Cisco Application :: CSS 11503 Session Stickiness Configuration

Sep 17, 2012

I only have configured load balancing on apache with a very simple setup. I have to deploy 2 applications on my clients environment that run inside jboss. One of these applications needs session to be sticky to work properly. The other does not.
 
In apache I can configure is the sticky parameter is true or false, based on the url, like /appA/* is sticky and /appB/* is not sticky. Can I do that in a CSS 11503? My client insists that it is impossible. That the CSS is only ip based.
 
I copied the configuration below from the manual: owner arrowpoint # content ruleWapSticky

View 14 Replies


ADVERTISEMENT

Cisco Application :: 11503 - Stickiness Not Working Fine Without Clearing Session Manually

Sep 11, 2012

We have a pair of CSS 11503 installed in our DC. Stickiness is configured for one of the application since long back and was working pretty fine till last couple of months. Since last two months, we observed that CSS is not distributing sessions the way it suppose to be. Mostly, it forwards the session to same server even though request is coming from different sources. Once we refresh the sessions manually, it starts working fine. We have to do this exercise manually every alternate day.

View 1 Replies View Related

Cisco Application :: CSS 11503 Ether-channel Configuration For Redundant Server Link

Jun 18, 2011

I have already raised this discussion on "LAN, Switching and Routing" group. But I guess this is the right group for my queries. So I am sending my queries in this group again.
 
We are using CSS 11503 with one 16FE line card. We have connected 3 servers with redundant link. So FE1-2 in Server1, FE 3-4 in Server2 and FE5-6 in Server3. Our system team has configured APA in their servers as they are using HP-Ux.
 
1) Do we need to do any configuration at line card.

2) Do we need to do ether-channel at loadbalancer end. if yes, can you share me any cisco doc on how to do it.

View 1 Replies View Related

Cisco Application :: ACE 4710 Cookie Based Stickiness

Jul 23, 2012

We have ACE 4710, It is configured with IP based stickiness and working fine for a web application server (BMC Remedy). We tried configuring cookie based stickiness for the same server. Server application is having JSESSIONID.But after configuring cookie based stickiness, there is an issue that the first page is coming for entering login credentials and after entering it the page is blank or not responding.  What is the pre-requirement for configuring cookie based stickiness in ACE for BMC Remedy web application and which type of cookie based stickiness is suitable or possible?

View 8 Replies View Related

Cisco Application :: Does CSS 11500 Support Stickiness Based On Source IP

Oct 29, 2012

i don't know why cu need this feature, he want stickiness based on source ip and source port.  Does CSS 11500 support stickiness based on source IP and source port?or is there any other method to support stickness based on source ip and sourceport?

View 12 Replies View Related

Cisco Application :: ACE20 / Configuring Timeout For IP Address Stickiness

Jan 18, 2012

We are using an ACE20 module running version A2(3.2).I have a question regarding IP stickyness and the timeout parameter.I found this in the "Server load balancing configuration guide" (in a section entitled: "Configuring a Timeout for IP Address Stickiness"):
 
"The sticky timeout specifies the period of time that the ACE keeps (if possible) the IP address sticky information for a client connection in the sticky table after the latest client connection terminates. The ACE resets the sticky timer for a specific sticky-table entry each time that the module opens a new connection or receives a new HTTP GET on an existing connection that matches that entry."
 
The parts in bold seem to point to the fact that the timeout is an "inactivity timeout" as the counter is reset on every new connection.The next section in the documentation is entitled: "Enabling an IP Address Sticky Timeout to Override Active Connections" and says:
 
"By default, the ACE ages out a sticky table entry when the timeout for that entry expires and no active connections matching that entry exist. To specify that the ACE time out IP address sticky table entries even if active connections exist after the sticky timer expires, use the timeout activeconns command."
 
This seems to contradict the previous statement.So my question is: is the IP stickyness timeout an "inactivity timeout" or not?

View 1 Replies View Related

Cisco Application :: XFF On CSS 11503?

Aug 1, 2011

Is the XFF [URL] on the Cisco CSS 11503?  If not, is it on the roadmap for a future code release?

View 1 Replies View Related

Cisco Application :: MIB Objects For CSS 11503?

Jun 9, 2009

i need the MIB object names for monitoring the processor and Memory Utilization of CSS 11503 with software version 7.50 Where can I find it?

View 5 Replies View Related

Cisco Application :: 11503 CSS HTTP Redirects

Jul 19, 2011

I have a number of web sites that are currently being load balanced by CSS 11503s runninng 8x code.  I was recently requested to configure HTTP -->  HTTPS redirects on the CSS for every site.  In the past, I have only configured the redirects for sites that had a requirement.  Now it appears that the server teams want all content encrypted.

1)  What impact will this have on the CPU?
2)  What impact will this have on Memory utilization?
3)  Is there a maximum nubmer on redirects?
4)  Are there other things I should be concerned about?

View 3 Replies View Related

Cisco Application :: CSS 11503 SSL Service Suspended

Mar 24, 2013

i have two CSS-11503 in redundant mode running 8.20 code.  We had an incident in our network where a layer 2 loop caused some high traffic through the CSS' and had to shutdown some network gear(including the CSS) to clear the problem.  When the CSS' were powered back up, the SSL service was suspended, why this would occur?  There rest of the config appeared normal. I am the only person on these boxes, the configs were written, and I have never had a reason to suspend the ssl service.

View 1 Replies View Related

Cisco Application Networking :: CSS 11503 And SAN Cert

Oct 14, 2012

I know that CSRs cannot be generated with multiple names, but if the SAN is added after the cert is ordered from Geo Trust, Veri sign, etc. can the CSS support using the cert?

View 1 Replies View Related

Cisco Application :: Transferring Existing SSL Certificate From 11503 To ACE?

Jun 2, 2012

We now have a new requirement . We are replacing existing pair of CSS with ACE 4710 appliances. The problem here is that I can see from the configuration that  some SSL certificate installed in CSS .Is it possible to transfer the existing SSL certificate from the 11503 to the ACE? Or, do we need to generate a new key pair and CSR on the ACE?  Is there any document available to know the steps for the same.

View 2 Replies View Related

Cisco Application :: Several Pairs Of CSS11501 And 11503 In Network

May 21, 2012

We have several pairs of CSS11501 and 11503 in our network.This issue affects only one pair of CSS11503 in one of our data centres. [code] We use vrrp in one-armed mode for load balancing and they units have performed great for a number of years. We're obviously going to be migrating to ACE ... but not just yet.We have started to experience a problem with replicating the configurations between two CSS11503 in a pair.When running the commit-VipRedundConfig, it starts off happily enough, though slowly.Ending with "working" and the spinning cursor, even after 1 hour the script hasn't completed.We noted on the backup CSS that the APP configuration disappears during the process and I can't remember if this is normal behaviour.
 
Re-adding the app session configuration seems to interrupt the process, and when checking the configuration on the backup CSS approximately half of it is missing. Everything after the first owner is gone.

1. Configuration is too large, or just large enough to make the commit script take too long for realistic service.
2. Software bug?
3. Combination of both.
4. From now on manually add config to both CSS's and maintain it by process management.

View 5 Replies View Related

Cisco Application :: CSS 11503 V ACE 4710 Performance Comparison

Mar 20, 2012

Am trying to verify performance figures for ACE 4710 as EOL replacement for a CSS 11503 Am sure that the ACE 4710 smokes the CSS but have to complete the due diligence
 
Pulling figures from data sheets, release notes etc.. I have only come up with the followingIs there any further figures available for the ACE 4710 to fill in the blanks in table?

View 1 Replies View Related

Cisco Application :: 11503 Ping For One Virtual Host

Apr 27, 2013

I have a single  cisco 11503 load balancer.There is a single Banner student information system which is load balanced on it with Virtual ip 10.3.20.101 which is working fine without any issues .I am now trying to add an Oracle ERP application with virtual IP 10.3.20.230 and physical ips 10.3.19.22 and 10.3.19.23 all on port 8003.When I just make the group  ERP-Apps-Grp active , the vitual ip address 10.3.20.230 is pingable , but when I make the  the content Erp_IAT active  it stops pinging. [code]

View 6 Replies View Related

Cisco Application :: Passdetect Command Equivalent In CSS 11503?

Sep 11, 2011

what is the "passdetect" command equivalent in CSS 11503 load balancer. software version 8.20.

View 3 Replies View Related

Cisco Application :: CSS 11503 - Multiple Content Groups?

Oct 4, 2011

I currently have a content group as follows;
 
content My_Group
add service blade1
add service blade2
add service blade3
vip address 1.2.3.4
advanced-balance arrowpoint-cookie

[code]...
 
So I have 3 blades which are proxy servers and user go first to an MS ISA server then the VIP of the CSS and then the rules processes them give them a blade and chuck them out onto the Internet.
 
I want to leave the above rule, but remove one blade create an additional content group with that blade and have it process requests for a particular site so, I would create the following
 
content My_Group2
add service blade3
vip address 1.2.3.4
advanced-balance arrowpoint-cookie

[code]...
 
So my question is can I do that having the same VIP's etc so if a request comes in and it matches www.thewebsite.com that the second content rule matches it 'better' and therefore processes it or would it still be caught by the "/*" content group. I don't want to create more VIPS as I have a real ache getting firewall rules done.

View 9 Replies View Related

Cisco Application :: Hairpinning On CSS 11503 When Using Source Groups?

Jun 26, 2011

I'm not sure if my terminology is correct when using hairpinning but i was wondering if there is any special config needed when you try to access a content rule VIP from a server that's configured as a member of a source group on the same CSS?
 
So say i have a content rule with a VIP 20.20.20.20 and i also have two servers 192.168.1.1 and 192.168.1.2 that are part of a source group with VIP of 20.20.20.21. My problem at the moment is if from the servers 192.168.1.x i try to ping the other VIP 20.20.20.20 that's configured on the same CSS then it doesn't work and ping fails. The same happens with HTTP traffic to the 20.20.20.20 VIP.
 
I would have thought that the NAT of the source group would happen before the routing so the 192.168.1.x IP's would be natted to 20.20.20.21 and then passed over for routing where the CSS would see that the VIP 20.20.20.20 is local and it would send it on it's way.
 
I thought it might be ACL related but i increased the verbosity of acl logging and couldn't see anything in the logs.The source group works fine on it's own and from the CSS itself i can ping the 20.20.20.20 VIP fine. It just seems that from the source group members i can't ping the VIP.

View 1 Replies View Related

Cisco Application :: How To Monitor Status Of Vips On 11503 Through SNMP

Sep 26, 2011

what is the OID  for See the hit status of the spefic VIP and  RIP coming under the VIP .apeart from this  CSS box having any module to moniter the hit status or VIP's and RIP's

View 2 Replies View Related

Cisco Application :: CSS 11503 HTTP Keepalive Fails Even Though Server Responds

Nov 29, 2011

I recently "inherited" a CSS 11503 - I've only used ACEs before - and I want to get HTTP keepalives working.To start, I created a test service:
 
lb-1# show run service sunbird-http-7025-test
!************************** SERVICE **************************
service sunbird-http-7025-test
  port 7025
  ip address 141.211.229.168

[code].....

View 2 Replies View Related

Cisco Application :: CSS 11503 Flow Idle Timeout Not Working As Expected?

Jan 20, 2012

I have a CSS 11503 with a basic content rule for TCP 10000 going to a few backend servers. I was looking into the default timeout values for flows and when testing using telnet the flow didn't terminate as expected?
 
For example, i have no 'timeout multiplier' specified in the config and when i look at the output of 'show flow-timeout default' it tells me the default 16 seconds timeout is in effect for *. With that in mind, i telnet to the content rule vip on TCP 10000 and on the backend server using wireshark i can see the TCP threeway handshake. With no data passing i'd expect the CSS to terminate this flow after 16 seconds.. yet it takes exactly 128 seconds before wireshark shows the RST and the flow is terminated. 128 being 8 times the default 16 second flow timeout.
 
If i try to force the connection to close early by specifiying 'flow-timeout-multiplier 2' in the content rule, or even a multiplier of 40, it still waits 128 seconds to close the telnet connection.

View 1 Replies View Related

Cisco Application :: CSS 11503 - Layer 5 Content Rule Match Wildcard And Suffix

Oct 2, 2011

Is it possible on the CSS11503 to create a layer 5 content rule that matches a url "/*/_edit".

View 3 Replies View Related

Cisco Application :: Content Switch 11501 / 11503 Abnormal Interface Link Down?

Mar 27, 2013

I have 2 pair of 11501 switches and 1 pair of 11503 switches on 3 sites(LA, China, Taiwan).Each site has a pair of 1105x switch running as redundancy between them and is a standalone which will not interact with others.Recently a series of interfaces(ports) down happened to every active 1150x switches without any reason and log.Especially today, it happened to active switches at 5:39 AM meanwhile on 3 sites.

View 3 Replies View Related

Cisco Application :: Sample Command Output Of Show Chassis Inventory For CSS 11501 / 11503 / 11506?

Oct 30, 2011

I am trying to get a sample command output of "show chassis inventory" for:

CSS 11501
CSS 11503
CSS 11506

View 1 Replies View Related

Cisco Application :: CSS 11503 - Server-to-server Load Balancing?

Feb 16, 2012

I'm trying to design a CSS configuration that allows servers in the same vlan to be the source and destination of load-balanced traffic. My thought is to add two new vlans, one for the VIPs and one for the servers, then NAT the source IPs going from the LB to the servers.
 
Is this the right way to do it?I've never NATted using CSSs, so I wanted to verify what I'm thinking.Our current config trunks the vlans -
 
interface 1/1
   trunk
   vlan 1
    default-vlan
  vlan 555

[code]....

View 3 Replies View Related

Cisco Application :: APP 11501s Session Now INIT Not UP?

Oct 27, 2005

My app session was working fine and i managed to see it all up and working. now that i have tried to run script commit-redundancy etc i see the session as APP_SESSION_INIT instead of up. The log shows me on the standby box now that it sees the following :
 
FLOW-MGR 7 - DOS-SYN ATTACK 192.168.1.1 - 192.168.1.2:5001

View 5 Replies View Related

Cisco Application :: 4710 Session Persistence Status

Sep 14, 2011

I am new to Cisco ACE, I have a ACE 4710 MD running, I would like to know how can I know what session persistence is running on the ACE, I what to know if it is using soruce IP or any other persistence.

View 1 Replies View Related

Cisco Application :: ACE-4710 / Conditions For Session-reuse To Work

Apr 4, 2013

I try to make session-reuse working on an ACE-4710 Version A5(1.0) without success. Actually, I am facing the problem of the high number of backend HTTP connections that must pass through a firewall. I want to reduce this amount of open sessions with real servers by allowing the ACE to establish permament TCP connections with each rserver.  However, it does not work as I expected. I still see individual TCP sessions established and closed after each GET - 200OK exchange. The parameter-map I have to enable this feature is as follows :
 
parameter-map type http PERF_YHA_HTTP_PARAM
  persistence-rebalance
  set header-maxparse-length 65535
  set content-maxparse-length 65535
server-conn reuse
 
Note : I use PAT, on the backend, as required by the session-reuse feature 

My questions are the followings :How many sessions the ACE would establish with a specific rserver ? only one ? one per TCP option set ?How much time a backend session would last if kept idle for a certain time ?What End Points must share the same TCP options to make sure session-reuse works ? Client to ACE ? ACE to rserver ? all together ?

View 3 Replies View Related

Cisco Application :: One Interface Configuration For ACE4710?

Jun 15, 2012

My customer they do not want change their real server IPs. So I need setup one interace (one armed) for them on ACE4710. Who had this sample configuration? (CSS has this but it seems to be not compitable with ACE)

View 4 Replies View Related

Cisco Application :: ACE4710 To Perform SSL End-to-end Configuration

May 31, 2012

I am attempting to configure an ACE4710 to perform SSL end-to-end confguration. i.e. SSL termination - load balance - SSL initiate to backend server.The configuration appears to work fine in a test lab using any old web server, however when I peform the same configuration in the production environment it does not work. It appeatrs from a capture run on the ace that the ace is reseting the tcp connections after communicating with the back end server. The main difference I can think of in this environment is that the cert and key pair the ace is using where exported from the backend server, i.e. both the ace and the backend server have the same certificates and keys. Is this allowed? how to troubleshoot why the ace resets the connection.

View 6 Replies View Related

Cisco Application :: GSS 4492R Configuration With ACE4710?

Dec 8, 2010

I have to deploy the Cisco GSS in our 2 dataceters globally seprate IP ranges to loadbalance the exchange 2010 environment with Cisco ACE 4710 series SLBs.  The scenario is to deploy  one GSS + ACE on each datacenters and our nameserver will point to both GSS's IP addresses to get through. Incase primary site "site A" goes down name server will point the client's request to "site B".
 
What will be the physical setup of the GSS here and what configuration should on SLB ACE will make it work? Do GSS and ACE need to be in the same vlan? is this necessary to use Both interface of the GSS to get things working?  How the GSS will check the health check on ACE if they both are on different vlans/ip range? Our ACE will be in routed mode do we need to assign the Real server default gateway as ACE inside interface with the server farm or just do the SNAT of the client IPs so the request can come back to ACE?

View 6 Replies View Related

Cisco Application :: 8009 L7 Ace Configuration Replace Apache AJP

Jun 26, 2012

i am trying to use teh ACE to replace an apache based load balancer in an jboss application cluster. I am using L7 loadbalancing to load balance between multiple components. the way these jboss application servers work with apache is that.When the jboss application starts up on the on application cluster, it issues a GET opencase/webservices/config-service?wsdl to the loadbalancer IP.The apache based LB in turn talks to the same box on port 8009 via ajp retrieves the configuration file and provides it back to the application on port 80.And after 2 has completed the Jboss application comes up. Basically to start the application the Apache loadbalacer will accept requests from the its target list and load balance the request back to them itself.Not sure how i can use the ACE to accomplish this. attached are my topology (logical) and the ace configuration. from my topology file -- the net-cms-1 will issue a get request to teh VIP (on the ace), the ACE accepts the connection but soon resets it.

View 1 Replies View Related

Cisco Application :: ACE-20 Module - Automated Backup Of Configuration

Feb 4, 2010

I am currently stuck to setup an automated configuration backup for ACE Blades. I found a script to backup the ACE from the Cisco ANM box but unfortunately I am not very familiar with Linux. (script) in place, to "pull" the ACE config from a Microsoft system ?
 
System State:
ACE IOS A2.(1).5

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved