Using a single CSS to load balance multiple services
Is it possible to use a single CSS to load balance 3 different services (server farm) ? That mean the CSS need to advertise 3 VIP
I'm thinking of two scenarios:
1 - configure the CSS to use 4 interfaces: 1 to public, 3 to private (each interface will plug-in to a different vlan/server farm)
2 - configure the CSS to use 2 interfaces: 1 to public, 1 to private (all 3 server farms are in the same vlan)
Will both scenarios work ?
Thanks
--Phillip.
Hi Phillip,
both scenarios will work. One CSS can certainly manage more than 3 services! You can even use just one VIP for all traffic, then just create the proper rules to send specific traffic to the corresponding service(s). No need for 3 VIPs.
Regards
-juerg
Similar Messages
-
Using a single HeaderHandler of JaxWS for multiple services
Hi,
In our application,we are using 3 different services.The authentication credentials are different for each one of them.So,we have created 3 different Headerhandlers for each one of them.
I wish to know if it is possible to have a single HeaderHandler for all 3 services.Please let me know if we can set the username/password in Headerhandler at runtime.
I am not able to pass the parameters in handleMessage(SOAPMessageContext smc).
Please suggest.Hi Phillip,
both scenarios will work. One CSS can certainly manage more than 3 services! You can even use just one VIP for all traffic, then just create the proper rules to send specific traffic to the corresponding service(s). No need for 3 VIPs.
Regards
-juerg -
Load balance multiple URLs on single VIP
Hello,
I have a fairly typical load balance configuration on a pair of ACE appliances running (A3)2.5 and now I need to load balance multiple URIs to these same servers on port 80 to the one VIP. Can someone direct me to a doc that shows a good example of this, or explain it below?
Thanks,
Dave
serverfarm host application
rserver webserver1 80
probe server-80-PROBE
inservice
rserver webserver2 80
probe server-80-PROBE
inservice
sticky ip-netmask 255.255.255.255 address source application-80-STICKY
replicate sticky
serverfarm application
class-map match-all application-80-CLASS
2 match virtual-address 1.1.1.1.1 tcp eq www
policy-map type loadbalance first-match application-80-POLICY
class class-default
sticky-serverfarm application-80-STICKY
insert-http X-Forwarded-For header-value "%is"
class application-80-CLASS
loadbalance vip inservice
loadbalance policy application-80-POLICY
loadbalance vip icmp-reply
nat dynamic 22 vlan 424
appl-parameter http advanced-options CASE_PARAMSean,
Maybe a little confused.
I have built the new serverfarm, policy-map and class-map in bold, I am just not sure how it gets referenced. Do I add it to the multi-match class statement? My complete config for this particular app is below.
Thanks,
Dave
serverfarm host application-80
rserver server1 80
probe server-80-PROBE
inservice
rserver server2 80
probe server-80-PROBE
inservice
serverfarm host application-L7
rserve rserver1 80
probe server-80-PROBE
inservice
rserver server2 80
probe server-80-PROBE
inservice
class-map match-all application-80-CLASS
2 match virtual-address 1.1.1.1 tcp eq www
class-map type http loadbalance match-any application-L7-CLASS
3 match http url /uri1/
4 match http url /uri2/uri2
5 match http url /uri2/uri3.htm
policy-map type loadbalance first-match application-80-POLICY
class class-default
sticky-serverfarm application-80-STICKY
insert-http X-Forwarded-For header-value "%is"
policy-map type loadbalance first-match application-L7-POLICY
class application-L7-CLASS
serverfarm application-L7
policy-map multi-match POLICY-424
class application-80-CLASS
loadbalance vip inservice
loadbalance policy application-80-POLICY
loadbalance vip icmp-reply
nat dynamic 22 vlan 424
appl-parameter http advanced-options CASE_PARAM -
Load balancing multiple J2ee servers - each running it's own CI
Is it possible to load balance multiple J2ee servers(running Portal), both running it's own Central Instance?
We do not have the resources (SAN storage) to implement MSCS for Portal...so instead we want to use two complete Portal servers HW load balanced with the ability to keep running in case one fails.
thanks for any info !
LinwoodHi Linwood,
in a nutshell, the difference between an ordinary J2EE server instance and the central instance are the central services. The central services (enqueue server, message server) are only needed once. Basically, they are required for the communication between the server instances (and to the load balancer). What you should go for is a cluster installation with one central instance and another ordinary server instance (both running the SAP NetWeaver Portal). But be aware that you have to use the same database for both server instances (otherwise you cannot guarantee consistent data).
For load balancing the two server you can use the SAP Web Dispatcher or any other load balancer tool you like.
You will find more and detailed information on load balancing in the SAP Library. Have a look into section <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/2e/611724f410254ca12a3f396ec5ae85/frameset.htm">Java Cluster Architecture</a>.
Hope I could help!
Best regards,
Martin -
CSS 11503 Load Balancing Verification
Alright, so I have toiled long and hard to get this right. I think I have the config down but I am unsure on how to verify how this load balancing is working.
Here is the Content Config that I am speaking of:
content cad-rule
add service wls1-e0
add service wls1-e1
add service wls2-e0
add service wls2-e1
add service wls3-e0
add service wls3-e1
add service wls4-e0
add service wls4-e1
add service wls5-e0
add service wls5-e1
add service wls6-e0
add service wls6-e1
arrowpoint-cookie expiration 00:00:15:00
advanced-balance arrowpoint-cookie
redundant-index 2
vip address 172.30.194.195 range 2
arrowpoint-cookie name TOQ
protocol tcp
port 8001
url "/*"
active
Each service in the rule above is configured as follows:
service wls1-e1
port 8001
protocol tcp
strin ags001-e1
ip address 172.30.193.81
keepalive type http
keepalive uri "/cad/index.html"
redundant-index 12
keepalive frequency 20
keepalive maxfailure 10
keepalive retryperiod 2
active
I am using the advanced arrowpoint cookies because I need some stickiness here. Straight round-robin would not have done what I needed it to do.
Now, when I go to my show summary, this is what I see for this rule:
cad-rule Master wls1-e0 84274
wls1-e1 13144
wls2-e0 96884
wls2-e1 26374
wls3-e0 71145
wls3-e1 16592
wls4-e0 76403
wls4-e1 8657
wls5-e0 118623
wls5-e1 22760
wls6-e0 30836
wls6-e1 20464
The far right column indicates the services hits. I originally had the E1's suspended and activated them later on. So if this was true round robin, all the E0's should have the same number of service hits and all the E1's should have the same number of service hits. But as you can see, the wls5 server is getting hit the most while the wls6 server is sitting there twiddling its thumbs.
Now understanding how the arrowpoint cookies do their load balancing (inserting a cooking into the flow and then timing out after 15 mins as configured above) I would not expect a 1:1 ratio of load balancing between servers. But the distribution above seems rather extreme.
Does anyone have any suggestions on how to both A) verify that this is the right config and B) suggest to my boss that this is working the way it should be working?
Thanks!
JamesHi James,
There are several reasons of the uneven load balancing that you are seeing (based on the show summary). First
of all, the CSS is configured to do stickiness (advance-balance).
With arrowpoint-cookies (for HTTP only) method for stickiness, only the requests coming with the same cookie
are going to get stuck to the same server, since the cookie is
lost when the browser is closed (or based on the expiration), then the stickiness is going to be session
based and if the same client open a new session is going to be load balanced.
Is important to understand that when using stickiness, no real even load balancing is
going to happen since we are sticking new flows to the same server; even when layer 5 stickiness would
permit more even balancing than layer 3 stickiness (source IP based).
Also consider that the "show summary" is a command to see the hits (requests) being balanced to an specific
server, this is a good command to see the load balancing, anyway since the CSS balance
connections (flows), a persistent connection could have a lot of requests, so all those requests are
always going to the same server (incrementing the amount of hits in the counter) while a non-persistent
connection would be just one request (refer to HTTP persistence).
Also keep in mind that if a service is take out for maintenance, or is added to the load balancing later
than another, or if goes down for a period of time, then the CSS will be balancing among the remaining alive
servers. When you add the server again, the another servers are going to have connections
already established, so since the CSS is doing round robin, the server last added will
never have the same amount of connections (nor hits) that the other ones, because while one could
have 55 for example, the new one will have it first connection, and when the first one
gets the 56, the another will get the second, and so on.
Please let me know if this makes any sense.
Diego M -
Does anyone have a recommended network, hardware and software configuration guide for a Portal installation running with multiple gateways load balanced (ie one URL) that talk to multiple servers?
David,
We've used Resonate (software) to load balance the gateways. It allows
you to group all the gateways under 1 virtual URL and load balance the
incoming connections over each gateway depending on the rules that you
define in Resonate. Look in the SUN portal whitepapers there is one that
talks about it specifically.
As far as load balancing the calls to the portals, the gateways will
automatically load balance across all the portals that they know about
using a simple round-robin rotation. You may be able to use Resonate in
front of the portals but you may need to activate persistance within
Resonate to ensure that the user always ends up on the portal that he
established his initial connection on (if you want that), check with Sun
on this one.
David Broeren wrote:
Recommended configuration for load balanced Portal with load balancer,
multiple gateways and multiple servers.
Does anyone have a recommended network, hardware and software
configuration guide for a Portal installation running with multiple
gateways load balanced (ie one URL) that talk to multiple servers?
Try our New Web Based Forum at http://softwareforum.sun.com
Includes Access to our Product Knowledge Base! -
ARFC: Single Server and Load Balancing
Hi All,
I am trying to create aRFC model. In SAP logon screen, I can see two tab pages - Single Server and Load Balancing.
Can you please let me know when we have to use which tab?
Thanks
TGSingle Server Connect or Load Balancing connect is completely independend from the location where SAP Gui Client is installed.
Single Server connect means that your are directly connecting to an ABAP Server using hostname and systemnumber you have to provide.
Load Balancing Connect means that you specify the message server of the central instance of an ABAP Server group. The SAPGUI first connects to the message server which will provide the SAPGUI with the information about the best performing ABAP server. SAPGUI will then connect to this ABAP server.
Single Server is suitable for small landscapes with lets say less than 4 application servers. In huger configurations (and those which I know will grow to more than 3 servers)I would prefer to use logon groups - aka Load Balancing.
Peter -
Question about Load Balance SFTP service by using CSS1150X
Does anyone come across of load balancing SFTP service by using CSS1150X? Typically by configuring CSS1150X to load balance FTP service, the configuration will as follow:
content ftp_rule
vip address 192.168.3.6
protocol tcp
port 21
application ftp-control
add service serv1
add service serv2
add service serv3
active
group ftp_group
vip address 192.168.3.6
add service serv1
add service serv2
add service serv3
active
However, for my personal understanding and knowledge, I will configure my CSS1150X as follow to load balance SFTP service:
content sftp_rule
vip address 192.168.3.6
protocol tcp
port 22 //Change 21 to 22
application ftp-control
add service serv1
add service serv2
add service serv3
active
group sftp_group
vip address 192.168.3.6
add service serv1
add service serv2
add service serv3
active
My question is, "application ftp-control" in content "ftp_rule" is still applicable to SFTP or not?I believe application ftp-control would not be used for sftp.
This might cause the session to get dropped when there is no data channel created and cause issues with long connections.
Hope it helps!! -
Using ACE for proxy server load balancing
Hello groups,
I wanted to know your experiences of using ACE for proxy server load balancing.
I want to load balance to a pool of proxy servers. Note: load-balancing should be based on the HTTP URL (i can't use source or dest. ip address) so that
a certain domain always gets "cached/forwarded" to the same proxy server. I don't really want to put matching
criteria in the configuration (such as /a* to S1, /b* to S2, /c* to S3,etc..), but have this hash calculated automatically.
Can the ACE compute its own hash based on the number of "online" proxy servers ? ie. when 4 servers are online, distribute domains between 1,2,3,4 evenly.
Should server 4 fail, recalculate hash so that the load of S4 gets distributed across the other 3 evenly. Also load-balancing domains of S1 ,S2 and S3 should not change if S4 fails.....
regards,
GeertThis is done with the following predictor command:
Scimitar1/Admin# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Scimitar1/Admin(config)# serverfarm Proxy
Scimitar1/Admin(config-sfarm-host)# predictor hash ?
address Configure 'hash address' Predictor algorithms
content Configure 'hash http content' Predictor algorithms
cookie Configure 'hash cookie' Predictor algorithms
header Configure 'hash header' Predictor algorithm
layer4-payload Configure 'hash layer4-payload' Predictor algorithms
url Configure 'hash url' Predictor algorithm
Scimitar1/Admin(config-sfarm-host)# predictor hash url
It does hash the url and the result takes into account the number of active proxies dynamically.
This command has been designed for this kind of scenario that you describe.
Gilles. -
CSS11501 load-balancing IPv6 services
Hi,
I'm new to content networking and load-balancing.
I am setting up a new nameserver network site and have the following equipment:
- Cisco 2811
- Cicso CSS11501
- Cisco Catalyst 2960
This site will have 2 nameservers which I want to load-balance behind the CSS11501. The network will be setup like this:
Internet
|
Cisco 2811
|
CSS11501
|
Cisco 2960
|
Nameservers 1 & 2
The CSS11501 will be in routed mode and will have a publicly addressed VIP (eg, 203.x.x.x) for the DNS service and the name servers will be privately addressed (eg, 10.x.x.10 & 10.x.x.11). I'm hoping this will work fine and serve the requested IPv4 DNS requests.
I would like the nameservers to also operate on IPv6 and serve out IPv6 DNS requests but am not sure the CSS11501 can perform IPv6 service load-balancing.
My question is, does the CSS11501 support IPv6, load-balancing IPv6 service requests?
Thanks in advance.
Richard.Gilles,
Thanks for the reply.
On another site I was looking at rolling out a Catalyst 6500 CSM module to do the exact same thing as the site I have the CSS11501's at, but it too does not support IPv6 from all I could find. Does the ACE provide all the functionality of the CSM plus IPv6?
Thanks.
Richard. -
Load balancing multiple SSO mid-tier with single SSO database
I want to load balance SSO middle tier servers and have them access a single SSO database. When you install infrastructure and select SSO only it creates a new infrastructure database. How can I install multiple SSO servers and point them to a single database. I am doing Load Balancing with F5 and read an Oracle WP where they mentioned an Oracle supported configuration where they load balanced SSO servers with F5.
KBTwo possible solutions:
1.) Oracle 10gAS Enterprise Deployment Guide (B13998-03) follow the configuration for SSO configuration in Chapter 5.
2.) I have not tried this but it should be logically possible with the SSO. 10gAS Administrators guide (B13995-05) Part III Advanced Administration. The success of this method assumes you have OID and SSO each installed in separate homes. You would be cloning the SSO home to another box as if it were a middle tier (it is still part of the infrastructure) then re-configuring it on the new box.
Personally solution 1 is the best method. We are using F5 Big-IP with this configuration and it is working great.
Hope this helps! -
CSS 11050 Load Balancing with Single VLAN (no NAT)
We have several CSS 11050's in use on our network, cheifly for load-balancing web servers. In a test network I've set up, I've configured our test servers' IP addresses and our load-balanced IP address to be on the same subnet. This way our developers can easily check both single servers as well as the LB configuration. This got me thinking...
All the config documentation I've seen on the CSS seems to assume that you are putting the VIP for the content rule on a different VLAN than the IPs for the services. Is there any particular need for this? I'm in the process of setting up another network that will have its services NATed behind a PIX. There are some services (WWW) that I want load balanced and some services (passive FTP with one server) where there's really no need. Would I do any harm by putting the content rules' VIPs on the same subnet as the servers themselves? I can still plug the servers into the other ports on the CSS so that I'm not really doing a "one-arm" configuration.
-Mark RomerYou shouldn't have any problem doing this. In addition to load balancing web servers we've also balanced terminal servers that are configured to be accessed by remote users through VPN connections. Because we have over 90 remote locations, I didn't want the services and the VIP addresses to be on different VLAN's because I'd have to reconfigure the routers in all the remote locations. I was in the same position you're in, all the documentation indicated different VLAN's but I thought it would be a worth a try. Everything works perfectly...
Cody Rowland -
CSS10500 Load Balancing Multiple Hosts
Hello,
I have a CSS10500 switch and i would like to load balance the connections to a couple of hosts. My setup (roughly) is as follows
int e1-RTR1-------->int e2-Host1
-------->int e3-Host2
and
int e5-RTR2------>int e6-Host1
------>int e7-Host2
How can i assing different interfaces to the two sets of hosts??? I want all ports (0-65535 and tcp/udp) to go to both sets. I made a circuit vlan 1 and assigned it an ip address but i cannot make a circuit vlan 2 and when i assign multiple addresses to vlan1 i cannot somehow assign interfaces to each ip.
Is there anything i can do??
Sorry for all the fuss i am new to the CSS concept.Let's start with the basic
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a008009438d.shtml
If you can't make it work, get back to us with whatever you have configured.
Verify that you can ping the CSS from the router and the server.
Gilles. -
What's the best way to load balance multiple protocols on one vserver?
Hi,
We have a CSM blade on a 6513, in bridge mode. I'm just wondering what is the best way to serve HTTP and HTTPS (or any two or more ports) from the same group of servers. As I see it, we have two options:
1. Don't set a port on the vserver, so it is load balancing "any" or "tcp". This is easy but I want to be sure there isn't a downside to this, other than the obvious security issue.
2. Create multiple vservers and point them at the same serverfarm. I tried this and I got some odd results with the health checks.
Any ideas? Thanks a lot.you listed the only 2 options available.
The advantage of solution #2 is that you can apply specific config for each protocol ie: for HTTP you can turn 'persistent rebalance' if needed.
If you want to use specific probes [not icmp], it is also a good practice to create a different serverfarm for each protocol.
Like this, if the HTTP service goes down but not the server, you can still have other protocols loadbalanced.
Regards,
Gilles.
Thanks for rating this answer. -
Hello,
We have a CSS 11503 with the following partial config
==================
service 10.10.10.221-1724
ip address 10.10.10.1
keepalive type tcp
port 1724
keepalive port 1724
active
service 10.10.10.222-1724
ip address 10.10.10.1
keepalive type tcp
keepalive port 1724
port 1724
string string1
active
content 10.10.10.1-80-website
vip address 10.10.10.1
no persistent
advanced-balance arrowpoint-cookie
add service 10.10.10.221-1724
add service 10.10.10.222-1724
port 80
protocol tcp
url "/*"
active
============================
There is connectivity from CSS to both IP's, 10.10.10.221 and 10.10.10.222. Problem we face is as following:
A client can hit web site on both servers by going to http://10.10.10.221:1724 and http://10.10.10.222:1724.
With service started on 10.10.10.221 and 10.10.10.222, a client PC can hit website by using http://10.10.10.1.
With step 2 above, connection count increasing on "service 10.10.10.221-1724" service.
There is no activty on "service 10.10.10.222-1724"
When we stop services on 10.10.10.221, client can no longer access web site using http://10.10.10.1. In this situation, connection counter on "service 10.10.10.222-1724" increases with each attempt to access web site but the page on client machine times out.
With service stopped on 10.10.10.221, client can access web site using server IP, http://10.10.10.222:1724
Restarting service on 10.10.10.221 makes access to website usig http://10.10.10.1, load balancer IP.
When capturing packets using wireshark, we see that the client machine sends re-transmission on "HTTP Get" and evantually times out.
With behavior above, it is clear that the server at 10.10.10.222 is active. What we cannot understand is why web site is inaccessible thru load balancer using http://10.10.10.1.
Please help.
Thanks,
Paresh.Hi Paresh,
To troubleshoot this, I would recommend doing a traffic capture on the server vlan to see what is really happening with the connection.
One thing worth checking would be comparing the routing configured on both servers. If the traffic back from the server towards the client is not going through the CSS, the connection would fail, with the exact symptoms you are describing.
Regards
Daniel
Maybe you are looking for
-
13 Inch Macbook Pro Logic Board Failure
I've my 13 inch macbook pro (mid 2010) working fine till last week and all of a sudden it gone off while i'am working with it. When i tried it it switch it on, it is not coming up back. No response at all, when i press the power button even the breth
-
Forming a report query dynamically with the value of an item
Hi Gurus, We wanted to create a report based on the value of an item in the page. For example There is a text box named p1_table depending on the value of this item the query of the report should change 1) when p1_table = emp then report query should
-
Hi All, I am designing a schema using XML Spy tool. I need node elements like "Contact Person", "Other Information" etc. - which have a blank space between the words forming the element name. The XML Spy tool is not allowing a blank in between the wo
-
Howto: Iterate ADF BC from a managed bean from the View?
Hi Everyone, I've been trying to iterate a BC ADF object from a managed bean from the view layer. Here is what I have done so far, but I don't seem to get any records: In faces-config.xml, I am passing in the BindingContext to the managed bean. (This
-
Getting error in sso from ep to r/3 system
Hi, I configured SSO from EP to R/3 system.When iam checking SSO through System Administration-Support- SAP Application-- SAP system by alias in the drop list menu. Enter a transaction in the Transaction code field. Choose the Go button--then it o