarm were doing load balancing in the switch IOS and the vip was configured with a 27 bit subnet mask. I moved the configuration to our csm mod and removed the subnet mask. The original sticky was set to 120 and I reset the sticky to 30 as part of the move. Now the load balancing is extremely off kilter (200 connections to 7). Any ideas what could be amiss?

  Real servers are physical devices assigned to a server farm. Real servers provide the services that are load balanced. When the server receives a client request, it pulls matching information from a disk and sends it to the CSM for forwarding to the client.
  You configure the real server in the real server configuration mode by specifying the server IP address and port when you assign it to a server farm. You enter the real server configuration mode from the serverfarm mode where you are adding the real server.
  This URl should help me:
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_installation_and_configuration_guide09186a00801760d0.html#xtocid439743

• CSM - Load balance using Server CPU

  Hi
  I have a customer who requires the load-balancing prediction
  algorithm to be based on the CPU level of the Server. So the server with the least CPU is chosen at the laod-balancing stage.
  Is there a way to do this?
  Thanks James

  Hi James
  With CSM the only option is DFP (Dynamic feed back protocol). If your application vendor provides DFP agents (which is very unlikely) for the application then these agents can be installed on App servers for the desired purpose.
  Config details at
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/rsfarms.html#wp1039774')">http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/rsfarms.html#wp1039774
  With ACE you can use SNMP based probes to achieve what you are looking for.
  Syed Iftekhar Ahmed

• CSM Load Balancer Help

  Hey,
  Just a quick question....
  Does anyone know a) if it's possible and b) how to have two servers off the CSM but instead of load-balancing between them make them a failover pair i.e. if server A goes down server B will take over - done using the same VIP?? It's needed because the application on the servers can't do load-balancing yet but can work in a failover way.
  I'm reading the book trying to work it out but if someone has done this before that would be great!
  Thanks
  Anthony

  Thanks for the responses.
  I'm using CSM 4.6(6) and have given what you suggested a go but have run into problems.
  When I disconnect the primary server I see that go out of service but that also knocks out the VIP and it never fails over to the second server. Am I missing something? I've attached the relevant parts of the config and would be greatful for any advice.
  serverfarm FARM1
  nat server
  nat client WEB
  real 10.2.250.10
  inservice
  probe HTTP
  serverfarm FARM2
  nat server
  nat client WEB
  real 10.2.250.11
  inservice
  probe HTTP
  vserver WEBTRAFFIC
  virtual 10.2.250.100 tcp www
  vlan 250
  serverfarm FARM1 backup FARM2
  persistent rebalance
  inservice
  I also had a go at creating that variable but it wouldn't let me...just said variable not configurable - but I'll play with that and see if I can work it out...I'm not so bothered as long as the backup part works.
  Thanks guys...
  Anthony

• Issue with Site Configuration / Load Balancing

  We’re noticing strange behavior with our servers that are configured behind a load balancer. We’ve got two servers with different ports and a load balancer:
  Server1: https://host1:30003/opensso
  Server2: https://host2:30103/opensso
  Load Balancer: https://loadbalancer:30003/opensso
  When we go to the admin console, we can access Server1 without a problem, but the second time we go the load balancer sends us to Server2, and our browser returns a page not found error. We’ve traced the HTTP traffic and discovered that every other time we go to the admin console (the load balancers are configured round robin), Server2 always returns a bogus HTTP found URL. The response it provides is something like https://loadbalancer:*30103*/opensso/UI/Login (just an example).
  The issue here is that it is properly directing the end user’s browser to the load balancer DNS entry. It is not however directing the end user’s browser to the proper port. It seems to sends its own port value to the browser. Obviously when the browser tries to access this URL the Load Balancer rejects the request because it is not listening on port 30103.
  Can Multiple OpenSSO application servers (configured as a site) run from behind a load balancer when they are listening on different ports? If so, why is the application server responding to the user request with its own port, rather than that of the load balancer, yet still providing the DNS hostname entry for the load balancer the whole time.

  Major updates of Muse are targeted to release roughly every quarter. The 1.0 release was in mid-May. The 2.0 release was in mid-August. A fundamental change to image loading would only appear as part of a major update due to the engineering and testing efforts required.
  As provided in your previous thread http://forums.adobe.com/message/4659347#4659347 the only workaround until then is to reduce the number of images in the slideshow.

• Load Balancing 2012 R2 Session Host Collection with External Network Load Balancer

  Hi,
  We are moving from a 2008 R2 Remote Desktop session host deployment to 2012 R2. Previously, we used our Kemp hardware load balancer to distribute load between RDSH servers. We had a connection broker deployed so that if an existing disconnected session was
  detected during the initial connection, the user was directed back to that session.  
  In 2012 R2, we planned to again used the Kemp load balancer to main high availability for our RDSH collection, but are experiencing strange issues. It seems that the RD Connection Broker is also performing load balancing--the result being that initial connections
  to the RDSH collection may go to one RDSH server with the least connections through the Kemp, but then be redirected to a different RDSH server by the broker, even when there is no existing session for the user on that second server.
  Our question is: Should we not be using the Kemp balancer at all (how would this work)? Or should we disable load balancing by the connection broker (if so...how)?
  Further complicating our redirection issue with that the RDSH servers have multiple interfaces--one with public addresses and others with private. The connection broker seems to abritrarily pick among the destination RDSH server's available IP addresses
  for the redirection and trying to redirect to a private address will fail. We think we have worked around this by connecting to each RDSH server from a 2008 R2 server's RDSH Configuration console and choosing just the public adapter under the Network Adapters
  tab--is there no way to access this setting in 2012 R2?
  Thanks in advance!   
  Matthew

  Hi Matthew,
   As you are most likely already aware, inn Remote Desktop Services 2012 / R2 the Connection broker uses round robin DNS to load balance.
  To simplify things I would recommend that you let the connection broker load balance the sessions and use the KEMP to Load balance the RDweb and Gateway servers.
  Have a look at the following articles:
  http://ryanmangansitblog.wordpress.com/2013/03/11/create-a-rdwa-farm-using-a-kemp-load-balancer/
  http://ryanmangansitblog.wordpress.com/2013/03/31/rds-2012-configuring-a-rd-gateway-farm/
  http://ryanmangansitblog.wordpress.com/2013/09/05/load-balance-rds2012-rdwa-and-rdgw-using-sub-interfaces-on-kemps-loadmaster/
  As you have mentioned that you are migrating from a 2008R2 configuration, have a look at the following article:
  http://ryanmangansitblog.wordpress.com/2014/01/05/publish-rds-2008r2-desktop-on-rds-2012/
  Ryan Mangan | [email protected] | Help keep the forums tidy, if this has helped please mark it as an answer

• Multicast not working with Window2K Network Load Balancing.

  I'm using W2K Network Load Balancing (WBLB) for our cluster machines (2
            boxes) to load balance between IIS (one IIS instance on each box). Each IIS
            instance is a proxy to the weblogic cluster (one app server instance on each
            box). Currently I only have a single network card configured for each box,
            so I have had to enable multicast support for the WNLB. But if I do this
            I'm unable to get multicasting working correctly for the weblogic cluster.
            When I run the multicast tester (utils.MulticastTest) one box is able to
            receive multicast messages from both boxes, but the other box is only
            receiving multicast messages from itself (but not the other box). Does
            anyone have any experience with configuring weblogic clustering on machines
            with WNLB also configured?
            Thank you.
            Marko.
            

  Hi
  NLB return traffic for UDP would come from the node IPs.
  You could use NAT on your firewalls so they come from the same public IP.
  Otherwise you'd be looking at something other than MS NLB.
  Cheers
  GF

• Error in creating JCo connection with destination type'Load-Balanced Con'

  Hi,
  I am working on webdynpro application(NW 04s), i need to connect with the backend system(ECC 6.0) using model.I configured my SLD and created technical system successfully.
  The technical system got created with an error:
  CIM_ERR_ALREADY_EXISTS: Instance already exists: SAP_BCApplicationServer.CreationClassName="SAP_BCApplicationServer",Name="ID1.Number.01.HostName.ahsides"
  But the system got created so I proceeded with Jco connection creation:
  I need to create 2 Jco connections for this,
  First with Data Type 'Application Data' & Destination Type 'Single-Server connection'. Second with Data Type 'Data Dictionary' & Destination type 'Load-balanced Connection'. 
  The first Jco with 'Single-Server connection' got created successfully and ping and test is also successfull.
  The second Jco connection with 'Load-Balanced Connection' got created successfull but it is throwing error while pinging and testing.
  Ping Error : Failed to ping JCo destination 'WD_EMPLOYEE_RFC_METADATA_DEST'.
  Test Error : com.sap.mw.jco.JCO$Exception: (102) JCO_ERROR_COMMUNICATION: JCO.Client not connected in repository call
  Please help me in this.This problem was with 'Load-Balanced Connection' only.

  Hi,
  Have you taken a look at the file %windir%\system32\drivers\etc\services?
  If you haven't, try and find the line sapms<sid>, where sid is de SID of the system you-re trying to reach.
  If the line isn't there write it down like this.
  sapms<sid>     36<nr>/tcp
  That works for me.

• How to config CSM load balance of http combined https

  In this case,when I config CSM for load balance http and https service separately was ok.2 VIPs , 2 Serverfarms, One for http , and one for https .But I found that the https would referred to http information on IIS , because when the client first to access http is ok,and then login by https ,the information is not right.So,how to config CSM in this case,any reply will be very be appreciated.

  There are 2 different ways.
  You could combine the 2 vserver into a single one by not specifying the tcp port.
  Another solution would be to use the same sticky group for both vservers.
  For example, you could use sticky srcip.
  ie:
  sticky 10 netmask /32 address source
  vserver http
  sticky 60 group 10
  inservice
  vserver https
  sticky 60 group 10
  inservice
  Regards,
  Gilles.
  Thanks for rating this answer.

• Portal hangs with the little loading image

  Hello,
  we have completly intermittend occurances of the portal hangin at the little loading image when navigating arround (not the big wheel in the middle but the small grey whirl in the top left page area).
  I've been through all log files, did dumps and everything but can not find a single mention of anything wrong at the time. Its completly random, happens in different places at different times with different users.
  The whole Browser window locks and has to be terminated via the Task Manager.
  Would anyone know what/where I can find any information and what exactly hapens when the wheel is shown?
  Thanks for thinking!
  Andi

  Hi Andi,
  Note 976331 - receiving "Loading" message for the Detailed Navigation
  This might be the answer you are looking out for.
  Cheers!
  Sandeep Tudumu

• ASA Load-Balancing intriguing question

  I have a setup where the inside interface may be in the same private subnet, but the outside interfaces, are most likely in different public subnets.
  For example. inside on both ASA: 192.168.1.1 and 192.168.1.2 /24 and the public connected even to two different ISPs.
  My guess is that I would probably lose the possibility for failover of the master for load-balancing, in case this ASA goes down, but nevertheless, I would be still interested in that users connect to the same public ip, and that the master gives the fqdn of the other ASA, and balance their Anyconnect entry into the network between both ASAs. Does this works this way?
  I mean, does this vpn load-balance feature talks only accross the inside network, or it needs to have same outside subnet mask? Is it a trick of the mask in the interface? 
  If not, is there a way around that? like this, if use a bogus outside interface and tunnel it somehow to the other outside in the other ASA, will still the offering of fqdn be on, so that the client connects to the other "real" public IP? 

  you cant route based on source ip with firewall only with router possiable by PBR
  you can make to static routes each one point to deffrent router with deffrent metric
  in this case it will make the topology like active standby which not good in your case
  but you can use sub interfaces on your ASA intis case make each subinterface in deffrent subnet and deffrent security level
  and let each subinterface use deffrent hsrp instance
  or there is another way
  IF you dont use VPN on your ASA u can achive it by useing multiple context
  in multiple context you gonna separate your firewall virtualy
  so if you have two vlans in your inside network (two deffrent subnets)
  then each subnet will use deffrent firewall virtually
  u goona divide the internal interface to two subinterfaces
  and you can use one outside interface shred between the context or also separate it to two subinterfaces
  and allocate those interface to each context
  so you gonna deal with each context as deffrent firewall
  and you can use deffrent HSRP instance on each context
  but with multiple context you cant use VPN on the firewall
  *****use the following method*****
  THE OTHER WAY WHICH ALSO I SUGIST YOU TO TRY IT WHICH IS THE Transparent Firewall
  in the case your firewall will operate in L2 mode
  so you can use the routers HSRP IPS AS there is no firewall in the path
  which i thnk helpful in you case aslo
  in transperante mode the defaultgate way for your client will be the hsrp IP because the firewall will not have any IPs exept for managment
  also the useres will be in the same IP subnet as the gateway in your case HSRP VIP
  and also you can control the network security through the firewall normally
  try this way and let me know
  see the following link for configuration
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml
  please, Rate if helpful

• Load Balancing simple question

  Hi,
  i'm using CSS 11501 to load balance some web servers using src IP.
  if one src IP is directed to certain web server,
  How much time has to pass for this same src IP to be directed to other web server?
  Thank you in advance!

  By default, entries in the sticky table do not time out. The table works on a first-in, first-out basis. The size of the table depends on the amount of memory in the CSS (SCM 144 MB --> 32k, SCM 288 MB --> 128k).
  You can change the default timeout value using the 'sticky-inact-timeout ' command.
  ~Zach

• FWSM and CSM (Load Balance) in the same chassi

  Folks,
  Is there any type of best practice (you ** must ** do like this) when you are going to implement the FWSM and the CSM modules on the same 6509 chassi ?
  PS: The CSM is not doing FW loadbalance, it is doing loadbalance to servers located in a DMZ
  PATH:
  (outside) FWSM (inside) -> MSFC -> (inside) PIX (dmz) -> CSM  , CSM -> (dmz) PIX (inside) -> MSFC -> (inside) FWSM
  My main doubts:
  1) FWSM using multi-context, Is there any integration problem with CSM ?
  2) FWSM and CSS in routed mode, Is there any integration problem with both modules ?
  3) Is it really necessary to operate the FWSM module in bus mode when using CSM in the same chassi (fabric switching-mode force bus) ?
  Cisco Says:
  "The CSM line card operates in bus mode. When using the CSM in conjunction with the FWSM line card,
  Cisco recommends forcing the FWSM to operate in bus mode using the
  fabric switching-mode force bus command. When service modules such as the CSM and the FWSM
  operate in bus mode, traffic from DFC-enabled line cards still use the fabric connection."
  In past it was a workaround due a bug, but I have found this recommendadon and know I am a little confused.
  Tks !!!

  Luis-
  You will want to used a routed mode on the CSM so that the Firewall contexts don't see eachothers MAC Addresses for any traffic not destine to to a VIP.  On the CSM VLANs, you will want to create alias IPs to use as the next hop destination between contexts for non-VIP traffic. Other than that, the CSM has no concept of contexts, so as long as the traffic is symetric when it flows through the CSM VLANs, it will be happy.
  Regards,
  Chris