Transparent Cache & Failover Bypass

Hi,
i'm using transparent caching on a 11501 sending all http traffic to a BlueCoat Cache.
I have set the failover bypass option.
When the cache is down, the CSS bypass the cache, but the problem is that i want the http requests to have the CSS source address so the firewall let them pass.
But the http requests have the client ip.
Is there a solution to this?
the cache rule is L5
Thanks

HI,
just use the primarySorryServer command (see http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_command_reference_chapter09186a008028fe78.html#wp1140863). This command takes care or requestes if all other services in a content rule failed. In your case this will take place if your Caches are failing. The sorryserver (your firewall) will than take over the job until the caches return working.
Btw. be aware that this service should only do "routing". So no need for destination NAT.
Regards,
Joerg

Similar Messages

If cache go down, how to bypass Transparent Caching in CSM ?

hi.
I configured transparent caching in CSM.
But cache go down, CSM dropped traffic to web server.
In this case, deed more configuration?
please me know how to bypass in cache go down .
thanks.
============== CSM configuration ==================
module ContentSwitchingModule 3
vlan 10 client
ip address 192.168.112.2 255.255.255.0
route 172.29.0.0 255.255.0.0 gateway 192.168.112.1
vlan 11 server
ip address 192.168.112.2 255.255.255.0
gateway 192.168.112.3
route 172.18.1.10 255.255.255.255 gateway 192.168.112.4
probe CACHE icmp
interval 2
retries 1
failed 2
receive 1
serverfarm CACHE
no nat server
no nat client
real 172.18.1.10
inservice
probe CACHE
serverfarm FORWARD
no nat server
no nat client
predictor forward
policy NOCACHE
client-group 10
serverfarm FORWARD
policy CACHE
serverfarm CACHE
vserver FROMCACHE
virtual 0.0.0.0 0.0.0.0 any
serverfarm FORWARD
persistent rebalance
inservice
vserver REDIRECT
virtual 0.0.0.0 0.0.0.0 tcp www
vlan 10
serverfarm CACHE
persistent rebalance
slb-policy NOCACHE
slb-policy CACHE
inservice
access-list 10 permit 172.29.1.10

under your vserver redirect, instead of configuring 'serverfarm cache' configure 'serverfarm cache backup forward'
If the serverfarm cache goes down, the CSM will use the backup which is a forward.
However, in this case, the response from the server will probably not come back to the CSM, so you should configure the vserver with the command 'unidirectional' as well.
Regards,
Gilles.

ACE :Transparent Cache-SP

Gurus,
I have a setup for transparent caching with my SP client and as of now we are using leastconn as predictor with A2(1.3) as the version.
here are my pain points:
1. The Cache guys tell me the moment we turn normalization ON the caches cant FTP the logs to their FTP servers (the traffic/conn drops after sometime).we dont have randomization ON.
I feel its more of the cache issue or of the connection than of security as normalization will either allow or disallow but will not terminate after some time.
2. also im observing in "show stats" output , lot of "Total layer4 rejections" and some Layer7 conns, and "Total times rserver was unavailable" .. as we see probe-fails a lot when traffic peaks up thus making cache to be out-of-service , need to know when do we have these issues.does it need to have the whole farm to fail or is it for connections failing for a single cache-server?
any good links to find more on the troubleshooting aspect of ACE ?
thanks
Shukla.

Shukla,
ACE has a default idle timeout of 1hour for all traffic going through.
This is true with and without normalization.
Once the connection times out, it is being removed from the connection-list.
This is where normalization makes a difference.
With normalization, a connection can only be established with a SYN.
So, when the application starts sending again, we do not allow the packets to go through.
Without normalization, any packet can be used to establish the connection, so when the server start sending data again, we re-establish the connection and allow the packets to go through.
L4 rejections occur when we can't find a server active - so the whole farm is down.
Gilles.

Load-balancing of transparent cache + IP spoofing + RTSP + MMS not working

We have already in production an architecture with load-balancing of
transparent cache + ip spoofing.
We are unable to do the same for streaming flows (MMS and RTSP).
We are doing PBR from our core network (2 * C6K) to redirect port 80, 554 and
1755 toward CSS boxes, same in our access router (2* Ciso7200).
In this config desired flows are redirected toward the CSS.
Then CSS should load balance the traffic toward our BlueCoat proxy-cache farm.
It's working fine for HTTP but we are unable to make it works for MMS and
RTSP.
Note that we are requiered to use ECMP to perform IP Spoofing on the CSS, meaning we need 4 routes for each client subnet (one route toward upstream C6K, and 3 routes for each proxy cache). We use acl to get rid off looping condition.
Anyone who has already put in place Load-balancing of Streaming transparent cache + IP spoofing could give us some hint.
Many thanks.
Regards,
Pierre Viennet

Gilles, thanks for your input.
Here where we are at with streaming implementation:
- HTTP on all type off client is working
- RTSP: TCP 554 with Real Media client is working
- RTSP: TCP 554 with WMP not working, but it's due to a bug in Bluecoat implementation, the proxy send an error when he see a request with ( User-Agent: WMPlayer ) for RTSP content.
- MMS: TCP 1755 not working with IP spoofing enable on the proxy but OK without IP spoofing...
- UDP 554: not working
- UDP 1755: not working
I fully understand the limitation for UDP traffic.
But I don't see why it's not working for MMS over TCP traffic.
Note that I have the exact same configuration for RTSP and MMS.
Why is it not working for MMS with IP spoofing? Are you aware of a difference on the way CSS handle MMS flows? or a specificity of the MMS protocol?
Below what we can see on the different equipement when trying to launch a MMS over TCP Stream:
c6k-Faaa#sh mls ip source 195.83.182.72
Displaying Netflow entries in Supervisor Earl
DstIP SrcIP Prot:SrcPort:DstPort Src i/f:AdjPtr
Pkts Bytes Age LastSeen Attributes
202.3.225.5 195.83.182.72 tcp :1755 :1504 0 : 0
3 124 17 18:58:12 L3 - Dynamic
202.3.225.5 195.83.182.72 tcp :1755 :1527 0 : 0
2 84 3 18:58:20 L3 - Dynamic
202.3.225.5 195.83.182.72 tcp :554 :1503 0 : 0
4 360 17 18:58:06 L3 - Dynamic
c6k-Faaa#
CSS11503_CORE1# sho flows 202.3.225.5 | grep 1755
202.3.225.5 38531 195.83.182.72 1755 0.0.0.0 TCP
2/3 2/1
202.3.225.5 1527 195.83.182.72 1755 195.83.182.72 TCP
2/7 2/3
CSS11503_CORE1# sho flows 202.3.225.5 | grep 1755
202.3.225.5 38531 195.83.182.72 1755 0.0.0.0 TCP
2/3 2/1
202.3.225.5 1527 195.83.182.72 1755 195.83.182.72 TCP
2/7 2/3
CSS11503_CORE1# sho flows 202.3.225.5 | grep 1755
202.3.225.5 38531 195.83.182.72 1755 0.0.0.0 TCP
2/3 2/1
202.3.225.5 1527 195.83.182.72 1755 195.83.182.72 TCP
2/7 2/3
CSS11503_CORE1#
TCP 192.168.4.19:1491 195.83.182.72:554 TIME_WAIT
TCP 192.168.4.19:1492 195.83.182.72:554 TIME_WAIT
TCP 192.168.4.19:1493 195.83.182.72:1755 TIME_WAIT
TCP 192.168.4.19:1502 195.83.182.72:554 TIME_WAIT
TCP 192.168.4.19:1503 195.83.182.72:554 TIME_WAIT
TCP 192.168.4.19:1504 195.83.182.72:1755 TIME_WAIT
TCP 192.168.4.19:1525 195.83.182.72:554 TIME_WAIT
TCP 192.168.4.19:1526 195.83.182.72:554 TIME_WAIT
TCP 192.168.4.19:1527 195.83.182.72:1755 TIME_WAIT
Many Thanks for your input.
Pierre Viennet.

DLSW Ethernet Redundancy Transparent Cache

I have corrupt entries in the ethernet redundancy transparent cache. These are causing problems establishing new sessions.
Can I clear the entries individually and how long does the cache take to time out?

Hi,
the "dlsw clear transparent circuit" was introduced with CSCdv16277, it is in ios 12.1(11.5) and higher, 12.2(6.4) and higher and it also rolled into 12.3.
Please note the "circuit" option is hidden. you can not see it with the ? asking for help in the parser.
in respect to the origin of the erroneous cache entries. They can be a bug on itself. But they also can be a result of a configuration not exactly like it should be.
I would advice to open a case with the tac and have the configurations sanity checked.
If this is something you can reproduce at will than we would certainly be very interested how you get into this state.
Dlsw ethernet redundancy was quite modified a bit in the last 2 years. Depending on what version of code you run you might need to go to a higher level to pick up all the current maintenance.
My personal few is a recent 12.2 image or even better a recent 12.3 image.
thanks...
Matthias

How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?

hi.
I found How to Configure Transparent caching on Cat 6500 with CSM in routed mode.
But,
I need help How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?
Please let me know sample configuration.
thanks.

Hi,
I wrote the document you mentioned and I also wrote the one below.
http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a00802c1201.shtml
The one with the SSLM is a bridge mode config.
If you replace the SSLM with a cache [or a farm of caches] it would be a similar config.
Replace the SSL21 vserver with an HTTP vserver [most important is to keep the vlan configured on each vserver]
Regards,
Gilles.

Have any one configure transparent caching on ACE module

How to configure transparent caching on ACE module? Please kindly give me a example configure. Thank you very much.

here is a basic config.
The module will intercept traffic coming in on vlan 20 and loadbalance it doing a url hashing to caches in vlan 30.
The mode is transparent so the destination ip address is preserved.
serverfarm host CACHES
transparent
predictor hash url
rserver linux1
inservice
rserver linux1-24
inservice
class-map match-all VIP-TCP80
2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq www
policy-map type loadbalance first-match SF-CACHES
class class-default
serverfarm CACHES
policy-map multi-match SLB-CACHES
class VIP-TCP80
loadbalance vip inservice
loadbalance policy SF-CACHES
interface vlan 20
ip address 192.168.20.123 255.255.255.0
peer ip address 192.168.20.121 255.255.255.0
access-group input PERMIT-ANY
service-policy input ALLOW-ALL
service-policy input SLB-CACHES
no shutdown

OPS의 TAF (TRANSPARENT APPLICATION FAILOVER) 개념 및 구성

제품 : ORACLE SERVER
작성날짜 : 2004-08-13
OPS의 TAF (TRANSPARENT APPLICATION FAILOVER) 개념 및 구성 (8.1이상)
===================================================================
PURPOSE
Oracle8 부터는 OPS node 간의 TAF (Transparent Application Fail-over)가
제공된다. 즉 OPS의 한쪽 node에 fail이 발생하여도 해당 node로 접속하여
사용하던 모든 session이 사용하던 session을 잃지 않고 자동으로 정상적인
node로의 재접속이 이루어저 작업이 계속 진행하도록 하는 것이다.
이 문서에는 이 TAF에 대해서 간단히 살펴보고 실제 configuration을 기술한다.
SCOPE
Transparent Application Failover(TAF) Feature는
8i~10g Standard Edition에서는 지원하지 않는다.
Explanation
TAF가 cover하는 fail의 형태에 대한 설명과, TAF 시 지정하는 fail over의
type과 method에 대해서 설명한다.
(1) fail의 형태:
TAF는 다음과 같은 fail에 대해서 모두 TAF가 정상적으로 수행되게 된다.
단 MTS mode에 대해서는 전혀 문제가 없지만, dedicated mode의 경우는
반드시 dynamic registration형태로 구현이 되어야 정상적으로 TAF가 가능하다.
instance fail: mts의 경우는 문제가 없지만 dedicated mode의 경우는 반드시
dynamic registration 형태로 구성되어야 한다.
fail된 instance 측의 listener가 정상적이라 하더라도,
dynamic registration에 의해서 instance가 fail되면
listener로부터 deregistration되게 되어 listener 정보
를 확인 후 다른 node의 listener로 접속을 시도하게 된다.
그러나 dynamic registration을 사용하지 않게 되면 fail
된 instance 쪽의 listener는 fail된 instance 정보를
services로 보여주게 되고 해당 instance와 연결을 시도하
면서 ORA-1034: Oracle not available 오류가 발생하게 되
는 것이다.
instance & listener down: listener까지 down되게 되면 문제 발생 후
재접속 시도 시 fail된 쪽의 listener 접속이 실패하게 되고,
다른 node의 listener로 접속이 이루어지게 된다.
node down: node 자체가 down되는 경우에도 TAF는 이루어진다. 단 clinet
에 적정한 TCP configuration parameter인 keepalive 의 설정
이 요구되어진다.
node fail시 client와 server간의 작업이 진행중이라면
문제가 없지만 만약 server쪽에서 수행되는 작업이 없는
상태라면 cleint가 node가 down이 되어도 바로 인지할 수가
없다. client에서 다음 server로의 요청이 이루어지는
순간에 client가 더이상 존재하지 않는 TCP end point쪽으로
TCP packet을 보내게 되고, server node가 더이상 살아있지
않다는것을 확인하게 되는데 일반적으로 2,3분이 걸릴수
있다. node가 fail이 된경우 network에 대한 write() function
call이 오류를 return하게 되고, 이것을 client가 받은후
failover기능을 호출하게 되는 것이다.
client에서 idle한 상태에서도 server node가 down되었는지를
학인하려면 TCP keepalive를 설정해야 하며, 이 keepalive를
오라클의 connection에서 사용하려면 TNS service name에서
ENABLE=BROKEN절을 지정해 주어야한다.
DESCRIPTION절에 포함되는 이 ENABLE=BROKEN절에 대한 예제는
아래 구성 예제의 (3)번 tnsnames.ora 구성 부분에서 참조할
수 있다.
이렇게 ENABLE=BROKEN을 지정하면 network쪽 configuration인
keepalive 설정을 이용하게 되는데 이것이 일반적으로는
2 ~ 3시간으로 설정되어 있기 때문에 이값이 적당히 짧아야
TAF에서 의미가 있을 수 있다.
단 이 keepalive time이 너무 짧으면, 그리고 idle한
session이 많은 편이라면 network부하가 매우 증가할 수
있으므로 이 지정에 대해서는 os나 network administrator와
충분히 상의하여야 한다.
이 keepalive 대한 자세한 내용과 설정 방법은 <bulletin:11323:
SQL*NET DCD(DEAD CONNECTION DETECTION)과 KEEPALIVE의 관계>를
          참조한다.
(2) type: session vs. select
session은 유지하고 수행중이던 SQL문장은 모두 fail되는 session type과
DML문장은 rollback되고 select문장은 유지되는 select type이 제공된다.
select type의 경우도 fail된 instance에서만 얻을 수 있는 정보의 경우는
조회수행 도중 다음과 같은 오류를 발생시키고 중단될 수 있다.
예를 들어 해당 instance에 대한 gv$session으로부터의 조회와 같은것이 그
예이다.
ORA-25401: can not continue fetches
(3) method: basic vs. backup
fail발생시 다른 node로 session을 연결하는 basic method와,
미리 다른 node로 backup session을 연결해 두었다가 fail발생시 사용하는
backup method가 존재한다.
Example
TAF설정을 위해서는 init.ora, listener.ora, tnsnames.ora에 설정이 필요하다.
MTS mode에서는 문제가 없기 때문에 여기서는 반드시 dynamic registration으로
설정해야 하는 dedicated방식을 예로 들었다.
test는 Oracle 8.1.7.4/Sun solaris 2.8에서 수행되었다.
A/B 두 node를 가정한다.
(1)initSID.ora에서
- A node의 initSID.ora
service_names=INS1, DB1
local_listener="(address=(protocol=TCP)(host=krtest1)(port=1521))"
- B node의 initSID.ora
service_names=INS2, DB1
local_listener="(address=(protocol=TCP)(host=krtest2)(port=1521))"
service_names는 여러개를 지정가능한데, 중요한것은 두 node가 공통으로
사용할 service name한가지는 반드시 지정하여야 한다.
일반적으로 db_name을 지정하면 된다.
host=부분은 hostname이나 ip address를 지정하면 된다.
(2) listener.ora
LISTENER =
(DESCRIPTION =
(ADDRESS =
(PROTOCOL = tcp)
(HOST = krtest1)(PORT= 1521)))
B node에서는 krtest1대신 b node의 hostname혹은 ip address를 지정하면
된다
(3) tnsnames.ora은 지정하는 방법이 두가지입니다.
아래에 basic method와 backup method 두 가지 방법에 대한 예를 모두 기술한다.
이중 한가지를 사용하면 되며 backup method의 fail-over시 미리 연결된
session을 사용하므로 시간이 적게 걸릴수 있으나 반대 node에 사용안하는
session을 미리 맺어놓는것에 대한 부하가 있어 서로 장단점이 있을 수 있다.
두 설정 모두 TAF뿐 아니라 connect time fail-over도 가능한 설정이다.
즉 A node가 fail시 같은 tns service name을 이용하여서 (여기서는 opsbasic
또는 ops1) B node로 접속이 이루어진다.
address=로 정의된 address절이 위쪽을 먼저 시도하므로 정상적인 상태에서
B node로 접속을 원하는 경우는 opsbasic의 경우 krtest2를 위쪽에 적고,
ops1/ops2의 경우는 ops2를 사용하도록 한다.
여기에서 (enable=broken)설정이 되어 있는데 이것은 client machine에 설정되어
있는 TCP keepalive를 이용하는 것으로 network부하를 고려하여 설정을 제거할
수 있다.
a. basic method
krtest1의 tnsnames.ora에서는 opsbasic과 ops2에 대해서 설정해두고,
krtest2 node에서는 opsbasic과 ops1을 설정한 후, backup=ops2를
backup=ops1으로 수정하면 된다.
opsbasic =
(description=
(address_list=
     (enable=broken)
     (load_balance=off)
     (failover=on)
     (address= (protocol=tcp) (host=krtest1) (port=1521))
     (address= (protocol=tcp) (host=krtest2) (port=1521))
(connect_data =
          (service_name=DB1)
     (failover_mode=
     (type=select)
     (method=basic)
(backup=ops2))))
ops1 =
     (description =
     (enable=broken)
     (load_balance=off)
     (failover=on)
     (address=(protocol=tcp)(host=krtest1) (port=1521))
(connect_data = (service_name = DB1)))
ops2 =
     (description =
     (enable=broken)
     (load_balance=off)
     (failover=on)
(address=(protocol=tcp)(host=krtest2) (port=1521))
(connect_data = (service_name = DB1)))
b. preconnect method
아래 예제의 ops1, ops2가 모두 같은 tnsnames.ora에 정의되어 있어야 하며,
ops1을 이용하여 접속하여 krtest1을 사용시에도 미리 backup session을
krtest2에 맺어둔 상태에서 작업하게 된다.
ops1 =
(description =
(address_list =
(enable=broken)
     (load_balance=off)
     (failover=on)
     (address=(protocol=tcp)(host=krtest1) (port=1521))
     (address=(protocol=tcp)(host=krtest2) (port=1521))
(connect_data = (service_name = DB1)
(failover_mode=
     (backup=ops2)
     (type=select)
     (method=preconnect))))
ops2 =
(description =
(address_list=
     (enable=broken)
     (load_balance=off)
     (failover=on)
(address=(protocol=tcp)(host=krtest2) (port=1521))
(address=(protocol=tcp)(host=krtest1) (port=1521))
(connect_data = (service_name = DB1)
(failover_mode=
     (backup=ops1)
     (type=select)
     (method=preconnect))))
Reference Documents
-------------------

ORACLE8 OPS 환경에서 FAILOVER SETUP 방법(TRANSPARENT APPLICATION FAILOVER)

제품 : ORACLE SERVER
작성날짜 : 2004-08-13
ORACLE8 OPS 환경에서 FAILOVER SETUP 방법
========================================
SCOPE
Standard Edition 에서는 Real Application Clusters 기능이 10g(10.1.0) 이상 부터 지원이 됩니다.
Explanation
oracle 7 ops (sqlnet v2.3.x 이상)에서는 fail로 인한 failover 지원이 manual
하게 reconnect를 하도록 하여 지원이 되었다. <bulletin 11033 참고>
이는 sql*net기능을 사용하여 connection time failover 기능을 사용하는 경우이다.
하지만, oracle 8 이상 에서는 automatic reconnection이 가능하게 되었다.
즉, run-time failover가 가능하다.
이는 일단 connection이 이루어진 후에 발생하는 모든 failover는
Transparent Application Failover 코드에 의해 처리된다.
다음은 Oracle 8 TAF(Transparent Application Failover) setup 방법이다.
tnsnames.ora file에 다음의 parameter를 지정하여 가능하다.
1. failover_mode : run time 시에 failover가 가능하게 한다.
2. TYPE (Required) : failover 후의 operation을 지정한다.
SESSION - failover 발생 시 새로운 session이 다른 instance에
reconnection되며 이전 session에서의 모든 uncommit된
작업은 rollback 된다.
select도 이어서 진행되지 못한다.
SELECT - failover 발생 시 새로운 session이 다른 instance에
reconnection되며 이 때 long query나 복잡한 query 등의
작업 수행 시 작업이 이어서 진행된다.
단, dml 작업은 rollback된다.
NONE - This is the default. No automatic failover
3. METHOD : 어떻게 failover할지를 지정한다.
BASIC - failover 발생 시에 backup instance(server)로 다시 접속한다.
PRECONNECT - primary instance와 backup instance 두 개에 모두
connection 맺어 놓은 후 failover 시에 backup
instance를 통해 service한다.
***< 중요 > 현재 PRECONNECT는 최소한 8.0.5는 되어야 하며
BASIC은 8.0.6이나 8.1.5에서만 가능하다.
4. BACKUP : failover 시 접속할 instance의 정보를 기술한다.
tnsnames.ora의 alias name을 기술한다.
Example
다음은 tnsnames.ora file의 example이다.
< example 1 >
=========================================================================
node1.WORLD =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(Host = node1)(Port = 1521))
(CONNECT_DATA = (SID = SID1)
(FAILOVER_MODE = (BACKUP = node2)
(TYPE = SELECT )
(METHOD = PRECONNECT))
node2.WORLD =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(Host = node2)(Port = 1521))
(CONNECT_DATA = (SID = SID2)
(FAILOVER_MODE = (BACKUP = node1)
(TYPE = SELECT )
(METHOD = PRECONNECT))
========================================================================
< test 1 >
1) 각 node의 instance를 start한다.
2) 각 node의 listener를 구동한다.
node1% lsnrctl start lsnr_node1
node2% lsnrctl start lsnr_node2
3) node1에서 다음의 작업을 한다.
sqlplus scott/tiger@node1
SQL> select count(*) from emp;
COUNT(*)
14
4) Node1에서 instance를 shutdown abort한다.
5) 3번의 session에서 select를 다시 한다.
SQL> select count(*) from emp;
ERROR at line 1:
ORA-25404: lost instance
다시 select한다.
SQL> select count(*) from emp;
COUNT(*)
14
Data가 node2 instance를 통해 제대로 select되며 이는 failover가 정상적으로
작동됨을 알 수 있다.
< example 2 >
다음은 TAF(Transparent Application Failover) 기능에 SQL*NET의
connection time failover 기능을 추가한 경우이다.
========================================================================
node1.WORLD =
(DESCRIPTION_LIST =
(DESCRIPTION = (ADDRESS = (PROTOCOL= TCP)(Host= node1)(Port= 1521))
(CONNECT_DATA =(SID = SID1)(SERVER=SHARED)
(FAILOVER_MODE = (BACKUP = node2)(TYPE=SESSION)(METHOD=PRECONNECT))))
(DESCRIPTION =(ADDRESS = (PROTOCOL= TCP)(Host= node2)(Port= 1521))
(CONNECT_DATA =(SID = SID2)(SERVER=SHARED)
(FAILOVER_MODE = (BACKUP = node1)(TYPE=SELECT)(METHOD=PRECONNECT))))
node2.WORLD =
(DESCRIPTION_LIST =
(DESCRIPTION =(ADDRESS = (PROTOCOL= TCP)(Host= node2)(Port= 1521))
(CONNECT_DATA =(SID = SID2)(SERVER=SHARED)
(FAILOVER_MODE = (BACKUP = node1)(TYPE=SESSION)(METHOD=PRECONNECT))))
(DESCRIPTION = (ADDRESS = (PROTOCOL= TCP)(Host= node1)(Port= 1521))
(CONNECT_DATA = (SID = SID1)(SERVER=SHARED)
(FAILOVER_MODE = (BACKUP = node2)(TYPE=SELECT)(METHOD=PRECONNECT))))
=======================================================================
< test 2 >
1) 각 node의 instance를 start한다.
2) 각 node의 listener를 구동한다.
node1% lsnrctl start lsnr_node1
node2% lsnrctl start lsnr_node2
3) node1에서 다음의 작업을 한다.
sqlplus scott/tiger@node1
SQL> select count(*) from emp;
COUNT(*)
14
4) Node1에서 instance를 shutdown abort한다.
5) 3번의 session에서 select를 다시 한다.
ORA-25404 error조차 없이 select된다.
SQL> select count(*) from emp;
COUNT(*)
14
Data가 node2 instance를 통해 제대로 select되며 이는 failover가 정상적
으로 작동됨을 알 수 있다.
(참고 1) dedicated 방식의 경우는 shared 대신에 dedicated를 기술한다.
물론 initSID.ora의 mts를 기술하지 않고 tnsnames.ora의 server option을 쓰지
않으면 default로 dedicated 방식을 쓴다.
(참고 2) example 1을 사용할 경우 session 종료 후 재접속 시 자동 failover가
되지는 않는다.
Reference Documents
oracle8 parallel server concepts & administration manual

Hi,
Many Thanks for your inputs. I created 2 non default listeners LISTENER_ORCL1 and LISTENER_ORCL2 on each node respectively.
I was able to set LISTENER_ORCL as remote listener. But for some reason, the local_listener does not get set. The statement is executed successfully but no changes in the parameters and TAF setup does not work. I initially had the default port number of 1521 for the listener but then changed it to 1522 (to test if it had something to do with default port no) but still no success.
SQL> show parameters listener
NAME TYPE VALUE
local_listener string
mts_listener_address string
mts_multiple_listeners boolean FALSE
remote_listener string LISTENER_ORCL
SQL> alter system set local_listener='LISTENER_ORCL1' SCOPE=BOTH SID='ORCL1';
System altered.
SQL> alter system set local_listener='LISTENER_ORCL2' SCOPE=BOTH SID='ORCL2';
System altered.
SQL> show parameters listener
NAME TYPE VALUE
local_listener string
mts_listener_address string
mts_multiple_listeners boolean FALSE
remote_listener string LISTENER_ORCL
Help Plssssssssssss!!!!!!!!

How to Configure Transparent caching on Cat 6500 with CSM in routed mode

I am trying to configure Transparent caching on Cat 6500 with CSM in routed mode, but facing some problems in it , also I have gone thru the example config on cisco site for transparent caching using CSM on Cat 6500 , but the above does not fit my clients requirement.
The scenario is like
Access Switches - Cat6500 with MSFC & CSM - Internet Router
|
Cache Engines and Real servers
The clients as well as real servers are on seperate VLANs (L3) and the requirement is to load balance the internet traffic using cache engines.
I'd really appreciate any helpful suggestions or any useful links/docs/info on this.
Thanks
kumar

Hello Joerg,
Thanks for the reply.
I have already gone thru the sample config shown by this weblink, however this link refers to configuring transparent caching on the CSM in BRIDGED MODE ( i.e both the client and server vlans are having the same IP address ) but in our case , we have multiple L3 VLANS on the CAT6509 having IP addresses in different SUBNETS , and the Real servers to be used for caching also exist on one of these VLANS. Thus, the scenario described by the Weblink does not apply here. Also , in the configuration referred by the above weblink, the VLAN 100 is configured as client , however the endusers are shown to be on vlan200 which is configured as SERVER VLAN in the CSM.
Dont you think there is something wrong here, I mean the endusers should be on VLAN 100 (Client) and real servers on VLAN 200 (SERVER).
So, I have to configure CSM in routed mode ( i.e both the client and server vlans will have seperate IP addresses in different subnets ) and the endusers will be on all VLANS .
Pls let me know , how I can implement this solution.
Thanks again
Sudhir

Reverse Proxy and Transparent Caching

I've seen a couple threads on these particular subjects, and I'm still a little curious. I understand that it is possible to have both of these configured, but what is the proper method of accomplishing this?
For example, our setup is similar to the configuration in the configuration guide for clients and content engines on different subnets, so the transparent part seems pretty simple where the "ip wccp web-cache redirect out" command will be on the interface connected to the internet.
However, for the reverse proxy portion, can I also configure reverse proxy on the same internet-connected interface with "ip wccp 99 redirect in"? Or does the transparent caching take precendence even though they are for different conditions? If that is the case, do I then need to use the "ip wccp 99 redirect out" command on the interface that would be pointing back towards the origin servers?
I'd just like to clarify because we don't have test devices to play around with, so we would be modifying production devices.
As a completely different question, if only transparent caching is configured, is it still possible to use the CE590 as a proxy server? The reason I am asking is that we recently shut down wccp because we were seeing excessive traffic at odd hours. A stroll through the transaction logs revealed that most of this traffic was destined for foreign subnets. It appeared that the CE590 was acting as a proxy for these foreign IPs because the source IP address as well as the data being retrieved were foreign to our network.
If anyone can help with my questions, it would be greatly appreciated.
David

According to this thread,
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.ee8a89a
if you are redirecting both the services on the same interface, One service takes precedence over the other and I believe transparent web-cache redirect takes precedence over reverse-proxy.I think you need to use the "ip wccp 99 redirect out" command on the interface that would be pointing back towards the origin servers.
For details refer:
http://www.cisco.com/en/US/partner/products/sw/conntsw/ps491/products_configuration_guide_chapter09186a00800af658.html#19607
I'm not too sure about the CE 590 but i know that the CE 560 can be used as a proxy for transparent caching using WCCP.

Transparent Caching causing permanent WAN-Traffic

Hello,
we enabled Windows 7 Transparent Caching in one of our branch offices via Group Policy.
We limited the Cache Size to 5GB and max file size 512MB. The branch office uses a central fileserver connected via a 2x2Mbit Link (MPLS). During the course of the week, we observed high bandwidth usage after we enabled Transparent Caching on the Clients. Digging
deeper into the problem we used network sniffers and procmon from sysinternals to see what is going on. We also connected to several clients that produced the traffic to see what the users were doing (copy jobs running?).
What we found out: The traffic was not unidirectional, but up and download bandwidth was EQUALLY eaten up. The clients had NO copy jobs running, just Outlook, Word and Excel open with no file transfer going out through these applications.
The users also had some Windows Explorers open and these showed a directory listing of the remote fileservers they were working with. After we closed the Windows Explorer windows, the traffic immediately stopped!
Through network sniffing we found out that the explorer process was constantly pulling directory data from the remote fileserver. So you see a SMB request packet from the client and then a packet with a filename from the remote fileserver. Looks like a directory
traversing. You see also that these files (or at least some KB from them) are written to the C:\windows\csc directory structure. I first tought about the search indexer, but this should not touch network drives by default. But even more strange is that this
traffic stops immediately when the explorer windows are closed.
What is this and how can this be avoided?

Hi,
How do you configure Offline files? What's your "Configure Background Sync" settings?
Background Sync is a machine-specific setting which applies to any user who logs on to the specified computer while this policy setting is in effect. This policy setting is in effect when a network folder is determined to be in “slow-link” mode, as specified
by the “Configure slow-link mode” policy setting.
If your fileserver make big change constantly, you may need to update the list of directory paths that the functionality can be enabled for.
To provide data integrity, Windows 7 always contacts the server to ensure that the cached copy is up to date.
For detailed information to check, please refer to the following article:
Configuring New Offline Files Features for Windows 7 Computers Step-by-Step Guide
http://technet.microsoft.com/en-us/library/ff633429(v=ws.10).aspx
Best regards,
Karen Hu
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Transparent Application Failover (TAF) FAILED!

Dear all,
I have installed RAC 10gR2 on 64-bit Oracle Enterprise Linux, iscsi as shared disks and ASM as storage option. I follwoed document hunter_rac10gr2_iscsi.
Everything is ok both database instance are up and running.
Value in the show parameter services is
bss.beaconhouse.edu.pk, orcl_taf, ora_devp
TNSNAMES.ORA file on a window based client machine contains the following entry:
ora_devp, ora_devp.world =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.0.63)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.0.64)(PORT = 1521))
(LOAD_BALANCE = yes)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = bss.beaconhouse.edu.pk)
(FAILOVER_MODE =
(TYPE = SELECT)
(METHOD = BASIC)
(RETRIES = 180)
(DELAY = 5)
But still when I connect to database from client machine and after verifying the connected instance, I stop the services of that instance from RAC server. The client automatically do not shirt to the second instance but give error.
My Transparent Application Failover is not configured properly. Though as i told you both instance are UP and running i can stop and start any one instance.
Kindly help me to implement the very basic feature of RAC.
Thanks, Imran

It seems that Hunter's scripts configure only the "oracle_taf" service for TAF.
Therefore, to test TAF your client should be attempting to connect to the TAF
service "oracle_taf" not "bss.beaconhouse.edu.pk"
See under Step 24
Database Services : For this test configuration, click Add, and enter orcl_taf as the "Service Name." Leave both instances set to Preferred and for the "TAF Policy" select "Basic".
and
"Create the orcl_taf Service
During the creation of the Oracle clustered database, you added a service named orcl_taf that will be used to connect to the database with TAF enabled. During several of my installs, the service was added to the tnsnames.ora, but was never updated as a service for each Oracle instance.
Use the following to verify the orcl_taf service was successfully added:
SQL> show parameter service
NAME TYPE VALUE
service_names string orcl.idevelopment.info, orcl_taf
If the only service defined was for orcl.idevelopment.info, then you will need to manually add the service to both instances:
SQL> show parameter service
NAME TYPE VALUE
service_names string orcl.idevelopment.info
SQL> alter system set service_names =
2 'orcl.idevelopment.info, orcl_taf.idevelopment.info' scope=both; "
and step 30
TAF Demo
From a Windows machine (or other non-RAC client machine), login to the clustered database using the orcl_taf service as the SYSTEM user:
C:\> sqlplus system/manager@orcl_taf
Message was edited by:
Hemant K Chitale

ACE4710 Transparent Caching

Hello Friends,
I am facing a problem with the ACE4710, problem description as follows;
We have two IronPort web security boxes loadbalanced using the ACE4710 which configured in the bridged mode for transparent caching . Now we are facing a strange problem with downloading from websites like cisco.com, ibm.com etc.. it gives the error ;;connection timedout'' in the final stage...What we observed that these sites are initially https and then changing to http something like that... below is the configuration details;
==================
serverfarm host IRONPORT-SF
transparent
predictor hash url
rserver IRONPORT-1
    probe IRONPORT-ICMP
    inservice
rserver IRONPORT-2
    probe IRONPORT-ICMP
    inservice
sticky ip-netmask 255.255.255.255 address source IRONPORT-STICKY
timeout 60
timeout activeconns
replicate sticky
serverfarm IRONPORT-SF
policy-map type loadbalance first-match IRONPORT-LB
class class-default
    sticky-serverfarm IRONPORT-STICKY
class-map match-all VIP-TCP443
2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq https
class-map match-all VIP-TCP80
2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq www
policy-map multi-match SERVERFARM-POLICY
class VIP-TCP80
    loadbalance vip inservice
    loadbalance policy IRONPORT-LB
    loadbalance vip icmp-reply active
class VIP-TCP443
    loadbalance vip inservice
    loadbalance policy IRONPORT-LB
    loadbalance vip icmp-reply active
policy-map type loadbalance first-match IRONPORT-LB
class class-default
    sticky-serverfarm IRONPORT-STICKY
policy-map multi-match SERVERFARM-POLICY
class VIP-TCP80
    loadbalance vip inservice
    loadbalance policy IRONPORT-LB
    loadbalance vip icmp-reply active
interface vlan 20
description ---------CLIENT SIDE INTERFACE---------
ip address <<IP Address>> <<Mask>>
alias <<IP Address>> <<Mask>>
peer ip address <<IP Address>> <<Mask>>
no normalization
no icmp-guard
access-group input ACL-IN
service-policy input REMOTE-ACCESS
service-policy input SERVERFARM-POLICY
no shutdown
interface vlan 208
description ---------SERVER SIDE INTERFACE--------
ip address <<IP Address>> <<Mask>>
alias <<IP Address>> <<Mask>>
peer ip address <<IP Address>> <<Mask>>
no normalization
mac-sticky enable
no icmp-guard
access-group input ACL-IN
no shutdown
=============================
If anybody has the same setup or anyone faced similar problem....Pls comment.
Rgds
Sudheer.

Hi Sudheer,
You mentioned that you are using the ACE in bridge mode, please confirm this point as I don't see any BVI interface configured, so I guess you are using it in routed mode?!
Looking through your configuration and considering routed mode deployment, I don't see how the ACE could effect these connection in anyway, you are doing basic L4 load balancing, and sharing the same sticky group under both policy map, which mean the client will stay stuck to the same server even if it been redirected by the web-site, so this connection change will not effect the ACE load balancing decision.
I would recommend you to capture the traffic on the client, ACE, IronPort simultaneously then have a look who is breaking the communication, that should give you better understanding about the problem.
Best regards,
Ahmad

Transparent Cache; Need separation for YouTube.

Gurus,
here I'm again trying to get some insight to my clients cache issues:
We recently wanted to separate Youtube traffic from the global cache pool and make a separate 3-cache pool, we hit a major issue, the moment we added the paramters/class-maps/policy-maps, we saw ACE dropping 80% of normal existing traffic and we were left with an outage of the web, the ACE just wont pass traffic, even after we removed the class-maps and polices and reloading the ACE module , had to reboot the c6500s
Here the config:
YOUTUBE SERVERFARM:
rserver host BCXX
description BC-YOUTUBE-x
ip address X.X.X.X
inservice
rserver host BCYY
description BC-YOUTUBE-y
ip address Y.Y.Y.Y
inservice
rserver host BCZZ
description YOUTUBE -z
ip address Z.Z.Z.Z
inservice
serverfarm host LEASTCONNECTIONS_FARM
description Transparent Proxy Least Connection Farm
transparent
failaction purge
predictor leastconns slowstart 60
probe PORT_80
rserver BC05
inservice
rserver BC06
inservice
rserver BC07
serverfarm host YOUTUBE_FARM
transparent
failaction purge
predictor roundrobin
probe PORT_80
rserver BC-YOUTUBE-x
inservice
reserver BC-YOUTUBE-y
inservice
rserver BC-YOUTUBE-z
inservice
class-map type http loadbalance match-any YOUTUBE-1
2 match http header Host header-value "www.youtube.com"
class-map type http loadbalance match-any YOUTUBE-2
2 match http url /get_video.*
sticky ip-netmask 255.255.255.255 address both STICKY_SF
timeout 30
timeout activeconns
replicate sticky
serverfarm LEASTCONNECTIONS_FARM
policy-map type loadbalance first-match TRANSPARENT_LB_PM
class YOUTUBE-1
serverfarm YOUTUBE_FARM
class YOUTUBE-2
serverfarm YOUTUBE_FARM
class class-default
sticky-serverfarm STICKY_SF
, We saw some buffer crunches but not sure, we are running A2(1.3) .
last year we had same config with ONLY mathcing URL /get_video.* and was working fine with dest_ip hashing,
this time we added the host www.youtube.com and 3 separate caches.
doesnt seem to make sense to us,
if anyone has worked to segregate U-tube , do share their config philosophy.
we are thinking about separate context or diff policies, but that's too much config related, still all options open.
do let me now champs..
Shukla.

if you had to reboot the cat6k this is not a ACE issue.
The ACE module sits inside the cat6k but should be considered as an external device.
To separate Youtube traffic you need a new feature of A2(1.4) to hash the secondary cookie value.
CSCsq99736: ACE predictor hash url should not stop parsing at "?" delimiter
All video in youtube comes from the same url but with an option "watch?v=9LMTClqvCGs"
What you need to do is hash the value which can be done with A2(1.4).
This will guarantee that you always get to the same cache for the same video.
But your total meltdown was not the result of ACE.
Sth else must have happened.
If ACE was the problem, a reboot of ACE w/ a known-working config should have been enough.
Try not to reboot as a way to fix problems.
Call the TAC and let them troubleshoot your issue live.
Gilles.

Transparent Cache & Failover Bypass

Similar Messages

Maybe you are looking for