ACE: sticky serverfarm

Dear all,
I do have a question about the configuration option of a sticky serverfarm. There is an option to timeout active conns. Originally my thinking was that this option changes the sticky behaviour to a session timeout instead an idle timeout. While testing this seems to be not correct
sticky http-cookie myCookie myStickyServerfarm
timeout 10
timeout activeconns
replicate sticky
serverfarm myServerfarm backup mySorryfarm
The manual explains it like this:
Configuring a Cookie Sticky Timeout
The sticky timeout specifies the period of time that the ACE keeps the HTTP cookie sticky information for a client connection in the sticky table after the latest client connection terminates. The ACE resets the sticky timer for a specific sticky-table entry each time that the module opens a new connection that matches that entry.
This brings me to the question, what is this option used for. The only diffrence I can see is, that there is a http connection which is open for longer than the timeout value (here 10min) will be kicked out and in the meantime this sticky-entry isn't used (otherwise the idle time would be reset).
Are there any other explanations what this feature can do?
best regards
Oliver

Hi Oliver,
I'm afraid the official documentation is not very clear on this section.
The sticky timeout doesn't count since the moment that the last connection is closed, but since it's established. However, by default it will not remove the sticky entry as long as there are connections still active. This is what can be tuned with the "timeout activeconns".
When the "timeout activeconns" option is present, the ACE will remove the sticky entry as soon as the timer is reached, regardless of whether there are active connections or not.
I hope this answers your question, but if you want some further clarification, let me know.
Regards
Daniel

Similar Messages

ACE - sticky serverfarm and sorry servers

Primary serverfarm with stickiness (cookie insert) goes down. Backup serverfarm kicks in with sorry servers. Primary serverfarm comes back up and returning connections still get serviced by the backup farm. The reason for this is explained in the load balancing guide.
[quote]
If you want to configure a sorry server farm and you want existing connections to revert to the primary server farm after it comes back up, do not use stickiness.
[/quote]
Source: http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_chapter09186a0080686ebf.html#wp1060156
The big questions is. How can i offer a serverfarm with stickiness and a sorry serverfarm without stickiness?
Roble

Hi Syed,
unfortunately that's the theory. If you have cookie inserts the clients are still stuck to the sorry servers once they have hit the sorry servers.
And my sticky group looks exactly like your first example. The documentation is kind off confusing. My interpretation of the quoted text was if your primary serverfarm is sticky your backup server farm will also be sticky no matter what you configure. That is actually why i asked.
If i use dynamic cookies from the application the clients hop from one rserver to another every 2nd or 3rd connection. The behavior of the stickiness and sorry servers then works like i want it but the stickiness itself is not consistent.
1.5a still had this behavior and i think this might be a bug.
Roble

Sticky serverfarm, all connections on one server

We are using a sticky serverfarm with 2 real servers, one server was down for maintenance for an extended period of time. When it came inservice again it was not getting any connections. is it because all the connections had stuck to the other server ? we want sessions to be sticky but we also want to LB so what is the answer to this?
I got it working by bouncing the server that had been online all the time. things started to LB then.
BTW the ACE 4710 is running 4.2.1

That is expected behaviour wih sticky.
regards
Andrew

ACE Stickiness Question

Hi Folks,
First of all I am new the job and have very little ACE expierence. I work on a large campus. We have to 6513's with an ACE blade in each. A few contexts configured for different applications. Basically the server guys have come to me and asked me to enabled stickiness on one of there contexts.
Now I am sure this is basic stuff to ye guys but I am just wondering what I need to do? Can I implement this on the fly without causing an outage? I have cut and paste the relevant context below. And added the changes I think that need to be made. Do you guys think this will work and will it cause any outage?
I appreciate any help at all guys:
Here is current config:
probe tcp APPS-PROBE
port 8080
interval 3
passdetect interval 5
parameter-map type ssl SSL-APPS-ADVANCED
cipher RSA_WITH_RC4_128_MD5
rserver host SERVER1
ip address 10.10.10.1
inservice
rserver host SERVER2
ip address 10.10.10.2
inservice
ssl-proxy service SSL-APPS-PROXY
key appfiles.pem
cert appfilesCAcert
chaingroup APPFILES-CHAINGRP
ssl advanced-options SSL-APPS-ADVANCED
serverfarm host APPS-FARM
predictor leastconns
probe APPS-PROBE
rserver SERVER1 8080
inservice
rserver SERVER2 8080
inservice
class-map match-any APPS-VIP
2 match virtual-address 10.10.10.4 tcp eq https
policy-map type management first-match MGT-POLICY
class class-default
policy-map type loadbalance first-match APPS-POLICY
class class-default
serverfarm APPS-FARM
policy-map multi-match APPSPOLICY
class APPS-VIP
loadbalance vip inservice
loadbalance policy APPS-POLICY
loadbalance vip icmp-reply active
ssl-proxy server SSL-APPS-PROXY
service-policy input APPSPOLICY
Will adding the following to the context make stickiness work?
sticky ip-netmask 255.255.255.255 address source STICKY-APPS-FARM
timeout 720
timeout activeconns
replicate sticky
serverfarm APPS-FARM
policy-may type loadbalance first-match APPS-POLICY
class class-default
sticky-serverfarm STICKY-APPS-FARM
I am really lost on this and only getting this from looking at stickiness on other configs. Can you guys advise will this work.

Also look at the following :
www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/rtg_brdg/guide/vlansif.html
Autogenerating a MAC Address for a VLAN Interface
By default, the ACE does not allow traffic from one context to another context over a transparent firewall. The ACE assumes that VLANs in different contexts are in different Layer 2 domains, unless it is a shared VLAN. The ACE allocates the same MAC address to the VLANs.
When you are using a firewall service module (FWSM) to bridge traffic between two contexts on the ACE, you must assign two Layer 3 VLANs to the same bridge domain. To support this configuration, these VLAN interfaces require different MAC addresses.
To enable the autogeneration of a MAC address on a VLAN interface, use the mac address autogenerate command in interface configuration mode. The syntax of this command is as follows:
mac address autogenerate
For example, enter:
host1/Admin(config-if)# mac address autogenerate
To disable MAC address autogeneration on the VLAN, use the no mac address autogenerate command. For example, enter:
host1/Admin(config-if)# no mac address autogenerate

ACE sticky inconsistant

i dotn seem to be getting a round robin effect on any of the 8 web servers being load balanced.
example from sh sticky database group GROUPn
4427481407323410243   WEB-SRV2:0             0              -
2452774824762134266   WEB-SRV1:0             0              -
8113453920705035427   WEB-SRV1:0             0              -
17215884597540077782 WEB-SRV1:0             0              -
123286896185049456    WEB-SRV2:0             0              -
13101217844384152730 WEB-SRV2:0             0              -
8462688148628735445   WEB-SRV2:0             0              -
8799530925601492925   WEB-SRV1:0             0              -
9158066764881164093   WEB-SRV1:0             208            -
4233929232369710669   WEB-SRV1:0             469            -
652881741833831225    WEB-SRV1:0             730            -
11929551358522611685 WEB-SRV2:0             935            -
2201018326228455336 WEB-SRV2:0             1024           -
540836670260610939    WEB-SRV2:0             1406           -
4341078594550796939   WEB-SRV1:0             1567           -
MY STICKY CONFIG
sticky http-cookie JSESSIONID GROUP6
replicate sticky
serverfarm WEB_FARM1_FARM
any ideas ?
Thanks in advance

Configs - ip etc removed
rserver host WEB-SRV1
   ip address nnnnn
probe SRV_PROBE
inservice
rserver host WEB-SRV2
ip address nnnnn
probe SRV_PROBE
inservice
serverfarm host WEB_FARM
    rserver WEB-SRV1
    inservice
rserver WEB-SRV2
    inservice
serverfarm host HTTPS_FARM
    rserver WEB-SRV1 443
    inservice
rserver WEB-SRV2 443
    inservice
ssl-proxy service NAME_SSL_PROXY
key name.key
cert name.crt
chaingroup NAME_CHAINGP
sticky http-cookie JSESSIONID GROUP1
replicate sticky
serverfarm WEB_FARM
class-map match-all HTTPS_VIP
2 match virtual-address nnnn tcp eq https
class-map match-all WEB_VIP
2 match virtual-address nnnn tcp eq www
policy-map type loadbalance first-match HTTPS_LB_POL
class class-default
    sticky-serverfarm GROUP1
    insert-http X-Forward-For header-value "%is"
    ssl-proxy client NAME_SSL_PROXY
policy-map type loadbalance first-match WEB_LB_POL
class class-default
    sticky-serverfarm GROUP1
    insert-http X-Forward-For header-value "%is"
policy-map multi-match CLIENT_VIPS
class WEB
    loadbalance vip inservice
    loadbalance policy WEB_LB_POL
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 151
policy-map multi-match HTTPS_VIPS
class HTTPS
    loadbalance vip inservice
    loadbalance policy HTTPS_LB_POL
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 151
interface vlan 15
description WEB DMZ
ip address nnn 255.255.255.192
alias nnn 255.255.255.192
peer ip address nnn 255.255.255.192
no normalization
no icmp-guard
access-group input any
access-group output any
nat-pool 1 nnn nnn+1 netmask 255.255.255.192 pat
service-policy input REMOTE_MGT
no shutdown
interface vlan 90
description CLIENT-FACING VLAN
ip address nnn 255.255.255.240
alias nnn 255.255.255.240
peer ip address nnn 255.255.255.240
mtu 1500
no normalization
no icmp-guard
access-group input any
access-group output any
service-policy input REMOTE_MGT
service-policy input HTTPS_VIPS
service-policy input CLIENT_VIPS
no shutdown
The topology is active/active the NAT is to route traffic back the way it came in - the servers use have static routes configured to work with the ACE NAT

ACE sticky config

In Cisco ACE, please tell me a configuration example for the following sticky and round-robin load balancing based on URL matching.
if sv=001 and type=100 included in URL, stick to 10.0.1.1:8080
if sv=001 and type=100 included in URL, stick to 10.0.1.2:8080
if sv=001 and type=100 included in URL, stick to 10.0.1.3:8080
else
if sv=001 included in URL, stick to 10.0.1.1:80
if sv=001 included in URL, stick to 10.0.1.2:80
if sv=001 included in URL, stick to 10.0.1.3:80
else
round-robin to any of 10.0.1.1:80, 10.0.1.2:80, 10.0.1.3:80
Thank you.

Hi,
You can do sticky in a number of ways, but I will just assume that you are ok using cookies. Remember that you will need to configure a resource class in the admin context in order to use sticky. I'm going to use 1.1.1.1 as an example for the VIP, using http. Also I am assuming you are using a single ACE (no FT). Remember to configure probes as well.
Here's the example:
rserver host server1
ip address 10.0.1.1
inservice
rserver host server2
ip address 10.0.1.2
inservice
rserver host server3
ip address 10.0.1.3
inservice
serverfarm host sv-and-type-farm
rserver server1 8080
    inservice
rserver server2 8080
    inservice
rserver server3 8080
    inservice
serverfarm host sv-farm
rserver server1 80
    inservice
rserver server2 80
    inservice
rserver server3 80
    inservice
sticky http-cookie SV001TYPE100 sv-and-type-cookie
cookie insert browser-expire
timeout 60
serverfarm sv-and-type-farm
sticky http-cookie SV001 sv-cookie
cookie insert browser-expire
timeout 60
serverfarm sv-farm
class-map match-all vip
2 match virtual-address 1.1.1.1 tcp eq www
class-map type http loadbalance match-all sv-and-type
2 match http url .*sv=001.*
3 match http url .*type=100.*
class-map type http loadbalance match-all sv
2 match http url .*sv=001.*
policy-map type loadbalance first-match l7slb
class sv-and-type
    sticky-serverfarm sv-and-type-cookie
class sv
    sticky-serverfarm qa-ekstern-cookie
class class-default
    serverfarm sv-farm
policy-map multi-match int-policy
class vip
   loadbalance vip inservice
   loadbalance policy l7slb
   loadbalance vip icmp-reply active

ACE Sticky Connections, Show Conn Output and Show serverfarm

Hi Community,
I'm deploying a Cisco ACE module and I have some questions about sticky connections and about the output of the show conn command and show serverfarm command.
I have the follwoing configuration:
rserver host srv_1 ip address 10.4.11.14 inservicerserver host srv_2 ip address 10.4.11.18 inserviceserverfarm host farm_144 rserver srv_1 144    weight 1    inservice rserver srv_2 144    weight 3    inservice
sticky ip-netmask 255.255.255.255 address source st_host144
timeout 10080
serverfarm farm_144
class-map match-all vip_144
2 match virtual-address 10.4.11.208 tcp eq 143
policy-map type loadbalance first-match lb_144
class class-default
policy-map multi-match policy_vip_webcache
class vip_webcache_144
    loadbalance vip inservice
    loadbalance policy lb_144
    loadbalance vip icmp-reply active
    nat dynamic 411 vlan 411
We can assume that service policy was applied at the interface vlan. So, let's go to the questions:
1- If sticky is enabled the output command "show conn" should show just one entry by ip address?
The real output is:
DC01-ACE-01-PRIMARY-SW1/context_servidores# show conn | inc :143333046     1 in TCP   411 10.2.158.87:3616      10.4.11.208:143       ESTAB 286390     3 in TCP   411 10.2.158.87:3562      10.4.11.208:143       ESTAB310233     1 in TCP   411 10.1.5.87:3424        10.4.11.208:143       ESTAB
Look that the ip address 10.2.158.87 is shown 2 times. In same times, the same ip address is shown 4 times to the same VIP and the same port. Is it a normal behavior?
2- According to the configuration, the srv_2 has weight 3 and srv_1 has weigth 1, but the output of show serverfarm show somethin strange:
DC01-ACE-01-PRIMARY-SW1/context_servidores# show serverfarm farm_144 serverfarm     : farm_144, type: HOST total rservers : 2 state          : ACTIVE DWS state      : DISABLED ---------------------------------                                                ----------connections-----------       real                  weight state        current    total      failures    ---+---------------------+------+------------+----------+----------+---------   rserver: srv_1       10.4.11.14:144        1   OPERATIONAL     11         386        0   rserver: srv_2       10.4.11.18:144        3   OPERATIONAL     35         66         0
We can see that the weight is working good, but the total of connections is higher at srv_1 than srv_2. Why?
Somebody can help me to understand better this problem of if its a normal behavior?
Thanks in advance!!

Hi Gaurav,
About question 1, I got some informations too. It's perfectly normal the client open 2 or more connections at the same time. The client's application is the responsable. We removed the ACE and put the client directly to the server and the result of the total connections opened was the same.
About question 2, I made some "clears" on the serverfarm, the sticky database and after that, the numbers were more real.
DC01-ACE-02-SECONDARY-SW1/context_servidores# sh serverfarm farm_webcache_144
serverfarm     : farm_webcache_144, type: HOST
total rservers : 2
state          : ACTIVE
DWS state      : DISABLED
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: srv_webcache_1
       10.4.11.14:144        1   OPERATIONAL     1025       15499      4436
   rserver: srv_webcache_2
       10.4.11.18:144        2   OPERATIONAL     1794       33471      471
DC01-ACE-02-SECONDARY-SW1/context_servidores#
Anyway thank you very much for your feedback.
Plínio Monteiro

ACE sticky problem

Hi,
I have an issue with sticky server that I’m hope might just be a command I’m missing.
I am inserting a cookie and the sticky works fine.
When my browser has a successful sticky connection i take the server that has the sticky connection out of service. I try to make another connection, i see the connection round robin to all remaining servers but i don’t get a successful connection i do see the connection failure count increment on all other servers in the farm. Only when i bring the server back into service can i get a successful connection.
Any advice appreciated.
Sticky config below.
sticky http-cookie WEB-Cookie-1 WEB-Sticky-1
cookie insert
serverfarm WEB-SERVERS-80
Code
Version A3(2.0) [build 3.0(0)A3(2.0
Thanks
Chris

Hello Chris, This will be an easy fix for you. The command you are looking for is defined under the serverfarm inwhich you are creating sticky entries against.. You need to add a failaction.. I'm pasting the command syntax and options for the command.. Based on your breif description failaction purge will give you the desired result:
(config-sfarm-host) failaction
To configure the action that the ACE takes if a real server in a server farm goes down, use the failaction command. Use the no form of this command to reset the ACE to its default of taking no action when a server fails.
failaction {purge | reassign [across-interface]}
no failaction
Syntax Description
purge
Specifies that the ACE remove the connections to a real server if that real server in the server farm fails after you configure this command. The appliance sends a reset (RST) both to the client and to the server that failed.
reassign
Specifies that the ACE reassigns existing server connections to the backup real server, if a backup real server is configured. If no backup real server is configured, this keyword has no effect.
across-interface
(Optional) Instructs the ACE to reassign all connections from the failed real server to a backup real server on a different VLAN that is commonly referred to as a bypass VLAN. By default, this feature is disabled.

ACE sticky cookie value

Hello,
I have a following configuration:
sticky http-cookie STICKY_TMP STICKY_TMP
cookie insert ...
Cookies are sent and stickiness works. Everything is ok... Almost :-)
Now I have a question regarding value of cookies created by ACE.
Currently cookies have values that look like this "R4224709512"
Is it possible to change this value so it reflects the target node that processes requests for this sticky session. This cookie could contain i.e. ip address of real server.
Arrowpoint cookie on CSS1150 worked this way...
Another question. How do I identify this cookie value with sticky-entries in "show sticky database static" output?
This command doesn't show anything like R4224709512, but only numbers like 18293255029648678255
best regards
Kuba

I am using ACE with version A3(2.1).
The “sticky-entry” in "show sticky data static"is a hash of the cookie-value set by ACE for the real server. so you need to use "show sticky database http-cookie " to determine which server are serving the client.
ACE-1/routed(config-pmap-lb-c)# do show sticky database http-cookie
sticky group : web-sticky
type : HTTP-COOKIE
timeout : 5 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+----------------------+--------------+-------+
16820511103801384579 lnx1:0 0 -
sticky group : web-sticky
type : HTTP-COOKIE
timeout : 5 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+----------------------+--------------+-------+
3347854103021350619 lnx2:0 0 -
..sometimes they'd only show up w/ the static instead of the cookies option for some reason.
found some explanation about this:
http://docwiki.cisco.com/wiki/Session_Persistence_Using_Cookie_Learning_on_the_Cisco_Application_Control_Engine_Configuration_Example
There is a difference between inserting an ACE-generated cookie or using one learned by the ACE. The cookie-insert feature creates a static cookie.
To look at static cookies you need to use the command:
show sticky database static
if you try static cookie (cookie inserted by ACE), the value is placed in the static sticky table at the time of configuration...
so no need to send traffic, once the static sticky config is in place, you should see an entry with 'show sticky database static'.
Do not try to filter the table with some other parameters...they do not work until A2(1.4)
There are 2 database:
One for static entries and one for dynamic entries.
Every show command that does not include the static keyword will look into the dynamic database.
So, you won't see anything by using those commands.
You could perform some test to identify which cookie is sent to which server.
The cookie value is static, so the number of value is limited to the number of servers.
There is a dynamic cookie learning feature available in ACE.
Kinly tell me if you want to discuus about that.
Kindly rate if possible.
Kind regards,
Sachin garg

ACE show serverfarm - failure counter does not incremented on Probe-Failure event

Hi,
Despite of probe-failure the failure counter is not incremented. Is there any correlation between the configured probe and the failure counter?
(Custom script probe is used for this serverfarm)
# sh serverfarm xxxxxSt
serverfarm     : xxxxxSt, type: HOST
total rservers : 2
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: xxxxx6
       10.222.0.90:8000      8      OPERATIONAL 13         157        0
   rserver: xxxxx7
       10.222.0.92:8000      8      PROBE-FAILED 0          0          0
Thanks,
Attila

Hi Attila,
The Connection Failure counter under show serverfarm is for Loadbalanced Connections which are failing.
If Probes are failing, this counter will not increment.
The Connection failure counter can increment for various reasons some of them are,
- Server not responding to the SYN packet sent by ACE for Loadbalanced connection
- Server sending Reset to the SYN packet sent by ACE for Loadbalanced connection
To check on stats for Probe, you can run "show probe detail" command.
Hope this helps,
Best Regards,
Rahul

ACE Sticky issue.

Hi,
The Sticky function of the ACE is not working. There were no changes been made on the device it was working fine before but not now,.
We have 2 ACE one is Active(ACE1) and Second one is Standby (ACE2).
Testing done till now:-
================
Done the Failover from Active(ACE1) to Standby (ACE2).
When ACE2 was Active the Sticky started working fine without any issues.
2) when I did the failover again back from ACE2 to ACE1 the problem arrise Sticky doesnt work any more.
Any suggestion about this strange behaviour?
Thanks in advance.
Regards
Alex.

What version do you run ?
What type of sticky method ?
Could you get a
- show np 1 me-stats "-slb"
and a
- show np 2 me-stats "-slb"
Possibly get 2 occurences one before and one after a test.
Thanks,
Gilles.

ACE 4710 - serverfarm predictor

Hi, I have a pair of ACE 4710 running in failover bundle and I have a number of server farms configured on them. For one of the server farm I'd like to use a different predictor than round robin. I have two real servers members of the server farm. Usually I do select predictor round robin and put both real servers in service. In this situation I need to have only one server as active and the 2nd one to be in standby and take over when the first one is down. I have tried to put the 2nd server in standby and when I shut down the primary the 2nd one won't become active. I do have a health probe to check for the status of the server so I thought this would be enough to detect the status of the server. So my question is , how can I configure the ACE to have one server as active and the second as a backup and this second one to take traffic only when the primary is down. Thank you, Florin.

Hi,
There are a couple of ways of achieving your objective.
The first method works for the simple case of two servers:
serverfarm host FARM-Redacted
probe PROBE-Redacted
rserver am03
    backup-rserver am04
    inservice
rserver am04
    inservice standby
or you could use two serverfarms:
serverfarm host FARM-Redacted-Pri
description Redacted Serverfarm Primary
probe PROBE-Redacted
rserver am03
    inservice
serverfarm host FARM-Redacted-Sec
description Redacted Serverfarm Secondary
probe PROBE-Redacted
rserver am04
    inservice
policy-map type loadbalance first-match LB-POLICY-443
class class-default
    serverfarm FARM-Redacted-Pri backup FARM-Redacted-Sec
HTH
Cathy

Ace Sticky Configuration

Hi Guys,
I'm trying to set up a sticky configuration on an ACE modeule in a 6500.
I've got the loadbalancing woking happily but need to ammend the config to add stickiness.
As far as I know the first command is someting on the lines of...
sticky http-cookie COOKIENAME STICKYGROUP
however when I put this in I get the following error.
Error: Sticy resource not available
I suspect that i'm missing something obvious.
Any assistance is greatly appreciated.
Regards
Steve

By default all the resources are available to ACE contexts except sticky resource.
You need a resource class with sticky resource defined and this class applied to the context.
for example
resource-class GOLD
limit-resource sticky minimum 1 maximum equal-to-min
Thanks
Syed Iftekhar Ahmed

ACE Sticky Slow-Start License

Hi,all,
I am testing ACE module@7606,
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_1_69.bin
installed license: ACE-SSL-05K-K9.
I wanta know if it is caused by license,Please help~~:)
Phenomenon:
1. Client sends a HTTP request to server
2. server returns a HTTP response to Client, the response contains a HTTP URL and HTTP body, server sends HTTP URL first, then sends HTTP body right now.
3. Client receives the HTTP URL first, after about 200ms, Client receives the HTTP body.
. Root cause:
1. If ACE receives the HTTP URL from rserver, it forwards the URL to Client. Then ACE will wait for a TCP ACK from client, before ACE receive the TCP ACK from client, it will not forward the HTTP body following to Client, the action is caused by TCP Slow Start algorithm. Windows Client will send the TCP ACK to ACE after about 200ms(40ms for Linux), the action is caused by TCP Delayed ACK algorithm. So from client side, it costs more than 200ms(or 40ms) to receive the entire HTTP response.
. Solution:
1. Disable Slow Start algorithm to VIP on ACE
. Existing Issue:
1. After disable Slow Start algorithm, the response time will be normal if Client access WAPI by VIP with SSL(means HTTPS). But the issue still exist if Client access server by VIP without SSL(means HTTP).
2. I associate a policy of stickiness to VIP, both SSL and non-SSL. If I remove the policy of stickiness, the response time will be normal. It seems the policy of stickiness will make Slow Start algorithm enable.

slowstart is disabled by default on ACE.
switch/Admin# show parameter-map AllowMss
Parameter-map : AllowMss
Type : connection
nagle : disabled
slow start : disabled
buffer-share size : 32768
inactivity timeout (seconds) : TCP: 3600, UDP: 120, ICMP: 2
embryonic timeout (seconds) : 5
ack-delay (milliseconds) : 200
But the ack-delay is indeed 200msec.
Try to set the ack-delay to a lower value and see if that improves the situation.
Gilles.

ACE - Sticky using XFF client value

Might be a stupid question ....but we have a situation where client traffic is LB to our proxy infrastructure , at the LB the XFF client address is inserted into the header and source sticky is enabled. We now need to LB to addtional servers( more than within our proxy infrastructure) downstream from our proxy servers and retain the client sessions, if we use source sticky we will have a one to one relationship with the downstream servers . This we don't want as we want to spread the load across all downstream servers. My question is instead of source IP sticky could we use say the XFF info or something else to stick sessions to the downstream servers.

Hi,
So your proxy server will need to contact different servers through loadbalancer?
You can use cookies for the same and make the ACE to insert cookie. I haven't tried using XFF header and value for sticky but ACE let's you configure it so it can be tried too.
Regards,
Kanwal
Note: Please mark answers if they are helpful.

ACE: sticky serverfarm

Similar Messages

Maybe you are looking for