Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

clustering configuration

hi,
i m new to Ironport WSA so i need some information....
is there any document which can describe how to configure two WSA in failover or redundancy or clustering mode.

i want to know is any of them can be configured on web security appliance.

thanx,
Mac

10 REPLIES
New Member

Re: clustering configuration

Mac,

There is currently not clustering / failover abilities built into the WSA.

Please be aware that if you are using transparent proxy with WCCP, the WCCP protocol inherently utilizes load balancing and failover if a problem happens on any web-cache devices within the same service ID.

IE: If you have two WSAs in a single service ID, traffic will be load shared between them and if one WSA fails, all traffic will be routed to the working WSA.

New Member

Re: clustering configuration

thanks for your reply,

But i have some little information that we can achive this using PAC file hosting facility on the box. Do you have any idea about that.

New Member

Re: clustering configuration

Mac,

It is possible utilize multiple WSAs by writing a .pac file script.

We cannot assist in writing, modifying, or maintaining .pac file code, but I have a pac file example that may help.

This is for load balancing between 2 proxies:

------------------------------------------
function FindProxyForURL(url,host){
switch(URLHash(url)%2){
case 1: return "PROXY wsa.proxy1:3128";
default: return "PROXY wsa.proxy2:3128";
}
}

function URLHash(url) {
server_name=url.split("/")[2]
if(!server_name) {return url.length;}
return server_name.length;
}
------------------------------------------

New Member

Re: clustering configuration

What about an example for failover via pac file?

I have looked at using

return "PROXY ironport:8080; PROXY otherproxy:8080";
but I am not clear if traffic will push over to otherproxy randomly or only if ironport1 is not available or times out.

Any thoughts or suggestions?

New Member

Re: clustering configuration

The following can be used for a simple failover:

function FindProxyForURL(url,host) {
return "PROXY ironport:8080;
PROXY otherproxy:8080;
DIRECT";
}

New Member

Re: clustering configuration

Hello josh,

Are there plans to implemented real failover not using wccp or an external loadbalancer? Like for example vrrp as used by bluecoat?

Best regards

Bart

New Member

Re: clustering configuration

Bart,

We do have a feature request for this functionality, but I do not have any roadmap information for it.

Enhancement: 38634 Ability to setup WSA as Active-Standby failover in forward proxy mode

I recommend bringing this up with your sales representative as well, so that we can properly log the importance for this feature.

New Member

Re: clustering configuration

The failover should only occur if the first proxy is no longer pingable. That's my experience anyway. Also, you might need to host the pac file on another webserver. If you host it on say proxy1, and it's the one that goes down, the browser won't know how to get to proxy2. I guess you could host it on both and roundrobin the DNS record. Anyone else doing that?

--Tim

Re: clustering configuration

Hi Guys.

I found a very interesting article about Load Balance between Proxies. I did some testing with the script and works well. The problem is always with https connections which are lost in the process of balancing, and management of the workaround is a bit cumbersome.

http://www.isaserver.org/tutorials/Load-Balancing-Web-Proxy-Clients-With-ISA-Server-2004-Standard-Edition-Part1.html

New Member

Re: clustering configuration

Alisson,

Thanks for the link!

313
Views
0
Helpful
10
Replies
CreatePlease to create content