WCCP load balancing

Similar Messages

• How to modify my wccp load-balance

  hi all
  I've two WAE in my core, 612 (10.99.100.95) and 674 (10.99.100.96)
  and 3750 stack is my core switch
  I configured wccp tcp-promiscuous router-list 1 l2-redirect l2-return mask-asign in both WAE
  and wccp load balance is work fine
  but in my environment ip subnet, like 10.10.10.0
  10.10.10.1 ~ 10.10.10.128 will load balance in WAE-612
  and 10.10.10.128 ~ 10.10.10.255 will load balance in WAE-674
  and I want to reverse it
  I try to change WAE ip address
  but it still haven't change
  anyone could help me ?
  thanks

  This isn't necessarily a problem.  WCCP uses a hash table of 256 buckets to distribute traffic across the devices in a service group.  When you have two devices in the service group, each one gets 50% of the buckets (i.e. WAE1 gets buckets 0-127 and WAE2 gets buckets 128-255).  When a device leaves the service group, the buckets it was allocated are reassigned to the remaining device in the service group.  When a device is added to the service group, it will get 50% of the buckets, but it's not guaranteed that it will get the same 50% it previously had.
  So in your case, when the 674 rejoined the service group, it's possible that it was allocated the buckets that the 612 was previously handling the 800 connections on.  This is normal behavior and not anything to be alarmed about.
  Regards,
  Zach

• WSA Load Balancing with WCCP

  Hi,
  We have 2 x WSA S670s that we wish to load balance across. The WSAs are running 7.5.1 and can only be in transparent mode. These are connected through WCCP to a pair of Nexus 7ks, running 6.1(3). We are seeing active/standby behaviour and we are expecting A/A. If we shut the port on the active WSA, the second WSA will begin proxing traffic. When we remove the shut command, the traffic will again go back to first WSA. Is this expected behaviour? We were expecting both WSA to handle traffic.
  Thanks

  This may be more of a Nexus question than a WSA question, but check this:    
       Go to Network>Transparent Redirection> Click on your Service Profile name
       Check "Load balance based on client address"
       Click on Advanced near the bottom.
       Set the Load-Balancing Select "Allow Mask Only" and try a custom mask of 0x1
  That should make it switch between WSA's based on whether the last bit in the client's IP is 1 or 0...
  There are some good comments in this thread:
  https://supportforums.cisco.com/thread/2109988
  Nexus want's "mask"
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_2/nx-os/unicast/configuration/guide/wccp.html#wp1278718

• Question on WCCPv2 - bucket assignment for WCCP2 load balancing

  Hello,
  I would like to know if any one has tried out running Cisco's WAAS/WAFS/WAE or
  Squid proxy as a cache cluster to leverage load balancing support in WCCPv2.
  I am trying to understand WCCP based transparent network redirection in a lab setup using squid cache's WCCP and Cisco routers only. When I tried with 2 proxies for load balancing, I see that the router *always* allocates buckets in the reverse order of the specified assignment - its confusing as its not mentioned in Cisco WCCP2 protocol drafts.
  In my case, the lead cache with the lowest IP specifies buckets 0-127 to itself and 128-255 to the other; but the router assigns buckets 0-127 to the second cache and 128-255 to lead cache.
  I have attached the ethereal trace. Can someone explain what is going wrong here?
  The issue was found in the following router versions:
  Cisco 3600, IOS 12.3(1a);
  Cisco 2600 IOS 12.3(9a);
  Cisco 2800 IOS 12.4(3d)
  Squid proxy:
  2.5
  WCCP status output - all the routers above show the same behavior.
  From the trace, 192,168.8.231 specifies bucket distribution as its the
  lead cache with a lower IP than 192.168.41.232.
  router#sh ip wccp 99 detail
  WCCP Cache-Engine information:
  Web Cache ID: 192.168.41.232
  Protocol Version: 2.0
  State: Usable
  Initial Hash Info: 00000000000000000000000000000000
  00000000000000000000000000000000
  Assigned Hash Info: 00000000000000000000000000000000 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  Hash Allotment: 128 (50.00%)
  Packets Redirected: 0
  Connect Time: 00:23:06
  Bypassed Packets
  Process: 0
  Fast: 0
  CEF: 0
  Web Cache ID: 192.168.8.231
  Protocol Version: 2.0
  State: Usable
  Initial Hash Info: 00000000000000000000000000000000
  00000000000000000000000000000000
  Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  00000000000000000000000000000000
  Hash Allotment: 128 (50.00%)
  Packets Redirected: 0
  Connect Time: 00:23:05
  Bypassed Packets
  Process: 0
  Fast: 0
  CEF: 0
  Thanks in advance.

  I'm not an expert of the details of wccp, but looks like the squid is not setting the bucket info correctly.
  From the draft [below], the first bit is the the A flag - for alternative hashing.
  And the alternative hashing is determined by another flag in the service info.
  So, why is Squid setting this bit ?
  I feel like they forgot to shift the index by 1 bit to the left.
  Bucket 0-255
  Contents of the Redirection Hash Table. The content of each bucket is a
  web-cache index value in the range 0-31. If set the A flag indicates
  that alternative hashing should be used for this web-cache. The value
  0xFF indicates no web-cache has been assigned to the bucket.
  0 1 2 3 4 5 6 7
  +-+-+-+-+-+-+-+-+
  | Index |A|
  +-+-+-+-+-+-+-+-+
  I'm double checking with a developpers for our cache, but I feel like this is the explanation.
  More info to come if I'm wrong.
  Gilles.

• Load balancing - WAAS

  Hi all,
  We got 2 x 674's in data center and use hash method for load balancing. Due to our IP address scheme, cisco's hash method puts most of the connections go to one WAE only. I know we can increase weight (currently 0) to get nearly 50-50 or 60-40 load balance, but i have no idea how to calculate the weight value. Currently it is 90-10 sharing! Any suggestions or doco is much appreciated.
  Regards
  Srini

  Hello Srini,
  If you're stick to hash (and cannot use mask for some reason), then you're correct, you can use weights.
  Couple of suggestions are there - https://supportforums.cisco.com/docs/DOC-21593#WCCP_best_practices_for_WAAS_deployment
  Make sure that weight factors for individual devices are greater thane 100 - that will ensure complete "bucket" coverage in case one of the devices is down (that is, the remaining device will get 100 % load then).
  When the sum of all weight factors is greater than 100, the specific percentage of buckets assigned to a specific WAAS device is the weight assigned to that WAAS device divided by the total weight and rounded up. Rounding up guarantees that each WAAS device will be assigned at least one bucket.
  p.s. Still mask assignment gives you a bit more flexibility of load-balancing between devices in WCCP farm - see http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/white_paper_c11-608042.html for recommended methods, depending on your HW (WCCP router/switch).
  HTH,
  Amir

• Load Balancing Two Different Waas Models

  Is it possible to deploy two waas devices having different models? Specifically WAVE-694-K9 and
  WAVE-7541-K9? Thanks

  Hi,
  I guess you questions is about having different WAAS models part of the same WCCP farm.
  If that is the case, it shouldn't be an issue at all.
  The only problem I would see with this is that if you have even load balancing, the less powerful device will be overloaded while there is still capacity on the other device
  If you run into this, you might try to play with the WCCP mask to achieve uneven load balancing based on the devices processing powers.
  Regards,
  Nicolas

• Error while selecting Load Balancing in JCO creation

  While creating JCO i am facing this error.It is working fine with Single server connection,but when i chose Load balancing i error comes out.Please tell me the solution.
  I have read couples of forum mentioned you need to start both Portal and ECC.
  For you information my Portal and Java are both on diffrrent Box.
  com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to message server host failed Connect_PM  TYPE=B MSHOST=olameccpdvr GROUP=PUBLIC R3NAME=DVR MSSERV=sapmsDVR PCS=1 LOCATION    CPIC (TCP/IP) on local host with Unicode ERROR       service 'sapmsDVR' unknown TIME        Thu Feb 24 12:19:54 201 RELEASE     701 COMPONENT   NI (network interface) VERSION     38 RC          -3 MODULE      nixxhsl.cpp LINE        776 DETAIL      NiHsLGetServNo: service name cached as unknown COUNTER     5

  Is your backend system configured correctly in your SLD ?
  Go to transaction SMMS on your backend system that your are connecting to. Click on Goto=>Parameters=>Display. Look for "server port" value.
  This should give you the TCP/IP port for your message server. It could be 3600 or 3601 (36NN - where NN is the instance number).
  In your services file, if you made the entry at the end of the file, press Enter (Return) after your entry.
  Try restarting your server after making the above changes.
  - Shanti

• Error in creation of JCO with Load balancing server

  Hi,
  We are using a ABAP user base for our WEBAS server 6.40 (with ABAP+JAVA). i have created a Public group in concerned ECC 5.0 system. I have already configured SLD, and then i maintain data supplier bridge in SLD and run RZ70 in ECC 5.0 system to load system information.. i can see details in SLD ..
  now i am trying to create JCO connections .. here i am unable to create JCO with load balancing option..  i get
  com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to message server host failed Connect_PM  TYPE=B MSHOST=<servername> GROUP=PUBLIC R3NAME=SID MSSERV=sapms<SID> PCS=1 ERROR       service 'sapms<SID>' unknown TIME        Fri Jun 16 12:41:20 2006 RELEASE     640 COMPONENT   NI (network interface) VERSION     37 RC          -3 MODULE      ninti.c LINE        505 DETAIL      NiPGetServByName2: service 'sapms<SID>' not found SYSTEM CALL getservbyname_r COUNTER     1
  i am able to create single server JCO, but it fails in load balancing.. is there anything i have  missed out in settings...
  Thanks and regards,
  Sudhir

  Thanks, Bogdan Rokosa
  I have the same problem,and solved it following the steps provided by Bogdan Rokosa  :
  you must insert an entry for your R3 system
  (like: sapms<SID> 3600/tcp)
  in services file
  (C:\WINDOWS\system32\drivers\etc\services) on Java WAS.
  I test the Jco successful without restart J2EE Engine.

• ISE 1.2 - Multiple NICs/Load Balancing for DHCP Probe

  Hello guys
  Just prepping an ISE 1.2 patch 8 setup in our organization. I am going for the virtual appliances with multiple NICs. It will be a distributed deployment with 4 x PSNs behind a load balancer and there is no requirement for wireless or guest user at the moment. I've got 2 points I will like to get some guidance on:
  Our DC has a dedicated mgmt network and I plan to IP the gig0 interface of the PANs, MNTs and PSNs from this subnet. All device admin, clustering, config replication, etc will be over this interface. However, RADIUS/probe/other user traffic to the ISE PSNs will be over the gig1 interface which will be addressed from another L3 network. Is this a supported configuration in ISE?
  I intend to use the DHCP probe as part of device profiling and will ideally like to have just an additional ip helper to add to our switch SVI config. Also, it will appear that WLCs can only be configured for 2 DHCP servers for a given network so another consideration for when we bringing our WLAN in scope. We however use ACE load balancers within our DC and from what I have read, they do not support DHCP load balancing. Are there any workarounds to using the DHCP probe with multiple PSNs without having to add each node as an ip helper/DHCP server on the NADs?
  Thanks in advance
  Sayre

  Hello Sayre-
  For Question #1:
  Management is restricted to GigabitEthernet 0 and that cannot be changed so you should be good there
  You can configure Radius and Profiling to be enabled on other interfaces
  Even though you are not using guest services yet, you can dedicate an interface just for that. As a result, you can separate guest traffic completely from your production network
  Take a look at this link for more info:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html
  For Question #2
  If you are using a Cisco WLC and running code 7.4 and newer you don't need to mess with the IP helper configurations. 
  The controller can be configured to act as a collector for client profiling and interact with the DHCP thread along with the RADIUS accounting task that is running on the controller. The controller receives a copy of the DHCP request packet sent from the DHCP thread and parses the DHCP packet for two options:
  –Option 12—HostName of the client
  –Option 60—The Vendor Class Identifier
  After this information is gathered from the DHCP_REQUEST packet, a message is formed by the controller with these option fields and is sent to the RADIUS accounting thread, which is in turn transmitted to the ISE in the form of an interim accounting message.
  Both DHCP and HTTP profiling settings are located under the "Advanced" configuration tab in the WLC
  On the other hand, you can also use Anycast for profiling. You can check out some of Cisco Live's sessions for more info on that. Here is one that is from a couple of years (There are more recent ones that are available as well):
  http://www.alcatron.net/Cisco%20Live%202013%20Melbourne/Cisco%20Live%20Content/Security/BRKSEC-3040%20%20Advanced%20ISE%20and%20Secure%20Access%20Deployment.pdf
  I hope this helps!
  Thank you for rating helpful posts!

• SAP GLM Print Request - Load Balancing of WWI server

  Hi GLM Experts,
  I am using new GLM + module that generates labels based on Print Requests. I am unable to understand how I can load balance the WWI services when there are multiple label printing requests.
  In GLM + we associate a WWI to a Print Station and which can then be associated with a printer. So in the configuration we are tying up a printer a WWI.
  Also during label printing, if the scenario uses print request module, then the use need to select a print station and printer. What happens if the WWI related to the print station is down?
  For example I have two services in WWI server GENPC1 and GENPC2. I created WWII and WWI2 as two print stations. I will associate my printer PRNWWI to both the print stations WWI1 and WWI2.
  During label printing if the user picks and WWI1 and Printer PDNWWI and if the GENPC1 WWI server assocaited with print status WWI1 is busy and down I want WWI GENPC2 to generate the label?
  How to setup the above load balancing or fall back? Please let me know.
  Thanks
  Pugal

  Dear Pugal
  we are not using GLM + and I am not sure about the technqiue used there to handle load balancing. Regarding general WWI setup I assume you know this Note: EH&amp;amp;S: Availability and performance of WWI and Expert servers
  On the top there is a further SAP Note abvailable which might be of interest. This is referenced here:
  http://de.scribd.com/doc/191576739/011000358700000861002013-e
  May be check OSS note: 1958655; OSS Note 1155294 is more related to normal WWI stuff; but may be check it as well. May be 1934253 might help better
  May be this might help.
  C.B.
  PS: may be check as well: consolut - EHS_MD_140_01 - EH&amp;amp;S-Management-Server einrichten
  The load balancing of synchron WWi servers is donein the "RFC" layer, therefore you have no inffluence here, for asynchron WWI servers you can do a lot to manage the WWI load balancing by using "exits" etc.

• APEX SSO and Load balancing: Could not determine workspace for application

  We had a single HTTP Server serving APEX in a 10.2.0.2 database configured with SSO to be used by the developers. APEX has been registered as a partner application and the login url has been CA Siteminder protected so that the SM_USER details are forwarded in the header for the application to use for authorization. Everything is fine so far.
  Now we have added a HTTP Server on another host and have it all set up for APEX and its pointing to the same database. APEX_ADMIN access works as normal, but applications previously using SSO now get the following error after entering the URL.
  Expecting p_company or wwv_flow_company cookie to contain security group id of application owner.
  Error ERR-7620 Could not determine workspace for application ().
  Using HTTP Watch I find that the application is not even trying to redirect to the login page.
  What is wrong here?

  APEX has been registered as a partner application as described in
  http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
  In the meantime I found metalink document 368746.1 which describes the cause of this problem. Please read carefully what I wrote, it all works when the the new APEX web server is turned off in the server farm on the load balancer and directed through the original web server. When running regapp.sql the hostname in the listener token was using the virtual hostname. This works fine if the request comes from the original APEX server which proofs that there is nothing wrong with the installation and set up of SSO. When directing the request to the new APEX web server the APEX_ADMIN page still works only existing work spaces using SSO don't seems to work anymore resulting in a error as described in the subject.
  As for metalink document 368746.1 naming the causes of this error:
  - there are no duplicate entries in WWSEC_ENABLER_CONFIG_INFO$
  -LISTENER_TOKEN clearly works for requests coming from the first web server
  -theoretically the web server listener port could be changed from 7777, but port 80 needs to be maintained here as production is mimiced as far down as possible.
  Is there some cache table which can be cleared? How is it that the flows schema (apex engine) can not find the work space when the request comes from a new web server which can however access the APEX_ADMIN pages.
  anyone?

• SSO with SAP R/3 with load balancing as backend over the Web AS

  Hi,
  we have Netweaver 2004 at this time and we have to connect the portal to a BSP application in a load balancing environment.
  We set user mapping for the user and set the connection type from SAPLOGONTICKET to UIDPW. This is running for a test environment with only one R/3 system without load balancing.
  Does anyone know the setting parameters for a load balancing environment (ok, the message server and...?).
  Thank you.
  Best regards
  Patrizia

  Hi all,
  run into the same problem. Setting up a mapping with UIDPW in a non load balanced WEB-AS enviroment for BSP or Webdynpro for ABAP works fine. But if I go to set it up in a balanced system I can see the following behavior. The http request is send to the messageserver. This request enclosed my mapped user and password. The messageserver responds with an HTTP 301 wich contains one of my applicationservers, so far so good. The client sends a new request to the mentioned applicationserver but this time without the UIDPW. So the user will not be logged in.
  I was wondering if my backend have to issue logonticket too, cause today it only accept tickets from the portal.
  Is this is a bug or a feature?
  Regards,
  Bernd

• How to change the OraSSO login link in webcache/load balance

  Hi
  we have 10gAsR1 installed as a Portal instance. We have 6-server
  load balancer => webcache as loadbalancer (listening port 80)
  Wb ch1 and wb ch2 => webcache (listening port 7777)
  portal1 and portal2 => Portal listening 7778
  infra =>Infrastruture with repository Portal/Oracle SSO (listening 7777)
  This set up is working fine for our intranet setup, now we need to open this for couple of external clients. Well initially we need to open on the load balancer server on port 80 for external team to access, it works fine when we make it publc access.
  Now when we need to make it SSO (siteminder) enables, when users click on login link it first goes oracle sso then it internally redirects the page to site minder sso.
  Well, I have noted that the sso server details are mentioned in global setting sso/oid details. Since we need to open this for external client we have to add a DNS entry for this so that we can allow its access over firewall..
  Now I have made DNS name change at my infrserver level, now I need to update the change at the load balancer server (where wheb chache is running).
  Any one know how to chang the URL at load balancer.
  I am struck at this point please suggest how should i proceed..
  Thanks,

  Extract from Personalization Guide - Page Footer - Personalization Considerations
  * If you wish to personalize the URL that points to the Privacy Statement for a page that displays a standard Copyright and Privacy (that is, its Auto Footer property is set to true), set the Scope to OA Footer, in the Choose Personalization Context page of the Personalization UI.
  * If you wish to personalize the URL that points to the Privacy Statement for a page that displays a custom Copyright and Privacy (that is, its Auto Footer property is set to false), set the Scope to Page in the Choose Personalization Context page of the Personalization UI. In the following Page Hierarchy Personalization page , identify and personalize the Privacy page element.

• DS to BW load balancing

  Dear all,
  I have a doubt regarding load balancing in PRD. Our team is loading data through DS 12.2.2.3 to SAP BW Master / transaction Infosources.
  SAP BW system has five Application Servers / instances to balance the load. BW target data store is configured to connect to the Central Instance of SAP BW.
  Since we are connected to the Central instance / application server of BW system from DS, will BW system be able to balance the load across multiple instances?
  Since BW Server has multiple instances to balance the load, is there any way we can utilise these BW multiple instances from Data Services?
  Can you share your thoughts on this? Appreciate your responses.
  Regards,
  Suneer.

  Hi Suneer,
  There are several ways how DS and BW can interact, so it might depend on what scenario you are using.
  I can think of the following scenario's:
  1. A DS job is executed from admin console and loads into a BW target datasource.
  This should use any available server, according to load balancing settings. It is not possible to force the process to use a specific server.
  2. A process chain starts an infopackage, which in turn starts a DS job
  BW will use the server chosen at the time of scheduling, if everything is configured correctly and scheduled correctly it will use any avaialble server conform load balancing settings. You can set this to run on a specific server (but I would only recommend this in very special circumstances).
  3. DS triggers a process chain
  Again, BW will use the settings on the process chain.
  4. BW runs an execution command, which starts a DS job
  Well, this is not a relevant scenario as it does not update anything on BW - unless the execution command then runs a job which loads data into BW, which is described in scenario 1.
  I hope this makes sense. Let me know if you have any other scenario's or concerns.
  Can I just ask why you are concerned about this load balancing? I have not have load balancing problems with DS/BW but I have had plenty of problems around concurrent use of the RFC connection between DS/BW. 'Multithreading' was not supported until 12.2.3.2 and you mentioned you run on 12.2.2.3, so potentially this is a problem for you.
  Jan.

• Does ADFS work with SharePoint 2013 with WFEs SSL-offloaded to a F5 load balancer?

  Currently we are implementing a SharePoint 2013 Production environment with 2 WFEs load-balanced by F5.  SSL is offloaded to F5 and is currently working fine with Integrated Windows Authentication with NTLM.  We would like to implement ADFS 3.0
  later for Single Sign-on, and we are wondering if ADFS supports SSL offload.  
  Do we need to bind the certificate to the WFEs as well to use ADFS?  
  Thank you!

  Just got it confirmed that ADFS supports SSL offload.  There is no direct communication between SharePoint and ADFS server during the authentication process.  It is always the browser that's talking to ADFS server. We just need to do the following:
  Configure SharePoint URLs in ADFS as replying parties with https.
  Configure AAM in SharePoint to make sure internal URL is http and public URL is https.