NAT Confussion with OracleAS&Web Cache

Unanswered Question
Dec 14th, 2005
User Badges:

Hello,


I've a task to complete with communication between OracleAS and OracleAS Web Cache which resides on the same machine - OracleAS.

I've found the description for such communication:

---

If an LBR is front-ending Oracle Application Server, it will need additional configuration if OracleAS Web Cache is located on the same subnet. To understand this better, let's take a look at the different parts of the loopback connections without this additional configuration.

1. The PPE sends a loopback request for the PMD when OracleAS Portal generates a page. This loopback request goes directly to the LBR.

2. The request is forwarded by the LBR to OracleAS Web Cache.

3. OracleAS Web Cache forwards the request to Portal Services, running under Oracle HTTP Server.

4. Portal Services processes the request and sends back the response to the loopback request to OracleAS Web Cache.

5. OracleAS Web Cache forwards the response to the LBR.

6. The LBR receives the response that is supposed to be routed back to the PPE.

7. The LBR detects that the source address, to which the response needs to be sent, is on the same subnet and it sends it back to OracleAS Web Cache, using the LBR's known socket connection, instead of using the PPE's socket connection.

8. OracleAS Web Cache is not listening for the request at all, and the incoming reply is dropped as there is no valid session.

9. OracleAS Portal pages time out with the error 'Timeout occurred while retrieving page metadata.'

As you can see, under normal circumstances, the LBR's behavior would be correct, because the LBR is essentially programmed to forward all requests to OracleAS Web Cache. However, in the case of loopback request, coming from the internal network, this results in an undesired outcome.

To avoid this, you must set up a Network Address Translation (NAT) bounce back rule on the LBR. This essentially configures the LBR as a proxy for requests coming to it from inside the firewall. This setup will make sure that the internal requests are forwarded correctly, and when the response reaches the LBR, it will be translated correctly and sent to the correct source address on the network (The PPE in this case).

The required steps for setting this up will be discussed later. NAT bounce back is set up differently on individual LBRs. Consult your LBR's configuration guide for information about how to set this up.

Configure the LBR (lbr.abc.com) to accept requests on port 7777 and forward those to the OracleAS Web Cache port (7777) running on computer m1.abc.com. To do this, you need to:

a. Set up a group, or pool on the LBR, to which individual servers can be added.

b. Add the desired servers' IP addresses, and port numbers to the group.

c. Create a virtual server that listens on port 7777, and balances load between the members of the group.

d. Make sure the LBR translates the port that it is listening on to forward requests to the port that OracleAS Web Cache is listening on.

Note:

Consult the LBR documentation to set up the groups, and a virtual server.

---

I've config on my CSS11501:


!INTERFACE

interface e1

description "vlan-css"

bridge vlan 2

interface e2

description "vlan-servers"

bridge vlan 3


!CIRCUIT

circuit VLAN2

ip address 10.80.0.100 255.255.254.0

circuit VLAN3

ip address 10.80.1.1 255.255.255.0


!SERVICE

service OracleAS

ip address 10.80.1.10

protocol tcp

port 7777

keepalive type tcp

keepalive port 7777

active

!OWNER

owner pub

content ContOracle

vip address 10.80.0.150

url "/*"

add service OracleAS

port 7777

protocol tcp

active


What should I configure to complete task? I thought about NAT like this:


group SrcNAT

vip address 10.80.0.150

add service OracleAS

active


But I'm not sure if it will work and this is enough.

Thanks and Regards,

Daniel.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Wed, 12/21/2005 - 01:42
User Badges:
  • Cisco Employee,

your config should work.

That's the way I would do it as well.


Just be aware that every connection that this Oracle device will open will be nated to 10.80.0.150 .

Even connections not sent to the vip.


Gilles.

Actions

This Discussion