Query about Load-Balancer 'proxy'
Hi,
When using load-balancer 'proxy', with multiple remote addresses defined, does the client randomly select the initial connection from the list of remote connections in the config file?
I know the proxy will redirect a client to a less loaded proxy, however I want to distribute the initial connection randomly. In our configuration we will have a lot of extend clients. If they all connect to the first proxy in the list, this will cause that proxy to run hot (and possibly fall over).
Hopefully I've explained that ok? It's quite a tounge-twister of technical terms. Anyhow if someone knows the answer to this I'd be grateful, as I can't find any clarification in the documentation.
Cheers
Rich
Rich,
When multiple remote addresses are defined, Coherence does randomize the address list defined in the configuration file and connect to the next address in the list.
-Luk
Edited by: lsho on Jul 19, 2012 10:56 AM
Similar Messages
-
Dear Gurus
I want to ask about load balancing in RAC.
we have two nodes rac1 rac2 with physical ip as virtual ip as
rac1 rac2
physical 10.22.1.50 10.22.1.51
virtual 10.22.1.54 10.22.1.55
and two appliction servers app1 app2.Actually in tns file of app1 there is entry of virtual ip of rac1 (10.22.1.54)and in app2 virtual ip of rac2 (10.22.1.55). so we want to test whether load balancing is happening or not .like if app2 is down so whether the connection of app1 moving to rac2 also or not
so we down app2 and check.Guys tell me how could i check in that duration that whether connnection going to rac2.
i am unable to find the parameter of sessions connected in awr .Please tell how could i identifyi have stopped the IM's of one of my application server and checked the connections to my database with below query and according to it its connecting to both instances.Does it means that load balancing is happening fine.
SQL> SELECT inst_id, TO_CHAR(logon_time, 'DD-MON-YYYY HH24:mi:ss') "Hour when connected", count(*) "DB Sessions"
2 FROM gv$session
3 WHERE type = 'USER' and TO_CHAR(logon_time, 'DD-MON-YYYY HH24:mi:ss') like '%05-OCT-2011 17%'
4 GROUP BY inst_id, TO_CHAR(logon_time, 'DD-MON-YYYY HH24:mi:ss')
5 ORDER BY inst_id, TO_CHAR(logon_time, 'DD-MON-YYYY HH24:mi:ss');
INST_ID Hour when connected DB Sessions
1 05-OCT-2011 17:20:06 1
1 05-OCT-2011 17:27:18 1
2 05-OCT-2011 17:11:31 1
2 05-OCT-2011 17:26:28 2
2 05-OCT-2011 17:26:38 1
2 05-OCT-2011 17:27:18 1 -
ACE to load balance proxy servers
Hi,
i have a set of 4 proxy servers that are already load balanced. But they are using a incorrectly configured health probe on the ace. I need to know a good configuration for a heath probe that will send a http request over port 80 , wait for response, and read it? I searched the forum and the cisco pages but could not find a proper answer.
the current probe is as follows:
probe http HTTPGET
description Tests that www.gmail.com returns 302 redirect
interval 10
request method get url http://www.gmail.com
expect status 302 302
-GordonHi Gordon,
This is what you want to achieve :
I need to know a good configuration for a heath probe that will send a http request over port 80 , wait for response, and read it?
So ideally you have to choose what content you want to request and what you expect as response.
Any HTTP request will assume that the request is going to the web server or the device can understand HTTP and respond accordingly.
If you ask me I would say that the probes which you are using make sense.
If the probe fails that means the proxy is unable to reach "www.gmail.com" which is almost as good as proxy is not working.
Let me know your thought about it.
regards,
Ajay Kumar -
Question about Load balancing with IISPROXY
Hi,
We are running WLS 5.1.0 SP5 on NT 4.0 SP6. We are not using clustering.
We are able to round robin between multiple instances of the WLS successfully.
Question: If one of the instances of WLS goes down, is there any way to configure
the plugin to take it out of the loop automatically (without using clustering)?
Thanks,
Anil.
This is not the syntax. Syntax is just this:
MaxSkips=something.
eg: MaxSkips=25
The doc says:
5:10:1000 for min:default:max
By which we mean that default value is 10, max is 1000 and min is 5. I guess the
docs are confusing about the syntax here. We will correct them.
--Vinod.
Anil Kommareddi wrote:
> Vinod,
> I could not find any documentation on the MaxSkips parameter except in the Service Pack
> docs. The syntax is MaxSkips=min:default:max.
>
> how do the min and max parameters work?
>
> Vinod Mehra wrote:
>
> > Even if the servers in the WebLogicCluster list are non clustered you WILL be
> > able to do load balancing. But the problem is if the servers go down the plugin
> > will not remove them. But it not that bad. If an connection attempt fails the
> > server is marked as bad and will be skipped for the next MaxSkips (default=10)
> > cycles of load balancing. MaxSkips parameter is configurable for IISProxy
> > (SP4 onwards, I think).
> >
> > -Vinod.
> >
> > Prasad Peddada wrote:
> >
> > > I believe there won't be any load balancing unless you use servers in a cluster. As
> > > an alternative you can use hardware load balancers directly in a situation like this.
> > >
> > > Anil Kommareddi wrote:
> > >
> > > > Hi,
> > > >
> > > > We are running WLS 5.1.0 SP5 on NT 4.0 SP6. We are not using clustering.
> > > > We are able to round robin between multiple instances of the WLS successfully.
> > > >
> > > > Question: If one of the instances of WLS goes down, is there any way to configure
> > > > the plugin to take it out of the loop automatically (without using clustering)?
> > > >
> > > > Thanks,
> > > > Anil.
> > >
> > > --
> > > Cheers
> > >
> > > - Prasad
-
Question about load balancing between Portal and ABAP
Hi,
I have the problem whit load balancing between Portal and ECC (ERC) ABAP
Exist two system:
1) ECC (ERP) ABAP = Backend Module = HR
2) EP (JAVA) = Frontend
The users (9000 users) logon in the EP and run query (data personal) in the ECC. The problem to all user connect in Central Instance and not in the Dialog Instance.
How can balancing the conecction HTTP (EP) to ECC (ABAP)??
I need balancing in the ECC to Dialog InstanceJco -> right. Another possibility is that you use iviews that point to the backend in this case you will need to use a load balanced entry for the backend system in the [system landscape|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/47/8c1e438d7017fce10000000a42189c/frameset.htm] -> SAP_R3_LoadBalancing
If you have ESS deployed on your portal, you will most probably need to do both.
Cheers Michael -
Load Balancing proxy based firewalls
I need to load balance http and ssl traffic through proxy based firewalls (Gauntlet)to a server farm. I've been told I can't use the usual paths through the firewalls but need to load balance the firewalls as if they were servers which would then proxy the session to the Internal content switch which will load balance to the servers.
Any ideas if this will work or how to do it? I need to keep the SSL sessions sticky as well.could you clarify what you mean by proxy firewall.
Is it just a proxy server with some filtering feature ?
If so, what was suggested to you is correct.
You define your proxy servers as services and then you simply configure
a content rule for 8080 or 80 (whatever your proxy listen on) and another content rule for port 443 SSL (or whatever port your proxy is setup for).
If the proxy is setup to use its own ip address to request HTML data, the response all aways come back to the right proxy. No need for the firewall loadbalancing feature.
An example is this
service proxyfw1
ip address x.x.x.x1
active
service proxyfw2
ip address x.x.x.x2
active
owner mycompany
content HTTPproxy
vip address x.x.x.x
add service proxyfw1
add server proxyfw2
proto tcp
port 8080
active
content SSLproxy
vip address x.x.x.x
add serv proxyfw1
add serv proxyfw2
proto tcp
port 443
application ssl
advanced-balance ssl
active
Then you setup your browser to point to proxy address x.x.x.x port 8080 for http and 443 for ssl.
Gilles. -
Question about Load Balance SFTP service by using CSS1150X
Does anyone come across of load balancing SFTP service by using CSS1150X? Typically by configuring CSS1150X to load balance FTP service, the configuration will as follow:
content ftp_rule
vip address 192.168.3.6
protocol tcp
port 21
application ftp-control
add service serv1
add service serv2
add service serv3
active
group ftp_group
vip address 192.168.3.6
add service serv1
add service serv2
add service serv3
active
However, for my personal understanding and knowledge, I will configure my CSS1150X as follow to load balance SFTP service:
content sftp_rule
vip address 192.168.3.6
protocol tcp
port 22 //Change 21 to 22
application ftp-control
add service serv1
add service serv2
add service serv3
active
group sftp_group
vip address 192.168.3.6
add service serv1
add service serv2
add service serv3
active
My question is, "application ftp-control" in content "ftp_rule" is still applicable to SFTP or not?I believe application ftp-control would not be used for sftp.
This might cause the session to get dropped when there is no data channel created and cause issues with long connections.
Hope it helps!! -
Question about Load Balancing Wireless connections using WLC- F5- ISE
Hi all,
Can anyone give me some orientation how the radius auth process/handshake between the WLC and ISE changes once the F5 is installed in the middle in order to perform load balancing?
We can do some kind of load balancing by configuring different radius servers on each WLC for which, I must configure the same shared secret in the WLC and ISE so the radius request/accept could be processed.
Now that we have the F5 in the middle, do I need to create/configure the same shared secret in the F5 so radius transactions can be processed by this device?. Based on the following link, I must configure the F5 in the ISE like another NAD device (similar to the WLC) but I do not know if this additional configuration in the ISE includes the Auth parameter to be added in the ISE NAD (F5) configuration.
How to properly use a load balancer in Cisco's Identity Services Engine
http://www.networkworld.com/community/blog/load-balancing-cisco-identity-services-engine
Our sheme is shown next,When you covert the pair into SSO, all the APs will go to the ACTIVE unit. No unit will "live" in the standby unit because this unit will "share" the AP-support license between the two.
This is the first step you need to get sorted. Send an email to [email protected] and give them the exact details of what you want to do (i. e. AP SSO) and then provide the serial number of your nominated active WLC and the serial number of your nominated standby WLC. -
Inquiry about Load Balancer 440
Hi
We are planning to buy the Barracuda Load Balancer 440- BBFI440a to be used as H/W load balancer for our applications and Ftp servers. We are using oracle application server 10.1.2.0.2 and Oracle BI and windows 2003 FTP server.
My question is, does the Barracuda load balancer certified with Oracle AS 10.1.2.0.2?
ThanksRich,
When multiple remote addresses are defined, Coherence does randomize the address list defined in the configuration file and connect to the next address in the list.
-Luk
Edited by: lsho on Jul 19, 2012 10:56 AM -
Load balancing proxy chain with LD
Next Week we have to do some consulting at a customers, who owns 4 LD 416. He wants to do full HA balancing of his web proxy chain, consisting of 2 proxy servers, 2 viruswalls and 2 applet traps.
In his current configuration he routes the HTTP requests from internal clients through a firewall and
LD1 into DMZ1-proxy, then through the firewall and LD2 to DMZ2-viruswall, then through the firewall and LD1 back to DMZ1-applettrap, and finally towards the internet. This results in a tremendous load on the firewall box.
Our suggestion to overcome this situation is to set up to VLANs at interfaces 2 and 3 of LD1. The proxy servers will reside in VLAN2, the viruswall at VLAN3, and the applettrap at VLAN2 again. So the LD can bridge all the VLANs and balance the complete proxy chain.
Will this work? Anything we overlooked? Is there somebody out there who has done something similar before? What configuration specialties have to been taken into account?
Thanks in advance,
OliverNext Week we have to do some consulting at a customers, who owns 4 LD 416. He wants to do full HA balancing of his web proxy chain, consisting of 2 proxy servers, 2 viruswalls and 2 applet traps.
In his current configuration he routes the HTTP requests from internal clients through a firewall and
LD1 into DMZ1-proxy, then through the firewall and LD2 to DMZ2-viruswall, then through the firewall and LD1 back to DMZ1-applettrap, and finally towards the internet. This results in a tremendous load on the firewall box.
Our suggestion to overcome this situation is to set up to VLANs at interfaces 2 and 3 of LD1. The proxy servers will reside in VLAN2, the viruswall at VLAN3, and the applettrap at VLAN2 again. So the LD can bridge all the VLANs and balance the complete proxy chain.
Will this work? Anything we overlooked? Is there somebody out there who has done something similar before? What configuration specialties have to been taken into account?
Thanks in advance,
Oliver -
Whats the best way to go about load balancing Exchange 2010 CAS
My server guys want to LB the Exchange 2010 client access servers, this will be the 7th Context on my Ace 4710.
see table for ports that are used
Port
Usage
25
smtp
80
http various
110
POP3 clients
135
RPC end point mapper
143
imap4 clients
443
SSL various
993
secure imap 4 clients
995
secure pop3 clients
6001
rpc related outlook anywhere
6002
rpc related outlook anywhere
6003
rpc related outlook anywhere
60200
rpc CAS
60201
exchange address book service
whats the best way of going about this?
do I just LB the IP addresses of the Servers and ignore the ports?
do i have to do anything special for ports 993 and 995 secure imap and pop?
I am sure there are more questions I shold be asking!OK
so If I have a single serverfarm with all services do I filter on the virtual
address something like below?
class-map match-any EXCH_vip
match virtual-address 172.16.93.2 tcp eq 25
match virtual-address 172.16.93.2 tcp eq 80
match virtual-address 172.16.93.2 tcp eq 110
match virtual-address 172.16.93.2 tcp eq 135
match virtual-address 172.16.93.2 tcp eq 143
match virtual-address 172.16.93.2 tcp eq 443
match virtual-address 172.16.93.2 tcp eq 993
match virtual-address 172.16.93.2 tcp eq 995
match virtual-address 172.16.93.2 tcp eq 6001
match virtual-address 172.16.93.2 tcp eq 6002
match virtual-address 172.16.93.2 tcp eq 6003
match virtual-address 172.16.93.2 tcp eq 60200
match virtual-address 172.16.93.2 tcp eq 60201 -
Load Balance method for proxy - ISA or BlueCoat
Hi,
I would like to know that which load balance method such as src-ip, cookie or etc is most suitable for load balancing proxy servers such as ISA or Bluecoat. The Proxy will listen to many services - http, https, ftp, and etc. Thanks for the help.The methods you mentioned are not loadbalancing technics, but stickyness features.
Stickyness is not always necessary.
Now, for caching devices, it is good to always send users requesting a same object to a single proxy, so that the same object is not cached in all the proxies.
Therefore, the solution in this case is loadbalancing with url hashing.
For HTTPs, if you terminate SSL on the loadbalancer, you can use the same solution.
For all the other traffic, I would suggest to start with roundrobin and see after a while if it requires some adjustments or not.
Gilles. -
Hi all,
I'm new to Azure and while our long term goal is to move our entire system into Azure, we have a small feature we'd like to try implementing first so that our infrastructure will be a sort of hybrid model for now. Basically I want to have a WebRole running
a WCF endpoint that reads and writes to a queue. One caller external to my system will call the API to drop off work. My existing system using another method in the API to query for this work that's been dropped off. Pretty simple.
My question is about load balancing. If I were using an F5 or some other hardware based load balancer I'd throw that in front of the Web Roles setup in a round robin configuration and be done with it. if I had 4 instances of the web role and my services
were polling once a second (assuming I have few instances of the polling service running in my existing infrastructure) I'd pick the work up in a second or two. This is perfectly acceptable performance for this process. However, my understanding
is Azure load balancing uses a hash algorithm that works like IP Affinity in a standard load balancer.... this won't work for obvious reasons.... what pattern should I be following for this work? Also note, I'd like to have this geo-distributed as well.
Thanks,
MattHi,
Perhaps, you could use Azure Traffic Manager.
Azure Traffic Manager allows you to control the distribution of user traffic to your specified endpoints,which can include Azure cloud services, websites, and other endpoints. Traffic Manager works by applying an intelligent policy engine to Domain Name
System (DNS) queries for the domain names of your Internet resources. Your Azure cloud services or websites can be running in different datacenters across the world.
More information :
http://msdn.microsoft.com/en-us/library/azure/hh744833.aspx
http://msdn.microsoft.com/en-us/library/azure/dn339010.aspx
http://azure.microsoft.com/en-us/documentation/services/traffic-manager/
Hope this suits your needs.
Regards,
Mekh. -
Interesting ACE URL Header & Load-balance & SSL on 2 VIPs
Hi There
I have an interesting situation that I am trying to solve. I have 4 websites, each one with SSL Off-Loading on the ACE on the outside. All FOUR websites run on a single server on the inside, but each website is using a different port number for differentiation. Also, they are currently only available on TWO IPs on the outside! I know.....it's a mare!
So, RSERVER = SERVER = 192.168.0.1
Each website has SSL Certs on the outside. https://website1.abc.com - https://website4.abc.com
But, DNS is only bound to 2 IPs on the outside, as that is all we have available currently, until we free up more IPs.
OUTSIDE:
website1.abc.com = 172.16.0.1:443
website2.abc.com = 172.16.0.1:443
website3.abc.com = 172.16.0.2:443
website4.abc.com = 172.16.0.2:443
On the server we have:
INSIDE: 192.168.0.1
SERVER:8001 = website1.abc.com
SERVER:8002 = website2.abc.com
SERVER:8003 = website3.abc.com
SERVER:8004 = website4.abc.com
So, in a nutshell what I need to do is:
Terminate SSL for each website, then match the HTTP header, and pass it to the SERVER on the right port. Sounds easy enough.
But, I am struggling like hell. The VIPs (Wirtual IPs on the OUTSIDE are causing me grief) My steps seem to be breaking my ruleset. Individually they all work, but once I tie them to the VIPs on the outside, it seems to stop. The first site in each CM (class-map) match in the PM (Profile-Map) works but the subsequent site just breaks.
I would post my config, but right now I have sooooooooooooo many variations, it looks like a dog's breakfast.
Can anyone give advice on the process flow to follow to get this to work. My issue is arround the VIPs mainly. To be honest, I don't really care about Load-Balancing right now. That will come later when more servers are added to mix. And then we might have to do inbound NAT too to the Server Farm, but that can wait! :-o
I have created a HEADER map for the headers, individual SERVER FARMS for each port on the RSERVER, ACLs matching the VIPs inbound on 443, CLASS-MAPs matching the HEADER and applying to SFARM, POLICY MAPS matching the CMAPs and doing Load-Balancing with SSL-PROXYs for the SSL headers. SERVICE-POLICY tieing it all together on Interface.
But .... things are going hey-wire.
So, steps are:
RSERVER
SFARMs = RSERVER:PORTs
ACLs = VIPs
CMAP = HEADER = URL
LB PMAP = HEADER CMAP & SFARM
PMAP MULITM = ACL CMAP + LB PMAP & SSL-Proxy
SVC-POL = PMAP MULTIMHi Surya
Thanks for the prompt reply. I'm not quite sure what you mean when you say it ca only handle 2 certs. Can you elaborate please?
It would appear to me that you can actually only bind one cert to an IP, based on using a VIP address for the server farm as per the CM in the PM. I can hack out the irrelevant bits tomorrow and post what I have done thus far. I have played with multiple lines of code and various ways of trying to do this, but the end result is that it appears once I have the CM set per VIP I can only set one SSL-Proxy, and so only one cert. If I use multiple CMs, as per the MultiMatch policy, it matches the first CM against the VIP and doesn't appear to move on as per the HTTP Header. If any of that makes sense?
regards
Sent from Cisco Technical Support iPad App -
Best way for HTTP load balancing in OSB
Hi everybody,
We have setup an OSB cluster and we need to load balance HTTP requests across managed servers. Looking for info about load balancing in OSB I found that there are mainly two options: using a hardware load balancer or a software solution like Weblogic HttpClusterServlet. At the moment we have no hardware balancer available so we will have to take the software option. I found some articles about configuring HttpClusterServlet like http://redstack.wordpress.com/2010/12/20/using-weblogic-as-a-load-balancer.
But I have a question about this configuration. If we use a managed server as an HTTP proxy that balances requests between OSB managed servers, what would happen if this server goes down? I think one of the main goals of a clustered deployment is avoiding a single point of failure but with that setup all requests would depend on the availability of the proxy managed server.
Could you recommend us a setup for implementing load balancing in OSB?
Thank you in advance,
Daniel.Load balancing in a cluster for http requests can be achieved using atleast 4 different ways:
(1)- use a hardware load balancer like F5 BigIP LTM
(2)- use a web server with weblogic plugin to frontend the cluster
(3)- use weblogic with HTTPClusterServlet
(4)- use DNS round robin - this works if you have managed servers running on 2 machines (say mach1, mach2) but on the same port. HTTP clients use hostname 'mach' to access the URL's and the dns does a round robin name resolution of mach to mach 1 and mach2 IP addresses..
All the options except (1) achieve only load balancing and not auto failover on all instances.. Hardware load balancers has the extra feature of probing [ sending periodic pings to the targets] , by which it can detect whether the target resource is alive and if not send the traffic to other nodes which are alive.. this is why hardware load balancers are worth their investment..
other options may work if client is coded to do retrying on failure.. so on 2nd or subsequent attempt, the routing is done to the machine which is alive..
For options (1),(2) and (3), you also need some redundancy of load balancing device ( web server, weblogic or hardware load balancer) to prevent single point of failure.. Hardware load balancers are usually deployed in redundant pairs to achieve this..
Edited by: atheek1 on 22/11/2011 15:31
Maybe you are looking for
-
Hey everyone. So I already asked another question about my music app, but apparently I have a new one now in addition to that. If an album doesn't have a cover it shows me a cover from another album (that is not from the same artist) with the name of
-
My Zen Sleek Photo will not connect to compute
I am extremely disappointed ! Despite being told yesterday that I need Microsoft Service Pack 2 installed on my computer before my USB would detect the player, I have successfully downloaded MS SP 2 and guess what ? It still says "your player is not
-
IPhone 4 will not sync with Lion
Have seen multiple posts that are similar to my problem, but not exact so thought I would post the issue here: MacBook Pro (2.8GHz Core 2 Duo) 8GB 500GB 7200rpm Seagate Momentus MS Outlook 2011 iTunes 10.4 The Lion upgrade was pretty much flawless -
-
IPhoto crashing when I'm importing photos from iPhone
So I'm trying to import photos from my iPhone in iPhoto. I am trying to import approx 2000 photos. After imprting approx 1500 photos, iPhoto crashes/stalls. I stop the import and try to delete the photos already imported, but the software is not r
-
WHAT IS DATE BANDLING WHAT IS FIELD CATLOG IN ALV
WHAT IS DATE BANDLING WHAT IS FIELD CATLOG IN ALV Explain clearly