Query about Load-Balancer 'proxy'

Similar Messages

• About load balancing in rac

  Dear Gurus
  I want to ask about load balancing in RAC.
  we have two nodes rac1 rac2 with physical ip as virtual ip as
  rac1 rac2
  physical 10.22.1.50 10.22.1.51
  virtual 10.22.1.54 10.22.1.55
  and two appliction servers app1 app2.Actually in tns file of app1 there is entry of virtual ip of rac1 (10.22.1.54)and in app2 virtual ip of rac2 (10.22.1.55). so we want to test whether load balancing is happening or not .like if app2 is down so whether the connection of app1 moving to rac2 also or not
  so we down app2 and check.Guys tell me how could i check in that duration that whether connnection going to rac2.
  i am unable to find the parameter of sessions connected in awr .Please tell how could i identify

  i have stopped the IM's of one of my application server and checked the connections to my database with below query and according to it its connecting to both instances.Does it means that load balancing is happening fine.
  SQL> SELECT inst_id, TO_CHAR(logon_time, 'DD-MON-YYYY HH24:mi:ss') "Hour when connected", count(*) "DB Sessions"
  2 FROM gv$session
  3 WHERE type = 'USER' and TO_CHAR(logon_time, 'DD-MON-YYYY HH24:mi:ss') like '%05-OCT-2011 17%'
  4 GROUP BY inst_id, TO_CHAR(logon_time, 'DD-MON-YYYY HH24:mi:ss')
  5 ORDER BY inst_id, TO_CHAR(logon_time, 'DD-MON-YYYY HH24:mi:ss');
  INST_ID Hour when connected DB Sessions
  1 05-OCT-2011 17:20:06 1
  1 05-OCT-2011 17:27:18 1
  2 05-OCT-2011 17:11:31 1
  2 05-OCT-2011 17:26:28 2
  2 05-OCT-2011 17:26:38 1
  2 05-OCT-2011 17:27:18 1

• ACE to load balance proxy servers

  Hi,
  i have a set of 4 proxy servers that are already load balanced. But they are using a incorrectly configured health probe on the ace. I need to know a good configuration for a heath probe that will send a http request over port 80 , wait for response, and read it?  I searched the forum and the cisco pages but could not find a proper answer.        
  the current probe is as follows:
  probe http HTTPGET
    description Tests that www.gmail.com returns 302 redirect
    interval 10
    request method get url http://www.gmail.com
    expect status 302 302
  -Gordon

  Hi Gordon,
  This is what you want to achieve :
  I need to know a good configuration for a heath probe that will send a  http request over port 80 , wait for response, and read it?
  So ideally you have to choose what content you want to request and what you expect as response.
  Any HTTP request will assume that the request is going to the web server or the device can understand HTTP and respond accordingly.
  If you ask me I would say that the probes which you are using make sense.
  If the probe fails that means the proxy is unable to reach "www.gmail.com" which is almost as good as proxy is not working.
  Let me know your thought about it.
  regards,
  Ajay Kumar

• Question about Load balancing with IISPROXY

            Hi,
            We are running WLS 5.1.0 SP5 on NT 4.0 SP6. We are not using clustering.
            We are able to round robin between multiple instances of the WLS successfully.
            Question: If one of the instances of WLS goes down, is there any way to configure
            the plugin to take it out of the loop automatically (without using clustering)?
            Thanks,
            Anil.
            

  This is not the syntax. Syntax is just this:
            MaxSkips=something.
            eg: MaxSkips=25
            The doc says:
            5:10:1000 for min:default:max
            By which we mean that default value is 10, max is 1000 and min is 5. I guess the
            docs are confusing about the syntax here. We will correct them.
            --Vinod.
            Anil Kommareddi wrote:
            > Vinod,
            > I could not find any documentation on the MaxSkips parameter except in the Service Pack
            > docs. The syntax is MaxSkips=min:default:max.
            >
            > how do the min and max parameters work?
            >
            > Vinod Mehra wrote:
            >
            > > Even if the servers in the WebLogicCluster list are non clustered you WILL be
            > > able to do load balancing. But the problem is if the servers go down the plugin
            > > will not remove them. But it not that bad. If an connection attempt fails the
            > > server is marked as bad and will be skipped for the next MaxSkips (default=10)
            > > cycles of load balancing. MaxSkips parameter is configurable for IISProxy
            > > (SP4 onwards, I think).
            > >
            > > -Vinod.
            > >
            > > Prasad Peddada wrote:
            > >
            > > > I believe there won't be any load balancing unless you use servers in a cluster. As
            > > > an alternative you can use hardware load balancers directly in a situation like this.
            > > >
            > > > Anil Kommareddi wrote:
            > > >
            > > > > Hi,
            > > > >
            > > > > We are running WLS 5.1.0 SP5 on NT 4.0 SP6. We are not using clustering.
            > > > > We are able to round robin between multiple instances of the WLS successfully.
            > > > >
            > > > > Question: If one of the instances of WLS goes down, is there any way to configure
            > > > > the plugin to take it out of the loop automatically (without using clustering)?
            > > > >
            > > > > Thanks,
            > > > > Anil.
            > > >
            > > > --
            > > > Cheers
            > > >
            > > > - Prasad
            

• Question about load balancing between Portal and ABAP

  Hi,
  I have the problem whit load balancing between Portal and ECC (ERC) ABAP
  Exist two system:
  1) ECC (ERP) ABAP = Backend     Module = HR
  2) EP (JAVA) = Frontend
  The users (9000 users) logon in the EP and run query (data personal) in the ECC.  The problem to all user connect in Central Instance and not in the Dialog Instance.
  How can balancing the conecction HTTP (EP) to ECC (ABAP)??
  I need balancing in the ECC to Dialog Instance

  Jco -> right. Another possibility is that you use iviews that point to the backend in this case you will need to use a load balanced entry for the backend system in the [system landscape|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/47/8c1e438d7017fce10000000a42189c/frameset.htm] -> SAP_R3_LoadBalancing
  If you have ESS deployed on your portal, you will most probably need to do both.
  Cheers Michael

• Load Balancing proxy based firewalls

  I need to load balance http and ssl traffic through proxy based firewalls (Gauntlet)to a server farm. I've been told I can't use the usual paths through the firewalls but need to load balance the firewalls as if they were servers which would then proxy the session to the Internal content switch which will load balance to the servers.
  Any ideas if this will work or how to do it? I need to keep the SSL sessions sticky as well.

  could you clarify what you mean by proxy firewall.
  Is it just a proxy server with some filtering feature ?
  If so, what was suggested to you is correct.
  You define your proxy servers as services and then you simply configure
  a content rule for 8080 or 80 (whatever your proxy listen on) and another content rule for port 443 SSL (or whatever port your proxy is setup for).
  If the proxy is setup to use its own ip address to request HTML data, the response all aways come back to the right proxy. No need for the firewall loadbalancing feature.
  An example is this
  service proxyfw1
  ip address x.x.x.x1
  active
  service proxyfw2
  ip address x.x.x.x2
  active
  owner mycompany
  content HTTPproxy
  vip address x.x.x.x
  add service proxyfw1
  add server proxyfw2
  proto tcp
  port 8080
  active
  content SSLproxy
  vip address x.x.x.x
  add serv proxyfw1
  add serv proxyfw2
  proto tcp
  port 443
  application ssl
  advanced-balance ssl
  active
  Then you setup your browser to point to proxy address x.x.x.x port 8080 for http and 443 for ssl.
  Gilles.

• Question about Load Balance SFTP service by using CSS1150X

  Does anyone come across of load balancing SFTP service by using CSS1150X? Typically by configuring CSS1150X to load balance FTP service, the configuration will as follow:
  content ftp_rule
  vip address 192.168.3.6
  protocol tcp
  port 21
  application ftp-control
  add service serv1
  add service serv2
  add service serv3
  active
  group ftp_group
  vip address 192.168.3.6
  add service serv1
  add service serv2
  add service serv3
  active
  However, for my personal understanding and knowledge, I will configure my CSS1150X as follow to load balance SFTP service:
  content sftp_rule
  vip address 192.168.3.6
  protocol tcp
  port 22 //Change 21 to 22
  application ftp-control
  add service serv1
  add service serv2
  add service serv3
  active
  group sftp_group
  vip address 192.168.3.6
  add service serv1
  add service serv2
  add service serv3
  active
  My question is, "application ftp-control" in content "ftp_rule" is still applicable to SFTP or not?

  I believe application ftp-control would not be used for sftp.
  This might cause the session to get dropped when there is no data channel created and cause issues with long connections.
  Hope it helps!!

• Question about Load Balancing Wireless connections using WLC- F5- ISE

  Hi all,
  Can anyone give me some orientation how the radius auth process/handshake between the WLC and ISE changes once the F5 is installed in the middle in order to perform load balancing?
  We can do some kind of load balancing by configuring different radius servers on each WLC for which, I must configure the same shared secret in the WLC and ISE so the radius request/accept could be processed.
  Now that we have the F5 in the middle, do I need to create/configure the same shared secret in the F5 so radius transactions can be processed by this device?. Based on the following link, I must configure the F5 in the ISE like another NAD device (similar to the WLC) but I do not know if this additional configuration in the ISE includes the Auth parameter to be added in the ISE NAD (F5) configuration.
  How to properly use a load balancer in Cisco's Identity Services Engine
  http://www.networkworld.com/community/blog/load-balancing-cisco-identity-services-engine
  Our sheme is shown next,

  When you covert the pair into SSO, all the APs will go to the ACTIVE unit.  No unit will "live" in the standby unit because this unit will "share" the AP-support license between the two.
  This is the first step you need to get sorted.  Send an email to [email protected] and give them the exact details of what you want to do (i. e.  AP SSO) and then provide the serial number of your nominated active WLC and the serial number of your nominated standby WLC.

• Inquiry about Load Balancer 440

  Hi
  We are planning to buy the Barracuda Load Balancer 440- BBFI440a to be used as H/W load balancer for our applications and Ftp servers. We are using oracle application server 10.1.2.0.2 and Oracle BI and windows 2003 FTP server.
  My question is, does the Barracuda load balancer certified with Oracle AS 10.1.2.0.2?
  Thanks

  Rich,
  When multiple remote addresses are defined, Coherence does randomize the address list defined in the configuration file and connect to the next address in the list.
  -Luk
  Edited by: lsho on Jul 19, 2012 10:56 AM

• Load balancing proxy chain with LD

  Next Week we have to do some consulting at a customers, who owns 4 LD 416. He wants to do full HA balancing of his web proxy chain, consisting of 2 proxy servers, 2 viruswalls and 2 applet traps.
  In his current configuration he routes the HTTP requests from internal clients through a firewall and
  LD1 into DMZ1-proxy, then through the firewall and LD2 to DMZ2-viruswall, then through the firewall and LD1 back to DMZ1-applettrap, and finally towards the internet. This results in a tremendous load on the firewall box.
  Our suggestion to overcome this situation is to set up to VLANs at interfaces 2 and 3 of LD1. The proxy servers will reside in VLAN2, the viruswall at VLAN3, and the applettrap at VLAN2 again. So the LD can bridge all the VLANs and balance the complete proxy chain.
  Will this work? Anything we overlooked? Is there somebody out there who has done something similar before? What configuration specialties have to been taken into account?
  Thanks in advance,
  Oliver

  Next Week we have to do some consulting at a customers, who owns 4 LD 416. He wants to do full HA balancing of his web proxy chain, consisting of 2 proxy servers, 2 viruswalls and 2 applet traps.
  In his current configuration he routes the HTTP requests from internal clients through a firewall and
  LD1 into DMZ1-proxy, then through the firewall and LD2 to DMZ2-viruswall, then through the firewall and LD1 back to DMZ1-applettrap, and finally towards the internet. This results in a tremendous load on the firewall box.
  Our suggestion to overcome this situation is to set up to VLANs at interfaces 2 and 3 of LD1. The proxy servers will reside in VLAN2, the viruswall at VLAN3, and the applettrap at VLAN2 again. So the LD can bridge all the VLANs and balance the complete proxy chain.
  Will this work? Anything we overlooked? Is there somebody out there who has done something similar before? What configuration specialties have to been taken into account?
  Thanks in advance,
  Oliver

• Whats the best way to go about load balancing Exchange 2010 CAS

  My server guys want to LB the Exchange 2010 client access servers, this will be the 7th Context on my Ace 4710.
  see table for ports that are used
  Port
  Usage
  25
  smtp
  80
  http various
  110
  POP3 clients
  135
  RPC end point mapper
  143
  imap4 clients
  443
  SSL various
  993
  secure imap 4 clients
  995
  secure pop3 clients
  6001
  rpc related outlook anywhere
  6002
  rpc related outlook anywhere
  6003
  rpc related outlook anywhere
  60200
  rpc CAS
  60201
  exchange address book service
  whats the best way of going about this?
  do I just LB the IP addresses of the Servers and ignore the ports?
  do i have to do anything special for ports 993 and 995 secure imap and pop?
  I am sure there are more questions I shold be asking!

  OK
  so If I have a single serverfarm with all services do I filter on  the virtual
  address something like below?
  class-map match-any EXCH_vip
  match virtual-address 172.16.93.2 tcp eq 25
  match virtual-address 172.16.93.2 tcp eq 80
  match virtual-address 172.16.93.2 tcp eq 110
  match virtual-address 172.16.93.2 tcp eq 135
  match virtual-address 172.16.93.2 tcp eq 143
  match virtual-address 172.16.93.2 tcp eq 443
  match virtual-address 172.16.93.2 tcp eq 993
  match virtual-address 172.16.93.2 tcp eq 995
  match virtual-address 172.16.93.2 tcp eq 6001
  match virtual-address 172.16.93.2 tcp eq 6002
  match virtual-address 172.16.93.2 tcp eq 6003
  match virtual-address 172.16.93.2 tcp eq 60200
  match virtual-address 172.16.93.2 tcp eq 60201

• Load Balance method for proxy - ISA or BlueCoat

  Hi,
  I would like to know that which load balance method such as src-ip, cookie or etc is most suitable for load balancing proxy servers such as ISA or Bluecoat. The Proxy will listen to many services - http, https, ftp, and etc. Thanks for the help.

  The methods you mentioned are not loadbalancing technics, but stickyness features.
  Stickyness is not always necessary.
  Now, for caching devices, it is good to always send users requesting a same object to a single proxy, so that the same object is not cached in all the proxies.
  Therefore, the solution in this case is loadbalancing with url hashing.
  For HTTPs, if you terminate SSL on the loadbalancer, you can use the same solution.
  For all the other traffic, I would suggest to start with roundrobin and see after a while if it requires some adjustments or not.
  Gilles.

• Load balancing in Azure PaaS

  Hi all,
  I'm new to Azure and while our long term goal is to move our entire system into Azure, we have a small feature we'd like to try implementing first so that our infrastructure will be a sort of hybrid model for now. Basically I want to have a WebRole running
  a WCF endpoint that reads and writes to a queue. One caller external to my system will call the API to drop off work.  My existing system using another method in the API to query for this work that's been dropped off. Pretty simple.
  My question is about load balancing. If I were using an F5 or some other hardware based load balancer I'd throw that in front of the Web Roles setup in a round robin configuration and be done with it. if I had 4 instances of the web role and my services
  were polling once a second (assuming I have few instances of the polling service running in my existing infrastructure) I'd pick the work up in a second or two. This is perfectly acceptable performance for this process.  However, my understanding
  is Azure load balancing uses a hash algorithm that works like IP Affinity in a standard load balancer.... this won't work for obvious reasons.... what pattern should I be following for this work?  Also note, I'd like to have this geo-distributed as well.
  Thanks,
  Matt

  Hi,
  Perhaps, you could use Azure Traffic Manager.
  Azure Traffic Manager allows you to control the distribution of user traffic to your specified endpoints,which can include Azure cloud services, websites, and other endpoints. Traffic Manager works by applying an intelligent policy engine to Domain Name
  System (DNS) queries for the domain names of your Internet resources. Your Azure cloud services or websites can be running in different datacenters across the world.
  More information :
  http://msdn.microsoft.com/en-us/library/azure/hh744833.aspx
  http://msdn.microsoft.com/en-us/library/azure/dn339010.aspx
  http://azure.microsoft.com/en-us/documentation/services/traffic-manager/
  Hope this suits your needs.
  Regards,
  Mekh.

• Interesting ACE URL Header & Load-balance & SSL on 2 VIPs

  Hi There
  I have an interesting situation that I am trying to solve. I have 4 websites, each one with SSL Off-Loading on the ACE on the outside. All FOUR websites run on a single server on the inside, but each website is using a different port number for differentiation. Also, they are currently only available on TWO IPs on the outside! I know.....it's a mare!
  So, RSERVER = SERVER = 192.168.0.1
  Each website has SSL Certs on the outside. https://website1.abc.com - https://website4.abc.com
  But, DNS is only bound to 2 IPs on the outside, as that is all we have available currently, until we free up more IPs.
  OUTSIDE:
  website1.abc.com = 172.16.0.1:443
  website2.abc.com = 172.16.0.1:443
  website3.abc.com = 172.16.0.2:443
  website4.abc.com = 172.16.0.2:443
  On the server we have:
  INSIDE: 192.168.0.1
  SERVER:8001 = website1.abc.com
  SERVER:8002 = website2.abc.com
  SERVER:8003 = website3.abc.com
  SERVER:8004 = website4.abc.com
  So, in a nutshell what I need to do is:
  Terminate SSL for each website, then match the HTTP header, and pass it to the SERVER on the right port. Sounds easy enough.
  But, I am struggling like hell. The VIPs (Wirtual IPs on the OUTSIDE are causing me grief) My steps seem to be breaking my ruleset. Individually they all work, but once I tie them to the VIPs on the outside, it seems to stop. The first site in each CM (class-map) match in the PM (Profile-Map) works but the subsequent site just breaks.
  I would post my config, but right now I have sooooooooooooo many variations, it looks like a dog's breakfast.
  Can anyone give advice on the process flow to follow to get this to work. My issue is arround the VIPs mainly. To be honest, I don't really care about Load-Balancing right now. That will come later when more servers are added to mix. And then we might have to do inbound NAT too to the Server Farm, but that can wait! :-o
  I have created a HEADER map for the headers, individual SERVER FARMS for each port on the RSERVER, ACLs matching the VIPs inbound on 443, CLASS-MAPs matching the HEADER and applying to SFARM, POLICY MAPS matching the CMAPs and doing Load-Balancing with SSL-PROXYs for the SSL headers. SERVICE-POLICY tieing it all together on Interface.
  But .... things are going hey-wire.
  So, steps are:
  RSERVER
  SFARMs = RSERVER:PORTs
  ACLs = VIPs
  CMAP = HEADER = URL
  LB PMAP = HEADER CMAP & SFARM
  PMAP MULITM = ACL CMAP + LB PMAP & SSL-Proxy
  SVC-POL = PMAP MULTIM

  Hi Surya
  Thanks for the prompt reply. I'm not quite sure what you mean when you say it ca only handle 2 certs. Can you elaborate please?
  It would appear to me that you can actually only bind one cert to an IP, based on using a VIP address for the server farm as per the CM in the PM. I can hack out the irrelevant bits tomorrow and post what I have done thus far. I have played with multiple lines of code and various ways of trying to do this, but the end result is that it appears once I have the CM set per VIP I can only set one SSL-Proxy, and so only one cert. If I use multiple CMs, as per the MultiMatch policy, it matches the first CM against the VIP and doesn't appear to move on as per the HTTP Header. If any of that makes sense?
  regards
  Sent from Cisco Technical Support iPad App

• Best way for HTTP load balancing in OSB

  Hi everybody,
  We have setup an OSB cluster and we need to load balance HTTP requests across managed servers. Looking for info about load balancing in OSB I found that there are mainly two options: using a hardware load balancer or a software solution like Weblogic HttpClusterServlet. At the moment we have no hardware balancer available so we will have to take the software option. I found some articles about configuring HttpClusterServlet like http://redstack.wordpress.com/2010/12/20/using-weblogic-as-a-load-balancer.
  But I have a question about this configuration. If we use a managed server as an HTTP proxy that balances requests between OSB managed servers, what would happen if this server goes down? I think one of the main goals of a clustered deployment is avoiding a single point of failure but with that setup all requests would depend on the availability of the proxy managed server.
  Could you recommend us a setup for implementing load balancing in OSB?
  Thank you in advance,
  Daniel.

  Load balancing in a cluster for http requests can be achieved using atleast 4 different ways:
  (1)- use a hardware load balancer like F5 BigIP LTM
  (2)- use a web server with weblogic plugin to frontend the cluster
  (3)- use weblogic with HTTPClusterServlet
  (4)- use DNS round robin - this works if you have managed servers running on 2 machines (say mach1, mach2) but on the same port. HTTP clients use hostname 'mach' to access the URL's and the dns does a round robin name resolution of mach to mach 1 and mach2 IP addresses..
  All the options except (1) achieve only load balancing and not auto failover on all instances.. Hardware load balancers has the extra feature of probing [ sending periodic pings to the targets] , by which it can detect whether the target resource is alive and if not send the traffic to other nodes which are alive.. this is why hardware load balancers are worth their investment..
  other options may work if client is coded to do retrying on failure.. so on 2nd or subsequent attempt, the routing is done to the machine which is alive..
  For options (1),(2) and (3), you also need some redundancy of load balancing device ( web server, weblogic or hardware load balancer) to prevent single point of failure.. Hardware load balancers are usually deployed in redundant pairs to achieve this..
  Edited by: atheek1 on 22/11/2011 15:31