Using BigIP-F5 to load balance Enterprise/Logic Servers

mtrottier

Well Known Member
How many out there have used a F5 to load balance Eone Enterprise/logic servers?

It isn't on Oracles list of supported solutions for 9.1 so I'm wondering how many sites implemented it anyway and how well it works.
 
JDE doesn't certify hardware devices.

There are enough people using the F5 that there is a white paper. Just search for this on the web site.
 
F5 networks were at both the partner summit and Collaborate, specifically shoring up their support for EnterpriseOne. Most of my larger customers like the support base for the F5 box for their load balancing - but smaller customers are starting to like the open-source Zen load balancer which I demonstrated and created a whitepaper about for Collaborate this past April.

There are other load balancers - the only really important thing is that the load balancer provides persistency. I like Zen because its very, very easy to implement and provides clustering (hence there is no single point of failure). The F5 is very good, and I'm sure supports far more concurrent connections - but it is more expensive (anything IS more expensive than "free") and does require some knowledge to change the settings, and setting up clustering is like black magic with the F5 !

But Colin is absolutely correct - Oracle doesn't certify hardware devices...
 
I might be blind but the only white papers I can find for the F5 on Oracles site address using it for load balancing HTML or Portals. Do you have a doc number for a white paper for using the F5 for load balancing Enterprise/Logic servers?
 
AH !

Thats a good one. You have to forgive me, I didn't see the point about Enterprise Servers. I have written a whitepaper about load balancing E1 Enterprise Servers - but it takes a little more know-how.

In effect, you're going to create a "fake" application server - my suggestion is "APPSVR". Then have your physical logic servers (LOGIC1 and LOGIC2) load balanced to the virtual IP (the F5) on the right port (with persistence of course !). Logic1 and Logic2 should be sharing the same servermap (since they should be the same TYPE of server).

To get this working in E1, you need to create a logic datasource called "APPSVR" and set up all your logic mappings in your environment to "APPSVR". Now, when a user runs a BSFN, it'll map to "APPSVR" and the F5 will load balance the request round-robin to one of the two Logic servers (LOGIC1 or LOGIC2) - and will remember your session with persistency.

ok - simple so far. But, launching UBE's is a little trickier. To load-balance the UBE's - you first need a shared PrintQueue between the two servers. To absolutely ensure that one server doesn't overwrite files from another server, you need to bump up the Next Number for the servers (since the NN field is 15 numeric length, I like to start one server at 100000000 and the next at, say, 500000000 - that way its a LOT of jobs before they wrap, but the job numbers are roughly the same length!)

ok - so now jobs are load balanced and are running on both logic servers. The nasty trick after that is to then come up with a solution for single threaded jobs. After all, having a single threaded queue in E1 on both machines results in the job theoretically being able to be launched twice !

I have a fantastic solution for this - but I don't give it away for free. The only free solution I'll tell you to do is to hard-map the single threaded jobs to one server (ie, no load balancing of the jobs).

Hope that all helps. There are a number of threads on here that talk about this in the past - and I'm just flinging words at the keyboard so I might have missed something (!)
 
Hey Mike,

I have been running my F5 load balancing solution since 2006. This is both for Webserver and App/logic server. Never had a problem. Configuration was bit of a challenge as there were no one out there who really had configured F5 for load balancing App/logic server back then. Spent quite some time to figure things out and configured it. So far, it has been performing very well and never had an issue with the configuration. We are upgrading to 9.1 and I plan to use the same configuration here. I am yet to test F5 in 9.1, but will be testing it in a month or two...
 
Jaise, can you help with a specific question? We are trying to configure F5 to do SSL offload. We set up the iRule for root context, load balancing using port 80 is working. That is, the URL http://e1pd.<domain>.com balances between jdeweb1pdc port 96 and jdeweb2pdc port 96.

Then we turned on SSL on F5 -- I may not be saying this correctly, another guy is doing that part, I hope you can translate -- then connected to the load balanced URL http://e1pd.<domain>.com then did view source on the web page. The action for the "sign in" button looks like this:

<FORM NAME="F1" ID="F1" METHOD="POST" ACTION="http://e1pd.<domain>.com/jde/E1Menu.maf">
<INPUT TYPE=hidden NAME="jdeowpBackButtonProtect" ID="jdeowpBackButtonProtect" VALUE="">

How did the web server even find out about the e1pd name and put it into the HTML? We didn't pass it to the web servers.

It appears to me that the user ID and password will be POSTed in the clear to port 80. We are thinking that this is not exactly what we wanted.

I am a complete novice to F5 configuration so any suggestions will be very welcome.

Richard
 
Hi Richard,

Full disclosure , we did not use SSL as our entire E1 infrastructure remains within our Intranet and hence we did not feel the need to enable SSL. I did not play with SSL in F5 as well

Unfortunately, I don't have my F5 guy any more working with us, Hence, I can only guess that you are "Redirect Rewrite " is set to "matching" Here is little writeup on this
Redirect Rewrite
Specifies whether the system rewrites the URIs that are part of HTTP redirect (3XX) responses. The default setting is None.

None: Specifies that the system does not rewrite the URI in any HTTP redirect responses.
All: Specifies that the system rewrites the URI in all HTTP redirect responses.
Matching: Specifies that the system rewrites the URI in any HTTP redirect responses that match the request URI.
Nodes: Specifies that if the URI contains a node IP address instead of a host name, the system changes it to the virtual server address.


I see you are trying to configure SSL at f5. Have you configured SSL at HTML level too? I would think your traffic between client to F5 is going be secured, but what about traffic between F5 to webserver. I think this why you are seeing traffic between F5 and HTML is clear text as its going on Default port 80.
Since, I have not played much with it, I am not sure how much above comments would help you.
 
Thanks for the reply.

In our case, "Redirect Rewrite" is set to ALL.

We have encrypted traffic between the browser and F5 and clear text between F5 and HTTP server. HTTP Server is not configured to use SSL, the only cert is in the F5. We do not want to burden the WAS server with encryption and decryption duties.

We used a tool called HTTP Watch to see the web server traffic. When we connect via https all of the traffic to present the "sign in" web page is sent via HTTPS. When the user clicks "sign in" the browser posts the user ID and password using HTTP. Thereafter all of the traffic is in HTTPS. This is a little like having the ultimately secure bank vault with the combination written on the wall next to the lock.

Our F5 admin is thinking about creating a rewrite rule that says (in effect) if you see "http://E1PD" in the traffic, replace it with "https://E1PD". If this works then the F5 will provide SSL offload and load balancing without any other issues.
 
Thanks Jaise.
Do you remember how you configure your port numbers?
Again I'm talking about the Enterprise/logic servers.
 
Let me see if I remember the entire config.

I created a virtual host in E1 call XXXAP. I create a DNS alias that resolves this to F5 server. I have the f5 pool defined with two app server ( Ap1 and AP2) that gets load balanced.
I remember, I used the predefinedport setting in JDE.ini to limit the number of port that would be used to connect to JDE. ( we limited this to 5)
I also think we added sticky parameter to ensure session from one web server persist to single app server. It should not be bouncing around. I will have to check what we did to achieve this
 
Hi All,

We have configured our Linux App/Logic Servers to have Load Balancing using Cisco ACE. However, we are observing that there is no persistency maintained i.e User Requests are going to different logic servers even when performing the transactions due to which we can see numerous errors called "Associated Kernel not found". Please let us know if there is a specific setting so that the persistency is maintained and user session maintains on 1 server.

Your help in this regard will be highly appreciated.

Regards,
Mohit Jain
E1 9.1, Linux OEL 5.6, WLS 10.3.5
 
Thanks Jaise,

Could you please tell your configuration in detail. I am struggling to configure F5 with logic servers. My OS in windows 2008 R2.

Thanks,
Amar
 
AH !

Thats a good one. You have to forgive me, I didn't see the point about Enterprise Servers. I have written a whitepaper about load balancing E1 Enterprise Servers - but it takes a little more know-how.

In effect, you're going to create a "fake" application server - my suggestion is "APPSVR". Then have your physical logic servers (LOGIC1 and LOGIC2) load balanced to the virtual IP (the F5) on the right port (with persistence of course !). Logic1 and Logic2 should be sharing the same servermap (since they should be the same TYPE of server).

To get this working in E1, you need to create a logic datasource called "APPSVR" and set up all your logic mappings in your environment to "APPSVR". Now, when a user runs a BSFN, it'll map to "APPSVR" and the F5 will load balance the request round-robin to one of the two Logic servers (LOGIC1 or LOGIC2) - and will remember your session with persistency.

ok - simple so far. But, launching UBE's is a little trickier. To load-balance the UBE's - you first need a shared PrintQueue between the two servers. To absolutely ensure that one server doesn't overwrite files from another server, you need to bump up the Next Number for the servers (since the NN field is 15 numeric length, I like to start one server at 100000000 and the next at, say, 500000000 - that way its a LOT of jobs before they wrap, but the job numbers are roughly the same length!)

ok - so now jobs are load balanced and are running on both logic servers. The nasty trick after that is to then come up with a solution for single threaded jobs. After all, having a single threaded queue in E1 on both machines results in the job theoretically being able to be launched twice !

I have a fantastic solution for this - but I don't give it away for free. The only free solution I'll tell you to do is to hard-map the single threaded jobs to one server (ie, no load balancing of the jobs).

Hope that all helps. There are a number of threads on here that talk about this in the past - and I'm just flinging words at the keyboard so I might have missed something (!)

If you have any more details on this I would love to hear about them. Have project to this done only on the LOGIC side not BATCH.
 
Back
Top