Using a single CSS to load balance multiple services

Similar Messages

• Using a single HeaderHandler of JaxWS for multiple services

  Hi,
  In our application,we are using 3 different services.The authentication credentials are different for each one of them.So,we have created 3 different Headerhandlers for each one of them.
  I wish to know if it is possible to have a single HeaderHandler for all 3 services.Please let me know if we can set the username/password in Headerhandler at runtime.
  I am not able to pass the parameters in handleMessage(SOAPMessageContext smc).
  Please suggest.

  Hi Phillip,
  both scenarios will work. One CSS can certainly manage more than 3 services! You can even use just one VIP for all traffic, then just create the proper rules to send specific traffic to the corresponding service(s). No need for 3 VIPs.
  Regards
  -juerg

• Load balance multiple URLs on single VIP

  Hello,
  I have a fairly typical load balance configuration on a pair of ACE appliances running (A3)2.5 and now I need to load balance multiple URIs to these same servers on port 80 to the one VIP. Can someone direct me to a doc that shows a good example of this, or explain it below?
  Thanks,
  Dave
  serverfarm host application
  rserver webserver1 80
  probe server-80-PROBE
  inservice
  rserver webserver2 80
  probe server-80-PROBE
  inservice
  sticky ip-netmask 255.255.255.255 address source application-80-STICKY
  replicate sticky
  serverfarm application
  class-map match-all application-80-CLASS
  2 match virtual-address 1.1.1.1.1 tcp eq www
  policy-map type loadbalance first-match application-80-POLICY
  class class-default
  sticky-serverfarm application-80-STICKY
  insert-http X-Forwarded-For header-value "%is"
  class application-80-CLASS
  loadbalance vip inservice
  loadbalance policy application-80-POLICY
  loadbalance vip icmp-reply
  nat dynamic 22 vlan 424
  appl-parameter http advanced-options CASE_PARAM

  Sean,
  Maybe a little confused.
  I have built the new serverfarm, policy-map and class-map in bold, I am just not sure how it gets referenced. Do I add it to the multi-match class statement?  My complete config for this particular app is below.
  Thanks,
  Dave
  serverfarm host application-80
    rserver server1 80
      probe server-80-PROBE
      inservice
    rserver server2 80
      probe server-80-PROBE
      inservice
  serverfarm host application-L7
    rserve rserver1 80
      probe server-80-PROBE
      inservice
    rserver server2 80
      probe server-80-PROBE
      inservice
  class-map match-all application-80-CLASS
    2 match virtual-address 1.1.1.1 tcp eq www
  class-map type http loadbalance match-any application-L7-CLASS
    3 match http url /uri1/
    4 match http url /uri2/uri2
    5 match http url /uri2/uri3.htm
  policy-map type loadbalance first-match application-80-POLICY
    class class-default
      sticky-serverfarm application-80-STICKY
      insert-http X-Forwarded-For header-value "%is"
  policy-map type loadbalance first-match application-L7-POLICY
    class application-L7-CLASS
      serverfarm application-L7
  policy-map multi-match POLICY-424
  class application-80-CLASS
      loadbalance vip inservice
      loadbalance policy application-80-POLICY
      loadbalance vip icmp-reply
      nat dynamic 22 vlan 424
      appl-parameter http advanced-options CASE_PARAM

• Load balancing multiple J2ee servers - each running it's own CI

  Is it possible to load balance multiple J2ee servers(running Portal), both running it's own Central Instance?
  We do not have the resources (SAN storage) to implement MSCS for Portal...so instead we want to use two complete Portal servers HW load balanced with the ability to keep running in case one fails.
  thanks for any info !
  Linwood

  Hi Linwood,
  in a nutshell, the difference between an ordinary J2EE server instance and the central instance are the central services. The central services (enqueue server, message server) are only needed once. Basically, they are required for the communication between the server instances (and to the load balancer). What you should go for is a cluster installation with one central instance and another ordinary server instance (both running the SAP NetWeaver Portal). But be aware that you have to use the same database for both server instances (otherwise you cannot guarantee consistent data).
  For load balancing the two server you can use the SAP Web Dispatcher  or any other load balancer tool you like. 
  You will find more and detailed information on load balancing in the SAP Library. Have a look into section <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/2e/611724f410254ca12a3f396ec5ae85/frameset.htm">Java Cluster Architecture</a>.
  Hope I could help!
  Best regards,
  Martin

• CSS 11503 Load Balancing Verification

  Alright, so I have toiled long and hard to get this right.  I think I have the config down but I am unsure on how to verify how this load balancing is working.
  Here is the Content Config that I am speaking of:
  content cad-rule
      add service wls1-e0
      add service wls1-e1
      add service wls2-e0
      add service wls2-e1
      add service wls3-e0
      add service wls3-e1
      add service wls4-e0
      add service wls4-e1
      add service wls5-e0
      add service wls5-e1
      add service wls6-e0
      add service wls6-e1
      arrowpoint-cookie expiration 00:00:15:00
      advanced-balance arrowpoint-cookie
      redundant-index 2
      vip address 172.30.194.195 range 2
      arrowpoint-cookie name TOQ
      protocol tcp
      port 8001
      url "/*"
      active
  Each service in the rule above is configured as follows:
  service wls1-e1
    port 8001
    protocol tcp
    strin ags001-e1
    ip address 172.30.193.81
    keepalive type http
    keepalive uri "/cad/index.html"
    redundant-index 12
    keepalive frequency 20
    keepalive maxfailure 10
    keepalive retryperiod 2
    active
  I am using the advanced arrowpoint cookies because I need some stickiness here.  Straight round-robin would not have done what I needed it to do.
  Now, when I go to my show summary, this is what I see for this rule:
                   cad-rule    Master   wls1-e0 84274
                                              wls1-e1 13144
                                              wls2-e0 96884
                                              wls2-e1 26374
                                              wls3-e0 71145
                                              wls3-e1 16592
                                              wls4-e0 76403
                                              wls4-e1 8657
                                              wls5-e0 118623
                                              wls5-e1 22760
                                              wls6-e0 30836
                                              wls6-e1 20464
  The far right column indicates the services hits.  I originally had the E1's suspended and activated them later on. So if this was true round robin, all the E0's should have the same number of service hits and all the E1's should have the same number of service hits.  But as you can see, the wls5 server is getting hit the most while the wls6 server is sitting there twiddling its thumbs.
  Now understanding how the arrowpoint cookies do their load balancing (inserting a cooking into the flow and then timing out after 15 mins as configured above) I would not expect a 1:1 ratio of load balancing between servers.  But the distribution above seems rather extreme.
  Does anyone have any suggestions on how to both A) verify that this is the right config and B) suggest to my boss that this is working the way it should be working?
  Thanks!
  James

  Hi James,
  There are several reasons of the uneven load balancing that you are seeing (based on the show summary). First
  of all, the CSS is configured to do stickiness (advance-balance).
  With arrowpoint-cookies (for HTTP only) method for stickiness, only the requests coming with the same cookie
  are going to get stuck to the same server, since the cookie is
  lost when the browser is closed (or based on the expiration), then the stickiness is going to be session
  based and if the same client open a new session is going to be load balanced.
  Is important to understand that when using stickiness, no real even load balancing is
  going to happen since we are sticking new flows to the same server; even when layer 5 stickiness would
  permit more even balancing than layer 3 stickiness (source IP based).
  Also consider that the "show summary" is a command to see the hits (requests) being balanced to an specific
  server, this is a good command to see the load balancing, anyway since the CSS balance
  connections (flows), a persistent connection could have a lot of requests, so all those requests are
  always going to the same server (incrementing the amount of hits in the counter) while a non-persistent
  connection would be just one request (refer to HTTP persistence).
  Also keep in mind that if a service is take out for maintenance, or is added to the load balancing later
  than another, or if goes down for a period of time, then the CSS will be balancing among the remaining alive
  servers. When you add the server again, the another servers are going to have connections
  already established, so since the CSS is doing round robin, the server last added will
  never have the same amount of connections (nor hits) that the other ones, because while one could
  have 55 for example, the new one will have it first connection, and when the first one
  gets the 56, the another will get the second, and so on.
  Please let me know if this makes any sense.
  Diego M

• Recommended configuration for load balanced Portal with load balancer, multiple gateways and multiple servers.

  Does anyone have a recommended network, hardware and software configuration guide for a Portal installation running with multiple gateways load balanced (ie one URL) that talk to multiple servers?

  David,
  We've used Resonate (software) to load balance the gateways. It allows
  you to group all the gateways under 1 virtual URL and load balance the
  incoming connections over each gateway depending on the rules that you
  define in Resonate. Look in the SUN portal whitepapers there is one that
  talks about it specifically.
  As far as load balancing the calls to the portals, the gateways will
  automatically load balance across all the portals that they know about
  using a simple round-robin rotation. You may be able to use Resonate in
  front of the portals but you may need to activate persistance within
  Resonate to ensure that the user always ends up on the portal that he
  established his initial connection on (if you want that), check with Sun
  on this one.
  David Broeren wrote:
  Recommended configuration for load balanced Portal with load balancer,
  multiple gateways and multiple servers.
  Does anyone have a recommended network, hardware and software
  configuration guide for a Portal installation running with multiple
  gateways load balanced (ie one URL) that talk to multiple servers?
  Try our New Web Based Forum at http://softwareforum.sun.com
  Includes Access to our Product Knowledge Base!

• ARFC: Single Server and Load Balancing

  Hi All,
  I am trying to create aRFC model. In SAP logon screen, I can see two tab pages - Single Server and Load Balancing.
  Can you please let me know when we have to use which tab?
  Thanks
  TG

  Single Server Connect or Load Balancing connect is completely independend from the location where SAP Gui Client is installed.
  Single Server connect means that your are directly connecting to an ABAP Server using hostname and systemnumber you have to provide.
  Load Balancing Connect means that you specify the message server of the central instance of an ABAP Server group. The SAPGUI first connects to the message server which will provide the SAPGUI with the information about the best performing ABAP server. SAPGUI will then connect to this ABAP server.
  Single Server is suitable for small landscapes with lets say less than 4 application servers. In huger configurations (and those which I know will grow to more than 3 servers)I would prefer to use logon groups - aka Load Balancing.
  Peter

• Question about Load Balance SFTP service by using CSS1150X

  Does anyone come across of load balancing SFTP service by using CSS1150X? Typically by configuring CSS1150X to load balance FTP service, the configuration will as follow:
  content ftp_rule
  vip address 192.168.3.6
  protocol tcp
  port 21
  application ftp-control
  add service serv1
  add service serv2
  add service serv3
  active
  group ftp_group
  vip address 192.168.3.6
  add service serv1
  add service serv2
  add service serv3
  active
  However, for my personal understanding and knowledge, I will configure my CSS1150X as follow to load balance SFTP service:
  content sftp_rule
  vip address 192.168.3.6
  protocol tcp
  port 22 //Change 21 to 22
  application ftp-control
  add service serv1
  add service serv2
  add service serv3
  active
  group sftp_group
  vip address 192.168.3.6
  add service serv1
  add service serv2
  add service serv3
  active
  My question is, "application ftp-control" in content "ftp_rule" is still applicable to SFTP or not?

  I believe application ftp-control would not be used for sftp.
  This might cause the session to get dropped when there is no data channel created and cause issues with long connections.
  Hope it helps!!

• Using ACE for proxy server load balancing

  Hello groups,
  I wanted to know your experiences of using ACE for proxy server load balancing.
  I want to load balance to a pool of proxy servers. Note: load-balancing should be based on the HTTP URL (i can't use source or dest. ip address) so that
  a certain domain always gets "cached/forwarded" to the same proxy server. I don't really want to put matching
  criteria in the configuration (such as /a* to S1, /b* to S2, /c* to S3,etc..), but have this hash calculated automatically.
  Can the ACE compute its own hash based on the number of "online" proxy servers ? ie. when 4 servers are online, distribute domains between 1,2,3,4 evenly.
  Should server 4 fail, recalculate hash so that the load of S4 gets distributed across the other 3 evenly. Also load-balancing domains of S1 ,S2 and S3 should not change if S4 fails.....
  regards,
  Geert

  This is done with the following predictor command:
  Scimitar1/Admin# conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  Scimitar1/Admin(config)# serverfarm Proxy
  Scimitar1/Admin(config-sfarm-host)# predictor hash ?
    address         Configure 'hash address' Predictor algorithms
    content         Configure 'hash http content' Predictor algorithms
    cookie          Configure 'hash cookie' Predictor algorithms
    header          Configure 'hash header' Predictor algorithm
    layer4-payload  Configure 'hash layer4-payload' Predictor algorithms
    url             Configure 'hash url' Predictor algorithm
  Scimitar1/Admin(config-sfarm-host)# predictor hash url
  It does hash the url and the result takes into account the number of active proxies dynamically.
  This command has been designed for this kind of scenario that you describe.
  Gilles.

• CSS11501 load-balancing IPv6 services

  Hi,
  I'm new to content networking and load-balancing.
  I am setting up a new nameserver network site and have the following equipment:
  - Cisco 2811
  - Cicso CSS11501
  - Cisco Catalyst 2960
  This site will have 2 nameservers which I want to load-balance behind the CSS11501. The network will be setup like this:
  Internet
  |
  Cisco 2811
  |
  CSS11501
  |
  Cisco 2960
  |
  Nameservers 1 & 2
  The CSS11501 will be in routed mode and will have a publicly addressed VIP (eg, 203.x.x.x) for the DNS service and the name servers will be privately addressed (eg, 10.x.x.10 & 10.x.x.11). I'm hoping this will work fine and serve the requested IPv4 DNS requests.
  I would like the nameservers to also operate on IPv6 and serve out IPv6 DNS requests but am not sure the CSS11501 can perform IPv6 service load-balancing.
  My question is, does the CSS11501 support IPv6, load-balancing IPv6 service requests?
  Thanks in advance.
  Richard.

  Gilles,
  Thanks for the reply.
  On another site I was looking at rolling out a Catalyst 6500 CSM module to do the exact same thing as the site I have the CSS11501's at, but it too does not support IPv6 from all I could find. Does the ACE provide all the functionality of the CSM plus IPv6?
  Thanks.
  Richard.

• Load balancing multiple SSO mid-tier with single SSO database

  I want to load balance SSO middle tier servers and have them access a single SSO database. When you install infrastructure and select SSO only it creates a new infrastructure database. How can I install multiple SSO servers and point them to a single database. I am doing Load Balancing with F5 and read an Oracle WP where they mentioned an Oracle supported configuration where they load balanced SSO servers with F5.
  KB

  Two possible solutions:
  1.) Oracle 10gAS Enterprise Deployment Guide (B13998-03) follow the configuration for SSO configuration in Chapter 5.
  2.) I have not tried this but it should be logically possible with the SSO. 10gAS Administrators guide (B13995-05) Part III Advanced Administration. The success of this method assumes you have OID and SSO each installed in separate homes. You would be cloning the SSO home to another box as if it were a middle tier (it is still part of the infrastructure) then re-configuring it on the new box.
  Personally solution 1 is the best method. We are using F5 Big-IP with this configuration and it is working great.
  Hope this helps!

• CSS 11050 Load Balancing with Single VLAN (no NAT)

  We have several CSS 11050's in use on our network, cheifly for load-balancing web servers. In a test network I've set up, I've configured our test servers' IP addresses and our load-balanced IP address to be on the same subnet. This way our developers can easily check both single servers as well as the LB configuration. This got me thinking...
  All the config documentation I've seen on the CSS seems to assume that you are putting the VIP for the content rule on a different VLAN than the IPs for the services. Is there any particular need for this? I'm in the process of setting up another network that will have its services NATed behind a PIX. There are some services (WWW) that I want load balanced and some services (passive FTP with one server) where there's really no need. Would I do any harm by putting the content rules' VIPs on the same subnet as the servers themselves? I can still plug the servers into the other ports on the CSS so that I'm not really doing a "one-arm" configuration.
  -Mark Romer

  You shouldn't have any problem doing this. In addition to load balancing web servers we've also balanced terminal servers that are configured to be accessed by remote users through VPN connections. Because we have over 90 remote locations, I didn't want the services and the VIP addresses to be on different VLAN's because I'd have to reconfigure the routers in all the remote locations. I was in the same position you're in, all the documentation indicated different VLAN's but I thought it would be a worth a try. Everything works perfectly...
  Cody Rowland

• CSS10500 Load Balancing Multiple Hosts

  Hello,
  I have a CSS10500 switch and i would like to load balance the connections to a couple of hosts. My setup (roughly) is as follows
  int e1-RTR1-------->int e2-Host1
                   -------->int e3-Host2
  and
  int e5-RTR2------>int e6-Host1
                   ------>int e7-Host2
  How can i assing different interfaces to the two sets of hosts??? I want all ports (0-65535 and tcp/udp)  to go to both sets. I made a circuit vlan 1 and assigned it an ip address but i cannot make a circuit vlan 2 and when i assign multiple addresses to vlan1 i cannot somehow assign interfaces to each ip.
  Is there anything i can do??
  Sorry for all the fuss i am new to the CSS concept.

  Let's start with the basic
  http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a008009438d.shtml
  If you can't make it work, get back to us with whatever you have configured.
  Verify that you can ping the CSS from the router and the server.
  Gilles.

• What's the best way to load balance multiple protocols on one vserver?

  Hi,
  We have a CSM blade on a 6513, in bridge mode. I'm just wondering what is the best way to serve HTTP and HTTPS (or any two or more ports) from the same group of servers. As I see it, we have two options:
  1. Don't set a port on the vserver, so it is load balancing "any" or "tcp". This is easy but I want to be sure there isn't a downside to this, other than the obvious security issue.
  2. Create multiple vservers and point them at the same serverfarm. I tried this and I got some odd results with the health checks.
  Any ideas? Thanks a lot.

  you listed the only 2 options available.
  The advantage of solution #2 is that you can apply specific config for each protocol ie: for HTTP you can turn 'persistent rebalance' if needed.
  If you want to use specific probes [not icmp], it is also a good practice to create a different serverfarm for each protocol.
  Like this, if the HTTP service goes down but not the server, you can still have other protocols loadbalanced.
  Regards,
  Gilles.
  Thanks for rating this answer.

• CSS 11500 Load balancing

  Hello,
  We have a CSS 11503 with the following partial config
  ==================
  service 10.10.10.221-1724
  ip address 10.10.10.1
  keepalive type tcp
  port 1724
  keepalive port 1724
  active
  service 10.10.10.222-1724
    ip address 10.10.10.1
    keepalive type tcp
    keepalive port 1724
    port 1724
    string string1
    active
  content 10.10.10.1-80-website
      vip address 10.10.10.1
      no persistent
      advanced-balance arrowpoint-cookie
      add service 10.10.10.221-1724
      add service 10.10.10.222-1724
      port 80
      protocol tcp
      url "/*"
      active
  ============================
  There is connectivity from CSS to both IP's, 10.10.10.221 and 10.10.10.222.  Problem we face is as following:
  A client can hit web site on both servers by going to http://10.10.10.221:1724 and http://10.10.10.222:1724.
  With service started on 10.10.10.221 and 10.10.10.222, a client PC can hit website by using http://10.10.10.1.
  With step 2 above, connection count increasing on "service 10.10.10.221-1724" service.
  There is no activty on "service 10.10.10.222-1724"
  When we stop services on 10.10.10.221, client can no longer access web site using http://10.10.10.1.  In this situation, connection counter on "service 10.10.10.222-1724" increases with each attempt to access web site but the page on client machine times out.
  With service stopped on 10.10.10.221, client can access web site using server IP, http://10.10.10.222:1724
  Restarting service on 10.10.10.221 makes access to website usig http://10.10.10.1, load balancer IP.
  When capturing packets using wireshark, we see that the client machine sends re-transmission on "HTTP Get" and evantually times out.
  With behavior above, it is clear that the server at 10.10.10.222 is active.  What we cannot understand is why web site is inaccessible thru load balancer using http://10.10.10.1.
  Please help.
  Thanks,
  Paresh.

  Hi Paresh,
  To troubleshoot this, I would recommend doing a traffic capture on the server vlan to see what is really happening with the connection.
  One thing worth checking would be comparing the routing configured on both servers. If the traffic back from the server towards the client is not going through the CSS, the connection would fail, with the exact symptoms you are describing.
  Regards
  Daniel