01-06-2003 01:52 PM
I understand the practice of local LB on the CSS. I do not understand the same for remote LB. I have two mutually exclusive DMZs, but with the same content at each site. How does the CSS at site A know if content at site B? Site B's CSS tells it via the app session, right? Why can't I see that in the summary of service at site A's CLI?
01-08-2003 06:10 AM
Hi,
You are correct that the CSS will update each other via the app session.
On each box you should see something like this in the "show summary"
service1 alive .....
service1@10.1.1.1 alive <-- this would be the service on the other CSS
Check to make sure the app session is running and that you have configured the app session with the information from the other box. Feel free to out the relevant info from each config in here and I will take a look at it. I would need to see the app config info, show app , and show app session
Regards
Pete Knoops
Cisco Systems
01-08-2003 07:25 AM
Houston side:
!Active version: ap0502003
!*************************** GLOBAL ***************************
bridge spanning-tree disabled
dns-server zone 1 tier1 "zone1" roundrobin
dns-server
dns-record a www.midcon.com 12.155.32.98
app session 208.246.87.241 14 authChallenge ************ encryptMd5hash
app
host HOUCSSDMZ 10.43.239.241
ip route 0.0.0.0 0.0.0.0 10.43.236.1 1
!************************** SERVICE **************************
service houauth
ip address 10.43.232.98
active
service houweb3
ip address 10.43.232.99
keepalive type http
active
service houweb4
ip address 10.43.232.100
keepalive type http
active
service lkw_midcon_sorry
ip address 208.246.87.98
keepalive type none
active
!*************************** OWNER ***************************
owner midcon.com
dns both
dnsbalance preferlocal
content dns
protocol udp
port 53
add service houauth
vip address 10.43.236.98
balance leastconn
add dns www.midcon.com
active
content www
vip address 10.43.236.98
balance weightedrr
add service houweb3
add service houweb4 weight 2
protocol tcp
port 80
url "/*"
primarySorryServer lkw_midcon_sorry
active
Lakewood side:
!Active version: ap0502003
!*************************** GLOBAL ***************************
bridge spanning-tree disabled
dns-server
app session 12.155.32.241 14 authChallenge ************ encryptMd5hash
app
host LKWCSSDMZ 208.246.87.241
ip route 0.0.0.0 0.0.0.0 208.246.87.1 1
service hou_midcon_sorry
ip address 12.155.32.98
keepalive type none
active
service lkwauth
ip address 10.34.232.98
active
service lkwweb4
ip address 10.34.232.99
keepalive type http
active
!*************************** OWNER ***************************
owner midcon.com
dns both
dnsbalance preferlocal
content dns
protocol udp
port 53
add service lkwauth
vip address 208.246.87.98
balance leastconn
add dns www.midcon.com
active
content www
balance leastconn
add service lkwweb4
vip address 208.246.87.98
protocol tcp
port 80
url "/*"
primarySorryServer hou_midcon_sorry
active
HOUCSSDMZ# sh app
APP CONFIGURATION:
Enabled PortNumber: 3699 MaxFrameSize: 10240
HOUCSSDMZ# sh app sess
App Session Information 'no hostname':
Session ID: 83c381a0 IP Address: 208.246.87.241 State: APP_SESSION_UP
HOUCSSDMZ# sh serv summary
Service Name State Conn Weight Avg State
Load Transitions
houweb3 Alive 0 1 2 12
houweb4 Down 0 1 255 15
houauth Alive 0 1 2 0
lkw_midcon_sorry Alive 0 1 2 0
dns@208.246.87.98 Alive 0 1 2 0
LKWCSSDMZ# sh app
APP CONFIGURATION:
Enabled PortNumber: 3699 MaxFrameSize: 10240
LKWCSSDMZ# sh app sess
App Session Information 'no hostname':
Session ID: 859f39f0 IP Address: 12.155.32.241 State: APP_SESSION_UP
LKWCSSDMZ# sh serv summary
Service Name State Conn Weight Avg State
Load Transitions
lkwauth Alive 0 1 2 8
lkwweb4 Alive 1 1 2 30
hou_midcon_sorry Alive 0 1 2 0
dns@10.43.236.98 Alive 0 1 2 0
As you can see the DNS service is peering. I don't understand why the HTTP is not. Hopefully I haven't deleted too much information. I setup the sorryservices recently per the suggestion of TAC, but I don't agree with that recommended solution.
01-08-2003 07:31 AM
Hi,
Can you get me a "show summary" not a "show service summary"
Thanks
Pete..
01-08-2003 07:38 AM
Of course:
LKWCSSDMZ# sh summary
Global Bypass Counters:
No Rule Bypass Count: 42020
Acl Bypass Count: 0
Owner Content Rules State Services Service Hits
midcon.com dns Active lkwauth 53311
dns@10.43.236.98 0
www Active lkwweb4 11140
LKWCSSDMZ# rcmd 12.155.32.241 "sh summary"
Global Bypass Counters:
No Rule Bypass Count: 18231
Acl Bypass Count: 0
Owner Content Rules State Services Service Hits
midcon.com dns Active houauth 381
dns@208.246.87.9 0
www Active houweb3 1784
houweb4 11199
01-08-2003 07:50 AM
Are your DNS servers setup to load balance between the sites ? Also, the DNS content rule has an "add dns ..." but the www rule does not. Can you add that in ?
Pete..
01-08-2003 08:50 AM
Yes, but not so much LB as failover. If I use the dnspreferlocal then it should only redirect if local services fail, yes?
no I cannot add the dns entry in the www rule. error message says the dns entry already exists.
01-09-2003 07:01 AM
So, I should have been seeing the peer services from the remote listed in the local service summary from each switch. I don't think I have ever seen it do that. Is there something wrong with the configuration? If so then I shouldn't need to use the sorry service for failover, correct?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: