[Project] Load Balance mutiple DSL PPPOE connections using CSR1000v in Datacenter

Similar Messages

• In the ReportDocument.Load method it tries to connect using the using the connection information embedded in the Report File

  Post Author: bhaveshbusa
  CA Forum: Crystal Reports
  In the ReportDocument.Load method it tries to connect using the using the connection information embedded in the Report File. When the application calls ReportDocument.Load(reportFileName). This
  tries to connect to the database using the connection information embedded in
  the "reportFileName". This was only realised on checking the ODBC Trace
  Log. The connection itself is not a problem. The problem is that the embedded
  connection information is related to OLD production system. And failed
  connections had raised some concerns.
  Note: I am using
  SetDataSource to populate the data for the report. So I don't need the
  connection.
  Is there any way I
  can disable this auto-connect?
  Thanks and
  regards,
  Bhavesh

  960738 wrote:
  I need a help in answering one of the issue encountered last week.
  I have created a database link and tried to access the information from a table using the program written in another language. The password provided was incorrect for that user while creating database link. So we expected that,while retrieving the data, Database connection has to be errored out as password provided is incorrrect.
  But unfortunately, user account was locked out. When i checked with DBAs they mentioned that it tries to connect 16 ports with in a min of time.we were shocked as it STOPS another scheduled jobs with that user. and affects production badly.
  As per the program, it has to connect only one time and yesterday we tried to execute the program in DBAs observation and it errored out as expected. Didn't tried for multiple ports.
  Now the question is, WHY the database connection established 16 times last week and caused user account locked. DBAs are unable to answer it. Any EXPERTs opinion on this would greatly appreciated.
  I have verified managing ports in oracle documentation, it was mentioned that if one port is busy it will try to connect to another port in the range of ports mentioned during the installtion. DBAs verified ports related file and it was blank. and they are not agreeing with this reason. Please HELP me in finding the correct REASON for this.
  is it a NETWORK issue or issue with DATABASE SERVER only?
  Thanks
  SSP
  Edited by: 960738 on Sep 22, 2012 9:13 PMDBLINK is 100% oblivious to the fact any port exists.
  DBLINK only contains username, password & TNS Alias.
  can you post actual SQL & results?

• Load balancing error 88: Cannot connect to message server (rc=9)

  Hi,
  We are facing a problem in the system object.
  initially we created a system object with loadbalancing template ,and everything worked fine, but after couple of months we found a error "Load balancing error 88: Cannot connect to message server (rc=9)", so we have created a Dedicated application server object which resolved our issue.
  My question is why has this problem occured, and since my client side has lot number of users and we wish to keep the system back to load balancing object.
  How can i make my system object work back, what might be the causes?
  Thanks
  Srivastsa Kondapally

  Load balancing only works if the message server is available and the logon group specified exists as well.  If one of those changes, then it will break until you get the values set correctly.

• SA520 load balancing for multiple IPSec connections

  Hello,
  I just would like to ask whether the following is possible or what other people think might be the best way to go.
  Let me describe the current setup:
  Our company has a main office which is connected to the internet through an SA520W appliance, and two satellite offices which have other IPSec routers installed. The SA520W is currently only connected through the main WAN interface to a DSL line (DSL 16000). The tunnels are established and it all works quite well.
  However, we have experienced lags and slow connections when someone transfers a larger file from the main office to the outside (either satellite office or, say, some FTP server on the internet). This is of course due to the limited upload capacity of the DSL line. Therefore, I am thinking about getting another DSL line for use as the optional WAN port of the SA520W.
  My question is: Is it possible to establish two IPSec tunnels from a satellite office to the main office, one to the main WAN port and one to the optional WAN port of the SA520W? The two main hurdles I see with that is that a) the SA520W can only bind IPSec to one port and b) the network mask of each IPSec phase 2 needs to identify the subnet uniquely. Am I correct with the assumption that this cannot be done?
  If so, the only way I can see right now is to bind all IPsec traffic to the optional port and have at least main office <-> internet traffic separated from all IPSec traffic. Or has anyone a better solution to this?
  Thanks in advance,
  Roland

  I honestly don't recall any issues with the load balancing. I've personally never seen an issue, opened a case for one or observed a problem in my lab using multiple T1 lines...
  That's not to say there could be a problem. But as far as I know this aspect of the router is solid.
  The only thing I strongly dislike about most modern DSL deployments, the ISP like to give out "residential" or "business" gateways. These things just make life terrible since it is a router/nat device.
  -Tom
  Please rate helpful posts

• SUNW.gds for jboss + Load Balancing Group = Failed to connect to host ...

  Hi all!
  In a simple two node cluster (Solaris cluster 3.2) with quorum server I've created a resource for jboss 5.1.0 using SUNW.gds. It is supposed to be load-balanced. To achieve that I've followed instructions from [http://download.oracle.com/docs/cd/E18728_01/html/821-1258/gds-25.html]
  The command I've used to create the resource was:
  clresource create -g scalable-rg -t SUNW.gds -p resource_dependencies=vip -p Scalable=TRUE -p Start_timeout=400 -p Stop_timeout=400 -p Probe_timeout=30 -p Port_list=8080/tcp -p Start_command="/opt/jboss-5.1.0.GA/bin/run.sh -b 0.0.0.0" -p Child_mon_level=0 -p Failover_enabled=TRUE -p Stop_signal=15 -p Load_balancing_policy=LB_STICKY_WILD jboss-rs
  The whole configuration seems to work, but when the second node joins cluster, resource with jboss can't bind to shared ip address. There are many entries in /var/adm/messages like:
  Jan 19 13:46:35 play SC[,SUNW.gds:6,scalable-rg,jboss-rs,gds_svc_start]: [ID 141062 daemon.error] Failed to connect to host vip and port 8080: Connection refused.
  Jan 19 13:46:35 play SC[,SUNW.gds:6,scalable-rg,jboss-rs,gds_svc_start]: [ID 805735 daemon.error] Failed to connect to the host <vip> and port <8080>.
  Jan 19 13:46:37 play SC[,SUNW.gds:6,scalable-rg,jboss-rs,gds_svc_start]: [ID 141062 daemon.error] Failed to connect to host vip and port 8080: Connection refused.
  Jan 19 13:46:37 play SC[,SUNW.gds:6,scalable-rg,jboss-rs,gds_svc_start]: [ID 805735 daemon.error] Failed to connect to the host <vip> and port <8080>.
  Jan 19 13:46:39 play SC[,SUNW.gds:6,scalable-rg,jboss-rs,gds_svc_start]: [ID 141062 daemon.error] Failed to connect to host vip and port 8080: Connection refused.
  Jan 19 13:46:39 play SC[,SUNW.gds:6,scalable-rg,jboss-rs,gds_svc_start]: [ID 805735 daemon.error] Failed to connect to the host <vip> and port <8080>.
  Jan 19 13:46:41 play SC[,SUNW.gds:6,scalable-rg,jboss-rs,gds_svc_start]: [ID 141062 daemon.error] Failed to connect to host vip and port 8080: Connection refused.
  Jan 19 13:46:41 play SC[,SUNW.gds:6,scalable-rg,jboss-rs,gds_svc_start]: [ID 805735 daemon.error] Failed to connect to the host <vip> and port <8080>.
  Jan 19 13:46:43 play SC[,SUNW.gds:6,scalable-rg,jboss-rs,gds_svc_start]: [ID 141062 daemon.error] Failed to connect to host vip and port 8080: Connection refused.
  Jan 19 13:46:43 play SC[,SUNW.gds:6,scalable-rg,jboss-rs,gds_svc_start]: [ID 805735 daemon.error] Failed to connect to the host <vip> and port <8080>.
  However, after some time, it finally somehow binds to shared ip and port 8080.
  Is this something I should be worried about? Or it is a normal thing, since e.g. it takes some time to bring the interface with shared ip up? I've never had to install such configuration, and I don't have neither intuiton, nor the experience. Any help would be very appreciated.
  Thanks a bunch,
  Bart

  Hi, a couple of things to check:
  - did you check that both JBOSS instances were up and running?
  - can you check in the logs (on both nodes) when a message saying something like "service .... registered..." showed up. This should show up for both JBOSS instances. From the time of the second "registered" message, the load balancer should sending incoming requests to both instances using its distribution mechanism
  - did you check the vip address on one of the nodes on an external interface and on lo0 on the other
  - connection refused looks like a server problem; can you connect to the JBOSS instance locally?
  Hth
  Hartmut

• Load Balancing FTP Server thru CSM using a single Client IP

  Hello,
  We have a need to load balance 3 FTP servers. These servers are reached only from a single client IP which is a database server. The FTP method that is being used is currently passive. Our configuration is currently unidirectional, ie, the FTP client (the one database server) sends to the VIP and the FTP Servers then talk directly back to the FTP client and the traffic does not go back through the CSM. The problem is that because FTP negotiates another port to talk on, we have to use sticky so that the connection is sent back to the original FTP server that sent the FTP data port to talk on. But, since we only have a single client IP that is ever used we are not load balancing appropriately across the FTP servers.
  Traffic flow goes something like this, tcp port followed after colon as an example
  1. FTP Client ----> VIP:21
  2. CSM ---------> FTP Server:21
  3. FTP Server --------> FTP Client(FTP server says come talk to me on port 1700)
  4. FTP Client ---------> VIP:1700
  5. CSM ---------> FTP Server:1700
  6. FTP Server:1700 ---------> FTP Client
  repeat steps 4 thru 6
  Here's our hardware and software:
  WS-X6066-SLB-APC running 4.2(2)
  Config is as follows
  module ContentSwitchingModule 9
  ft group 101 vlan 9
  priority 10
  vlan 216 client
  ip address 10.209.16.31 255.255.252.0
  gateway 10.209.16.1
  vlan 20 server
  ip address 10.209.0.31 255.255.252.0
  alias 10.209.0.11 255.255.252.0
  probe ICMP1 icmp
  interval 3
  failed 3
  receive 3
  serverfarm FHEPRT
  no nat server
  no nat client
  real 10.209.0.72
  inservice
  real 10.209.0.73
  inservice
  real 10.209.0.71
  inservice
  probe ICMP1
  sticky 106 netmask 255.255.255.255 address source timeout 3
  policy FHEPRT_POL1
  sticky-group 106
  serverfarm FHEPRT
  vserver FHEPRT1
  virtual 10.209.16.71 any
  vlan 216
  unidirectional
  serverfarm FHEPRT
  replicate csrp connection
  no persistent rebalance
  slb-policy FHEPRT_POL1
  inservice

  You are missing "service ftp" config in the Vip definition. Try the following
  vserver FHEPRT1
  virtual 10.209.16.71 tcp ftp service ftp
  Syed Iftekhar Ahmed

• Two active active ISPs with load balancing, publishing and VPN connection

  Hi,
  I wonder how to enable a scenario where i have to use  two ISP's to share 30/70 load on our internet traffic, have to configure almost 60 internal websites already published using microsoft TMG firewall and connect client VPN connections and site-to-site vpn connections. I know that ASA firewall has limitation when using security contexts. Is good idea that how to achieve this gool?
  I previously tried connecting four sites running ASA devices with this fifth site running Microsoft TMG firewall but i was able to connect only two ASA firewalls using site-to-site VPN, though I was able to connect remaining two as well but last two were not able to access ASA-TMG resources. furthermore behavious of two ASA-TMG connected sites was strange: sometime i was not able to access cross site resources from one machine but was able to do so from another machine.
  I noticed that two of ASA sites connected with TMG site has different internal IP class (e.g site one 192.168.0.* and site two using 172.16.*.*) while remaining two have same class like the first site e.g 192.168.128.* and 192.168.100.*
  Did anyone has experiance connecting TMG-ASA with multiple sites within same IP class scenario?
  OR
  How to enable same features using Cisco devices as they are on a single Microsoft TMG?
  Best,
  Saulat (Contact# 0092-321-4025587)

  Sulat,
  You can load balance between the two ISPs. That is not possible. But, we do have some options that I have discussed here:
  Hope the above link gives you some ideas to utilize both your ISP links.
  -Kureli

• CSS11000 Load Balance over two VPN connections?

  Is it possible to have a CSS11000 in a local site perform load balancing and fail over to two different destinations on the internet that require a VPN connection. The VPN will be a router to router VPN using 7206s.
  Bruce
  mailto:[email protected]

  Hello Bruce !
  CSS is designed to handle TCP- and UDP based traffic, not IPSec. When handling IPSec traffic Content Switching Module (CSM) inside Catalyst 6500 series is recommended for that purpose.
  More info:
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/csm/index.htm
  - Tomi

• Load Balancing on DSL link

  Dear All,
  We are having 2 internet link from 2 separate ISP.
  Please help me in doing load balancing on this 2 ADSL LINK.
  Thanks/Regards
  Atul

  Hello,
  here is a sample configuration for load balancing with 2 links:
  ip cef
  interface FastEthernet0/1
  ip address 192.168.1.1 255.255.255.0
  ip nat inside
  interface ATM0
  no ip address
  no ip route-cache
  no atm ilmi-keepalive
  dsl operating-mode auto
  interface ATM0.1 point-to-point
  no ip route-cache
  pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
  interface ATM0.2 point-to-point
  no ip route-cache
  pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
  interface Dialer1
  description ISP1_Connection_1
  ip address dhcp
  ip mtu 1452
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname USERNAME
  ppp chap password 0 PASSWORD
  ppp pap sent-username USERNAME password PASSWORD
  interface Dialer2
  description ISP1_Connection_2
  ip address dhcp
  ip mtu 1452
  encapsulation ppp
  dialer pool 2
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname USERNAME
  ppp chap password 0 PASSWORD
  ppp pap sent-username USERNAME password PASSWORD
  ip nat inside source route-map ISP1_Connection_1 interface Dialer1 overload
  ip nat inside source route-map ISP1_Connection_2 interface Dialer2 overload
  access-list 1 permit 192.168.1.0
  route-map ISP1_Connection_1 permit 10
  match ip address 1
  match interface Dialer1
  route-map ISP1_Connection_2 permit 10
  match ip address 1
  match interface Dialer2
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip route 0.0.0.0 0.0.0.0 Dialer2
  dialer-list 1 protocol ip permit
  Regards,
  GP

• How to control a Load Balanced set in IaaS VMs using Text files

  Hi,
  I would like to control the Load Balanced nodes Using a resource to probe like active.txt  in IIS than a Endpoint on the Management Portal.
  The reason i need this is because the engineers in my team will have access to VMs but not to Management servers.
  Any info on it is very helpful.
  Thanks

  Hi,
  You can Control the access to the Load Balanced Set by using Network ACL. A Network Access Control List (ACL) is a security enhancement available for your Azure deployment. An ACL provides the ability to selectively permit or deny traffic for a virtual machine
  endpoint. This packet filtering capability provides an additional layer of security. 
  Using Network ACLs, you can do the following:
  Selectively permit or deny incoming traffic based on remote subnet IPv4 address range to a virtual machine input endpoint. 
  Blacklist IP addresses
  Create multiple rules per virtual machine endpoint
  Specify up to 50 ACL rules per virtual machine endpoint
  Use rule ordering to ensure the correct set of rules are applied on a given virtual machine endpoint (lowest to highest)
  Specify an ACL for a specific remote subnet IPv4 address.
  Network ACLs can be specified on a Load balanced set (LB Set) endpoint. If an ACL is specified for a LB Set, the Network ACL is applied to all Virtual Machines in that LB Set. For example, if a LB Set is created with “Port 80” and the LB Set contains 3 VMs,
  the Network ACL created on endpoint “Port 80” of one VM will automatically apply to the other VMs.
  Hope this helps !
  Regards,
  Sowmya

• Site behind load balancer - Key not valid for use in specified state

  Hi,
  I have created a sharepoint application page to access an active end point on ADFS and establish a fedauth session. All works well in single server. But when the page runs behind load balancer with 2 servers, it fails with key not valid for use in specified
  state exception. Stickiness is enabled on load balancer. verified that.
  I had made few changes to config file in microsoft.identitymodel section to accomodate adfs custom login. This included removing securitytokenhandlers and issuertokenresolvers as well. Is this impacting the encryption/decryption in anyway?
  Any pointers would help.
  Reference point for my application page : http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=76

  Hi,
  As I understand, you encountered the error “Key not valid for use in specified state” when ADFS custom login.
  In order to run in Windows Azure Web Sites a Web application which uses WIF for handling authentication, you must change the default cookie protection method (DPAPI, not available on Windows Azure Web Sites) to something that will work in a farmed environment
  and with the IIS’ user profile load turned off.
  1. If you are using the Identity and Access Tools for VS2012, just go to the Configuration tab and check the box “Enable Web farm ready cookies”.
  2. If you want to do things by hand, add the following code snippet in your system.identitymodel/identityConfiguration element:
     <securityTokenHandlers>
       <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, 
               System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler,
              System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
      </securityTokenHandlers>
  There is a similar case:
  http://stackoverflow.com/questions/19323287/key-not-valid-for-use-in-specified-state-error-for-net-4-5-mvc-4-application
  Best regards,
  Sara Fan
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Load Balancing E-Business Suite 11i using BIG-IP

  "Has anyone deployed an Oracle E-Business Suite 11i solution in a load balanced environment based on the F5 BIG-IP 2400 device?"
  Background:
  When loadbalanced, Oracle forms requires a form of persistence to be in place, presumably to maintain state information.
  If using simple persistence based on client source IP address, then there is no problem.
  However in our environment, 1000s of clients are hidden behind the single IP address of a proxy server, therefore simple persistence will provide true load balancing.
  The alternative is cookie based persistence which will allow true load balancing even with clients hidden behind a proxy. However the challenge here is that Oracle Forms is java and not http based which means that BIG-IP cannot insert an http cookie into the java packets sent to the client by the Oracle server.
  If anyone has come across this issue and found a way round it, could you please describe how this is achieved? Either by configuration of the BIG-IP switch or at the Oracle Application side.

  Metalink doc id 290807.1 says that Internet Explorer 8 is now ccertified using Sun JRE 1.6.0_03 and higher. I have JRE 1.6.0_07 with Internet Explorer 8 for my Oracle 11i and the windows are freezing up consistently and works fine with IE 7, but i have users in IE 7 and IE 8, could you anyone help me with this issue. my full version is oracle 11.5.10.2 and my desktop in Windows XP.
  Thanks in advance

• ACE30 Load balancing based on IP and using x-forward-for header

  Hi Guys,
  We currently have a load balancing policy setup to direct traffic to say FARM-A based on a particular range of source (client) IP addresses, and the default FARM-B for all the other traffic.
  We are now looking to introduce a web application firewall (WAF) before the ACE.  The WAF will be inserting the client IP address into the x-forward-for http header.  Now I was wondering how best can be achieve the load balancing based on source IP given that we'll have to parse the HTTP header for this x-forward-for field?  Are there any examples that anyone can point me to? 
  let me know if you have any questions.
  thanks
  Sheldon

  Hi Sheldon,
  You might try creating a class map that matches on the XFF header. Then use that as the L7 load balance criteria (based on the hash value of the XFF header), using the predictor hash header.
  -Alex

• Multiple WAN connections all through one router with load balancing?

  I am setting up a network in my dormatory for myself and about 20 friends. about half of us have DSL connections at the moment. Is there a way to have all the DSL connections (possibly run through cheap home DSL routers) all connect into a cisco router that then acts as the gateway for our entire network? woudl it be possible for each internet request to go out over the connection that has the least load AND also be able to use some sort of load balancing, so one user cant use all of the outgoing/incoming bandwidth?
  If you have any ideas please let me know

  Hi Ian,
  To get this working, you would either need to use something like PPP to bundle your links together or use a dynamic protocol.
  In bundling the links, you could make them appear as one link, with a single IP address each end and the router takes care of distributing the load. To implement this though, you would need control of both sides of the link, or be terminating with one carrier who is happy to implement this for you.
  The second is to use a dynamic protocol (such as eigrp, ospf, etc), which can build up a map of the network to router from point a to point b. For this you also need control of the link.
  I can't think of another method, unless you can control the link from both sides. Your other option it to pool your money and buy a larger link or a leased line. If you bought a leased line or two, your carrier would be more than happy to talk to you about routing over that, but generally you're looking at mega bucks for that.
  HTH,
  Mark

• Load balancing weirdness using NAT and same-metric route

  Hi.
  I'm trying to set up a double-WAN load-balancing scenario:
  I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
  I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
  There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
  === PING 1 ECHO REQUEST ===
  *Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
  *Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
  *Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
  *Mar 3 04:38:43.521: ICMP type=8, code=0
  === PING 1 ECHO REPLY ===
  *Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
  *Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
  *Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
  *Mar 3 04:38:45.589: ICMP type=0, code=0
  === (something else) ===
  *Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
  OLD rdb: via 10.129.124.33, Vlan2
  NEW rdb: via 10.129.124.1, Vlan1
  === PING 2 ECHO REQUEST ===
  *Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
  *Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
  *Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
  *Mar 3 04:38:52.353: ICMP type=8, code=0
  === PING 2 ECHO REPLY ===
  *Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
  *Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
  *Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
  *Mar 3 04:38:53.033: ICMP type=0, code=0
  In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
  In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
  What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
  no ip cef
  ip dhcp pool lan-side
  import all
  network 192.168.60.0 255.255.255.0
  default-router 192.168.60.1
  domain-name doublewan.local
  dns-server 8.8.8.8 8.8.4.4
  lease infinite
  ip domain name doublewan
  interface FastEthernet0
  !doesn't appear on running-config: vlan 1 is the default access vlan
  !switchport access vlan 1
  interface FastEthernet1
  switchport access vlan 2
  interface FastEthernet2
  shutdown
  interface FastEthernet3
  shutdown
  interface FastEthernet4
  ip address 192.168.60.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  no ip route-cache
  duplex auto
  speed auto
  interface Vlan1
  ip address 10.129.124.2 255.255.255.224
  ip nat outside
  ip virtual-reassembly
  no ip route-cache
  interface Vlan2
  ip address 10.129.124.35 255.255.255.224
  ip nat outside
  ip virtual-reassembly
  no ip route-cache
  ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
  ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
  ip nat inside source route-map nat1 interface Vlan1 overload
  ip nat inside source route-map nat2 interface Vlan2 overload
  ip access-list standard acl4-nexthop-vlan1
  permit 10.129.124.1
  ip access-list standard acl4-nexthop-vlan2
  permit 10.129.124.33
  route-map nat2 permit 10
  match ip address 102
  match ip next-hop acl4-nexthop-vlan2
  match interface Vlan2
  route-map nat1 permit 10
  match ip address 101
  match ip next-hop acl4-nexthop-vlan1
  match interface Vlan1
  control-plane
  Of course, there is some configuration pending for redundancy and stuff.
  Thanks a lot in advance.
  [1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.html

  Hello.
  This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
  To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
  PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing".