[isapros] Re: Array Member Failover
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Sat, 27 May 2006 08:50:00 -0500
Ha! OK, you got me.
Its from the information in the array.dll?Get.Info.v1 where the
information is drawn to forward to the correct array member for client
side CARP.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Friday, May 26, 2006 6:07 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Array Member Failover
>
> Yes - you'll see IP addresses in the wpad.
> Where you see the server names is in the array.dll?Get.Info.v1
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jason Jones
> Sent: Friday, May 26, 2006 3:45 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Array Member Failover
>
> This is what my wpad.dat looks like:
> http://forums.isaserver.org/m_2002005892/mpage_1/key_/tm.htm#2
> 002005892
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jason Jones
> Sent: 26 May 2006 22:50
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Array Member Failover
>
> Could this be an SP2 bug in the CARP changes???
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: 26 May 2006 22:34
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Array Member Failover
>
> Such is always the case when the customer wants / needs to "go cheap".
>
> RR DNS is your best bet, so long as you bear in mind that the primary
> "server" provided by the wpad and wspad scripts are based on the array
> name.
>
> The client-side CARP algorithm understands the server names, so you
> *must not* "DNS" the server names to any NLB DIPs. Doing so is
> guaranteed to increase your intra-array traffic.
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jason Jones
> Sent: Friday, May 26, 2006 2:11 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Array Member Failover
>
> Thanks Jim...I see your points and appreciate the feedback.
>
> Normally I *would* have used NLB if the priority was failover, but
> couldn't due to other limitations. Kinda hoped the failover
> charachetristic of the auto config script would help out in this case.
> Guess I was too hopeful :-(
>
> So based upon this, is the unofficial best paractice for ISA clients
> that I see mentioned in public forums still valid?
>
> Web Proxy => Autoconfig script (client-side CARP) Firewall
> Client => RR
> DNS SecureNAT => NLB
>
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: 26 May 2006 22:02
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Array Member Failover
>
> I disagree with that help entry for two reasons:
> 1. WPAD is completely dependent on the client to understand
> and use the
> script correctly 2. WPAD is client-side CARP; IOW, requests for
> different destinations
> *may* be directed to a different server in the array,
> depending on *if*
> the client uses the algorithm provided (WinHTTP requests
> *DON'T*) and if
> so, *how*.
>
> This is entirely the *wrong* place to create a load -balancing or
> fail-over/back system.
>
> We've added some changes to the WPAD so that the client-side CARP
> "shares" better than it used to, but I strongly recommend
> that you *not*
> depend on it for failover.
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jason Jones
> Sent: Friday, May 26, 2006 1:19 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Array Member Failover
>
> Thanks for the reply Jim - I don't want to disagree, as I
> repsect your
> input and knowledge, but I thought the autoconfig script was
> designed to
> include an element of failvoer in addition to load balacing? Are we
> saying that this failvoer is just too basic to actually rely upon?
>
> When I say autoconfig, I mean client-side CARP and based upon
> ISA help:
>
> ISA Server supports the Cache Array Routing Protocol (CARP). CARP
> enhances Web performance by providing both load balancing and
> transparent failover for Web proxy browser connections.
>
> As I said, I would love to use NLB, but client limitations with NIC
> teaming won't let me! Am I really expecting too much from the auto
> config script in the event of server failure?
>
> Cheers
>
> JJ
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: 26 May 2006 20:49
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Array Member Failover
>
> WPAD is not designed to provide failover/back.
> As you've noticed, this is not going to work.
> WPAD is nothing more or less than a "load-spreading" mechanism that
> allows the client to use a different ISA for different destinations.
>
> If you want failover/back, use NLB or another
> traffic-management system.
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jason Jones
> Sent: Friday, May 26, 2006 12:42 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Array Member Failover
>
> Cheers Tom - unfortunately closing the browser doesn't seem to fix the
> problem...IE still trys to connect to the primary autoconfig defined
> server first then eventually use the other array members (after about
> 20-30 seconds). This behaviour seems to happen repeatedly on
> all clients
> fdor every new URL entered
>
> The only way to fix it is to bring the failed server back online :-(
>
> ________________________________
>
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: 26 May 2006 12:18
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Array Member Failover
>
>
> Hi Jason,
>
> Not too low brow for me :) This is a common question with a common
> non-answer in the public realm.
>
> What you need to do is close all browser windows and open a new one.
> Then the client connects to a live server. I've never worked out in
> detail why this happens, but it's related to the autoconfig script
> processing [hand waving explanation]
>
> Maybe somebody else can chime in with a more detailed explanation.
> Bottom line is that you're not going to get completely transparent
> failover for Web proxy clients.
>
> Tom
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA
> Firewalls
>
>
>
>
> ________________________________
>
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones
> Sent: Thursday, May 25, 2006 4:44 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Array Member Failover
>
>
>
> Hope this question is not too low brow, if so, kick me and I
> will move it to isaserver.org for the masses to mull over ;-)
>
> Anyhow, has anything changed with array member failover behavior
> in EE with ISA2k4 SP2? I am sure I have never had problems with array
> member failovers in the past...
>
> I have recently deployed an SP2 array with several members and
> while testing I have noticed that if the server listed as the first
> entry defined within the wpad.dat file is unavailable then the browser
> delays for quite some time before attempting to connect to other array
> members (e.g. working through the server list in the wpad.dat
> file). It
> does seem to get there, but we're talking 20 seconds or so
> per website.
> Once the website is loaded, performance is fine. When using a new URL,
> the delays appears again.
>
> Apart from failover, balancing and distr caching seems to be
> working well. I know I could be using NLB, but I believe the following
> to be good practice:
>
> Web Proxy => Autoconfig script (client side CARP)
> FW Client => RR DNS
>
> I am using a generic name of customerarray.domain.com with RR
> DNS entries to balance autoconfig requests between array members. This
> is the name used in the autoconfig URL.
>
> I know NLB may come to mind as a workaround, but it is hard to
> implement as the customer is using NIC teaming at the hardware driver
> level to aggregate NICS and provide NIC fault tolerance. NLB and NIC
> teaming never play well from what I have experienced :-(
>
> Can someone please define normal behavior for a client that is
> using an autoconfig script when array members are unavailable? I kinda
> get the feeling the problem is with the browser and not the array, but
> not totally sure when IE does with the script in terms of
> processing...
>
> I've tried looking at wpad.dat caching and caching of bad
> proxies, but neither seems to make much difference...
>
> Any ideas?
>
> JJ
>
>
> All mail to and from this domain is GFI-scanned.
>
>
>
>
>
>
> All mail to and from this domain is GFI-scanned.
>
>
>
>
>
>
> All mail to and from this domain is GFI-scanned.
>
>
>
>
>
>
>
>
>
> All mail to and from this domain is GFI-scanned.
>
>
>
>
Other related posts:
