Unstable vMotion behavior over DCI with vPC?

Similar Messages

• Ask the Expert: Different Flavors and Design with vPC on Cisco Nexus 5000 Series Switches

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about Cisco® NX-OS.
  The biggest limitation to a classic port channel communication is that the port channel operates only between two devices. To overcome this limitation, Cisco NX-OS has a technology called virtual port channel (vPC). A pair of switches acting as a vPC peer endpoint looks like a single logical entity to port channel attached devices. The two devices that act as the logical port channel endpoint are actually two separate devices. This setup has the benefits of hardware redundancy combined with the benefits offered by a port channel, for example, loop management.
  vPC technology is the main factor for success of Cisco Nexus® data center switches such as the Cisco Nexus 5000 Series, Nexus 7000 Series, and Nexus 2000 Series Switches.
  This event is focused on discussing all possible types of vPC along-with best practices, failure scenarios, Cisco Technical Assistance Center (TAC) recommendations and troubleshooting
  Vishal Mehta is a customer support engineer for the Cisco Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in TAC for the past 3 years with a primary focus on data center technologies, such as the Cisco Nexus 5000 Series Switches, Cisco Unified Computing System™ (Cisco UCS®), Cisco Nexus 1000V Switch, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching, and service provider.
  Nimit Pathak is a customer support engineer for the Cisco Data Center Server Virtualization TAC team based in San Jose, California, with primary focus on data center technologies, such as Cisco UCS, the Cisco Nexus 1000v Switch, and virtualization. Nimit holds a master's degree in electrical engineering from Bridgeport University, has CCNA® and CCNP® Nimit is also working on a Cisco data center CCIE® certification While also pursuing an MBA degree from Santa Clara University.
  Remember to use the rating system to let Vishal and Nimit know if you have received an adequate response. 
  Because of the volume expected during this event, Vishal and Nimit might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure Community, under the subcommunity LAN, Switching & Routing, shortly after the event. This event lasts through August 29, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Gustavo
  Please see my responses to your questions:
  Yes almost all routing protocols use Multicast to establish adjacencies. We are dealing with two different type of traffic –Control Plane and Data Plane.
  Control Plane: To establish Routing adjacency, the first packet (hello) is punted to CPU. So in the case of triangle routed VPC topology as specified on the Operations Guide Link, multicast for routing adjacencies will work. The hellos packets will be exchanged across all 3 routers and adjacency will be formed over VPC links
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999181
  Now for Data Plane we have two types of traffic – Unicast and Multicast.
  The Unicast traffic will not have any forwarding issues, but because the Layer 3 ECMP and port channel run independent hash calculations there is a possibility that when the Layer 3 ECMP chooses N5k-1 as the Layer 3 next hop for a destination address while the port channel hashing chooses the physical link toward N5k-2. In this scenario,N5k-2 receives packets from R with the N5k-1 MAC as the destination MAC.
  Sending traffic over the peer-link to the correct gateway is acceptable for data forwarding, but it is suboptimal because it makes traffic cross the peer link when the traffic could be routed directly.
  For that topology, Multicast Traffic might have complete traffic loss due to the fact that when a PIM router is connected to Cisco Nexus 5500 Platform switches in a vPC topology, the PIM join messages are received only by one switch. The multicast data might be received by the other switch.
  The Loop avoidance works little different across Nexus 5000 and Nexus 7000.
  Similarity: For both products, loop avoidance is possible due to VSL bit
  The VSL bit is set in the DBUS header internal to the Nexus.
  It is not something that is set in the ethernet packet that can be identified. The VSL bit is set on the port asic for the port used for the vPC peer link, so if you have Nexus A and Nexus B configured for vPC and a packet leaves Nexus A towards Nexus B, Nexus B will set the VSL bit on the ingress port ASIC. This is not something that would traverse the peer link.
  This mechanism is used for loop prevention within the chassis.
  The idea being that if the port came in the peer link from the vPC peer, the system makes the assumption that the vPC peer would have forwarded this packet out the vPC-enabled port-channels towards the end device, so the egress vpc interface's port-asic will filter the packet on egress.
  Differences:  In Nexus 5000 when it has to do L3-to-L2 lookup for forwarding traffic, the VSL bit is cleared and so the traffic is not dropped as compared to Nexus 7000 and Nexus 3000.
  It still does loop prevention but the L3-to-L2 lookup is different in Nexus 5000 and Nexus 7000.
  For more details please see below presentation:
  https://supportforums.cisco.com/sites/default/files/session_14-_nexus.pdf
  DCI Scenario:  If 2 pairs are of Nexus 5000 then separation of L3/L2 links is not needed.
  But in most scenarios I have seen pair of Nexus 5000 with pair of Nexus 7000 over DCI or 2 pairs of Nexus 7000 over DCI. If Nexus 7000 are used then L3 and L2 links are required for sure as mentioned on above presentation link.
  Let us know if you have further questions.
  Thanks,
  Vishal

• GLBP with vPC configuration acceptable?

  Hello,
  I'm reposting this discussion here.
  I have designed GLBP with vPC configured in a pair of N7K switches. But in Cisco documentation, the best practice configuration uses HSRP in vPC environment. Customer doesn't feel comfortable with GLBP since Cisco's best practice using HSRP. Is there any potential issue using GLBP in vPC environment?
  Thanks,
  Jason

  Hi, there is no need for GLBP with vPC. Both HSRP peers are active.
  http://www.netcraftsmen.net/component/content/article/69-data-center/1260.html
  "...since both  peers forward. This behavior also provides HSRP load-balancing without needing to  switch to GLBP."
  Don't forget to rate all posts that are helpful.

• Nexus 5K OSPF with vPC

  Hi,
  I know it is well documented using IGP's, more specifically OSPF with 7K's and vPC's but when it comes to the same thing on 5K's I am still a little confused.
  My topology is:
  5K01 and 5K02 are connected and are vPC peers, I currently have a management network on VLAN 114, both 5k's have SVI's on this and are currently OSPF neighbors over their vPC using this vlan.
  I have an MPLS router (service provider PE) which is 2 routers but clustered so logically in this instance it is one router, the 5 k's will be conecting to this PE router via some switches over a vPC and needs to become a OSPF neighbor to both the 5K's.
  Looking at this post:
  http://adamraffe.com/2013/03/08/l3-over-vpc-nexus-7000-vs-5000/
  It suggests that I can just add VLAN 114 to the vPC up to tyhe PE and turn OSPF on on the interface on the PE, although this will not support Multicast and I don't really want to restrict myself as this may be a future requirement.
  What I thought might be a better solution would be to designate a new vlan and allow it on the vPC up to the PE and use that for the OSPF neighborships between the 5K's and the PE and not allowing it over the vPC peer link - leaving the 5K's neighborship over vlan 114.
  Can someone tell me what the best practice/supported topology is here and maybe provide some cisco links?
  Thanks a lot in advance.

  You have to be very careful when configuring L3 services and interfaces while using VPC. 
  Take a look at this document:
  http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf
  Also, take a look at this post:
  http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/
  You can create a vlan used exclusively for Nexus-to-Nexus iBGP peering.  Use a new 'access' link between the two switches and place them on the new vlan.  Make sure that this VLAN does not traverse the VPC peer link.  Then, create SVIs on each switch for that VLAN and peer over that link.  Then, you can create a L3 link on each nexus to peer with your eBGP neighbors.
  The point you want to make sure you understand is the VPC loop prevention mechanism that says "If a packet is received on a VPC port, traverses the VPC peer link, it is not allowed to egress on a VPC port."

• I accidentally quit my CC on my Macbook pro and now the cloud icon is grayed out and every time I hover over it with the mouse I get the spinning beach ball of death on the icon. I have no idea how to open it because when I use spotlight search to open it

  I accidentally quit my CC on my Macbook pro and now the cloud icon is grayed out and every time I hover over it with the mouse I get the spinning beach ball of death on the icon. I have no idea how to open it because when I use spotlight search to open it it gives me a message saying "Creative Cloud is not open anymore" help!

  Since you didn't include any pertinent info such as the Mac model and OS version you are running, here is some general information:
  Mac OS X: Gray screen appears during startup
  Depending on which OS yours came with originally - and which OS you are now running - you would either need your original install disks - you can call Apple for replacements by giving them your serial number. Or you may be able to reinstall the OS by using recovery (again, depends on which model/which OS).

• Can i text international from one iphone to another iphone over wifi with other friends who will be with us overseas?

  can i text international from one iphone to another iphone over wifi with other friends that have iPhones
  who will be with us overseas?

  Yes, if you are provisioned by your carrier to do so.  IF both phones are iphones with IOS 5.0 or higher then you can use imessage.

• Airtune Over Ethernet  with Time Capsule or Airport Extreme

  Can the previous generation Time Capsule or Airport Extreme bridge an ethernet client to an Airtunes network?
  Current Setup: I have an aluminum iMac wired to my Time Capsule; currently, I use the aluminum as a music server by connecting to several Airport Express clients over the the iMac's built-in Airport for Airtunes support.
  Problem: I have 3-802.11g clients dragging my wifi network. I would like to dedicate the iMac's internal network to the g-clients so I don't have to use compatibility mode for my n-network. However, I will lose Airtunes speaker support when I use internet sharing over the built-in Airport. Airtunes does not appear to support the Time Capsule ethernet client.
  Nodes:
  -AE 802.11g (Airtunes only)
  -AE 802.11n (Airtunes and USB printer)
  -1st gen Time Capsule (Internet gateway, "creating network" 802.11 g/n,
  -iMac 8,1 (Music server via internal wifi, wired TC client)
  -Macbook 4,1 (wifi client)
  -iPhone
  -Canon MP620 (USB to iMac, wifi to Macbook)

  Further to Bob's comments..
  A Gen1 TC will be using marvel wireless chip and your 2008 and 2010 Macbook will use atheros and/or broadcom cards.. Just open your system profiler and look for info on the airport. We find the mixture of wireless chipsets especially older draft N and later N products can give very varied results.
  The very fact you are linking at 270 and not 300mbps shows some reduction from theoretical max speed.. and really to get over 100mbps with any wireless you need perfect setup.. matched wireless chips etc.
  Do a test uploading and downloading a file to the TC to see if the LAN speed is better than internet speed.
  In reality I think you are doing especially well.. we see loads of people complaining about slow internet here who are getting less than 10% of the speed they get direct when routed through the TC. And on most occasions the limit in speed is not really going to affect what you do, as the real links to the internet are not that fast.

• How do you turn off the auto select behavior when working with shape layers?

  How do you turn off the auto select behavior when working with shape layers?
  I am using either of the path selection tools to select only some of the paths on the layer. I have the proper layer targeted. I have the selection too auto select option turned off.
  If another layer has a path in that area, that layer becomes auto targeted and I get the wrong path. Turning off the layer is the only way to avoid this but then I have to  turn on the layer back on between making my selection and transforming to use the other layer as guide. Is there any way to stop this auto select? Locking the other layer does not stop the auto select, just prevents editing.

  As far as i know the move tool options don't have any effect on the path selection tools.
  You might try clicking on one of the path points or on the path itself with one of path selection tools and if you want to select multiple points
  you can shift click with the Direct Selection Tool or Alt click to select the entire path.
  more path shortcuts:
  http://help.adobe.com/en_US/photoshop/cs/using/WSDA7A5830-33A2-4fde-AD86-AD9873DF9FB7a.htm l
  http://help.adobe.com/en_US/photoshop/cs/using/WSfd1234e1c4b69f30ea53e41001031ab64-7391a.h tml

• Database link from Oracle 11g (64 bit) to MySQL over UnixODBC with dg4odbc

  Hello,
  I want to connect to a MySQL Database from Oracle over a database link, but i get always the Error Message ORA-28528: Heterogeneous Services datatype conversion error .
  In the forum or internet I can't find a solution for my problem, so I try now to post this problem.
  Here a detailed description of the problem:
  I use a Oracle 11.1.0.7.0 64bit database which is running on a redhat linux 5.3 64bit.
  I want to connect to a MySql Database 5.0, which is running on a redhat linux 5.2 32bit over unixODBC.
  The configuration from the ODBC seems to be good, because with isql on the ora server I can connect and query all data correct from the MySQL database.
  Also the tsnnames.ora and listener.ora should be configured correctly. The tnsping works also fine.
  But when i try to catch the data over SQLPlus with the database link I always get the error ORA-28528.
  If I try to select just one column it works, but the returned data are incomplete or truncated.
  the version of my libs:
  between mysql and odbc I use libmyodbc3.so version 3.51.12-2.2 (I also tried the version 5, but with them I get a segmentation fault error on isql).
  between odbc and dg4odbc I use libodbc.so version 2.2.11-7.1
  Has anybody a solution or hint for me?
  Many Thanks in advance,
  best regards from Austria
  Manuel
  Edited by: user11243186 on 09.06.2009 02:59

  kdgmanu wrote:
  Hello,
  I always get the error ORA-28528.
  If I try to select just one column it works, but the returned data are incomplete or truncated.
  maybe you are facing bug 6772397, so do a search on metalink for bug 6772397
  >
  Has anybody a solution or hint for me?you could also see the following notes 554409.1 and 603801.1
  Many Thanks in advance,
  best regards from Austriacheers from Zagreb

• Problems in using Windows Explorer with VPC Virtual PC?

  Has anybody experienced problems in using Windows Explorer with VPC Virtual PC?
  Lacking any "forbidden" or "appropriate usage" guidelines, I regularly use Windows Explorer (Windows 2000) to transfer file from the desktop. I have occasionally sensed that this might be wrong. Today I inadvertently clicked the MAC harddrive instead of the Desktop (within Windows Explorer) and caused all manner of mischief.
  Any other views please?

  Let me correct this:
  I regularly use Windows Explorer (Windows 2000) to transfer files from the "Mac" desktop
  Any ideas please Virtual PC VPC users?

• How to access Flash Apps over https with a self signed certificate?

  I have a Flex app that needs to access data from a SOAP web service over https with a self signed certificate. The app needs to ignore the https warnings, just as a browser would warn & allow the user to proceed. Buying a valid signed certificate is not an option for us.
  It works fine over http.
  How can I achieve this?
  I read that URLRequest has a property: authenticate, that I can set to false. However, this property is available only for Adobe AIR applications from what I can see. This doesn't seem available for Flex apps.
  I have tried this in both Flex 3 & the latest Flash Builder 4. Have the same issue in both cases.
  Help appreciated.
  Thanks

  You'd really need to ask in the Flex or Flash Builder forums as this is a front end code modification and Flash Player can't do any of that.

• Question re. behaviour of single homed FEX with vPC

  Hi Folks,
  I have been looking at configuring Nexus 5Ks with FEX modules.  Referring to the Cisco documentation;
  http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/layer2/513_n1_1/b_Cisco_n5k_layer2_config_gd_rel_513_N1_1_chapter_01001.html
  In figure 3. showing a single homed FEX with vPC topology, I'm curious what happens if one of the 5Ks fail.  For example if the 5K on the left hand side of the diagram fails do the ports on the attached FEX that the server is attached to drop? If not I would assume that the server has no way of knowing that there is no longer a valid path through those links and will continue to use them?
  Many thanks in advance,
  Shane.

  Hello Shane.
  Depending of type of the failureboth n5k can tace corrective actions and end host will always know that one of the port-channel members is down.
  For example if one 5k will crash or will be reloaded - all connected fexes alre will go offline. FEX are not standalone switches and cannot work without "master" switch.
  Also links which will go from fex to the end-host will be in vpc mode which means that all vpc redundancy features/advantages will be present.
  HTH,
  Alex 

• How write rmi-iiop over ssl with weblogic server 6.1 - No server found

  //New
  Hello,
  I have written an appication like this:
  - An EJB server running on Weblogic server 6.1
  (named: BankServerHome)
  -A java client calling the BankServer.
  Platform: windows 2000 - jdk1.3
  Now I want to secure the communication with SSL protocol.
  I have done this:
  -generate a key peer with weblogic service named certificate.
  -send the CSR to a CA and place the answer into the weblogic
  server certificate directory.
  -update path for ServerCertificateChainFileName,
  ServerCertificateFileName, ServerKeyFileName into config.xml.
  -launch weblogicServer
       -> server certificate is recognized
       -> listening port 7001 and 7002.
  (-stop weblogicServer!)
  At now, all is all right, errors come hereafter:
  Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
  "To use RMI over IIOP over SSL with a Java client, do the following:
  2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
  connections. Be sure to specify the port on which WebLogic Server listens for
  SSL connections. For an example of a class that extends the
  java.rmi.server.RMISocketFactory class, see Listing 4-22.
  3. Run the ejbc compiler with the -d option.
  4. Add your extension of the java.rmi.server.RMISocketFactory class to the
  CLASSPATH of the Java client.
  5. Use the following command options when starting the Java client:
  -xbootclasspath/a:%CLASSPATH%
  -Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
  -Dssl.certs=directory location of digital certificate for Java client
  -Dssl.key=directory location of private key for Java client"
  At step 3. I found into documentation that -d is linked to a directory name.
  When I run ejbc with this option -d I have the message:
  "ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
  % So what option can I use to run ejbc for secure usage?
  At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
  this pointed class is not instanciated.
  Then I can not create a socket with my client.
  The folowing exception is raised:
  javax.naming.CommunicationException [Root exception is java.net.ConnectException:
  No server found at T3S://localhost:7002]
  So, my questions are:
  % Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
  the server?
  My java client part, managing connection is:
  -------------------BEGIN OF CONNECTION MANAGER-------------------
  Properties env = new Properties ();
  // Shouldn't have to do this, but for now you must
  if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
  env.put ("java.naming.provider.url", "t3s://localhost:7002");
  InitialContext context = new InitialContext (env);
  BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
  BankServer = bssh.create();
  -------------------END OF CONNECTION MANAGER-------------------
  I have also try
  env.put ("java.naming.provider.url", "corbaloc:iiop://localhost:7002");
  but it throws the following error
  javax.naming.InvalidNameException: url does not conatin !!!
  % What is the code for the java client allowing connection with the ejb?
  % And better, can I have a sample example for rmi-iiop over ssl?
  (...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
  speak ssl!)
  Any help will be appreciate from you...
  Best Regards.
  Oliver

  "oliver" <[email protected]> writes:
  The SSL support is poorly doc'd right now. We have fixed this and
  updated the way you do things in SP2. Please either wait for SP2 or
  contact support.
  andy
  I have written an appication like this:
  - An EJB server running on Weblogic server 6.1
  (named: BankServerHome)
  -A java client calling the BankServer.
  Platform: windows 2000 - jdk1.3
  Now I want to secure the communication with SSL protocol.
  I have done this:
  -generate a key peer with weblogic service named certificate.
  -send the CSR to a CA and place the answer into the weblogic
  server certificate directory.
  -update path for ServerCertificateChainFileName,
  ServerCertificateFileName, ServerKeyFileName into config.xml.
  -launch weblogicServer
       -> server certificate is recognized
       -> listening port 7001 and 7002.
  (-stop weblogicServer!)
  At now, all is all right, errors come hereafter:
  Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
  "To use RMI over IIOP over SSL with a Java client, do the following:
  2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
  connections. Be sure to specify the port on which WebLogic Server listens for
  SSL connections. For an example of a class that extends the
  java.rmi.server.RMISocketFactory class, see Listing 4-22.
  3. Run the ejbc compiler with the -d option.
  4. Add your extension of the java.rmi.server.RMISocketFactory class to the
  CLASSPATH of the Java client.
  5. Use the following command options when starting the Java client:
  -xbootclasspath/a:%CLASSPATH%
  -Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
  -Dssl.certs=directory location of digital certificate for Java client
  -Dssl.key=directory location of private key for Java client"
  At step 3. I found into documentation that -d is linked to a directory name.
  When I run ejbc with this option -d I have the message:
  "ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
  % So what option can I use to run ejbc for secure usage?
  At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
  this pointed class is not instanciated.
  Then I can not create a socket with my client.
  The folowing exception is raised:
  javax.naming.CommunicationException [Root exception is java.net.ConnectException:
  No server found at T3S://localhost:7002]
  So, my questions are:
  % Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
  the server?
  My java client part, managing connection is:
  -------------------BEGIN OF CONNECTION MANAGER-------------------
  Properties env = new Properties ();
  // Shouldn't have to do this, but for now you must
  if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
  env.put ("java.naming.provider.url", "t3s://localhost:7002");
  InitialContext context = new InitialContext (env);
  BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
  BankServer = bssh.create();
  -------------------END OF CONNECTION MANAGER-------------------
  I have also try
  env.put ("java.naming.provider.url", "corbaloc:iiop://localhost:7002");
  but it throws the following error
  javax.naming.InvalidNameException: url does not conatin !!!
  % What is the code for the java client allowing connection with the ejb?
  % And better, can I have a sample example for rmi-iiop over ssl?
  (...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
  speak ssl!)
  Any help will be appreciate from you...
  Best Regards.
  Oliver

• How write rmi-iiop over ssl with weblogic server 6.1?

  Hello,
  I have written an appication like this:
  - An EJB server running on Weblogic server 6.1
  (named: BankServerHome)
  -A java client calling the BankServer.
  Platform: windows 2000 - jdk1.4
  Now I want to secure the communication with SSL protocol.
  I have done this:
  -generate a key peer with weblogic service named certificate.
  -send the CSR to a CA and place the answer into the weblogic
  server certificate directory.
  -update path for ServerCertificateChainFileName,
  ServerCertificateFileName, ServerKeyFileName into config.xml.
  -launch weblogicServer
       -> server certificate is recognized
       -> listening port 7001 and 7002.
  (-stop weblogicServer!)
  At now, all is all right, errors come hereafter:
  Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
  "To use RMI over IIOP over SSL with a Java client, do the following:
  2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
  connections. Be sure to specify the port on which WebLogic Server listens for
  SSL connections. For an example of a class that extends the
  java.rmi.server.RMISocketFactory class, see Listing 4-22.
  3. Run the ejbc compiler with the -d option.
  4. Add your extension of the java.rmi.server.RMISocketFactory class to the
  CLASSPATH of the Java client.
  5. Use the following command options when starting the Java client:
  -xbootclasspath/a:%CLASSPATH%
  -Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
  -Dssl.certs=directory location of digital certificate for Java client
  -Dssl.key=directory location of private key for Java client"
  At step 3. I found into documentation that -d is linked to a directory name.
  When I run ejbc with this option -d I have the message:
  "ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
  % So what option can I use to run ejbc for secure usage?
  At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
  this pointed class is not instanciated.
  Then I can not create a socket with my client.
  The folowing exception is raised:
  javax.naming.CommunicationException [Root exception is java.net.ConnectException:
  No server found at T3S://localhost:7002]
  So, my questions are:
  % Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
  the server?
  My java client part, managing connection is:
  -------------------BEGIN OF CONNECTION MANAGER-------------------
  Properties env = new Properties ();
  // Shouldn't have to do this, but for now you must
  if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
  env.put ("java.naming.provider.url", "t3s://localhost:7002");
  } else {
  env.put ("java.naming.provider.url", "rmi://localhost:7002");
  InitialContext context = new InitialContext (env);
  BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
  BankServer = bssh.create();
  -------------------END OF CONNECTION MANAGER-------------------
  % What is the code for the java client allowing connection with the ejb?
  % And better, can I have a sample example for rmi-iiop over ssl?
  (...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
  speak ssl!)
  Any help will be appreciate from you...
  Best Regards.
  Oliver

  "oliver" <[email protected]> writes:
  First off 1.4 isn't supported as yet. That is probably part of the problem.
  You also must use a corba URL from the client in order for this to work for instance:
  If you are using WLInitialContextFactory:
  corbaloc:iiop:localhost:7001/NameService
  If you are using CNCtxFactory:
  iiop://localhost:7001
  Using rmi: is the wrong thing to do - that will use jrmp or t3.
  However, I suggest that you raise a call with support since there is
  some other trickiness with getting SSL working. We hope to have this
  much improved in SP2.
  andy
  Hello,
  I have written an appication like this:
  - An EJB server running on Weblogic server 6.1
  (named: BankServerHome)
  -A java client calling the BankServer.
  Platform: windows 2000 - jdk1.4
  Now I want to secure the communication with SSL protocol.
  I have done this:
  -generate a key peer with weblogic service named certificate.
  -send the CSR to a CA and place the answer into the weblogic
  server certificate directory.
  -update path for ServerCertificateChainFileName,
  ServerCertificateFileName, ServerKeyFileName into config.xml.
  -launch weblogicServer
       -> server certificate is recognized
       -> listening port 7001 and 7002.
  (-stop weblogicServer!)
  At now, all is all right, errors come hereafter:
  Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
  "To use RMI over IIOP over SSL with a Java client, do the following:
  2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
  connections. Be sure to specify the port on which WebLogic Server listens for
  SSL connections. For an example of a class that extends the
  java.rmi.server.RMISocketFactory class, see Listing 4-22.
  3. Run the ejbc compiler with the -d option.
  4. Add your extension of the java.rmi.server.RMISocketFactory class to the
  CLASSPATH of the Java client.
  5. Use the following command options when starting the Java client:
  -xbootclasspath/a:%CLASSPATH%
  -Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
  -Dssl.certs=directory location of digital certificate for Java client
  -Dssl.key=directory location of private key for Java client"
  At step 3. I found into documentation that -d is linked to a directory name.
  When I run ejbc with this option -d I have the message:
  "ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
  % So what option can I use to run ejbc for secure usage?
  At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
  this pointed class is not instanciated.
  Then I can not create a socket with my client.
  The folowing exception is raised:
  javax.naming.CommunicationException [Root exception is java.net.ConnectException:
  No server found at T3S://localhost:7002]
  So, my questions are:
  % Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
  the server?
  My java client part, managing connection is:
  -------------------BEGIN OF CONNECTION MANAGER-------------------
  Properties env = new Properties ();
  // Shouldn't have to do this, but for now you must
  if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
  env.put ("java.naming.provider.url", "t3s://localhost:7002");
  } else {
  env.put ("java.naming.provider.url", "rmi://localhost:7002");
  InitialContext context = new InitialContext (env);
  BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
  BankServer = bssh.create();
  -------------------END OF CONNECTION MANAGER-------------------
  % What is the code for the java client allowing connection with the ejb?
  % And better, can I have a sample example for rmi-iiop over ssl?
  (...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
  speak ssl!)
  Any help will be appreciate from you...
  Best Regards.
  Oliver

• Will i have to do it all over again with the new ipod?

  my ipod is super beat up and it's time for a new one, so i deleted all my itunes programs off of my computer and i've reinstalled them.
  while i'm saving up money for a new ipod i wanted to go ahead and reimport all my songs into a library, once i do this am i able to just plug the new ipod into my computer and all of these songs will update and i'll be all set?
  or will i have to do it all over again with the new ipod?

  Once you have reinstated the tracks to your library, you'll able to sync your new iPod to it automatically and update it with the contents of your iTunes.