Problems Balancing IIS servers with ACEs.
Hi ...
Pls your help in this case ...
I just configured an ACE solution for Web Balancing. The Web Servers are Microsoft Windows 2008 IIS.
The ACE is configured with two contexts, one for Web Servers and other for Application Servers (both in Microsoft solution).
The context were configured in "One Arm" for each subnet (web and apps).
In attached files I'm sending the configuration of ACE.
Any sugestion ?
The error we got in the browsing is:
System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Invalid viewstate. Client IP: 10.11.60.26 Port: 1173.
Hello,
Have you checked if your application requires persistence? Even when both server may have the exact same content if the user gets rebalanced to a different server during the connection will fail and that error you're getting could be a probe of it.
Just to confirm try doing a no inservice under the secondary server in the serverfarm in question, clear all the caches and re-test.
If this indeed solves the issue then it can be easily solved using a sticky method such as source IP or cookie insertion.
HTH
Pablo
Similar Messages
-
Load Balance HTTPS servers with redirection
Hello,
I have been tasked with ACE configuration at work as the prior go-to guy for load balancing is no longer available. Trouble is, I have little idea what I’m doing when it comes to the ACE. So, forgive me if the question I have is super basic. After doing some research I put together a LB config, but its not working.
I was trying to load balance 10 servers, split into groups of 2 using 5 VIPS (1 VIP for each group of 2 servers). The servers serve an ssl web app.
Below is my configuration. What am I doing wrong? Does the config have any glaring errors? I've been staring at this thing on and off for a week and searching these forums trying to figure it out.
Any help provided will greatly appreciated.
probe tcp probe_443
port 443
interval 30
passdetect interval 5
probe https probe_https_test
interval 30
passdetect interval 5
ssl version all
request method get url /test.html
expect status 200 200
rserver host QA-1.1
ip address 10.200.162.126
inservice
rserver host QA-1.2
ip address 10.200.162.127
inservice
rserver redirect QA-group_1_redirect_rserver
webhost-redirection https://10.37.5.73/ 302
inservice
rserver host QA-2.1
ip address 10.200.162.22
inservice
rserver host QA-2.2
ip address 10.200.162.240
inservice
rserver redirect QA-group_2_redirect_rserver
webhost-redirection https://10.37.5.74/ 302
inservice
rserver host QA-3.1
ip address 10.200.162.181
inservice
rserver host QA-3.2
ip address 10.200.162.50
inservice
rserver redirect QA-group_3_redirect_rserver
webhost-redirection https://10.37.5.75/ 302
inservice
rserver host QA-4.1
ip address 10.200.162.23
inservice
rserver host QA-4.2
ip address 10.200.162.241
inservice
rserver redirect QA-group_4_redirect_rserver
webhost-redirection https://10.37.5.76/ 302
inservice
rserver host QA-5.1
ip address 10.200.162.182
inservice
rserver host QA-5.2
ip address 10.200.162.51
inservice
rserver redirect QA-group_5_redirect_rserver
webhost-redirection https://10.37.5.77/ 302
inservice
serverfarm host SF_QA-group_1_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-1.1 443
inservice
rserver QA-1. 2 443
inservice
serverfarm host SF_QA-group_2_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-2.1 443
inservice
rserver QA-2. 2 443
inservice
serverfarm host SF_QA-group_3_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-3.1 443
inservice
rserver QA-3. 2 443
inservice
serverfarm host SF_QA-group_4_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-4.1 443
inservice
rserver QA-4. 2 443
inservice
serverfarm host SF_QA-group_5_HTTPS
failaction reassign
predictor leastconns
probe probe_443
probe probe_https_test
rserver QA-5.1 443
inservice
rserver QA-5. 2 443
inservice
serverfarm redirect SF_ QA-group_1_REDIRECT
rserver QA-group_1_redirect_rserver
inservice
serverfarm redirect SF_ QA-group_2_REDIRECT
rserver QA-group_2_redirect_rserver
inservice
serverfarm redirect SF_ QA-group_3_REDIRECT
rserver QA-group_3_redirect_rserver
inservice
serverfarm redirect SF_ QA-group_4_REDIRECT
rserver QA-group_4_redirect_rserver
inservice
serverfarm redirect SF_ QA-group_5_REDIRECT
rserver QA-group_5_redirect_rserver
inservice
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_1_STICKY
serverfarm SF_ QA-group_1_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_2_STICKY
serverfarm SF_ QA-group_2_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_3_STICKY
serverfarm SF_ QA-group_3_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_4_STICKY
serverfarm SF_ QA-group_4_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_ QA-group_5_STICKY
serverfarm SF_ QA-group_5_HTTPS
timeout 30
replicate sticky
class-map match-all QA-group_1_HTTP
3 match virtual-address 10.37.5.73 tcp eq www
class-map match-all QA-group_1_HTTPS
3 match virtual-address 10.37.5.73 tcp eq https
class-map match-all QA-group_2_HTTP
3 match virtual-address 10.37.5.74 tcp eq www
class-map match-all QA-group_2_HTTPS
3 match virtual-address 10.37.5.74 tcp eq https
class-map match-all QA-group_3_HTTP
3 match virtual-address 10.37.5.75 tcp eq www
class-map match-all QA-group_3_HTTPS
3 match virtual-address 10.37.5.75 tcp eq https
class-map match-all QA-group_4_HTTP
3 match virtual-address 10.37.5.76 tcp eq www
class-map match-all QA-group_4_HTTPS
3 match virtual-address 10.37.5.76 tcp eq https
class-map match-all QA-group_5_HTTPS
3 match virtual-address 10.37.5.77 tcp eq www
class-map match-all QA-group_5_HTTPS
3 match virtual-address 10.37.5.77 tcp eq https
class-map type management match-any remote-management
2 match protocol http any
3 match protocol https any
4 match protocol icmp any
5 match protocol snmp any
6 match protocol ssh any
policy-map type management first-match remote-access
class remote-management
permit
policy-map type loadbalance first-match QA-group_1_REDIRECT
class class-default
serverfarm SF_ QA-group_1_REDIRECT
policy-map type loadbalance first-match QA-group_2_REDIRECT
class class-default
serverfarm SF_ QA-group_2_REDIRECT
policy-map type loadbalance first-match QA-group_3_REDIRECT
class class-default
serverfarm SF_ QA-group_3_REDIRECT
policy-map type loadbalance first-match QA-group_4_REDIRECT
class class-default
serverfarm SF_ QA-group_4_REDIRECT
policy-map type loadbalance first-match QA-group_5_REDIRECT
class class-default
serverfarm SF_ QA-group_5_REDIRECT
policy-map multi-match SERVICE_VIPS
class QA-group_1_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_1_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_1_HTTP
loadbalance vip inservice
loadbalance policy QA-group_1_REDIRECT
class QA-group_2_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_2_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_2_HTTP
loadbalance vip inservice
loadbalance policy QA-group_2_REDIRECT
class QA-group_3_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_3_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_3_HTTP
loadbalance vip inservice
loadbalance policy QA-group_3_REDIRECT
class QA-group_4_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_4_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_4_HTTP
loadbalance vip inservice
loadbalance policy QA-group_4_REDIRECT
class QA-group_5_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_ QA-group_4_HTTPS _L7_BALANCED
loadbalance vip icmp-reply
nat dynamic 1 vlan 25
class QA-group_5_HTTP
loadbalance vip inservice
loadbalance policy QA-group_4_REDIRECT
interface vlan 25
ip address 10.37.5.72 255.255.255.0
access-group input everyone
service-policy input remote-access
service-policy input SERVICE_VIPS
no shutdown
ip route 0.0.0.0 0.0.0.0 10.37.5.1Fnu,
Thank you so much for your reply.
At this point I can get to the real server IP's via ping and https in a browser from my PC. I can also ping the gateway and all the real server IP's from the ACE context i'm working on. However, the VIPS are not working. When I attempt to use one of the VIPS in the browser, the request times out. When I issue the command ":show service-policy" I see a hit count (which increments every time I try and reach the VIP via the browser) but the dropped counter is equal to the hit counter. I will paste the running config from the context I’m working in along with the output from the show service-policy command.
Any suggestions on how I can get this working would be greatly appreciated.
csc# show run
Generating configuration....
access-list Servers line 3 extended permit tcp any any eq https
access-list Servers line 5 extended permit tcp any any eq www
access-list everyone line 1 extended permit ip any any
access-list everyone line 2 extended permit icmp any any
probe tcp probe_443
port 443
interval 30
passdetect interval 5
rserver host QA-1.1
ip address 10.37.5.111
inservice
rserver host QA-1.2
ip address 10.37.5.88
inservice
rserver host QA-2.1
ip address 10.37.5.84
inservice
rserver host QA-2.2
ip address 10.37.5.89
inservice
rserver host QA-3.1
ip address 10.37.5.85
inservice
rserver host QA-3.2
ip address 10.37.5.90
inservice
rserver host QA-4.1
ip address 10.37.5.86
inservice
rserver host QA-4.2
ip address 10.37.5.81
inservice
rserver host QA-5.1
ip address 10.37.5.87
inservice
rserver host QA-5.2
ip address 10.37.5.92
inservice
rserver redirect QA-group_1_redirect_rserver
webhost-redirection https://10.37.5.93/ 302
inservice
rserver redirect QA-group_2_redirect_rserver
webhost-redirection https://10.37.5.94/ 302
inservice
rserver redirect QA-group_3_redirect_rserver
webhost-redirection https://10.37.5.95/ 302
inservice
rserver redirect QA-group_4_redirect_rserver
webhost-redirection https://10.37.5.96/ 302
inservice
rserver redirect QA-group_5_redirect_rserver
webhost-redirection https://10.37.5.97/ 302
inservice
serverfarm host SF_QA-group_1_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-1.1 443
inservice
rserver QA-1.2 443
inservice
serverfarm redirect SF_QA-group_1_REDIRECT
rserver QA-group_1_redirect_rserver
inservice
serverfarm host SF_QA-group_2_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-2.1 443
inservice
rserver QA-2.2 443
inservice
serverfarm redirect SF_QA-group_2_REDIRECT
rserver QA-group_2_redirect_rserver
inservice
serverfarm host SF_QA-group_3_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-3.1 443
inservice
rserver QA-3.2 443
inservice
serverfarm redirect SF_QA-group_3_REDIRECT
rserver QA-group_3_redirect_rserver
inservice
serverfarm host SF_QA-group_4_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-4.1 443
inservice
rserver QA-4.2 443
inservice
serverfarm redirect SF_QA-group_4_REDIRECT
rserver QA-group_4_redirect_rserver
inservice
serverfarm host SF_QA-group_5_HTTPS
failaction reassign
predictor leastconns
probe probe_443
rserver QA-5.1 443
inservice
rserver QA-5.2 443
inservice
serverfarm redirect SF_QA-group_5_REDIRECT
rserver QA-group_5_redirect_rserver
inservice
serverfarm host SF_QA-group_HTTPS
serverfarm host SF_QA-group__HTTPS
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_1_STICKY
serverfarm SF_QA-group_1_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_2_STICKY
serverfarm SF_QA-group_2_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_3_STICKY
serverfarm SF_QA-group_3_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_4_STICKY
serverfarm SF_QA-group_4_HTTPS
timeout 30
replicate sticky
sticky ip-netmask 255.255.255.255 address source SRC_QA-group_5_STICKY
serverfarm SF_QA-group_5_HTTPS
timeout 30
replicate sticky
class-map match-all QA-group_1_HTTP
3 match virtual-address 10.37.5.93 tcp eq www
class-map match-all QA-group_1_HTTPS
3 match virtual-address 10.37.5.93 tcp eq https
class-map match-all QA-group_2_HTTP
3 match virtual-address 10.37.5.94 tcp eq www
class-map match-all QA-group_2_HTTPS
3 match virtual-address 10.37.5.94 tcp eq https
class-map match-all QA-group_3_HTTP
3 match virtual-address 10.37.5.95 tcp eq www
class-map match-all QA-group_3_HTTPS
3 match virtual-address 10.37.5.95 tcp eq https
class-map match-all QA-group_4_HTTP
3 match virtual-address 10.37.5.96 tcp eq www
class-map match-all QA-group_4_HTTPS
3 match virtual-address 10.37.5.76 tcp eq https
class-map match-all QA-group_5_HTTP
3 match virtual-address 10.37.5.97 tcp eq www
class-map match-all QA-group_5_HTTPS
3 match virtual-address 10.37.5.97 tcp eq https
class-map type management match-any remote-management
2 match protocol http any
3 match protocol https any
4 match protocol icmp any
5 match protocol snmp any
6 match protocol ssh any
policy-map type management first-match remote-access
class remote-management
permit
policy-map type loadbalance first-match QA-group_1_REDIRECT
class class-default
policy-map type loadbalance first-match QA-group_2_REDIRECT
class class-default
serverfarm SF_QA-group_2_REDIRECT
policy-map type loadbalance first-match QA-group_3_REDIRECT
class class-default
serverfarm SF_QA-group_3_REDIRECT
policy-map type loadbalance first-match QA-group_4_REDIRECT
class class-default
serverfarm SF_QA-group_4_REDIRECT
policy-map type loadbalance first-match QA-group_5_REDIRECT
class class-default
serverfarm SF_QA-group_5_REDIRECT
policy-map multi-match SERVICE_VIPS
class QA-group_1_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_1_REDIRECT
loadbalance vip icmp-reply
class QA-group_1_HTTP
loadbalance vip inservice
loadbalance policy QA-group_1_REDIRECT
class QA-group_2_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_2_REDIRECT
loadbalance vip icmp-reply
class QA-group_2_HTTP
loadbalance vip inservice
loadbalance policy QA-group_2_REDIRECT
class QA-group_3_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_3_REDIRECT
loadbalance vip icmp-reply
class QA-group_3_HTTP
loadbalance vip inservice
loadbalance policy QA-group_3_REDIRECT
class QA-group_4_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_4_REDIRECT
loadbalance vip icmp-reply
class QA-group_4_HTTP
loadbalance vip inservice
loadbalance policy QA-group_4_REDIRECT
class QA-group_5_HTTPS
loadbalance vip inservice
loadbalance policy QA-group_5_REDIRECT
loadbalance vip icmp-reply
class QA-group_5_HTTP
loadbalance vip inservice
loadbalance policy QA-group_5_REDIRECT
interface vlan 25
ip address 10.37.5.98 255.255.255.0
access-group input everyone
service-policy input remote-access
service-policy input SERVICE_VIPS
no shutdown
ip route 0.0.0.0 0.0.0.0 10.37.5.1
csc# show service-policy SERVICE_VIPS
Status : ACTIVE
Interface: vlan 25
service-policy: SERVICE_VIPS
class: QA-group_1_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_1_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP state: OUTOFSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: DISABLED
curr conns : 0 , hit count : 122
dropped conns : 122
conns per second : 0
client pkt count : 122 , client byte count: 6164
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_1_HTTP
loadbalance:
L7 loadbalance policy: QA-group_1_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP state: OUTOFSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: DISABLED
curr conns : 0 , hit count : 58
dropped conns : 58
conns per second : 0
client pkt count : 58 , client byte count: 3628
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_2_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_2_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 13
dropped conns : 0
conns per second : 0
client pkt count : 74 , client byte count: 7648
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_2_HTTP
loadbalance:
L7 loadbalance policy: QA-group_2_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 3
dropped conns : 0
conns per second : 0
client pkt count : 12 , client byte count: 1398
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_3_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_3_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 34
dropped conns : 0
conns per second : 0
client pkt count : 201 , client byte count: 23495
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_3_HTTP
loadbalance:
L7 loadbalance policy: QA-group_3_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 5
dropped conns : 0
conns per second : 0
client pkt count : 20 , client byte count: 1907
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_4_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_4_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 0
dropped conns : 0
conns per second : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_4_HTTP
loadbalance:
L7 loadbalance policy: QA-group_4_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 2
dropped conns : 0
conns per second : 0
client pkt count : 8 , client byte count: 697
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_5_HTTPS
loadbalance:
L7 loadbalance policy: QA-group_5_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 0
dropped conns : 0
conns per second : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
class: QA-group_5_HTTP
loadbalance:
L7 loadbalance policy: QA-group_5_REDIRECT
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 0
dropped conns : 0
conns per second : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0 -
Load Balancing Linux servers with CSS 11050 series
We would like to load balance Linux FTP and Web servers with a CSS 11050 series device. Does the content switch use SNMP to load balance the servers? If so, which MIBs need to be loaded on the servers?
I dont believe that the CSS supports any SNMP load balancing mechanism.
There is basically two factors involved in load balancing. One: the state of the servers which can be done via a range of mechanisms including ping, TCP connection, Application request, etc. Two: the way a server is chosen when a request comes in including round-robin, least connections, ACA etc.
Checkout these links:-
http://www.cisco.com/warp/customer/117/basic_css_lb_config.html
http://www.cisco.com/warp/customer/117/methods_load_bal.html -
Load Balancing Directory Servers with Access Manager - Simple questions
Hi.
We are in the process of configuring 2 Access Manager instances (servers) accessing the same logical LDAP repository (comprising physically of two Directory Servers working together with Multi-Master Replication configured and tested) For doing this, we are following guide number 819-6258.
The guide uses BigIP load balancer for load balancing the directory servers. However, we intend to use Directory Proxy Server. Since we faced some (unresolved) issues last time that we used DPS, there are some simple questions that I would be very grateful to have answers to:
1. The guide, in section 3.2.10 (To configure Access Manager 1 with the Directory Server load balancer), talks about making changes at 4 places, and replacing the existing entry (hostname and port) with the load balancer's hostname and port (assuming that the load balancer has already been configured). It says that changes need not be made on Access Manager 2 since the LDAPs are in replication, and hence changes will be replicated at all places. However, the guide also states that changes have to be made in two files, namely AMConfig.properties, and the serverconfig.xml file. But these changes will not be reflected on Access Manager 2, since these files are local on each machine.
Question 1. Do changes have to be made in AMConfig.properties and serverconfig.xml files on the other machine hosting Access Manager 2?
Question 2: What is the purpose of putting these values here? Specifically, what is achieved by specifying the Directory server host and port in AMConfig.properties, as well as in serverconfig.xml?
Question 3. In the HTTP console, there is the option of specifying multiple primary LDAP servers, as well as multiple secondary LDAP servers. What is the purpose of these? Are secondary servers attempted when none of the list in the primary list are accessible? Also, if there are multiple entries in the primary server list, are they accessed in a round robin fashion (hereby providing rudimentary load balancing), or are other servers accessed only when the one mentioned first is not reachable etc.?
2. Since I do not have a load balancer setup yet, I tried the following deviation to the above, which, according to me, should have worked. If viewed in the HTTP console, LDAP / Membership / MSISDN and Policy configuration all pointed to the DS on host 1. When I changed all these to point to the directory server on host 2 (and made AMConfig.properties and serverconfig.xml on host 1 point to DS of host 2 as well), things should have worked fine, but apparently Access manager 1 could not be started. Error from Webserver:
[14/Aug/2006:04:30:36] info (13937): WEB0100: Loading web module in virtual server [https-machine_1_FQDN] at [search]
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: Exception in thread "EventService" java.lang.ExceptionInInitializerError
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at com.iplanet.services.ldap.event.EventServicePolling.run(EventServicePolling.java:132)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at java.lang.Thread.run(Thread.java:595)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: Caused by: java.lang.InterruptedException
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at com.sun.identity.sm.ServiceManager.<clinit>(ServiceManager.java:74)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: ... 2 more
In effect, AM on 1 did not start. On rolling back the changes, things again worked like previously.
Will be really grateful for any help / insight / experience on dealing with the above.
Thanks!Update to the above, incase anyone is reading:
We setup a similar setup in Windows, and it worked. Here is a detailed account of what was done:
1. Host 1: Start installer, install automatically, chose Directory server, Directory Administration server, Directory Proxy server, Web server, Access Manager.
All installed, and worked fine. (AMConfig.properties, serverconfig.xml, and the info in LDAP service, all pointed to HOST1:389)
2. Host 2: Start installer, install automatically, chose Directory server, Directory Administration server, Directory Proxy server, Web server, Access Manager.
All installed, and worked fine. (AMConfig.properties, serverconfig.xml, and the info in LDAP service, all pointed to HOST2:389)
3. Host 1: Started replication. Set to Master
4. Host 2: Started replication. Set to Master
5. Host 1: Setup replication agreement to Host 2
6. Host 2: Setup replication agreement to Host 1
7. Initiated the remote replica from Host 1 ----> Host 2
Note that since default installation uses abc.....xyz as the encryption key, setting this to same was not an issue.
9. Started webserver for Host 1 and logged into AM as amadmin.
10. Added Host 2 FQDN in DNS Aliases / Realms
11. Added http://HOST2_FQDN:80 in the Platform server (instance) list.
12. Started Host 2 webserver. Logged in AM on Host 2, things worked fine.
At this stage, note the following:
a) Host 1:
AMConfig.properties file has
com.iplanet.am.directory.host=host1_FQDN
and
com.iplanet.am.directory.port=389
serverconfig.xml has:
<Server name="Server1" host="host1_FQDN" port="389" type="SIMPLE" />
b) Host 2:
AMConfig.properties file has
com.iplanet.am.directory.host=host2_FQDN
and
com.iplanet.am.directory.port=389
serverconfig.xml has:
<Server name="Server1" host="host2_FQDN" port="389" type="SIMPLE" />
c) If one logs into AM, and checks LDAP servers for LDAP / Policy Configuration / Membership etc services, they all contain Host2_FQDN:389 (which makes sense, since replica 2 was initialized from 1)
Returning back to the configuations:
13. On Host 1, login into the Admin server console of the Directory server. Navigate to the DPS, and confgure the following:
a) Network Group
b) LDAP servers
c) Load Balancing
d) Change Group
e) Action on-bind
f) Allow all actions (permit modification / deletion etc.).
g) any other configuations required - Am willing to give detailed steps if someone needs them to help me / themselves! :)
So now, we have DPS configured and running on Host1:489, and distributing load to DS1 and DS2 on a 50:50 basis.
14. Now, log into AM on Host 1, and instead of Host1_fqdn:389 (for DS) in the following places, specify Host1_fqdn:489 (for the DPS)--
LDAP Authentication
MSISDN server
Membership Service
Policy configuation.
Verified that this propagated to the Policy Configuration service and the LDAP authentication service that are already registered with the default organization.
15. Log out of AM. Following the documentation, modify directory.host and directory.port in AMConfig.properties to point to Host 1_FQDN and 489 respectively. Make this change in AMConfig.properties of both Host 1 as well as 2.
16. Edit serverconfig.xml on both hosts, and instead of they pointing to their local directory servers, point both to host1_FQDN:489
17. When you start the webserver, it will refuse to start. Will spew errors such as:
[https-host1_FQDN]: Sun ONE Web Server 6.1SP5 B06/23/2005 17:36
[https-host1_FQDN]: info: CORE3016: daemon is running as super-user
[https-host1_FQDN]: info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.5.0_04] from [Sun Microsystems Inc.]
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amserver]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [ampassword]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amcommon]
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amconsole]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [search]
[https-host1_FQDN]: warning: CORE3283: stderr: netscape.ldap.LDAPException: error result (32); matchedDN = dc=sun,dc=com; No such object (DN changed)
[https-host1_FQDN]: warning: CORE3283: stderr: Got LDAPServiceException code=-1
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getConnection(DSConfigMgr.java:357)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewFailoverConnection(DSConfigMgr.java:314)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewConnection(DSConfigMgr.java:253)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewProxyConnection(DSConfigMgr.java:184)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewProxyConnection(DSConfigMgr.java:194)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.initLdapPool(DataLayer.java:1248)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.(DataLayer.java:190)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.getInstance(DataLayer.java:215)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.getInstance(DataLayer.java:246)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ldap.SMSLdapObject.initialize(SMSLdapObject.java:156)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ldap.SMSLdapObject.(SMSLdapObject.java:124)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.Class.newInstance0(Class.java:350)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.Class.newInstance(Class.java:303)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.SMSEntry.(SMSEntry.java:216)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ServiceSchemaManager.(ServiceSchemaManager.java:67)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.am.util.AMClientDetector.getServiceSchemaManager(AMClientDetector.java:219)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.am.util.AMClientDetector.(AMClientDetector.java:94)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.mobile.filter.AMLController.init(AMLController.java:85)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:262)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:322)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:120)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3271)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3747)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]: failure: WebModule[amserver]: WEB2783: Servlet /amserver threw load() exception
[https-host1_FQDN]: javax.servlet.ServletException: WEB2778: Servlet.init() for servlet LoginLogoutMapping threw exception
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:949)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
[https-host1_FQDN]: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]: ----- Root Cause -----
[https-host1_FQDN]: java.lang.NullPointerException
[https-host1_FQDN]: at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
[https-host1_FQDN]: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]:
[https-host1_FQDN]: info: HTTP3072: [LS ls1] http://host1_FQDN:58080 [i]ready to accept requests
[https-host1_FQDN]: startup: server started successfully
Success!
The server https-host1_FQDN has started up.
The server infact, didn't start up (nothing even listening on 58080).
However, if AMConfig.properties is left as it originally was, and only serverconfig.xml files were changed as mentioned above, web servers started fine, and things worked all okay. (Alright, except for some glitches when viewed in /amconsole. If /amserver/console is accessed, all is good. Can this mean that all is still not well? I am not sure).
So far so good. Now comes the sad part. When the same is done on Solaris 9, things dont work. You continue to get the above error, OR the following error, and the web server will refuse to start:
Differences in Solaris and Windows are as follows:
1. Windows hosts have 1 IP and hostname. Solaris hosts have 3 IPs and hostnames (for DS, DPS, and webserver).
No other difference from an architectural perspective.
Any help / insight on why the above is not working (and why the hell does the documentation seem so sketchy / insecure / incorrect).
Thanks a bunch! -
Dear All,
We have two servers (sharepoint ) and need to add it in ACE 4710 to works as internal no need WAN , how to add it ?
Thanks a lot in AdvanceHi,
Here's the example:
Let's say you have two servers
rserver host SERVER_01
ip address 192.168.1.11
inservice
rserver host SERVER_02
ip address 192.168.1.12
inservice
rserver host SERVER_03
ip address 192.168.1.13
inservice
You add them in serverfarm
serverfarm host REAL_SERVERS
rserver SERVER_01
inservice
rserver SERVER_02
inservice
rserver SERVER_03
inservice
After that you configure the VIP and condition. Here any means any protocol and port
class-map match-all VIP-30
2 match virtual-address 172.16.51.30 any
YOu define the L7 policy map
policy-map type loadbalance first-match SLB_LOGIC
class class-default
serverfarm REAL_SERVERS--------->Serverfarm to which traffic would be loadbalanced.
policy-map multi-match CLIENT_VIPS---->L3 policy map.
class VIP-30
loadbalance vip inservice
loadbalance policy SLB_LOGIC
nat dynamic 1 vlan 451----------------->You need to apply the NAT when your client is in same subnet as server so that return traffic comes back to ACE and not to client directly.
interface vlan 251
description Client vlan
ip address 172.16.51.11 255.255.255.0
access-group input ANYONE
service-policy input REMOTE_MGT
service-policy input CLIENT_VIPS
no shutdown
interface vlan 451
description Servers vlan
ip address 192.168.1.1 255.255.255.0
nat-pool 1 192.168.1.100 192.168.1.110 netmask 255.255.255.0 pat---->Nat pool defined. It should always be on server side vlan.
no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.51.1
Regards,
Kanwal
Note: Please mark answers if they are helpful. -
Problems multiple SMTP servers with a single name at my work
At my University we have our outgoing mail sent to smtp.su.se
The IT department has three separate servers that handle the outgoing mail. If one server goes down a PC user get his mail out using one of the two other good servers. In the last month us Mac users have a serious problem, where our computers "remember" the which of the three servers we last used even though they all have the same name smtp.su.se. I had the #2 server go down and could not send mails out. The IT department is blaming a fault in the Mac system software. The IT department told me to pick one of the servers that was still up and running smtp3.su.se and my mails did send. But now I depend on just that one server. Is my IT department correct in saying that my Mac system 10.5 is remembering in the background which specific machine was last used and bypassing the shared server function. My guess is that the IT department has something messed up but it is beyond my abilities to tell. Help please....Hello aps7828:
If I read that correct, you only get the error when you run the executables and not the VIs. Can you take a look at your processor level while one .exe is running. I am wondering if that is the source of the problem.
Regards,
Roland A.
Applications Engineer
National Instruments
Check out VI Roadshow -
Problem with ACE and Internet Explorer 8
I have a problem with ACE (system A2(1.1)) and Internet Explorer 8.
exactly:
ACE is configured as end-to-end ssl with 2 rserver and with the sticky source address. When user is opening the virtual address from IEv7, the web portal (On Microsoft IIS) works fine.
If user opens the same web portal but using IEv8, the session is suspended after 60 seconds.
I think, that the reason is http keep-allive, which is sending every 60 seconds from the user's internet browser.
Here is some information about this. http://en.wikipedia.org/wiki/HTTP_persistent_connection
Do you have any idea how to resolve this problem: upgrade ACE, change the configuration on IIS or ACE ??
Please help.Hi Kazik,
Using a persistent connection or HTTP keepalives should not have any negative effect on the ACE, so, giving you a straight-forward answer to fix it is not going to be easy.
I would recommend you to open a TAC case to have this investigated further. When you do, please, provide the following data:
A showtech from the Admin context of the ACE
A traffic capture taken on the TenGig interface connecting the switch with the ACE backplane while doing a test connection (preferably one with IE7 and one with IE8 to compare)
If possible, a copy of the SSL private key. Being able to decrypt the traffic capture to look inside the HTTP flow would really make troubleshooting much easier.
Regards
Daniel -
Is it possible to use UCS Blade Servers in ACE Load Balancing
Hi all ,
Is it possible to use UCS Blade Servers in ACE Load Balancing ?? Please note that UCS Blade Servers are not connected directly to 6500 Switch where ACE Module installed .i am expecting a good suggestion from whether ACE or Switching Expert
Thanks in advance
SanjeeviThere is nothing that would prevent you from loadbalancing the applications that run on UCS servers. ACE can loadbalance applications that are directly L2 attached (bridged or routed mode) or even servers that are multiple hops L3 hops away using one-armed mode with source nat. The key to this is that the return traffic from the server needs to make it back to the ACE.
-
SIP load balancing issue with ACE 4710
SIP Load balancing Issue with ACE 4710
I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
rserver host CIN-VOX-31
ip address 172.20.130.31
inservice
rserver host CIN-VOX-32
ip address 172.20.130.32
inservice
serverfarm host CIN-VOX
probe SIP-5060
rserver CIN-VOX-31
inservice
rserver CIN-VOX-32
inservice
sticky sip-header Call-ID VOX_SIP_GROUP
timeout 1
timeout activeconns
replicate sticky
serverfarm CIN-VOX
class-map match-all CIN_VOX_L4_CLASS
2 match virtual-address 172.22.12.30 any
class-map match-all CIN_VOX_SIP_L4_CLASS
2 match virtual-address 172.22.12.30 udp eq sip
policy-map type loadbalance sip first-match CIN_VOX_LB_SIP_POLICY
class class-default
sticky-serverfarm VOX_SIP_GROUP
policy-map multi-match GLOBAL_DMZ_POLICY
class CIN_VOX_SIP_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
class CIN_VOX_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
interface vlan 20
description VIP_DMZ_VLAN
ip address 172.22.12.4 255.255.255.192
alias 172.22.12.3 255.255.255.192
peer ip address 172.22.12.5 255.255.255.192
access-group input PERMIT-ANY-LB
service-policy input GLOBAL_DMZ_POLICY
could you please help me on this...
thanks
Rakesh PatelI mean there should be one more statement-
class-map type sip loadbalance match-any CIN_VOX_LB_SIP_POLICY
match sip header Call_ID header-value sip:
and that will be called under-
policy-map multi-match GLOBAL_DMZ_POLICY
class CIN_VOX_SIP_L4_CLASS
loadbalance vip inservice
loadbalance policy CIN_VOX_LB_SIP_POLICY
loadbalance vip icmp-reply
is that missing in your config ? -
Hi,
I have a question on using EJB / or RMI servers with CORBA clients using
RMI-IIOP transport, which in theory should work, but in practice has few
glitches.
Basically, I have implemented a very simple server, StockTreader, which
looks up for a symbol and returns a 'Stock' object. In the first example, I
simplified the 'Stock' object to be a mere java.lang.String, so that lookup
would simply return the 'synbol'.
Then I have implemented the above, as an RMI-IIOP server (case 1) and a
CORBA server (case 2) with respective clients, and the pair of
client-servers work fine as long as they are CORBA-to-CORBA and RMI-to-RMI.
But the problem arises when I tried using the RMI server (via IIOP) with the
CORBA client, when the client tries to narrow the object ref obtained from
the naming service into the CORBA idl defined type (StockTrader) it ends up
with a class cast exception.
This is what I did to achieve the above results:
[1] Define an RMI interface StockTrader.java (extending java.rmi.Remote)
with the method,
public String lookup( String symbol) throws RMIException;
[2] Implement the StorckTrader interface (on a PortableRemoteObject derived
class, to make it IIOP compliant), and then the server to register the stock
trader with COS Naming service as follows:
String homeName =....
StockTraderImpl trader =new StockTraderImpl();
System.out.println("binding obj <" homeName ">...");
java.util.Hashtable ht =new java.util.Hashtable();
ht.put("java.naming.factory.initial", args[2]);
ht.put("java.naming.provider.url", args[3]);
Context ctx =new InitialContext(ht);
ctx.rebind(homeName, trader);
[3] Generate the RMI-IIOP skeletons for the Implementation class,
rmic -iiop stock.StockTraderImpl
[4] generate the IDL for the RMI interface,
rmic -idl stock.StockTraderImpl
[5] Generate IDL stubs for the CORBA client,
idlj -v -fclient -emitAll StockTraderImpl.idl
[6] Write the client to use the IDL-defined stock trader,
String serverName =args[0];
String symList =args[1];
StockClient client =new StockClient();
System.out.println("init orb...");
ORB orb =ORB.init(args, null);
System.out.println("resolve init name service...");
org.omg.CORBA.Object objRef
=orb.resolve_initial_references("NameService");
NamingContext naming =NamingContextHelper.narrow(objRef);
... define a naming component etc...
org.omg.CORBA.Object obj =naming.resolve(...);
System.out.println("narrow objRef: " obj.getClass() ": " +obj);
StockTrader trader =StockTraderHelper.narrow(obj);
[7] Compile all the classes using Java 1.2.2
[8] start tnameserv (naming service), then the server to register the RMI
server obj
[9] Run the CORBA client, passing it the COSNaming service ref name (with
which the server obj is registered)
The CORBA client successfully finds the server obj ref in the naming
service, the operation StockTraderHelper.narrow() fails in the segment
below, with a class cast exception:
org.omg.CORBA.Object obj =naming.resolve(...);
StockTrader trader =StockTraderHelper.narrow(obj);
The <obj> returned by naming service turns out to be of the type;
class com.sun.rmi.iiop.CDRInputStream$1
This is of the same type when stock trader object is registered in a CORBA
server (as opposed to an RMI server), but works correctly with no casting
excpetions..
Any ideas / hints very welcome.
thanks in advance,
-hariOn the contrary... all that is being said is that we needed to provide clearer examples/documentation in the 5.1.0 release. There will be no difference between the product as found in the service pack and the product found in the 5.1.1. That is, the only substantive will be that 5.1.1 will also
include the examples.
"<=one way=>" wrote:
With reference to your and other messages, it appears that one should not
expect that WLS RMI-IIOP will work in a complex real-life system, at least
not now. In other words, support for real-life CORBA clients is not an
option in the current release of WLS.
TIA
"Eduardo Ceballos" <[email protected]> wrote in message
news:[email protected]...
We currently publish an IDL example, even though the IDL programmingmodel in Java is completely non-functional, in anticipation of the support
needs for uses who need to use IDL to talk to the Weblogic server,
generically. This example illustrates the simplest connectivity; it does not
address how
to integrate CORBA and EJB, a broad topic, fraught with peril, imo. I'llnote in passing that, to my knowledge, none of the other vendors attempt
this topic either, a point which is telling if all the less happy to hear.
For the record then, what is missing from our distribution wrt RMI-IIOPare a RMI-IIOP example, an EJB-IIOP example, an EJB-C++. In this you are
correct; better examples are forth coming.
Still, I would not call our RMI-IIOP implementation fragile. I would saythat customers have an understandably hard time accepting that the IDL
programming model is busted; busted in the sense that there are no C++
libraries to support the EJB model, and busted in the sense that there is
simply no
support in Java for an IDL interface to an EJB. Weblogic has nothing to doit being busted, although we are trying to help our customers deal with it
in productive ways.
For the moment, what there is is a RMI (over IIOP) programming model, aninherently Java to Java programming model, and true to that, we accept and
dispatch IIOP request into RMI server objects. The way I look at it is this:
it's just a protocol, like HTTP, or JRMP; it's not IDL and it has
practically nothing to do with CORBA.
ST wrote:
Eduardo,
Can you give us more details about the comment below:
I fear that as soon as the call to narrow succeeds, the remainingapplication will fail to work correctly because it is too difficult ot
use an idl client in java to work.It seems to me that Weblogic's RMI-IIOP is a very fragile
implementation. We
don't need a "HelloWorld" example, we need a concrete serious example(fully
tested and seriously documented) that works so that we can get a betteridea
on how to integrate CORBA and EJB.
Thanks,
Said
"Eduardo Ceballos" <[email protected]> wrote in message
news:[email protected]...
Please post request to the news group...
As I said, you must separate the idl related classes (class files and
java
files) from the rmi classes... in the rmic step, you must set a newtarget
(as you did), emit the java files into that directory (it's not clearyou
did this), then remove all the rmi class files from the class path... ifyou
need to compile more classes at that point, copy the java files to theidl
directly is you must, but you can not share the types in any way.
I fear that as soon as the call to narrow succeeds, the remainingapplication will fail to work correctly because it is too difficult otuse
an idl client in java to work.
Harindra Rajapakshe wrote:
Hi Eduardo,
Thanks for the help. That is the way I compiled my CORBA client, by
separating the IDL-generated stubs from the RMI ones, but still I
get a
CORBA.BAD_PARAM upon narrowing the client proxy to the interfacetype.
Here's what I did;
+ Define the RMI interfaces, in this case a StockTrader interface.
+ Implement RMI interface by extendingjavax.rmi.PortableRemoteObject
making
it IIOP compliant
+ Implemnnt an RMI server, and compile using JDK1.2.2
+ use the RMI implementation to generate CORBA idl, using RMI-IIOPplugin
utility rmic;
rmic -idl -noValueMethods -always -d idl stock.StockTraderImpl
+ generate Java mappings to the IDL generated above, using RMI-IIOPplugin
util,
idlj -v -fclient -emitAll -tf src stocks\StockTrader.idl
This creates source for the package stock and also
org.omg.CORBA.*
package, presumably IIOP type marshalling
+ compile all classes generated above using JDK1.2.2
+ Implement client (CORBA) using the classes generated above, NOTthe
RMI
proxies.
+ start RMI server, with stockTrader server obj
+ start tnameserv
+ start CORBA client
Then the client errors when trying to narrow the obj ref from the
naming
service, into the CORBA IDL defined interface using,
org.omg.CORBA.Object obj =naming.resolve(nn);
StockTrader trader =StockTraderHelper.narrow(obj); // THIS
ERRORS..!!!
throwing a CORBA.BAD_PARAM exception.
any ideas..?
Thanks in advance,
-hari
----- Original Message -----
From: Eduardo Ceballos <[email protected]>
Newsgroups: weblogic.developer.interest.rmi-iiop
To: Hari Rajapakshe <[email protected]>
Sent: Wednesday, July 26, 2000 4:38 AM
Subject: Re: problem using CORBA clients with RMI/EJBservers..!!!???
Please see the post on june 26, re Errors compiling... somewherein
there,
I suspect, you are referring to the rmi class file when you are
obliged
to
completely segregate these from the idl class files.
Hari Rajapakshe wrote:
Hi,
I have a question on using EJB / or RMI servers with CORBA
clients
using
RMI-IIOP transport, which in theory should work, but in practice
has
few
glitches.
Basically, I have implemented a very simple server,
StockTreader,
which
looks up for a symbol and returns a 'Stock' object. In the firstexample, I
simplified the 'Stock' object to be a mere java.lang.String, so
that
lookup
would simply return the 'synbol'.
Then I have implemented the above, as an RMI-IIOP server (case
1)
and a
CORBA server (case 2) with respective clients, and the pair of
client-servers work fine as long as they are CORBA-to-CORBA andRMI-to-RMI.
But the problem arises when I tried using the RMI server (via
IIOP)
with
the
CORBA client, when the client tries to narrow the object ref
obtained
from
the naming service into the CORBA idl defined type (StockTrader)
it
ends
up
with a class cast exception.
This is what I did to achieve the above results:
[1] Define an RMI interface StockTrader.java (extending
java.rmi.Remote)
with the method,
public String lookup( String symbol) throws RMIException;
[2] Implement the StorckTrader interface (on a
PortableRemoteObject
derived
class, to make it IIOP compliant), and then the server to
register
the
stock
trader with COS Naming service as follows:
String homeName =....
StockTraderImpl trader =new StockTraderImpl();
System.out.println("binding obj <" homeName ">...");
java.util.Hashtable ht =new java.util.Hashtable();
ht.put("java.naming.factory.initial", args[2]);
ht.put("java.naming.provider.url", args[3]);
Context ctx =new InitialContext(ht);
ctx.rebind(homeName, trader);
[3] Generate the RMI-IIOP skeletons for the Implementation
class,
rmic -iiop stock.StockTraderImpl
[4] generate the IDL for the RMI interface,
rmic -idl stock.StockTraderImpl
[5] Generate IDL stubs for the CORBA client,
idlj -v -fclient -emitAll StockTraderImpl.idl
[6] Write the client to use the IDL-defined stock trader,
String serverName =args[0];
String symList =args[1];
StockClient client =new StockClient();
System.out.println("init orb...");
ORB orb =ORB.init(args, null);
System.out.println("resolve init name service...");
org.omg.CORBA.Object objRef
=orb.resolve_initial_references("NameService");
NamingContext naming=NamingContextHelper.narrow(objRef);
... define a naming component etc...
org.omg.CORBA.Object obj =naming.resolve(...);
System.out.println("narrow objRef: " obj.getClass() ":"
+obj);
StockTrader trader =StockTraderHelper.narrow(obj);
[7] Compile all the classes using Java 1.2.2
[8] start tnameserv (naming service), then the server to
register
the
RMI
server obj
[9] Run the CORBA client, passing it the COSNaming service ref
name
(with
which the server obj is registered)
The CORBA client successfully finds the server obj ref in the
naming
service, the operation StockTraderHelper.narrow() fails in thesegment
below, with a class cast exception:
org.omg.CORBA.Object obj =naming.resolve(...);
StockTrader trader =StockTraderHelper.narrow(obj);
The <obj> returned by naming service turns out to be of the
type;
class com.sun.rmi.iiop.CDRInputStream$1
This is of the same type when stock trader object is registeredin a
CORBA
server (as opposed to an RMI server), but works correctly with
no
casting
excpetions..
Any ideas / hints very welcome.
thanks in advance,
-hari -
Sun Fire V490 x 2 servers with Oracle RAC facing Split brain problem
Hi all,
I have Sun Fire V490 x 2 servers with Oracle RAC and they faced a Split brain problem. One of the node's database instance has gone down, The DBA claims it is due to network problem, but as such the networks are OK. We use the on board CE1 interface for Cluster interconnect and CE0 as the public interface.
Did anybody face this kind of a problem? Could this be a hardware/OS patch problem?
I had kept a continuous ping for 24 hours after this happened last time and the output shows no packet loss
Many thanks in advance.
Ushas SymonIn order to diagnose this properly, you'll need to provide too much detail and far too many log files for a generic discussion forum to handle.
Use your service contract and open a support case.
Because a cluster environment is involved you'll likely end up talking to the cluster support staff.
They can analyze hardware and software errors as well as review whether you configured the systems in a supportable fashion.
Be prepared to make a direct connection to each system and gather data using such as by using the Explorer tool. The technical support staff will tell you what they will actually need. -
ACE to load balance Citrix servers
Hello,
Have anyone configured ACE Modules to load balance Citrix Servers (HTTP) ?
Any special considerations needed?
Many thanks,HI Javier,
There is one complete design guide available on ciso site.
Kindly go through the below mentioned URL for complete config for ACE to load balance CITRIX as follows:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/App_Networking/citrixdg_final.html
You will get othe design guides also which can be very useful:
http://www.cisco.com/en/US/netsol/ns751/networking_solutions_design_guidances_list.html
Sachin Garg -
Load-balancing inbound sftp connections with ACE
Hi,
Can anyone share experiences or any info relating to issues that might be encountered when load-balancing sftp protocol?
The goal is to distribute inbound file deposits evenly across SFTP servers.
High-level Overview
Clients -> Internet -> Tier-1 Firewall -> ACE Load-balancer -> SFTP Servers
Many ThanksSFTP is nothing but SSH. It uses a single connection. There are no issues loadbalancing it using traditional Layer 4 load balancing.
So you are good.
On the other hand FTP over SSL (FTPS) can neither offloaded nor loadbalanced using ACE.
FTPS uses multiple channels and Since the control channel is encrypted, ACe is not able to get the port numbers for the data connections.
HTH
Syed Iftekhar Ahmed -
Problems with RH 8 and Windows 2008 64-bit servers with IIS7?
I have been informed that my company's servers are being upgraded to Windows 2008 64-bit servers with IIS7, from Windows 2003 & IIS6. Probably will be online in April 2011.
I have a project created using WebHelp, RoboHelp HTML v5. I have RoboHelp HTML v8 (haven't had a chance to use it yet). We are currently using IE7 on XP. Does anyone have any info on issues with RoboHelp v8 WebHelp projects running on Windows 2008 64-bit servers & IIS7 that I need to be concerned about? I thought I should convert the project developed using RH 5 to and RH 8 project, then FTP it to the new server when it becomes available.
Any helpful info would be much appreciated.
Thanks,
AldenAcrobat 8 is not certified for Win7, particularly the x64 version. If you got the installation to go, the first step is to update AA8 to at least AA8.2. The x64 with XP required at least AA8.2 and I suspect that has not changed. I would suggest updating to the latest, either from the help menu (until no more updates are available) or by downloading the updates from the adobe.com>downloads page. For the latter, download ALL updates after your current version and install them in ORDER. They are not cummulative in most cases. You only need to reboot after the final update. The updates may get you going. If not, you may simply have to upgrade to AA9 or search for what others have been able to do in your situation.
-
Load Balancing Forms Services with an effective healthcheck
I am in the process of configuring two forms 11.1.2 servers running with weblogic 10.3.5 with multiple forms applications clustered across both physical servers. We are looking to load balance to the various forms applications using a hardware load balancer. Can anyone comment on their experience with setting up effective application healthchecks using either hardware or software load balancers?
For example say that we have 3 applications clustered across 2 servers with the following
URLs:
http://server01:7777/forms/frmservlet?config=myapp1
http://server01:7777/forms/frmservlet?config=myapp2
http://server01:7777/forms/frmservlet?config=myapp3
http://server02:7777/forms/frmservlet?config=myapp1
http://server02:7777/forms/frmservlet?config=myapp2
http://server02:7777/forms/frmservlet?config=myapp3
We would need a checking mechanism on the load balancer that could tell if myapp2 was down on say server01 and therefore block traffic to that application yet keep traffic open for the other 2 apps on the same server.
A specific difficulty with forms is that when the database behind the application is down forms services will return an error message within a displayed error form. From the load balancer's point of view the forms services are "up". We need to find a way of detecting that the application is actually available and not just that the forms services themselves are available. To detect that the forms services are available we might normally use the status check:
http://server01:7777/forms/frmservlet?ifcmd=status
however this will only tell use the availability of the forms services on a physical server and not whether any actual applications are available.
I am aware that f5 do a BIGIP offering that includes some Oracle Forms specific components. Can anyone comment on how they have setup Oracle Forms healthchecks using various load balancing methods. In particular if a load balancer is limited to using WGET commands to check HTTP returned content is there a way of checking a forms application's availability and if not how have other people achieved an effective healthcheck?
Many thanks,
PhilippeDid you ever Get this to work?
I am having some problems trying to load balance with Oracle Forms, Discover and reports Oracle Application Server Release 10g (9.0.4.0.2) and I was wondering if you could help. Has any one ever got this to work consistently? We are an ERP product written mostly in forms (904) and are trying to implement are largest customer there performance issue so we need the load balancing to work. Will also accept other recommendation as cost effective as solutions.
Site 1:
A: SERVER
Host as1.xyzco.local
Version 10.1.2.0.2
Installation Type Identity Management and Metadata Repository
Oracle Home E:\oracle\inf_1012
Farm as1db.xyzco.net
o HTTP_Server
o Internet Directory
o OC4J_SECURITY
o Single Sign-On:orasso
o Management
B SERVER
Host as2. xyzco.local
Version 9.0.4.0.2
Installation Type Business Intelligence and Forms
Oracle Home E:\oracle\mid_904
Farm as2db. xyzco.net
o Discoverer
o Forms
o home
o HTTP_Server
o OC4J_BI_Forms
o Reports Server
o Web Cache
o Management
C SERVER
Host as3. xyzco.local
Version 9.0.4.0.2
Installation Type Business Intelligence and Forms Discoverer and Reports
Oracle Home E:\oracle\mid_904
Farm as2db. xyzco.net
o Discoverer
o Forms
o home
o HTTP_Server
o OC4J_BI_Forms
o Reports Server
o Web Cache
o Management
All servers Are:
Windows 2003 Standard Server with current service packs
Xeon Dual Processor with 4GB ram
Raid 0 drives 2 for OS and 2 for Oracle
Daniel Brody
[email protected]
Maybe you are looking for
-
HT1926 Problem Installing iTunes for Windows 7
I get the message "Service 'Apple Mobile Device' failed to start when trying to instal. 'Verify you have sufficient priviledges to stsrt system. Options given are Abort, Retry or Ignore. Both Retry or Ignore give error message 'iTunes was not install
-
Wondering if anyone knows a javascript I could run to save all open PDFs as RTF with images. File>Save As> RTF (settings include images) Save to same folder Thanks
-
Macbook won't boot after forcing CD to eject
I've had my Intel Macbook for about a year now, with no problems until yesterday, when my sister inserted a blank CD with a plastic label still on it. The CD got stuck in the CD drive and it kept making this clicking noise everytime I tried to eject
-
Assertion failure: pRoot at line 107
I guys, I'm having problems.. Someone can help me please?! This error appeared 2 weeks ago, before this I had changed some security privilegies on catalog manager. Then, I thought that error was becouse of the changes that I made for. But it was not.
-
0CRM_LEADS_H EXTRACTION PROBLEM?
Hi, we are using CRM 5.0 and BI7.0 systems,i'm trying to extract 0crm_leads_h datasource,i'm using BI content Infocube and DSO after transformation and DTP i ran infopakage in monitor it showing waiting status.just 85 records was avaliable in CRM