ACE sticky config
In Cisco ACE, please tell me a configuration example for the following sticky and round-robin load balancing based on URL matching.
if sv=001 and type=100 included in URL, stick to 10.0.1.1:8080
if sv=001 and type=100 included in URL, stick to 10.0.1.2:8080
if sv=001 and type=100 included in URL, stick to 10.0.1.3:8080
else
if sv=001 included in URL, stick to 10.0.1.1:80
if sv=001 included in URL, stick to 10.0.1.2:80
if sv=001 included in URL, stick to 10.0.1.3:80
else
round-robin to any of 10.0.1.1:80, 10.0.1.2:80, 10.0.1.3:80
Thank you.
Hi,
You can do sticky in a number of ways, but I will just assume that you are ok using cookies. Remember that you will need to configure a resource class in the admin context in order to use sticky. I'm going to use 1.1.1.1 as an example for the VIP, using http. Also I am assuming you are using a single ACE (no FT). Remember to configure probes as well.
Here's the example:
rserver host server1
ip address 10.0.1.1
inservice
rserver host server2
ip address 10.0.1.2
inservice
rserver host server3
ip address 10.0.1.3
inservice
serverfarm host sv-and-type-farm
rserver server1 8080
inservice
rserver server2 8080
inservice
rserver server3 8080
inservice
serverfarm host sv-farm
rserver server1 80
inservice
rserver server2 80
inservice
rserver server3 80
inservice
sticky http-cookie SV001TYPE100 sv-and-type-cookie
cookie insert browser-expire
timeout 60
serverfarm sv-and-type-farm
sticky http-cookie SV001 sv-cookie
cookie insert browser-expire
timeout 60
serverfarm sv-farm
class-map match-all vip
2 match virtual-address 1.1.1.1 tcp eq www
class-map type http loadbalance match-all sv-and-type
2 match http url .*sv=001.*
3 match http url .*type=100.*
class-map type http loadbalance match-all sv
2 match http url .*sv=001.*
policy-map type loadbalance first-match l7slb
class sv-and-type
sticky-serverfarm sv-and-type-cookie
class sv
sticky-serverfarm qa-ekstern-cookie
class class-default
serverfarm sv-farm
policy-map multi-match int-policy
class vip
loadbalance vip inservice
loadbalance policy l7slb
loadbalance vip icmp-reply active
Similar Messages
-
Hello,
I have a following configuration:
sticky http-cookie STICKY_TMP STICKY_TMP
cookie insert ...
Cookies are sent and stickiness works. Everything is ok... Almost :-)
Now I have a question regarding value of cookies created by ACE.
Currently cookies have values that look like this "R4224709512"
Is it possible to change this value so it reflects the target node that processes requests for this sticky session. This cookie could contain i.e. ip address of real server.
Arrowpoint cookie on CSS1150 worked this way...
Another question. How do I identify this cookie value with sticky-entries in "show sticky database static" output?
This command doesn't show anything like R4224709512, but only numbers like 18293255029648678255
best regards
KubaI am using ACE with version A3(2.1).
The “sticky-entry” in "show sticky data static"is a hash of the cookie-value set by ACE for the real server. so you need to use "show sticky database http-cookie " to determine which server are serving the client.
ACE-1/routed(config-pmap-lb-c)# do show sticky database http-cookie
sticky group : web-sticky
type : HTTP-COOKIE
timeout : 5 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+----------------------+--------------+-------+
16820511103801384579 lnx1:0 0 -
sticky group : web-sticky
type : HTTP-COOKIE
timeout : 5 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+----------------------+--------------+-------+
3347854103021350619 lnx2:0 0 -
..sometimes they'd only show up w/ the static instead of the cookies option for some reason.
found some explanation about this:
http://docwiki.cisco.com/wiki/Session_Persistence_Using_Cookie_Learning_on_the_Cisco_Application_Control_Engine_Configuration_Example
There is a difference between inserting an ACE-generated cookie or using one learned by the ACE. The cookie-insert feature creates a static cookie.
To look at static cookies you need to use the command:
show sticky database static
if you try static cookie (cookie inserted by ACE), the value is placed in the static sticky table at the time of configuration...
so no need to send traffic, once the static sticky config is in place, you should see an entry with 'show sticky database static'.
Do not try to filter the table with some other parameters...they do not work until A2(1.4)
There are 2 database:
One for static entries and one for dynamic entries.
Every show command that does not include the static keyword will look into the dynamic database.
So, you won't see anything by using those commands.
You could perform some test to identify which cookie is sent to which server.
The cookie value is static, so the number of value is limited to the number of servers.
There is a dynamic cookie learning feature available in ACE.
Kinly tell me if you want to discuus about that.
Kindly rate if possible.
Kind regards,
Sachin garg -
Hi,
I have an issue with sticky server that I’m hope might just be a command I’m missing.
I am inserting a cookie and the sticky works fine.
When my browser has a successful sticky connection i take the server that has the sticky connection out of service. I try to make another connection, i see the connection round robin to all remaining servers but i don’t get a successful connection i do see the connection failure count increment on all other servers in the farm. Only when i bring the server back into service can i get a successful connection.
Any advice appreciated.
Sticky config below.
sticky http-cookie WEB-Cookie-1 WEB-Sticky-1
cookie insert
serverfarm WEB-SERVERS-80
Code
Version A3(2.0) [build 3.0(0)A3(2.0
Thanks
ChrisHello Chris, This will be an easy fix for you. The command you are looking for is defined under the serverfarm inwhich you are creating sticky entries against.. You need to add a failaction.. I'm pasting the command syntax and options for the command.. Based on your breif description failaction purge will give you the desired result:
(config-sfarm-host) failaction
To configure the action that the ACE takes if a real server in a server farm goes down, use the failaction command. Use the no form of this command to reset the ACE to its default of taking no action when a server fails.
failaction {purge | reassign [across-interface]}
no failaction
Syntax Description
purge
Specifies that the ACE remove the connections to a real server if that real server in the server farm fails after you configure this command. The appliance sends a reset (RST) both to the client and to the server that failed.
reassign
Specifies that the ACE reassigns existing server connections to the backup real server, if a backup real server is configured. If no backup real server is configured, this keyword has no effect.
across-interface
(Optional) Instructs the ACE to reassign all connections from the failed real server to a backup real server on a different VLAN that is commonly referred to as a bypass VLAN. By default, this feature is disabled. -
i dotn seem to be getting a round robin effect on any of the 8 web servers being load balanced.
example from sh sticky database group GROUPn
4427481407323410243 WEB-SRV2:0 0 -
2452774824762134266 WEB-SRV1:0 0 -
8113453920705035427 WEB-SRV1:0 0 -
17215884597540077782 WEB-SRV1:0 0 -
123286896185049456 WEB-SRV2:0 0 -
13101217844384152730 WEB-SRV2:0 0 -
8462688148628735445 WEB-SRV2:0 0 -
8799530925601492925 WEB-SRV1:0 0 -
9158066764881164093 WEB-SRV1:0 208 -
4233929232369710669 WEB-SRV1:0 469 -
652881741833831225 WEB-SRV1:0 730 -
11929551358522611685 WEB-SRV2:0 935 -
2201018326228455336 WEB-SRV2:0 1024 -
540836670260610939 WEB-SRV2:0 1406 -
4341078594550796939 WEB-SRV1:0 1567 -
MY STICKY CONFIG
sticky http-cookie JSESSIONID GROUP6
replicate sticky
serverfarm WEB_FARM1_FARM
any ideas ?
Thanks in advanceConfigs - ip etc removed
rserver host WEB-SRV1
ip address nnnnn
probe SRV_PROBE
inservice
rserver host WEB-SRV2
ip address nnnnn
probe SRV_PROBE
inservice
serverfarm host WEB_FARM
rserver WEB-SRV1
inservice
rserver WEB-SRV2
inservice
serverfarm host HTTPS_FARM
rserver WEB-SRV1 443
inservice
rserver WEB-SRV2 443
inservice
ssl-proxy service NAME_SSL_PROXY
key name.key
cert name.crt
chaingroup NAME_CHAINGP
sticky http-cookie JSESSIONID GROUP1
replicate sticky
serverfarm WEB_FARM
class-map match-all HTTPS_VIP
2 match virtual-address nnnn tcp eq https
class-map match-all WEB_VIP
2 match virtual-address nnnn tcp eq www
policy-map type loadbalance first-match HTTPS_LB_POL
class class-default
sticky-serverfarm GROUP1
insert-http X-Forward-For header-value "%is"
ssl-proxy client NAME_SSL_PROXY
policy-map type loadbalance first-match WEB_LB_POL
class class-default
sticky-serverfarm GROUP1
insert-http X-Forward-For header-value "%is"
policy-map multi-match CLIENT_VIPS
class WEB
loadbalance vip inservice
loadbalance policy WEB_LB_POL
loadbalance vip icmp-reply active
nat dynamic 1 vlan 151
policy-map multi-match HTTPS_VIPS
class HTTPS
loadbalance vip inservice
loadbalance policy HTTPS_LB_POL
loadbalance vip icmp-reply active
nat dynamic 1 vlan 151
interface vlan 15
description WEB DMZ
ip address nnn 255.255.255.192
alias nnn 255.255.255.192
peer ip address nnn 255.255.255.192
no normalization
no icmp-guard
access-group input any
access-group output any
nat-pool 1 nnn nnn+1 netmask 255.255.255.192 pat
service-policy input REMOTE_MGT
no shutdown
interface vlan 90
description CLIENT-FACING VLAN
ip address nnn 255.255.255.240
alias nnn 255.255.255.240
peer ip address nnn 255.255.255.240
mtu 1500
no normalization
no icmp-guard
access-group input any
access-group output any
service-policy input REMOTE_MGT
service-policy input HTTPS_VIPS
service-policy input CLIENT_VIPS
no shutdown
The topology is active/active the NAT is to route traffic back the way it came in - the servers use have static routes configured to work with the ACE NAT -
Hi Folks,
First of all I am new the job and have very little ACE expierence. I work on a large campus. We have to 6513's with an ACE blade in each. A few contexts configured for different applications. Basically the server guys have come to me and asked me to enabled stickiness on one of there contexts.
Now I am sure this is basic stuff to ye guys but I am just wondering what I need to do? Can I implement this on the fly without causing an outage? I have cut and paste the relevant context below. And added the changes I think that need to be made. Do you guys think this will work and will it cause any outage?
I appreciate any help at all guys:
Here is current config:
probe tcp APPS-PROBE
port 8080
interval 3
passdetect interval 5
parameter-map type ssl SSL-APPS-ADVANCED
cipher RSA_WITH_RC4_128_MD5
rserver host SERVER1
ip address 10.10.10.1
inservice
rserver host SERVER2
ip address 10.10.10.2
inservice
ssl-proxy service SSL-APPS-PROXY
key appfiles.pem
cert appfilesCAcert
chaingroup APPFILES-CHAINGRP
ssl advanced-options SSL-APPS-ADVANCED
serverfarm host APPS-FARM
predictor leastconns
probe APPS-PROBE
rserver SERVER1 8080
inservice
rserver SERVER2 8080
inservice
class-map match-any APPS-VIP
2 match virtual-address 10.10.10.4 tcp eq https
policy-map type management first-match MGT-POLICY
class class-default
policy-map type loadbalance first-match APPS-POLICY
class class-default
serverfarm APPS-FARM
policy-map multi-match APPSPOLICY
class APPS-VIP
loadbalance vip inservice
loadbalance policy APPS-POLICY
loadbalance vip icmp-reply active
ssl-proxy server SSL-APPS-PROXY
service-policy input APPSPOLICY
Will adding the following to the context make stickiness work?
sticky ip-netmask 255.255.255.255 address source STICKY-APPS-FARM
timeout 720
timeout activeconns
replicate sticky
serverfarm APPS-FARM
policy-may type loadbalance first-match APPS-POLICY
class class-default
sticky-serverfarm STICKY-APPS-FARM
I am really lost on this and only getting this from looking at stickiness on other configs. Can you guys advise will this work.Also look at the following :
www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/rtg_brdg/guide/vlansif.html
Autogenerating a MAC Address for a VLAN Interface
By default, the ACE does not allow traffic from one context to another context over a transparent firewall. The ACE assumes that VLANs in different contexts are in different Layer 2 domains, unless it is a shared VLAN. The ACE allocates the same MAC address to the VLANs.
When you are using a firewall service module (FWSM) to bridge traffic between two contexts on the ACE, you must assign two Layer 3 VLANs to the same bridge domain. To support this configuration, these VLAN interfaces require different MAC addresses.
To enable the autogeneration of a MAC address on a VLAN interface, use the mac address autogenerate command in interface configuration mode. The syntax of this command is as follows:
mac address autogenerate
For example, enter:
host1/Admin(config-if)# mac address autogenerate
To disable MAC address autogeneration on the VLAN, use the no mac address autogenerate command. For example, enter:
host1/Admin(config-if)# no mac address autogenerate -
Hi Guys,
I'm trying to set up a sticky configuration on an ACE modeule in a 6500.
I've got the loadbalancing woking happily but need to ammend the config to add stickiness.
As far as I know the first command is someting on the lines of...
sticky http-cookie COOKIENAME STICKYGROUP
however when I put this in I get the following error.
Error: Sticy resource not available
I suspect that i'm missing something obvious.
Any assistance is greatly appreciated.
Regards
SteveBy default all the resources are available to ACE contexts except sticky resource.
You need a resource class with sticky resource defined and this class applied to the context.
for example
resource-class GOLD
limit-resource sticky minimum 1 maximum equal-to-min
Thanks
Syed Iftekhar Ahmed -
ACE 4710: Config Allows all traffic except large HTTP downloads
Hi Folks,
Got an ACE 4710 with a basic config that seems to work for all traffic except large downloads.
I've attached the current config
As I mentioned I can do normal HTTP to a standard destination like google or SSH through the ACE or ICMP
If i try to get a large file from the server side of ACE, then a trace shows that the first and subsequent 1460Byte packets dont go through ACE
I've thought of parse lengths, but i cannot see any that seem to affect the generic L4 maps that I am trying to use
Cheers
AlanI've seen a similar fault. I suppose a lower MSS was sent in the TCP SYN handshake packets (1300 or 1380?) and the packets exceeding that value were dropped by the ACE. This is the default behavior which can be switched to a less strict mode by either
exceed-mss allow
or
no normalization
commands.
In our case, a linux web server was whose replies wouldn't keep to the MSS limit. -
ACE Sticky Connections, Show Conn Output and Show serverfarm
Hi Community,
I'm deploying a Cisco ACE module and I have some questions about sticky connections and about the output of the show conn command and show serverfarm command.
I have the follwoing configuration:
rserver host srv_1 ip address 10.4.11.14 inservicerserver host srv_2 ip address 10.4.11.18 inserviceserverfarm host farm_144 rserver srv_1 144 weight 1 inservice rserver srv_2 144 weight 3 inservice
sticky ip-netmask 255.255.255.255 address source st_host144
timeout 10080
serverfarm farm_144
class-map match-all vip_144
2 match virtual-address 10.4.11.208 tcp eq 143
policy-map type loadbalance first-match lb_144
class class-default
policy-map multi-match policy_vip_webcache
class vip_webcache_144
loadbalance vip inservice
loadbalance policy lb_144
loadbalance vip icmp-reply active
nat dynamic 411 vlan 411
We can assume that service policy was applied at the interface vlan. So, let's go to the questions:
1- If sticky is enabled the output command "show conn" should show just one entry by ip address?
The real output is:
DC01-ACE-01-PRIMARY-SW1/context_servidores# show conn | inc :143333046 1 in TCP 411 10.2.158.87:3616 10.4.11.208:143 ESTAB 286390 3 in TCP 411 10.2.158.87:3562 10.4.11.208:143 ESTAB310233 1 in TCP 411 10.1.5.87:3424 10.4.11.208:143 ESTAB
Look that the ip address 10.2.158.87 is shown 2 times. In same times, the same ip address is shown 4 times to the same VIP and the same port. Is it a normal behavior?
2- According to the configuration, the srv_2 has weight 3 and srv_1 has weigth 1, but the output of show serverfarm show somethin strange:
DC01-ACE-01-PRIMARY-SW1/context_servidores# show serverfarm farm_144 serverfarm : farm_144, type: HOST total rservers : 2 state : ACTIVE DWS state : DISABLED --------------------------------- ----------connections----------- real weight state current total failures ---+---------------------+------+------------+----------+----------+--------- rserver: srv_1 10.4.11.14:144 1 OPERATIONAL 11 386 0 rserver: srv_2 10.4.11.18:144 3 OPERATIONAL 35 66 0
We can see that the weight is working good, but the total of connections is higher at srv_1 than srv_2. Why?
Somebody can help me to understand better this problem of if its a normal behavior?
Thanks in advance!!Hi Gaurav,
About question 1, I got some informations too. It's perfectly normal the client open 2 or more connections at the same time. The client's application is the responsable. We removed the ACE and put the client directly to the server and the result of the total connections opened was the same.
About question 2, I made some "clears" on the serverfarm, the sticky database and after that, the numbers were more real.
DC01-ACE-02-SECONDARY-SW1/context_servidores# sh serverfarm farm_webcache_144
serverfarm : farm_webcache_144, type: HOST
total rservers : 2
state : ACTIVE
DWS state : DISABLED
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: srv_webcache_1
10.4.11.14:144 1 OPERATIONAL 1025 15499 4436
rserver: srv_webcache_2
10.4.11.18:144 2 OPERATIONAL 1794 33471 471
DC01-ACE-02-SECONDARY-SW1/context_servidores#
Anyway thank you very much for your feedback.
Plínio Monteiro -
ACE: design/config question: trans.slb + slb + mngt
Hi,
Could this ACE setup/design work?
I want PROXIED sessions (to VIP proxy 10.0.0.10) to be loadbalanced
All other sessions (eg. Some public ip's) will have to transparent loadbalanced to proxy servers. Thus not destinations NAT
ACE is inline between firewalls and proxy servers.
Vip definitions:
class-map match-all P_PXYVIP_VS_LB
2 match virtual-address 10.0.0.10 255.255.255.255 tcp 8080
class-map match-all P_PXYTRANS_VS_LB
2 match virtual-address 0.0.0.0 0.0.0.0 tcp any
Question in this case: would it still be possible to have management sessions towards proxy servers routed by the ACE ? (physical ip addresses of proxy)
Probably the classmap PXYTRANS is catching those sessies also.
Are there other design/config solutions to solve this one?
Thank you!
WimLet me repose the question:
How could one still be able to access the realserver IP (which is directly connected
to the ACE) for manangement.
Knowing that there is 1 VIP which (normal) loadbalance to the realservers
and
there is 1 VIP 0.0.0.0 tcp any which is configure to catch all other traffic to be
transparant loadbalanced.
The VIP 0.0.0.0 is always catching the sessions which need only to be routed
to the real servers ip. -
Hi,
The Sticky function of the ACE is not working. There were no changes been made on the device it was working fine before but not now,.
We have 2 ACE one is Active(ACE1) and Second one is Standby (ACE2).
Testing done till now:-
================
Done the Failover from Active(ACE1) to Standby (ACE2).
When ACE2 was Active the Sticky started working fine without any issues.
2) when I did the failover again back from ACE2 to ACE1 the problem arrise Sticky doesnt work any more.
Any suggestion about this strange behaviour?
Thanks in advance.
Regards
Alex.What version do you run ?
What type of sticky method ?
Could you get a
- show np 1 me-stats "-slb"
and a
- show np 2 me-stats "-slb"
Possibly get 2 occurences one before and one after a test.
Thanks,
Gilles. -
Dear all,
I do have a question about the configuration option of a sticky serverfarm. There is an option to timeout active conns. Originally my thinking was that this option changes the sticky behaviour to a session timeout instead an idle timeout. While testing this seems to be not correct
sticky http-cookie myCookie myStickyServerfarm
timeout 10
timeout activeconns
replicate sticky
serverfarm myServerfarm backup mySorryfarm
The manual explains it like this:
Configuring a Cookie Sticky Timeout
The sticky timeout specifies the period of time that the ACE keeps the HTTP cookie sticky information for a client connection in the sticky table after the latest client connection terminates. The ACE resets the sticky timer for a specific sticky-table entry each time that the module opens a new connection that matches that entry.
This brings me to the question, what is this option used for. The only diffrence I can see is, that there is a http connection which is open for longer than the timeout value (here 10min) will be kicked out and in the meantime this sticky-entry isn't used (otherwise the idle time would be reset).
Are there any other explanations what this feature can do?
best regards
OliverHi Oliver,
I'm afraid the official documentation is not very clear on this section.
The sticky timeout doesn't count since the moment that the last connection is closed, but since it's established. However, by default it will not remove the sticky entry as long as there are connections still active. This is what can be tuned with the "timeout activeconns".
When the "timeout activeconns" option is present, the ACE will remove the sticky entry as soon as the timer is reached, regardless of whether there are active connections or not.
I hope this answers your question, but if you want some further clarification, let me know.
Regards
Daniel -
All,
Working on a new project where it appears at this time that the new application supports only an ASN type config.
I am trying to find out from the vendor whether or not any other method is supported. Currently our production VIPs
are all configured in ACE L3 mode, so this won't be an easy fit into our "normal" model. We have the ACE modules
in 6509s.
Is anyone using ASN and would you be willing to share some scrubbed config samples? It seems to me that if I have
to do this setup using ASN, my two options at this point would be to assign the server IPs on the outside or client-side
vlan of the ACE, or burn another context solely for this setup. Neither way is desirable to me, but I am hoping that the
vendor will not say their app is dependant upon ASN.
Just curious, and thanks in advance for any help/advice - chrisSolved
-
Hi,all,
I am testing ACE module@7606,
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_1_69.bin
installed license: ACE-SSL-05K-K9.
I wanta know if it is caused by license,Please help~~:)
Phenomenon:
1. Client sends a HTTP request to server
2. server returns a HTTP response to Client, the response contains a HTTP URL and HTTP body, server sends HTTP URL first, then sends HTTP body right now.
3. Client receives the HTTP URL first, after about 200ms, Client receives the HTTP body.
. Root cause:
1. If ACE receives the HTTP URL from rserver, it forwards the URL to Client. Then ACE will wait for a TCP ACK from client, before ACE receive the TCP ACK from client, it will not forward the HTTP body following to Client, the action is caused by TCP Slow Start algorithm. Windows Client will send the TCP ACK to ACE after about 200ms(40ms for Linux), the action is caused by TCP Delayed ACK algorithm. So from client side, it costs more than 200ms(or 40ms) to receive the entire HTTP response.
. Solution:
1. Disable Slow Start algorithm to VIP on ACE
. Existing Issue:
1. After disable Slow Start algorithm, the response time will be normal if Client access WAPI by VIP with SSL(means HTTPS). But the issue still exist if Client access server by VIP without SSL(means HTTP).
2. I associate a policy of stickiness to VIP, both SSL and non-SSL. If I remove the policy of stickiness, the response time will be normal. It seems the policy of stickiness will make Slow Start algorithm enable.slowstart is disabled by default on ACE.
switch/Admin# show parameter-map AllowMss
Parameter-map : AllowMss
Type : connection
nagle : disabled
slow start : disabled
buffer-share size : 32768
inactivity timeout (seconds) : TCP: 3600, UDP: 120, ICMP: 2
embryonic timeout (seconds) : 5
ack-delay (milliseconds) : 200
But the ack-delay is indeed 200msec.
Try to set the ack-delay to a lower value and see if that improves the situation.
Gilles. -
ACE Ft config sync question during primary ACE blade replacement
I am replacing my primary ACE blade and am wondering if when I reconfigure the admin context with the ft groups will I have any issues syncing the secondary back to the primary? I don't want to run the risk of a blank config from the new primary blade being pushed to secondary.
Any help is appreciated.
thanksTreat the current as primary and put the new module as a secondary (by applying low priority vlaues for ft vlans ) and disable premption.
Complete steps will be...
Before putting the new module in, configure the standby (which should be acting as master -- since primary is out) module with the "no-preempt" option on each FT vlan.
Now with new module
1. Bring the new ACE module online and upgrade it to the same software than is running on the temp master.
2. Define all of your resource-maps, FT vlans
3. Add "no preempt", set a lower "priority" than is defined on the peer (temp master)
4. Install any SSL certificates
5. Define your context (repeating the same for SSL certs if necessary).
6. Add the command "ft auto-sync" to your Admin context.
7. Once the configuration has synced, (by confirming the FT status is now
"FSM_FT_STATE_STANDBY_HOT"), you're ready to perform the FT switch over.
8.In your Admin context, change the peer priority to be lower than the new
master for each FT group, then issue the command "ft switchover X",
replacing X with each FT group beginning in the Admin context, then doing the same in your other context.
Thanks
Syed -
ACE - Sticky using XFF client value
Might be a stupid question ....but we have a situation where client traffic is LB to our proxy infrastructure , at the LB the XFF client address is inserted into the header and source sticky is enabled. We now need to LB to addtional servers( more than within our proxy infrastructure) downstream from our proxy servers and retain the client sessions, if we use source sticky we will have a one to one relationship with the downstream servers . This we don't want as we want to spread the load across all downstream servers. My question is instead of source IP sticky could we use say the XFF info or something else to stick sessions to the downstream servers.
Hi,
So your proxy server will need to contact different servers through loadbalancer?
You can use cookies for the same and make the ACE to insert cookie. I haven't tried using XFF header and value for sticky but ACE let's you configure it so it can be tried too.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
Maybe you are looking for
-
Creating a pop up window on button click?
Hi How would I create a pop up modal window when a user clicks on a print button within an interactive report. This window would then display a message with a confirm or cancel button. If they click on confirm the page prints out and if they click ca
-
Since upgrading to Lion my address book no longer communicates with iTunes? This means that no new information is getting to my iPhone etc? Any ideas? Thanks
-
My 2008 MacBook Pro has interference across the full screen. It looks similar to a pre-cable TV screen with bad reception. Any idea of what the problem might be?
-
Error while dragging cube measures on powerview
Hello! I'm trying to get started with PowerView in SharePoint 2013 but i'm facing a little problem. I'm trying to connect to a AnalysisServices (Multidimensional) instance, version 11.0.3373.0 on SQL Server 2012 SP1 CU5. In PowerView i can explore th
-
Configuration Changes logging issue, ASDM related?
I've run into an interesting problem. ASA: 8.4(2) ASDM: 6.4(5) When I make a change at the CLI, syslog message ASA-5-111008 is generated and sent to the syslog servers, local buffer, and ASDM. When I make a change in ASDM, syslog message ASA-5-111008