URL Load balance
Hi,
I have CSS in single arm deployment model. I want to do the load balance following URL.
http://irs.abc.com/irs.htm
I have configure the following steps
service IRC_1
ip address 192.168.17.12
keepalive type tcp
keepalive port 80
active
service IRC_2
ip address 192.168.17.14
keepalive type tcp
keepalive port 80
service IRC_DR
ip address 192.168.10.37
keepalive type tcp
keepalive port 80
group TEST_IRC
add destination service IRC_1
add destination service IRC_2
add destination service IRC_DR
vip address 192.168.200.58
active
But when I m configure the content rule it is showing following error
content IR_URL
protocol tcp
port 80
url "http://irs.abc.com/*"
%% Unsupported or invalid content rule URI
Please let me know how to do this. Also is there anything further to configure to achive the load balancing.
Thanks in advance.
Hi,
I have tried with 9000 but no luck. Even the web page is coming up with error. Below is the configuration
service IRC_1
ip address 192.168.17.12
keepalive type tcp
keepalive port 80
port 9000
active
service IRC_2
ip address 192.168.17.14
keepalive type tcp
keepalive port 80
port 9000
service IRC_DR
ip address 192.168.10.37
keepalive type tcp
keepalive port 80
port 9000
CSS01# show service summary
Service Name State Conn Weight Avg State
Load Transitions
ITSMWEB_1_HTTPS Alive 0 1 2 0
ITSMWEB_2_HTTPS Alive 0 1 2 0
ORALCE_PRD1 Alive 3 1 2 0
ORALCE_DR1 Down 0 1 255 0
ORALCE_PRD2 Down 0 1 255 0
IRC_1 Alive 0 1 2 4
IRC_2 Suspended 0 1 255 2
IRC_DR Suspended 0 1 255 2
end of buffer
CSS01# show rule-summary
VIP Address Port Prot Url CntRuleName OwnerName Stat Idx
192.168.200.95 80 TCP TP GIT Act 5
192.168.200.58 80 TCP /* IRC GIT Act 9
192.168.200.65 Any Any EFAX GIT Act 2
192.168.205.28 8002 TCP ORACLE_DEV GIT Act 6
192.168.200.106 30005 TCP ITSMAPP GIT Act 3
192.168.200.105 80 TCP ITSM_WEB GIT Act 4
192.168.210.57 80 TCP XPENAPP GIT Act 1
192.168.200.101 443 TCP ITSM_HTTP GIT Act 7
I can telnet real server 192.168.17.12 on port 9000.
I have also capture the packet while access the real server with success and caputre on VIP which shows error.
Similar Messages
-
URL Load Balancing through Web Dispatcher
Dears,
We are facing heavy load on our portal server.
We are planning to installed one J2ee Dialog instance for it.
Please suggest how can we configure Url Load Balancing through Web Dispatcher.
Regards,
ShivamHI Shivam,
While installing webdispatcher you provide Hostname and http message server port of j2ee of CI .
So , webdispatcher communicate directly with message server, where message server check which application server is free and hence forward the request to that specify application server of j2ee instance.
Pls find the below link for configuring webdispatcher
http://help.sap.com/saphelp_nw04/helpdata/en/42/5cfd3b0e59774ee10000000a114084/content.htm
Thanks
Anil -
Modifying the goto URL - load balancer configuration
Hi,
I am trying to find the location of the display.template which I can modify to change the "goto" parameter URL.
Objective:
When I hit my loadbalancer URL "http://172.11.124.23/portal"
It basically can forward the request to ports 8080,8081 or 8082.
but I see the following in the browser after the redirection
http://myportal.domain.corp:8080/amserver/UI/Login?goto=http://172.11.124.23/portal/dt
instead of
http://myportal.domain.corp:8080/amserver/UI/Login?goto=http://myportal.domain.com/portal/dt
so basically I get the acess manager login page but after authentication it goes back to the loadbalancer since the goto URL is'nt right.and load balancer again sends the request back to access manager.So it kinda loops back and forth betn load balancer and access manager.
I read on the forum which says display.template should be modified to correct the goto URL.
I am working in linux env.I tried changing the display.template at the following location but I dont see what I want.
/var/opt/sun/portal/portals/portal1/desktop/default/LoginProvider
Can you point me in the right direction.!
Thanks,
Deepak.c'mmon guys...help me..its urgent !!!!
-
Dears,
My SharePoint farm is with the below configuration in our office :
Batch processing server the with Central Administration
Web Front End Sever 1 (http://wfe01)
Web Front End Sever 2 (http://wfe02)
I do have the load balance URL as http://finance.mycompany.com and as per the system administrator it seems configured properly.
In AAM i have mapped the URLs as below for the web application in Central Administration portal:
http://finance.mycompany.com - Default Zone
http://wfe01 - Intranet Zone
http://wfe02 - Internet Zone
I was able to browse the site via the load balance URL : http://finance.mycompany.com, but couldn't open the site using the Share Point Designer 2013. It always says the site not found.
please advise,
thanks,
AmmarWhat do the wfe01 and wfe02 aams do?
Are you browsing to the SharePoint site and using SPD on the same computer, is it part of the farm or a seperate client computer?
thanks Alex a lot for your response and appreciate the same.
WFE01, WFE01 is connected to the one central admin on Batch Processing Server (central admin URL is http://SharepointCA:5555 and the SharePoint Web Application is hosted under port 80 on the same server). So the AAM configured on the batch processing server
central admin.
I can connect to the site using the SPD inside the Batch Processing server if i mention the site urs as http://localhost. But not from other client computers by putting the load balance URL - http://finance.mycompany.com.
I can browse the sites directly putting http://wfe01, http://wfe02 and as well as the load balance URL (http://finance.mycompany.com). The custom webparts are getting crashed when i put the web application URL as http://finance.mycompany.com.
thanks,
Ammar -
BPEL End Point URL using External Load Balancer URL
Hi All,
We have Oracle SOA Suite installed in a clustered environment as per the Enterprise Deployment Guide 10g Release 310.1.3.3.0 E10294-02.
I have deployed a BPEL process to the clustered environment and the end point refers to the internal url of the load balancer e.g. http://internallink:8001/orabpel/default/testService/1.0
When we just paste this end point in a browser, enter the parameters and click on invoke, the BPEL Process gets invoked.
However, if we try to use the external url(which is on https) of the load balancer as the enpoint url eg https://externallink/orabpel/default/testService/1.0 to invoke the same BPEL process, the page which is used to accept the parameters and the used to invoke the BPEL process is successfully displayed. However, when we try to invoke the service, the connection times out.
Please note that internallink and externallink are the internal and external VIPs, respectively.
Does someone have an idea of what may be wrong or what needs to be corrected to be able to invoke the BPEL process using the external VIP, please?
Thanks in advance.Check if the port of ESB in your server is open.
I think that the port is: 7777
try from ESB server:
wget WSDLURI
if you got the file then the port is closed. -
Load Balance https based on url
I am trying to configure ACE 4710 to load balance base on the URL, If it matches the specific URL ( /456/ ), the traffic will be sent to server farm 456 else the traffic will be sent to server farm 123.
I attached an image of the topology.
Ace Config:
rserver host SRV01_123
ip address 192.168.1.101
inservice
rserver host SRV02_123
ip address 192.168.1.102
inservice
rserver host SRV01_456
ip address 192.168.1.111
inservice
serverfarm host farm_123
rserver SRV01_123
inservice
rserver SRV02_123
inservice
serverfarm host farm_456
rserver SRV01_456
inservice
class-map match-all VIP_Application
2 match virtual-address 192.168.1.10 tcp eq https
class-map type http loadbalance match-all L7_server_456
2 match http url /456/
policy-map type loadbalance http first-match LB_Application
class L7_server_456
serverfarm farm_456
class class-default
serverfarm farm_123
policy-map multi-match ServerGroup1_PM
class VIP_Application
loadbalance vip inservice
loadbalance policy LB_Application
loadbalance vip icmp-reply
interface vlan 70
bridge-group 1
no shutdown
interface vlan 700
bridge-group 1
service-policy input ServerGroup1_PM
no shutdown
ThanksHi John,
If you want to do the offload in the ACE also called SSL termination, it is a two step process:
1- You need to upload your certificate and key to the ACE using FTP or one of the available methods.
2- Create the the SSL proxy service where you add these two files and finally add this service under the policy-multimatch for the VIP in question.
You also need to decide whether you want to keep your server listening in the encrypted port (that would be a two way encryption process called End-to-End SSL) or you can change the port to 80 and leave all the decyption process to the ACE (this would be transparent to the client, the site will show up as HTTPS all the time).
Here you can take a look at the SSL termination process (using clear text port in the backend servers).
Oficial Configuration Example
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/ssl/guide/terminat.html
Cisco Wiki Example
http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Without_an_Existing_Chained_Certificate_and_Key_in_Routed_Mode_Configuration_Example
HTH
Pablo -
Load Balancing on a URL with parameters in it.
Hi,
We have two main Server Farms. I have been asked to load balance to each farm based on the url. The problem:
The url looks like this
https://www.domain.com/test/ci/?par1=Default&par2=main&userRole=userrole&mcId=companyname&par4=somethingelse
The bit of the url for the decision making is "mcId", but as I understand it, I cannot use a "?" in the url text string on the CSS. So, how do i do it ?
Many thanks
WayneWayne,
the documentation is actually incorrect.
The '?' does not prevent the advanced-balance url feature to work.
It just changes where the CSS starts looking for the string.
Check this url for a sample config.
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080409807.html#wp1115519
Regards,
Gilles. -
ConnCacheBean Setting for a Load Balance URL
Hi,
We are using the ConnCacheBean to set the URL property. We have a new load-balance database, how can I pass that on as a paramter? Thanks.
<jsp:setProperty name="tdbean" property="URL" value= "jdbc:oracle:thin:@----" />
Thanks.Hi,
I would pass this to the database forum as this class belongs to the Oracle JDBC package
Frank -
WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS
Hi,
I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http.
When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl.
What change should I make so that WSDL url will have https instead of http ?
This is service side configuration.
<system.serviceModel>
<services>
<service name="Service.IService">
<endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
</service>
</services>
<bindings>
<basicHttpBinding />
</bindings>
<client />
<behaviors>
<serviceBehaviors>
<behavior>
<serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Thanks in advance !!Hi,
For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
<behaviors>
<serviceBehaviors>
<behavior
name="MyServiceTypeBehaviors"
>
<serviceMetadata
httpGetEnabled="true"
/>
</behavior>
</serviceBehaviors>
</behaviors>
For more information, you could refer to:
http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
Regards -
Interesting ACE URL Header & Load-balance & SSL on 2 VIPs
Hi There
I have an interesting situation that I am trying to solve. I have 4 websites, each one with SSL Off-Loading on the ACE on the outside. All FOUR websites run on a single server on the inside, but each website is using a different port number for differentiation. Also, they are currently only available on TWO IPs on the outside! I know.....it's a mare!
So, RSERVER = SERVER = 192.168.0.1
Each website has SSL Certs on the outside. https://website1.abc.com - https://website4.abc.com
But, DNS is only bound to 2 IPs on the outside, as that is all we have available currently, until we free up more IPs.
OUTSIDE:
website1.abc.com = 172.16.0.1:443
website2.abc.com = 172.16.0.1:443
website3.abc.com = 172.16.0.2:443
website4.abc.com = 172.16.0.2:443
On the server we have:
INSIDE: 192.168.0.1
SERVER:8001 = website1.abc.com
SERVER:8002 = website2.abc.com
SERVER:8003 = website3.abc.com
SERVER:8004 = website4.abc.com
So, in a nutshell what I need to do is:
Terminate SSL for each website, then match the HTTP header, and pass it to the SERVER on the right port. Sounds easy enough.
But, I am struggling like hell. The VIPs (Wirtual IPs on the OUTSIDE are causing me grief) My steps seem to be breaking my ruleset. Individually they all work, but once I tie them to the VIPs on the outside, it seems to stop. The first site in each CM (class-map) match in the PM (Profile-Map) works but the subsequent site just breaks.
I would post my config, but right now I have sooooooooooooo many variations, it looks like a dog's breakfast.
Can anyone give advice on the process flow to follow to get this to work. My issue is arround the VIPs mainly. To be honest, I don't really care about Load-Balancing right now. That will come later when more servers are added to mix. And then we might have to do inbound NAT too to the Server Farm, but that can wait! :-o
I have created a HEADER map for the headers, individual SERVER FARMS for each port on the RSERVER, ACLs matching the VIPs inbound on 443, CLASS-MAPs matching the HEADER and applying to SFARM, POLICY MAPS matching the CMAPs and doing Load-Balancing with SSL-PROXYs for the SSL headers. SERVICE-POLICY tieing it all together on Interface.
But .... things are going hey-wire.
So, steps are:
RSERVER
SFARMs = RSERVER:PORTs
ACLs = VIPs
CMAP = HEADER = URL
LB PMAP = HEADER CMAP & SFARM
PMAP MULITM = ACL CMAP + LB PMAP & SSL-Proxy
SVC-POL = PMAP MULTIMHi Surya
Thanks for the prompt reply. I'm not quite sure what you mean when you say it ca only handle 2 certs. Can you elaborate please?
It would appear to me that you can actually only bind one cert to an IP, based on using a VIP address for the server farm as per the CM in the PM. I can hack out the irrelevant bits tomorrow and post what I have done thus far. I have played with multiple lines of code and various ways of trying to do this, but the end result is that it appears once I have the CM set per VIP I can only set one SSL-Proxy, and so only one cert. If I use multiple CMs, as per the MultiMatch policy, it matches the first CM against the VIP and doesn't appear to move on as per the HTTP Header. If any of that makes sense?
regards
Sent from Cisco Technical Support iPad App -
ACE load balancing based on URL
I am trying to send traffic to one server or another based on the URL. I want traffic to foo.com/selfserv to direct to server A and traffic to foo.com/webui to direct to server B. I found URL inspection etc but I am not sure how to apply it the scenario as I do not want the ACE to inspect all inbound HTTP requests.
The ACE performs regular expression matching against the received packet data from a particular connection based on the HTTP URL string. To configure a class map to make Layer 7 SLB decisions based on the URL name and, optionally, the HTTP method, use the match http url command in class-map HTTP load balance configuration mode.
The ACE performs regular expression matching against the received packet data from a particular connection based on the RTSP URL string. You can configure a class map to make Layer 7 SLB decisions based on the URL name and optionally, the RTSP method, by using the match rtsp url command in class-map RTSP load balance configuration mode.
Configuring Traffic Policies for Server Load Balancing:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html -
Load balancing SMA web service and SMA end point URL
Hi,
We have set up the recommended 3 servers with Azure Pack, SMA Web Service and Runbook Worker. We are now wanting to configure the Azure pack portal to setup the SMA endpoint url for the web service. Before we do that, we are assuming we should
load balance the web services to answer on 1 url (ie, smaws.domainname.com).
1. Is there any guidance or things to consider when load balancing the 3 web services to answer to 1 url. We will probably use f5 since that is what we use.
2. The end point url that we configure for Azure Pack automation should be this load balanced URL correct?
3. Should we have the Azure pack installed on just one of the servers or all 3. We did all 3 but it seems like server2 and 3 just redirect to 1 anyway so I am assuming the URL for Azure pack is stored in a db somewhere.
4. Are there any other components of SMA/Azure Pack that should also be load balanced?
Thanks
Thanks LanceSo in this case you need to register the SMA Runbook Workers (do this on machine 1):
$webService
= "https://localhost"
$workers
= (Get-SmaRunbookWorkerDeployment
-WebServiceEndpoint
$webService).ComputerName
if($workers
-isnot [system.array]) {$workers
= @($workers)}
$workers
+= "MachineName2"
$workers += "MachineName3"
New-SmaRunbookWorkerDeployment
-WebServiceEndpoint
$webService -ComputerName
$workers -
Load balancing URL setup for planning application 11.1.2.1
Hi Gurus,
There is an existing planning environment with Weblogic/ Oracle HTTP load balancing setup. I just would like to know where would exactly be the generic/ common URL (the URL without actual servername) configured for planning and SmartView?
Is there any properties file (weblogic/ HTTP) where we will mention those details?
Thanks,
SivaI am not sure I get what you are asking but planning can be accessed through workspace or by
http://<ohs_server>:19000/HyperionPlanning
and Smart View http://<ohs_server>:19000/workspace/SmartViewProviders
If you want to understand about the configuration you can run a registry report.
Cheers
John -
Need help with ACE Load Balancing Base on URL pattern
This is the first time for me trying to configure something like this on the ACE load balancer. I need help configuring a load balancing policy base on URL pattern. URL https://ineedhelp.com base on /willuhelpme and /imlost
Key: ineedhelp_key
cert: ineedhelp_cert
serverfarmA
serverA 10.1.1.1 443
serverfarmB
serverB 10.1.1.2 443
ineedhelp.com/willuhelpme-------serverfarmA
ineedhelp.ocm/imlost---------------serverfarmBThis is the first time for me trying to configure something like this on the ACE load balancer. I need help configuring a load balancing policy base on URL pattern. URL https://ineedhelp.com base on /willuhelpme and /imlost
Key: ineedhelp_key
cert: ineedhelp_cert
serverfarmA
serverA 10.1.1.1 443
serverfarmB
serverB 10.1.1.2 443
ineedhelp.com/willuhelpme-------serverfarmA
ineedhelp.ocm/imlost---------------serverfarmB -
CSS load balancing issue: url isn't accessible even though services are up
service Server1:80
ip address 10.10.10.34
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
active
service Server2:80
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
ip address 10.10.10.35
active
owner Ow1
content LBR1:80
vip address 192.168.1.159
port 80
protocol tcp
url "/*"
balance weightedrr
add service Server1:80
add service Server2:80
advanced-balance sticky-srcip
sticky-inact-timeout 21
flow-timeout-multiplier 8
active
service Server1:80
ip address 10.10.10.34
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
active
service Server2:80
protocol tcp
port 80
keepalive type http
keepalive uri "/test.asp"
ip address 10.10.10.35
active
owner OW1
content LBR2:80
vip address 192.168.1.98
protocol tcp
port 80
url "/*"
balance weightedrr
add service Server1:80
add service Server2:80
advanced-balance sticky-srcip
sticky-inact-timeout 21
flow-timeout-multiplier 8
active
All services are alive all the time and both contexts are alive all the time.
when user tries to access LBR2:80's URL it works all the time. but when user tries to access LBR1:80's url then it works sometimes and some times it doesn't work.
could you advise what the issue could be?When the SYN comes in the CSS will first check for the srcip in the sticky database and if it finds a match will forward to the stuck server. If the source ip is not in the sticky database the request will be load balanced using weightedrr and a server selected. That sticky server will then be added to the sticky database.
If the sticky-srcip is used between 2 content rule, it will use separate sticky table.
You may need to take packet capture to understand what is really failing along with
a following outputs :
sh flow
sh rule Ow1 LBR1:80 ser
regards
Andrew
Maybe you are looking for
-
Best Practice for certificate management for security
We have been working on moving toward future implementation of document encryption and electronic signatures using Adobe Acrobat 9 Standard. I have read 21 CFR 11, and accompanying guidances. Are there any best practice recommendations for how to m
-
Need help identifying specific model
I have a Toshiba Satellite Laptop. The model number and serial number have been rubbed off from the back. I'd like to know which model I have. It has L505 on one of the decals on the front of the laptop. I have looked at the specs for each of the L50
-
Saving PSD Files in Photoshop CS5.5
Hi, I am new to photoshop and I am having a problem saving my layers in PSD Photoshop cs5.5. I created 4 layers and they all look great. the screen shot of my properties panel looks like this: The problem is that after saving it as a PSD file and
-
"import" in the JSP's Page directive - referencing a package
I have my JSP file in WEB-INF. And my .Java file in the "Project parent folder"/src/com/user/faq. My Page directive in the JSP looks something like, <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1" errorP
-
How can I get VBA in Excel to read an Apple Mail email?
Hi I need Excel VBA to be able to read in the contents of an Apple Mail email, with no attachments, from a mailbox I have called "EGP Reports". Can anyone help me? briano216