Re: CSS11000 global v. local and remote load balancing?

troark · ‎01-06-2003

I understand the practice of local LB on the CSS. I do not understand the same for remote LB. I have two mutually exclusive DMZs, but with the same content at each site. How does the CSS at site A know if content at site B? Site B's CSS tells it via the app session, right? Why can't I see that in the summary of service at site A's CLI?

pknoops · ‎01-08-2003

Hi,

You are correct that the CSS will update each other via the app session.

On each box you should see something like this in the "show summary"

service1 alive .....

service1@10.1.1.1 alive <-- this would be the service on the other CSS

Check to make sure the app session is running and that you have configured the app session with the information from the other box. Feel free to out the relevant info from each config in here and I will take a look at it. I would need to see the app config info, show app , and show app session

Regards

Pete Knoops

Cisco Systems

troark · ‎01-08-2003

Houston side:

!Active version: ap0502003

!*************************** GLOBAL ***************************

bridge spanning-tree disabled

dns-server zone 1 tier1 "zone1" roundrobin

dns-server

dns-record a www.midcon.com 12.155.32.98

app session 208.246.87.241 14 authChallenge ************ encryptMd5hash

app

host HOUCSSDMZ 10.43.239.241

ip route 0.0.0.0 0.0.0.0 10.43.236.1 1

!************************** SERVICE **************************

service houauth

ip address 10.43.232.98

active

service houweb3

ip address 10.43.232.99

keepalive type http

active

service houweb4

ip address 10.43.232.100

keepalive type http

active

service lkw_midcon_sorry

ip address 208.246.87.98

keepalive type none

active

!*************************** OWNER ***************************

owner midcon.com

dns both

dnsbalance preferlocal

content dns

protocol udp

port 53

add service houauth

vip address 10.43.236.98

balance leastconn

add dns www.midcon.com

active

content www

vip address 10.43.236.98

balance weightedrr

add service houweb3

add service houweb4 weight 2

protocol tcp

port 80

url "/*"

primarySorryServer lkw_midcon_sorry

active

Lakewood side:

!Active version: ap0502003

!*************************** GLOBAL ***************************

bridge spanning-tree disabled

dns-server

app session 12.155.32.241 14 authChallenge ************ encryptMd5hash

app

host LKWCSSDMZ 208.246.87.241

ip route 0.0.0.0 0.0.0.0 208.246.87.1 1

service hou_midcon_sorry

ip address 12.155.32.98

keepalive type none

active

service lkwauth

ip address 10.34.232.98

active

service lkwweb4

ip address 10.34.232.99

keepalive type http

active

!*************************** OWNER ***************************

owner midcon.com

dns both

dnsbalance preferlocal

content dns

protocol udp

port 53

add service lkwauth

vip address 208.246.87.98

balance leastconn

add dns www.midcon.com

active

content www

balance leastconn

add service lkwweb4

vip address 208.246.87.98

protocol tcp

port 80

url "/*"

primarySorryServer hou_midcon_sorry

active

HOUCSSDMZ# sh app

APP CONFIGURATION:

Enabled PortNumber: 3699 MaxFrameSize: 10240

HOUCSSDMZ# sh app sess

App Session Information 'no hostname':

Session ID: 83c381a0 IP Address: 208.246.87.241 State: APP_SESSION_UP

HOUCSSDMZ# sh serv summary

Service Name State Conn Weight Avg State

Load Transitions

houweb3 Alive 0 1 2 12

houweb4 Down 0 1 255 15

houauth Alive 0 1 2 0

lkw_midcon_sorry Alive 0 1 2 0

dns@208.246.87.98 Alive 0 1 2 0

LKWCSSDMZ# sh app

APP CONFIGURATION:

Enabled PortNumber: 3699 MaxFrameSize: 10240

LKWCSSDMZ# sh app sess

App Session Information 'no hostname':

Session ID: 859f39f0 IP Address: 12.155.32.241 State: APP_SESSION_UP

LKWCSSDMZ# sh serv summary

Service Name State Conn Weight Avg State

Load Transitions

lkwauth Alive 0 1 2 8

lkwweb4 Alive 1 1 2 30

hou_midcon_sorry Alive 0 1 2 0

dns@10.43.236.98 Alive 0 1 2 0

As you can see the DNS service is peering. I don't understand why the HTTP is not. Hopefully I haven't deleted too much information. I setup the sorryservices recently per the suggestion of TAC, but I don't agree with that recommended solution.

pknoops · ‎01-08-2003

Hi,

Can you get me a "show summary" not a "show service summary"

Thanks

Pete..

troark · ‎01-08-2003

Of course:

LKWCSSDMZ# sh summary

Global Bypass Counters:

No Rule Bypass Count: 42020

Acl Bypass Count: 0

Owner Content Rules State Services Service Hits

midcon.com dns Active lkwauth 53311

dns@10.43.236.98 0

www Active lkwweb4 11140

LKWCSSDMZ# rcmd 12.155.32.241 "sh summary"

Global Bypass Counters:

No Rule Bypass Count: 18231

Acl Bypass Count: 0

Owner Content Rules State Services Service Hits

midcon.com dns Active houauth 381

dns@208.246.87.9 0

www Active houweb3 1784

houweb4 11199

pknoops · ‎01-08-2003

Are your DNS servers setup to load balance between the sites ? Also, the DNS content rule has an "add dns ..." but the www rule does not. Can you add that in ?

Pete..

troark · ‎01-08-2003

Yes, but not so much LB as failover. If I use the dnspreferlocal then it should only redirect if local services fail, yes?

no I cannot add the dns entry in the www rule. error message says the dns entry already exists.

troark · ‎01-09-2003

So, I should have been seeing the peer services from the remote listed in the local service summary from each switch. I don't think I have ever seen it do that. Is there something wrong with the configuration? If so then I shouldn't need to use the sorry service for failover, correct?