ACE Sticky issue.

Hi,
The Sticky function of the ACE is not working. There were no changes been made on the device it was working fine before but not now,.
We have 2 ACE one is Active(ACE1) and Second one is Standby (ACE2).
Testing done till now:-
================
Done the Failover from Active(ACE1) to Standby (ACE2).
When ACE2 was Active the Sticky started working fine without any issues.
2) when I did the failover again back from ACE2 to ACE1 the problem arrise Sticky doesnt work any more.
Any suggestion about this strange behaviour?
Thanks in advance.
Regards
Alex.

What version do you run ?
What type of sticky method ?
Could you get a
- show np 1 me-stats "-slb"
and a
- show np 2 me-stats "-slb"
Possibly get 2 occurences one before and one after a test.
Thanks,
Gilles.

Similar Messages

ACE Configuration Issue.

We would like to configure on ace like below:
the virtual ip address and port like this
: 10.10.10.10:8000,this ip address will be use to outside user request servie
and we have to configure server farm like below
real server 10.10.10.1:8001, 10.10.10.1:8002, 10.10.10.1:8003 ...
the ip address is same on 10.10.10.10:8000's serverfarm, but real server service is different, and this port should be loadbalanced and healchecked.
Is it possible solution? F5 big ip , Nortal is possible, but I don't know on ACE above issue.
If you ok. could you give me a sample configuration?

page 2....
Also i forget to tell you to
8.create resourse-class
9. create context othr then admin context if you need multiple contexts:
(inside context add resource class)
10 class map type management (for remote access)
as follows:
Kindly find some config sample as follows:
ACE/Admin# sh run
Generating configuration....
resource-class ABCD_Resource
limit-resource all minimum 5.00 maximum unlimited
limit-resource sticky minimum 5.00 maximum unlimited
boot system image:c4710ace-mz.A3_2_1.bin
hostname ACE
context Admin
member ABCD_Resource
access-list everyone line 10 extended permit icmp any any
access-list everyone line 20 extended permit ip any any
access-list for-cap line 8 extended permit ip any any
probe http HTTP-Probe
port 8000
interval 2
faildetect 2
passdetect interval 15
request method head
probe icmp ICMP-Probe
interval 2
faildetect 2
passdetect interval 60
probe tcp TCP-8000
port 8000
interval 2
faildetect 2
passdetect interval 15
passdetect count 2
open 1
rserver host A
ip address 10.10.10.1
inservice
rserver host B
ip address 10.10.10.2
inservice
rserver host C
ip address 10.10.10.3
inservice
rserver host D
ip address 10.10.10.4
inservice
serverfarm host SF-8000-1
probe ICMP-Probe
probe TCP-8000
rserver A 8000
inservice
rserver B 8000
inservice
serverfarm host SF-8000-2
probe HTTP-Probe
probe ICMP-Probe
probe TCP-8000
rserver C 8000
inservice
rserver D 8000
inservice
class-map match-all L4-CLASS-REDIRECT-1
2 match virtual-address 10.10.60.10 tcp eq www
class-map match-all VIP-PORT-8000-1
2 match virtual-address 10.10.60.10 tcp eq https
class-map match-all VIP-PORT-8000-2
2 match virtual-address 10.10.60.12 tcp eq https
class-map type management match-any remote-mgmt
10 match protocol ssh any
20 match protocol telnet any
30 match protocol icmp any
40 match protocol http any
50 match protocol https any
class-map match-any server-initiated
3 match source-address 10.10.10.4 255.255.255.255
4 match source-address 10.10.10.3 255.255.255.255
policy-map type management first-match remote-access
class remote-mgmt
permit
policy-map type loadbalance first-match VIP-POLICY-8000-1
class class-default
policy-map multi-match Service-Policy-8000-1
class VIP-PORT-8000-1
loadbalance vip inservice
loadbalance policy VIP-POLICY-8000-1
loadbalance vip icmp-reply
nat dynamic 1 vlan 60
class L4-CLASS-REDIRECT-1
loadbalance vip inservice
loadbalance policy VIP-POLICY-8000-1
policy-map multi-match Service-Policy-8000-2
class VIP-PORT-8000-2
loadbalance vip inservice
loadbalance policy VIP-POLICY-8000-2
loadbalance vip icmp-reply
nat dynamic 1 vlan 60
ssl-proxy server SSL-Offload-Proxy-2
policy-map multi-match server-side
class server-initiated
nat dynamic 1 vlan 60
interface vlan 10
description APPPROD-Client-Vlan
bridge-group 10
mtu 1500
access-group input everyone
access-group output everyone
service-policy input remote-access
no shutdown
interface vlan 30
description management-vlan-interface
ip address 10.10.30.22 255.255.255.0
access-group input everyone
access-group output everyone
service-policy input remote-access
no shutdown
continued page 3......

Session Stickiness Issue

Hi All,
I am facing session stickiness issue where we have four webserver instances and six weblogic instances.
If you see in the failure logs the JVM ID generated by the cookie is 1872775671 but the plugin is routing the request to 923706867.Please find below
Please find the success and failure logs below
Proxy Error Log :
================New Request: [amserver/UI/Login] =================
Wed Mar 20 15:01:10 2013 <202911363806070191> Uri as read from rq (request) data structure /amserver/UI/Login
Wed Mar 20 15:01:10 2013 <202911363806070191> Uri after pathTrim /amserver/UI/Login
Wed Mar 20 15:01:10 2013 <202911363806070191> Uri resolved to /amserver/UI/Login?module=GMACLoginModule&org=branch
Wed Mar 20 15:01:10 2013 <202911363806070191> resolveRequest return code is [0]
Wed Mar 20 15:01:10 2013 <202911363806070191> URI=[amserver/UI/Login?module=GMACLoginModule&org=branch]
Wed Mar 20 15:01:10 2013 <202911363806070191> INFO: SSL is not configured
Wed Mar 20 15:01:10 2013 <202911363806070191> Found cookie from cookie header: JSESSIONID=RKHWGqJvmJGWgZ9YdqywsXBLRd7QtMGX1Qr1yTmNTn0Kcdq0M0xq!-1872775671
Wed Mar 20 15:01:10 2013 <202911363806070191> Parsing cookie JSESSIONID=RKHWGqJvmJGWgZ9YdqywsXBLRd7QtMGX1Qr1yTmNTn0Kcdq0M0xq!-1872775671
Wed Mar 20 15:01:10 2013 <202911363806070191> getpreferredServersFromCookie: [-1872775671]
Wed Mar 20 15:01:10 2013 <202911363806070191> primaryJVMID: [-1872775671]
secondaryJVMID: []
Wed Mar 20 15:01:10 2013 <202911363806070191> No of JVMIDs found in cookie: 1
Wed Mar 20 15:01:10 2013 <202911363806070191> Trying to locate Primary or Secondary using SrvrInfo with JVMID: 923706867
Wed Mar 20 15:01:10 2013 <202911363806070191> getPreferredFromCookie: Start Position is 0, listLen is 1
Wed Mar 20 15:01:10 2013 <202911363806070191> getPreferredFromCookie: Either JVMIDs not set or they are stale. Will try to get JVMIDs from WLS
Wed Mar 20 15:01:10 2013 <202911363806070191> initJVMID: Iterating SrvrList from position 0
Wed Mar 20 15:01:10 2013 <202911363806070191> ======internal request /bea_wls_internal/WLDummyInitJVMIDs======
initJVMID: Trying Host[10.13.52.81] Port[7005] SecurePort[7006] useSSL [0] ioTimeout [30] socketTimeout [10]
Wed Mar 20 15:01:10 2013 <202911363806070191> INFO: New NON-SSL URL
Wed Mar 20 15:01:10 2013 <202911363806070191> Connect returns -1, and error no set to 245, msg 'Operation now in progress'
Wed Mar 20 15:01:10 2013 <202911363806070191> EINPROGRESS in connect() - selecting
Wed Mar 20 15:01:10 2013 <202911363806070191> Local Port of the socket is 63476
Wed Mar 20 15:01:10 2013 <202911363806070191> Remote Host 10.13.52.81 Remote Port 7005
Wed Mar 20 15:01:10 2013 <202911363806070191> URL::sendHeaders(): meth='HEAD' file='/bea_wls_internal/WLDummyInitJVMIDs' protocol='HTTP/1.0'
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[Connection]=[Close]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[X-WebLogic-Request-ClusterInfo]=[true]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[X-WebLogic-KeepAliveSecs]=[30]
Wed Mar 20 15:01:10 2013 <202911363806070191> URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 400 Bad Request]
Wed Mar 20 15:01:10 2013 <202911363806070191> URL::parseHeaders: StatusLine set to [400 Bad Request]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from WLS:[Date]=[Wed, 20 Mar 2013 19:01:10 GMT]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from WLS:[Content-Length]=[897]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from WLS:[Content-Type]=[text/html]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from WLS:[X-WebLogic-Cluster-Hash]=[7GHstOoW2dPEsRHcWrZe05SfKAc]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from WLS:[X-WebLogic-Cluster-List]=[923706867!168637521!7005!7006]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from WLS:[Connection]=[Close]
Wed Mar 20 15:01:10 2013 <202911363806070191> parsed all headers OK
Wed Mar 20 15:01:10 2013 <202911363806070191> initJVMID: Received the same cluster-list. Returning with no preferred servers found.
Wed Mar 20 15:01:10 2013 <202911363806070191> .....internal request /bea_wls_internal/WLDummyInitJVMIDs.....processed
Wed Mar 20 15:01:10 2013 <202911363806070191> getPreferredFromCookie: Found 0 servers
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from Client:[accept]=[image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from Client:[referer]=[https://capacity.dealerservices.ally.com/userprovisioning/jsp/autoSubmit.jsp?lang=en-us&source=MigratedLoginWidget&userType=branch&process=login]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from Client:[accept-language]=[en-US]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from Client:[user-agent]=[Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; BTRS99959; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MS-RTC LM 8; .NET4.0C; InfoPath.3)]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from Client:[accept-encoding]=[gzip, deflate]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from Client:[host]=[gdpcapacity.gmacbranch.gmac.gm.com]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from Client:[cache-control]=[no-cache]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from Client:[cookie]=[s_pers=%20s_ts%3D%255B%255B%2527BRA0006T%2527%252C%25271362265430952%2527%255D%252C%255B%2527BRA0005T%2527%252C%25271363804235955%2527%255D%255D%7C1521570635955%3B%20s_nr%3D1363805063050-Repeat%7C1366397063050%3B; Locale=en-us; MasterCookie=MasterCookie; GDP_screenHeight=768; GDP_screenWidth=1366; GDP_browserType=Microsoft%20Internet%20Explorer; GDP_browserVersion=4.0%20%28compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.1%3B%20Trident/4.0%3B%20BTRS99959%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20MS-RTC%20LM%208%3B%20.NET4.0C%3B%20InfoPath.3%29; GDP_operatingSystem=Win32; GDP_userAgent=Mozilla/4.0%20%28compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.1%3B%20Trident/4.0%3B%20BTRS99959%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20MS-RTC%20LM%208%3B%20.NET4.0C%3B%20InfoPath.3%29; JSESSIONID=RKHWGqJvmJGWgZ9YdqywsXBLRd7QtMGX1Qr1yTmNTn0Kcdq0M0xq!-1872775671; ObSSOCookie=tKGxD0YS6sUw8kyVwfVBNujGihNvtG5GlUrYljs%2F3fngJbUm4%2B1bA6FpLn3LEESIpQsqwhjMDZODuautF%2B7zHKXypTkT%2Fn8DwdGn%2FYZOJK49wBTU511DfkqBmqBMsGjSM42jobA5gSQ672vUQskytWaJc4tZQC7MDLOGPEJf%2Bwc%2BVtXRi1%2FRGI4ql8jQpyWSJP6ImkHwt6QNig3Vlyt9BLZws6vvgHulULaxuA%2BXfUZ4fkVaVwN35tAmWorUa1ODiORCWhVSrZybMhTk53NsjT%2FdOaXFLZM4wcj6PKVkeG1UtZVfoNuVw8LBBVd5ave0]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from Client:[gmacdealer_groups]=[smartcash:scsupervisor:branch:us:en-us:EOAdminUS:]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from Client:[HTTP_OBLIX_UID]=[cbrus16]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs from Client:[HTTP_OBLIX_UID]=[cbrus16]
Wed Mar 20 15:01:10 2013 <202911363806070191> attempt #0 out of a max of 5
Wed Mar 20 15:01:10 2013 <202911363806070191> Server details are ''/0/0
Preferred server not set or was marked bad, checking next preferred server
Wed Mar 20 15:01:10 2013 <202911363806070191> Server details are ''/0/0
Preferred server not set or was marked bad, checking next preferred server
Wed Mar 20 15:01:10 2013 <202911363806070191> Trying a pooled connection for '10.13.52.81/7005/7006'
Wed Mar 20 15:01:10 2013 <202911363806070191> getPooledConn: No more connections in the pool for Host[10.13.52.81] Port[7005] SecurePort[7006]
Wed Mar 20 15:01:10 2013 <202911363806070191> general list: trying connect to '10.13.52.81'/7005/7006 at line 1676 for '/amserver/UI/Login?module=GMACLoginModule&org=branch'
Wed Mar 20 15:01:10 2013 <202911363806070191> INFO: New NON-SSL URL
Wed Mar 20 15:01:10 2013 <202911363806070191> Connect returns -1, and error no set to 245, msg 'Operation now in progress'
Wed Mar 20 15:01:10 2013 <202911363806070191> EINPROGRESS in connect() - selecting
Wed Mar 20 15:01:10 2013 <202911363806070191> Local Port of the socket is 63477
Wed Mar 20 15:01:10 2013 <202911363806070191> Remote Host 10.13.52.81 Remote Port 7005
Wed Mar 20 15:01:10 2013 <202911363806070191> general list: created a new connection to '10.13.52.81'/7005 for '/amserver/UI/Login?module=GMACLoginModule&org=branch', Local port: 63477
Wed Mar 20 15:01:10 2013 <202911363806070191> WLS info : 10.13.52.81:7005 recycled? 0
Wed Mar 20 15:01:10 2013 <202911363806070191> URL::sendHeaders(): meth='GET' file='/amserver/UI/Login?module=GMACLoginModule&org=branch' protocol='HTTP/1.1'
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[accept]=[image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[referer]=[https://capacity.dealerservices.ally.com/userprovisioning/jsp/autoSubmit.jsp?lang=en-us&source=MigratedLoginWidget&userType=branch&process=login]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[accept-language]=[en-US]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[user-agent]=[Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; BTRS99959; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MS-RTC LM 8; .NET4.0C; InfoPath.3)]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[accept-encoding]=[gzip, deflate]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[host]=[gdpcapacity.gmacbranch.gmac.gm.com]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[cache-control]=[no-cache]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[cookie]=[s_pers=%20s_ts%3D%255B%255B%2527BRA0006T%2527%252C%25271362265430952%2527%255D%252C%255B%2527BRA0005T%2527%252C%25271363804235955%2527%255D%255D%7C1521570635955%3B%20s_nr%3D1363805063050-Repeat%7C1366397063050%3B; Locale=en-us; MasterCookie=MasterCookie; GDP_screenHeight=768; GDP_screenWidth=1366; GDP_browserType=Microsoft%20Internet%20Explorer; GDP_browserVersion=4.0%20%28compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.1%3B%20Trident/4.0%3B%20BTRS99959%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20MS-RTC%20LM%208%3B%20.NET4.0C%3B%20InfoPath.3%29; GDP_operatingSystem=Win32; GDP_userAgent=Mozilla/4.0%20%28compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.1%3B%20Trident/4.0%3B%20BTRS99959%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20MS-RTC%20LM%208%3B%20.NET4.0C%3B%20InfoPath.3%29; JSESSIONID=RKHWGqJvmJGWgZ9YdqywsXBLRd7QtMGX1Qr1yTmNTn0Kcdq0M0xq!-1872775671; ObSSOCookie=tKGxD0YS6sUw8kyVwfVBNujGihNvtG5GlUrYljs%2F3fngJbUm4%2B1bA6FpLn3LEESIpQsqwhjMDZODuautF%2B7zHKXypTkT%2Fn8DwdGn%2FYZOJK49wBTU511DfkqBmqBMsGjSM42jobA5gSQ672vUQskytWaJc4tZQC7MDLOGPEJf%2Bwc%2BVtXRi1%2FRGI4ql8jQpyWSJP6ImkHwt6QNig3Vlyt9BLZws6vvgHulULaxuA%2BXfUZ4fkVaVwN35tAmWorUa1ODiORCWhVSrZybMhTk53NsjT%2FdOaXFLZM4wcj6PKVkeG1UtZVfoNuVw8LBBVd5ave0]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[gmacdealer_groups]=[smartcash:scsupervisor:branch:us:en-us:EOAdminUS:]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[HTTP_OBLIX_UID]=[cbrus16]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[HTTP_OBLIX_UID]=[cbrus16]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[Proxy-Path-Translated]=[u001/webserver/docs/gdp-capacity-backend-sec/amserver/UI/Login]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[Proxy-Path-Translated-Base]=[u001/webserver/docs/gdp-capacity-backend-sec]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[WL-Proxy-Client-Keysize]=[128]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[WL-Proxy-Client-Secretkeysize]=[128]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[WL-Proxy-Client-IP]=[129.41.252.30]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[WL-Proxy-SSL]=[true]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[Proxy-Client-IP]=[129.41.252.30]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[X-Forwarded-For]=[129.41.252.30]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[Connection]=[Keep-Alive]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[X-WebLogic-KeepAliveSecs]=[30]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[X-WebLogic-Request-ClusterInfo]=[true]
Wed Mar 20 15:01:10 2013 <202911363806070191> Hdrs to WLS:[x-weblogic-cluster-hash]=[7GHstOoW2dPEsRHcWrZe05SfKAc]
Wed Mar 20 15:01:11 2013 <202911363806070191> URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 302 Moved Temporarily]
Wed Mar 20 15:01:11 2013 <202911363806070191> URL::parseHeaders: StatusLine set to [302 Moved Temporarily]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs from WLS:[Date]=[Wed, 20 Mar 2013 19:01:10 GMT]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs from WLS:[Pragma]=[no-cache]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs from WLS:[Location]=[https://gdpcapacity.gmacbranch.gmac.gm.com/portal/dt?action=process&provider=PortletWindowProcessChannel&windowProvider.targetPortletChannel=GMACDataProvider&containerName=GMACBranchHomeContainer&windowProvider.currentChannelMode=VIEW&window.portletAction=ACTION]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs from WLS:[Content-Type]=[text/html]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs from WLS:[Expires]=[0]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs from WLS:[Set-Cookie]=[JSESSIONID=RKHW4QzDhbJpcQJJpXJ21CV3lxY2lbhNJYmtJCYGGK2BC71JTqGr!923706867; path=/]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs from WLS:[Set-Cookie]=[iPlanetDirectoryPro=AQIC5wM2LY4Sfcwgaa%2Bz8dzyN5AAXxW2GEBHoRwWjfYUb9M%3D%40AAJTSQACMDI%3D%23; path=/]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs from WLS:[Set-Cookie]=[AMAuthCookie=LOGOUT; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs from WLS:[X-AuthErrorCode]=[0]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs from WLS:[X-DSAMEVersion]=[6 2005Q1]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs from WLS:[Transfer-Encoding]=[chunked]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs from WLS:[Cache-Control]=[private]
Wed Mar 20 15:01:11 2013 <202911363806070191> parsed all headers OK
Wed Mar 20 15:01:11 2013 <202911363806070191> sendResponse() : uref_p->getStatus() = '302'
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs to client (add):[date]=[Wed, 20 Mar 2013 19:01:10 GMT]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs to client (add):[Pragma]=[no-cache]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs to client (add):[Location]=[https://gdpcapacity.gmacbranch.gmac.gm.com/portal/dt?action=process&provider=PortletWindowProcessChannel&windowProvider.targetPortletChannel=GMACDataProvider&containerName=GMACBranchHomeContainer&windowProvider.currentChannelMode=VIEW&window.portletAction=ACTION]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs to client (add):[content-type]=[text/html]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs to client (add):[Expires]=[0]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs to client (add):[Set-Cookie]=[JSESSIONID=RKHW4QzDhbJpcQJJpXJ21CV3lxY2lbhNJYmtJCYGGK2BC71JTqGr!923706867; path=/]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs to client (add):[Set-Cookie]=[iPlanetDirectoryPro=AQIC5wM2LY4Sfcwgaa%2Bz8dzyN5AAXxW2GEBHoRwWjfYUb9M%3D%40AAJTSQACMDI%3D%23; path=/]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs to client (add):[Set-Cookie]=[AMAuthCookie=LOGOUT; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs to client (add):[X-AuthErrorCode]=[0]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs to client (add):[X-DSAMEVersion]=[6 2005Q1]
Wed Mar 20 15:01:11 2013 <202911363806070191> Hdrs to client (add):[Cache-Control]=[private]
Wed Mar 20 15:01:11 2013 <202911363806070191> canRecycle: conn=1 status=302 isKA=1 clen=-1 isCTE=1
Wed Mar 20 15:01:11 2013 <202911363806070191> closeConn: pooling for '10.13.52.81/7005'
Wed Mar 20 15:01:11 2013 <202911363806070191> request [amserver/UI/Login?module=GMACLoginModule&org=branch] processed successfully..................
Could some one let me know how to maintain the session stickiness and please do let me know why the JVM ID is getting changed.
Note : We are using cookie based replication in our environment.
Thanks & Regards
Arun

the CSS does not have the possibility to dynamically learn cookie.
So, you have to setup manually the value sent by each server.
According to your setup, the jsessionid would have a fix value after the first 33 bytes and the value will be 2 bytes long.
Is that correct ?
If yes, try to increase the string range.
Finally, it might be easier to use arrowpoint cookies.
Gilles.

Sticky issue for an application configured in ACE

Hi All,
We are facing a strange issue with ACE. We have a sticky configured for an application in ACE.
Sometimes the application is not working, We have to clear sticky session on ACE to fix the issue.
Can anbody help me to troubleshoot this issue?
Regards,
Thiyagu

Hi Jorge,
Here is the sticky configuration of the application which is having issue.
sticky ip-netmask 255.255.255.255 address source SG
timeout 15
serverfarm SF
Please let me know if you need the complete configurarion.
Regards,
Thiyagu

ACE cookie stickiness issue

Hi,
We are having ACE as the load balancer
Software running on ACE
loader: Version 12.2[121]
system: Version A2(1.1a) [build 3.0(0)A2(1.1a) adbuild_22:19:41-2008/07/21_
/auto/adbu-rel3/rel_a2_1_1_throttle/REL_3_0_0_A2_1_1A]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_1a.bin
We have 2 webservers (load balanced) & 2 application servers(load balanced).Cookie based stickiness is currently used on Web & Application servers.
Ideal scenario:
1.Client opens the url http://...There is always a dual session whenever the client opens the url.One is for Java & the other for html.
2.Client--->Webserver1
3.Webserver1---->APP1
Most of the times when the client types the url, the dual sessions goes to one Webserver as per round robin (eg web server 1) & the webserver 1 communicates with Application server as per round robin (eg.application server 1).
Problem:
Now at times when the client types the url, the dual sessions gets split which means one session goes to one webserver & the other session goes to second webserver.Ideally it should not as per the application demands.
When this happens, both the webservers communicates with both the application servers.Here is where the problem happens.The client is asked for the login page again which indicates that the client has went to the second application server for the login.
What ideally should happen is the client should stick to the same application server depending up the sticky timeout.
Foll. is the output of show conns when prob occurs:
Primary-ACE/DMZ2# sh conn serverfarm SF-8888
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+
1321 1 in TCP 2504 172.21.46.34:2037 172.24.51.200:8888 ESTAB
1255 1 out TCP 2704 172.24.51.33:8888 172.21.46.34:2037 ESTAB
1108 2 in TCP 2504 172.21.46.34:2036 172.24.51.200:8888 ESTAB
1144 2 out TCP 2704 172.24.51.32:8888 172.21.46.34:2036 ESTAB
Primary-ACE/APP# sh conn serverfarm SF-8888
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+
959 2 in TCP 2507 172.24.51.32:58306 172.24.54.200:8888 ESTAB
115 2 out TCP 2707 172.24.54.32:8888 172.24.51.32:58306 ESTAB
651 2 in TCP 2507 172.24.51.33:51030 172.24.54.200:8888 ESTAB
901 2 out TCP 2707 172.24.54.33:8888 172.24.51.33:51030 ESTAB
I have attached the configs.
The web server we are testing is 172.24.51.32 & 33 - port 8888
Application servers - 172.24.54.32 & 33-port 8888
Rgds./Sachin

Sachin~
What is exactly your flow?
Is client hitting the Webserver farm (in web server context) and then Web servers hitting the APPs Servers in the APPS server context?
If thats the case (only Web servers are App server clients and client is not hitting application serverfarm ) then you can use source ip based sticky in APP server farm which will ensure that one web server sticks to a particular APP server and it never changes the APP server.
Following example will insert cookie named "Mycookie" in the server responses from APP1 rservers to the client
rserver host App1-Srvr1
ip address 192.168.1.1
inservice
rserver host App1-Srvr2
ip address 192.168.1.2
inservice
serverfarm host APP1-SFARM
rserver App1-Srvr1
inservice
rserver App1-Srvr2
inservice
class-map match-any APP1-VIP
2 match virtual-address 10.10.10.1 tcp eq www
sticky http-cookie MYcookie App1-sticky
cookie insert
timeout 720
replicate sticky
serverfarm App1-Sfarm
policy-map type loadbalance first-match APP1-POLICY
class class-default
sticky-serverfarm App1-sticky
policy-map multi-match VIPS
class VIP-P80
loadbalance vip inservice
loadbalance policy APP1-POLICY
loadbalance vip icmp-reply active
HTH
Syed Iftekhar Ahmed

Standby cisco ACE loadbalancer issues (network connectivity)

Hi ALL,
            We are having issues with the secondary (standby) load balancer ACE module on a 6500 switch. We see that the loadblanacer is not able to get onto the network which leads to problem with fault tolerance as well. Following is the ft status found on the load balancer for one of the contexts (this is the same pattern seen on all the contexts).
switch/Admin# sh ft group status
FT Group                     : 1
Configured Status            : in-service
Maintenance mode             : MAINT_MODE_OFF
My State                     : FSM_FT_STATE_ACTIVE
Peer State                   : FSM_FT_STATE_UNKNOWN
Peer Id                      : 1
No. of Contexts              : 1
Sh arp on all the contexts shows the gateway/rserver to be unreachable. Please find the screenshot below for one of the contexts (the same pattern is seen on the LB for all other contexts)
switch/1_Context# sh arp
Context CSD_Context
================================================================================
IP ADDRESS      MAC-ADDRESS        Interface Type      Encap NextArp(s) Status
================================================================================
172.21.128.97   00.00.00.00.00.00 vlan942   GATEWAY    -                   dn
172.21.128.103 00.0b.fc.fe.1b.09 vlan942   ALIAS      LOCAL     _         up
172.21.128.105 00.12.43.dc.93.23 vlan942   INTERFACE LOCAL     _         up
7.0.0.4         00.0b.fc.fe.1b.09 vlan943   NAT        LOCAL     _         up
- 7.0.0.6
172.21.147.196 00.0b.fc.fe.1b.09 vlan943   ALIAS      LOCAL     _         up
172.21.147.198 00.12.43.dc.93.24 vlan943   INTERFACE LOCAL     _         up
172.21.147.200 00.00.00.00.00.00 vlan943   RSERVER    -       * 3 req     dn
172.21.147.202 00.00.00.00.00.00 vlan943   RSERVER    -       * 2 req     dn
172.21.147.204 00.00.00.00.00.00 vlan943   RSERVER    -                   dn
172.21.147.206 00.00.00.00.00.00 vlan943   RSERVER    -                   dn
172.21.147.208 00.00.00.00.00.00 vlan943   RSERVER    -       * 3 req     dn
172.21.147.210 00.00.00.00.00.00 vlan943   RSERVER    -       * 2 req     dn
172.21.147.212 00.00.00.00.00.00 vlan943   RSERVER    -       * 1 req     dn
172.21.147.214 00.00.00.00.00.00 vlan943   RSERVER    -       * 1 req     dn
172.21.147.216 00.00.00.00.00.00 vlan943   RSERVER    -       * 3 req     dn
7.0.0.1         00.0b.fc.fe.1b.09 vlan943   NAT        LOCAL     _         up
- 7.0.0.3
The problem is that we see the problem only on the secondary loadbalancer. primary is just running file
also i can see some traffic denial in admin context for resource usage
switch/Admin# sh resource usage
                                                     Allocation
        Resource         Current       Peak        Min        Max       Denied
Context: Admin
conc-connections              9          9     160000    6560000          0
mgmt-connections              0         46       2000      82000          0
proxy-connections             0          4      20972     859830          0
xlates                        0          0      20972     859830          0
bandwidth                     0   17715713   10000000 535000000    5799749
    throughput                  0   17710993   10000000 410000000    5799749
    mgmt-traffic rate           0       4720          0 125000000          0
connection rate               0         43      20000     820000          0
ssl-connections rate          0          0        100       4100          0
mac-miss rate                 0          1         40       1640          0
inspect-conn rate             0          0        120       4920          0
acl-memory                56336      56336    1570072   64460552          6
sticky                        0          0      83886          0          0
regexp                        0          0      20972     859832          0
syslog buffer             82944      82944      82944    3447808          0
syslog rate                   0         44       2000      82000         25
Context: INTEGRATION_Context
conc-connections              0       3934     160000          0          0
mgmt-connections              0         98       2000          0          0
proxy-connections             0         33      20972          0          0
xlates                        0          0      20972          0          0
bandwidth                     0   10019910   10000000 125000000      40857
    throughput                  0   10000000   10000000          0      40857
    mgmt-traffic rate           0      19910          0 125000000          0
connection rate               0         49      20000          0          0
ssl-connections rate          0          0        100          0          0
mac-miss rate                 0         32         40          0          0
inspect-conn rate             0         58        120          0          0
acl-memory                11920      11920    1570072          0          0
sticky                        0          1      83886          0          0
regexp                        0          0      20972          0          0
syslog buffer                 0      82944      82944    3447808          0
syslog rate                   0        312       2000          0          0
these above 2 contexts are the only one which has bandwidth resource usage exceeding the limit. but i somehow am not sure if this is the issue. as there is just no traffic on the secondary .. then how can the bandwidth reach the threshold? can anyone throw some light on the below issue?
thanks and regards
kiran

vlan on Standby_ACE switch
svclc multiple-vlan-interfaces
svclc module 1 vlan-group 1,4,12,13,
svclc vlan-group 1 968
svclc vlan-group 12 132
svclc vlan-group 13 367-372,374,375,379,380,538,805,807,808,818,913,915
svclc vlan-group 13 917-920,922-924,933,934,937,938,942-949,972,976-979,983
svclc vlan-group 13 984
ip subnet-zero
no ip source-route
vlans on standby ACE
switch/Admin# sh vlans
Vlans configured on SUP for this module
vlan132 vlan360 vlan367-375 vlan379-380 vlan538 vlan805 vlan807-808 vlan818 vlan913 vlan91
5 vlan917-920 vlan922-924 vlan930 vlan933-934 vlan937-938 vlan942-949 vlan968 vlan971-972 v
lan976-979 vlan983-984
switch/Admin#
Active_LB_host_switch is the switch hosting the active ACE thats connected on ten7/4 and 8/4 which is bundeled and made into
port-channel (po72)
CDP neighbor hosting the active ACE
Active_LB_host_switch
                 Ten 7/4           148          R S I     WS-C6513 Ten 7/4
Active_LB_host_switch
                 Ten 8/4           156          R S I     WS-C6513 Ten 8/4
Po72 allows all the vlans which is the configured for ACE modules.
Port                Vlans allowed on trunk
Po72                132,140,181,359-383,538,668,702,805-808,815-816,818-820,836,907,909-920,922-925,
            929-935,937-949,967-973,976-984,987,3212
vlan 968 is the FT vlan and the same hass been allowed on the trunk port.
everything looks good to me but still not sure why isnt the ACE module not coming to the network. it was working fine
a few months back but all of a sudden it lost the network connectivity. i am not even able to ping the physical ip of the
ACE module.
thanks and regards
kiran

ACE Sticky Slow-Start License

Hi,all,
I am testing ACE module@7606,
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_1_69.bin
installed license: ACE-SSL-05K-K9.
I wanta know if it is caused by license,Please help~~:)
Phenomenon:
1. Client sends a HTTP request to server
2. server returns a HTTP response to Client, the response contains a HTTP URL and HTTP body, server sends HTTP URL first, then sends HTTP body right now.
3. Client receives the HTTP URL first, after about 200ms, Client receives the HTTP body.
. Root cause:
1. If ACE receives the HTTP URL from rserver, it forwards the URL to Client. Then ACE will wait for a TCP ACK from client, before ACE receive the TCP ACK from client, it will not forward the HTTP body following to Client, the action is caused by TCP Slow Start algorithm. Windows Client will send the TCP ACK to ACE after about 200ms(40ms for Linux), the action is caused by TCP Delayed ACK algorithm. So from client side, it costs more than 200ms(or 40ms) to receive the entire HTTP response.
. Solution:
1. Disable Slow Start algorithm to VIP on ACE
. Existing Issue:
1. After disable Slow Start algorithm, the response time will be normal if Client access WAPI by VIP with SSL(means HTTPS). But the issue still exist if Client access server by VIP without SSL(means HTTP).
2. I associate a policy of stickiness to VIP, both SSL and non-SSL. If I remove the policy of stickiness, the response time will be normal. It seems the policy of stickiness will make Slow Start algorithm enable.

slowstart is disabled by default on ACE.
switch/Admin# show parameter-map AllowMss
Parameter-map : AllowMss
Type : connection
nagle : disabled
slow start : disabled
buffer-share size : 32768
inactivity timeout (seconds) : TCP: 3600, UDP: 120, ICMP: 2
embryonic timeout (seconds) : 5
ack-delay (milliseconds) : 200
But the ack-delay is indeed 200msec.
Try to set the ack-delay to a lower value and see if that improves the situation.
Gilles.

ACE sticky problem

Hi,
I have an issue with sticky server that I’m hope might just be a command I’m missing.
I am inserting a cookie and the sticky works fine.
When my browser has a successful sticky connection i take the server that has the sticky connection out of service. I try to make another connection, i see the connection round robin to all remaining servers but i don’t get a successful connection i do see the connection failure count increment on all other servers in the farm. Only when i bring the server back into service can i get a successful connection.
Any advice appreciated.
Sticky config below.
sticky http-cookie WEB-Cookie-1 WEB-Sticky-1
cookie insert
serverfarm WEB-SERVERS-80
Code
Version A3(2.0) [build 3.0(0)A3(2.0
Thanks
Chris

Hello Chris, This will be an easy fix for you. The command you are looking for is defined under the serverfarm inwhich you are creating sticky entries against.. You need to add a failaction.. I'm pasting the command syntax and options for the command.. Based on your breif description failaction purge will give you the desired result:
(config-sfarm-host) failaction
To configure the action that the ACE takes if a real server in a server farm goes down, use the failaction command. Use the no form of this command to reset the ACE to its default of taking no action when a server fails.
failaction {purge | reassign [across-interface]}
no failaction
Syntax Description
purge
Specifies that the ACE remove the connections to a real server if that real server in the server farm fails after you configure this command. The appliance sends a reset (RST) both to the client and to the server that failed.
reassign
Specifies that the ACE reassigns existing server connections to the backup real server, if a backup real server is configured. If no backup real server is configured, this keyword has no effect.
across-interface
(Optional) Instructs the ACE to reassign all connections from the failed real server to a backup real server on a different VLAN that is commonly referred to as a bypass VLAN. By default, this feature is disabled.

ACE slowness issue when one server goes down

Hi,
We are having two application servers.Both are load balanced using ACE.
When we bring down one server, we find that when we upload some files into the second application server, its too slow.
But when primary server comes up again the performance increases.This issue happens only when we bring the primary server down.
We are using cookie based stickiness.Any ideas where we can look into.
Rgds.,
Sachin

Depending on the load-balancing algorithm or predictor that you configure, the ACE performs a series of checks and calculations to determine which server can best service each client request. The ACE bases server selection on several factors including the source or destination address, cookies, URLs, HTTP headers, or the server with the fewest connections with respect to load.
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/classlb.html

ACE Sticky Connections, Show Conn Output and Show serverfarm

Hi Community,
I'm deploying a Cisco ACE module and I have some questions about sticky connections and about the output of the show conn command and show serverfarm command.
I have the follwoing configuration:
rserver host srv_1 ip address 10.4.11.14 inservicerserver host srv_2 ip address 10.4.11.18 inserviceserverfarm host farm_144 rserver srv_1 144    weight 1    inservice rserver srv_2 144    weight 3    inservice
sticky ip-netmask 255.255.255.255 address source st_host144
timeout 10080
serverfarm farm_144
class-map match-all vip_144
2 match virtual-address 10.4.11.208 tcp eq 143
policy-map type loadbalance first-match lb_144
class class-default
policy-map multi-match policy_vip_webcache
class vip_webcache_144
    loadbalance vip inservice
    loadbalance policy lb_144
    loadbalance vip icmp-reply active
    nat dynamic 411 vlan 411
We can assume that service policy was applied at the interface vlan. So, let's go to the questions:
1- If sticky is enabled the output command "show conn" should show just one entry by ip address?
The real output is:
DC01-ACE-01-PRIMARY-SW1/context_servidores# show conn | inc :143333046     1 in TCP   411 10.2.158.87:3616      10.4.11.208:143       ESTAB 286390     3 in TCP   411 10.2.158.87:3562      10.4.11.208:143       ESTAB310233     1 in TCP   411 10.1.5.87:3424        10.4.11.208:143       ESTAB
Look that the ip address 10.2.158.87 is shown 2 times. In same times, the same ip address is shown 4 times to the same VIP and the same port. Is it a normal behavior?
2- According to the configuration, the srv_2 has weight 3 and srv_1 has weigth 1, but the output of show serverfarm show somethin strange:
DC01-ACE-01-PRIMARY-SW1/context_servidores# show serverfarm farm_144 serverfarm     : farm_144, type: HOST total rservers : 2 state          : ACTIVE DWS state      : DISABLED ---------------------------------                                                ----------connections-----------       real                  weight state        current    total      failures    ---+---------------------+------+------------+----------+----------+---------   rserver: srv_1       10.4.11.14:144        1   OPERATIONAL     11         386        0   rserver: srv_2       10.4.11.18:144        3   OPERATIONAL     35         66         0
We can see that the weight is working good, but the total of connections is higher at srv_1 than srv_2. Why?
Somebody can help me to understand better this problem of if its a normal behavior?
Thanks in advance!!

Hi Gaurav,
About question 1, I got some informations too. It's perfectly normal the client open 2 or more connections at the same time. The client's application is the responsable. We removed the ACE and put the client directly to the server and the result of the total connections opened was the same.
About question 2, I made some "clears" on the serverfarm, the sticky database and after that, the numbers were more real.
DC01-ACE-02-SECONDARY-SW1/context_servidores# sh serverfarm farm_webcache_144
serverfarm     : farm_webcache_144, type: HOST
total rservers : 2
state          : ACTIVE
DWS state      : DISABLED
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: srv_webcache_1
       10.4.11.14:144        1   OPERATIONAL     1025       15499      4436
   rserver: srv_webcache_2
       10.4.11.18:144        2   OPERATIONAL     1794       33471      471
DC01-ACE-02-SECONDARY-SW1/context_servidores#
Anyway thank you very much for your feedback.
Plínio Monteiro

ACE FTP issues with "inspect ftp"

Hello.
My clients want to access an FTP server, via ACE, and I am having some issues. They can login and issue only one command... the second command will not be accepted an after a few seconds the prompt shows the message "connection closed by remote host".
I have sniffed traffic and I see that the connection between the client and the ACE has a strange behaviour because ACE open connection to data using an source port of 1039 (it should be 20, since we are usind an active mode client); between the ACE and the real server runs in active mode (I see normal ftp-data packets).
Other strange thing is that I have FWSM and they let traffic pass from ACE to client (they should expect traffic comming from port 20 and not 1039)
I am doing source NAT and ACE is doing all the necessary changes on source IP adresses.
Anyone has seen similar behaviour?
Any help would be appreciated.
In attach I send my config and traffic sniffing.
Thanks in advance.
Joao Ribau
P.S. - client is 10.1.44.98; VIP is 10.1.9.150; real server 10.1.36.124

Hello.
I didn´t mentioned this before but the gateway of all my networks is an ACE that is loadbalancing traffic to two firewall clusters. I think this is not important because I have a "catch all" VIP in all my interfaces; I assume that ACE forwards traffic with no restrictions or inspections leaving the inspection job to the firewalls and to the ACE that I use to load balance services.
Don´t think this could be the problem but just to make sure I decided to post it.
Best regards,
Joao Ribau.
P.S. - my configs on the ACE that loadbalance traffic to the firewalls are very straightforward. Serverfarms (interfaces of the firewalls), a class-map with a "catch-all" VIP, policy-map to for the serverfarm, a policy-map to tie the class to the serverfarm and finally a service-policy apllied to each interface.

ACE sticky cookie value

Hello,
I have a following configuration:
sticky http-cookie STICKY_TMP STICKY_TMP
cookie insert ...
Cookies are sent and stickiness works. Everything is ok... Almost :-)
Now I have a question regarding value of cookies created by ACE.
Currently cookies have values that look like this "R4224709512"
Is it possible to change this value so it reflects the target node that processes requests for this sticky session. This cookie could contain i.e. ip address of real server.
Arrowpoint cookie on CSS1150 worked this way...
Another question. How do I identify this cookie value with sticky-entries in "show sticky database static" output?
This command doesn't show anything like R4224709512, but only numbers like 18293255029648678255
best regards
Kuba

I am using ACE with version A3(2.1).
The “sticky-entry” in "show sticky data static"is a hash of the cookie-value set by ACE for the real server. so you need to use "show sticky database http-cookie " to determine which server are serving the client.
ACE-1/routed(config-pmap-lb-c)# do show sticky database http-cookie
sticky group : web-sticky
type : HTTP-COOKIE
timeout : 5 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+----------------------+--------------+-------+
16820511103801384579 lnx1:0 0 -
sticky group : web-sticky
type : HTTP-COOKIE
timeout : 5 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+----------------------+--------------+-------+
3347854103021350619 lnx2:0 0 -
..sometimes they'd only show up w/ the static instead of the cookies option for some reason.
found some explanation about this:
http://docwiki.cisco.com/wiki/Session_Persistence_Using_Cookie_Learning_on_the_Cisco_Application_Control_Engine_Configuration_Example
There is a difference between inserting an ACE-generated cookie or using one learned by the ACE. The cookie-insert feature creates a static cookie.
To look at static cookies you need to use the command:
show sticky database static
if you try static cookie (cookie inserted by ACE), the value is placed in the static sticky table at the time of configuration...
so no need to send traffic, once the static sticky config is in place, you should see an entry with 'show sticky database static'.
Do not try to filter the table with some other parameters...they do not work until A2(1.4)
There are 2 database:
One for static entries and one for dynamic entries.
Every show command that does not include the static keyword will look into the dynamic database.
So, you won't see anything by using those commands.
You could perform some test to identify which cookie is sent to which server.
The cookie value is static, so the number of value is limited to the number of servers.
There is a dynamic cookie learning feature available in ACE.
Kinly tell me if you want to discuus about that.
Kindly rate if possible.
Kind regards,
Sachin garg

ACE Reconciliation issue

Hi,
ACE Reconciliation Task scheduler is not creating events on OIM and we could see that Users are being pulled in from ACE Servers (through RM logs) also the task status remains as Running forever.
Can some one please suggest or recommend a way to debug this issue?
Thanks

Have you tried increasing the logging level to debug and checked the logs?

ACE Stickiness Question

Hi Folks,
First of all I am new the job and have very little ACE expierence. I work on a large campus. We have to 6513's with an ACE blade in each. A few contexts configured for different applications. Basically the server guys have come to me and asked me to enabled stickiness on one of there contexts.
Now I am sure this is basic stuff to ye guys but I am just wondering what I need to do? Can I implement this on the fly without causing an outage? I have cut and paste the relevant context below. And added the changes I think that need to be made. Do you guys think this will work and will it cause any outage?
I appreciate any help at all guys:
Here is current config:
probe tcp APPS-PROBE
port 8080
interval 3
passdetect interval 5
parameter-map type ssl SSL-APPS-ADVANCED
cipher RSA_WITH_RC4_128_MD5
rserver host SERVER1
ip address 10.10.10.1
inservice
rserver host SERVER2
ip address 10.10.10.2
inservice
ssl-proxy service SSL-APPS-PROXY
key appfiles.pem
cert appfilesCAcert
chaingroup APPFILES-CHAINGRP
ssl advanced-options SSL-APPS-ADVANCED
serverfarm host APPS-FARM
predictor leastconns
probe APPS-PROBE
rserver SERVER1 8080
inservice
rserver SERVER2 8080
inservice
class-map match-any APPS-VIP
2 match virtual-address 10.10.10.4 tcp eq https
policy-map type management first-match MGT-POLICY
class class-default
policy-map type loadbalance first-match APPS-POLICY
class class-default
serverfarm APPS-FARM
policy-map multi-match APPSPOLICY
class APPS-VIP
loadbalance vip inservice
loadbalance policy APPS-POLICY
loadbalance vip icmp-reply active
ssl-proxy server SSL-APPS-PROXY
service-policy input APPSPOLICY
Will adding the following to the context make stickiness work?
sticky ip-netmask 255.255.255.255 address source STICKY-APPS-FARM
timeout 720
timeout activeconns
replicate sticky
serverfarm APPS-FARM
policy-may type loadbalance first-match APPS-POLICY
class class-default
sticky-serverfarm STICKY-APPS-FARM
I am really lost on this and only getting this from looking at stickiness on other configs. Can you guys advise will this work.

Also look at the following :
www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/rtg_brdg/guide/vlansif.html
Autogenerating a MAC Address for a VLAN Interface
By default, the ACE does not allow traffic from one context to another context over a transparent firewall. The ACE assumes that VLANs in different contexts are in different Layer 2 domains, unless it is a shared VLAN. The ACE allocates the same MAC address to the VLANs.
When you are using a firewall service module (FWSM) to bridge traffic between two contexts on the ACE, you must assign two Layer 3 VLANs to the same bridge domain. To support this configuration, these VLAN interfaces require different MAC addresses.
To enable the autogeneration of a MAC address on a VLAN interface, use the mac address autogenerate command in interface configuration mode. The syntax of this command is as follows:
mac address autogenerate
For example, enter:
host1/Admin(config-if)# mac address autogenerate
To disable MAC address autogeneration on the VLAN, use the no mac address autogenerate command. For example, enter:
host1/Admin(config-if)# no mac address autogenerate

ACE MAXCONNS issue

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Hi,
This is with regards to my customer who is facing the following problem with Maxconns – “we are using TCP probes and MaxConn and MinConn are used to determine when a server is busy or not.
If the MaxConn is exceeded then busy server trips in and stops when the number of TCP sessions drop below MinConn.
However, we have a situation where if MaxConn is exceeded counting of TCP connections stops and the connections never come down.”
Customer has A2(1.4a) currently deployed in its network. On perusing the release notes I came across this bug CSCsy30440/CSCsy04371 - ACE: rservers may not accept conns even though they are out of maxconns. I am wondering if this is the issue that they might be facing currently.
Will this issue be resolved for them if I recommend that they move to A2(1.6a) or A2(2.3) release ?
Is there a workaround for this other than configuring a backup serverfarm which my customer already has configured? Would it make a difference if they used HTTP probes instead of TCP probes?
Also is there a way to simulate the connection count behavior using HTTP probes?
Would really appreciate some help with this issue.
Thanks & Regards
Vidhya Nair

Vidhya,
you have to open a tac service request so that we can collect the necessary information with the lbinspect tool.
If you don't want to do any troubleshooting, simply upgrade to the latest version and see if that helps.
Gilles.

ACE Sticky issue.

Similar Messages

Maybe you are looking for