ACE: Stickyness, Cookie in URL

Similar Messages

• ACE sticky cookie value

  Hello,
  I have a following configuration:
  sticky http-cookie STICKY_TMP STICKY_TMP
  cookie insert ...
  Cookies are sent and stickiness works. Everything is ok... Almost :-)
  Now I have a question regarding value of cookies created by ACE.
  Currently cookies have values that look like this "R4224709512"
  Is it possible to change this value so it reflects the target node that processes requests for this sticky session. This cookie could contain i.e. ip address of real server.
  Arrowpoint cookie on CSS1150 worked this way...
  Another question. How do I identify this cookie value with sticky-entries in "show sticky database static" output?
  This command doesn't show anything like R4224709512, but only numbers like 18293255029648678255
  best regards
  Kuba

  I am using ACE with version A3(2.1).
  The “sticky-entry” in "show sticky data static"is a hash of the cookie-value set by ACE for the real server. so you need to use "show sticky database http-cookie " to determine which server are serving the client.
  ACE-1/routed(config-pmap-lb-c)# do show sticky database http-cookie
  sticky group : web-sticky
  type : HTTP-COOKIE
  timeout : 5 timeout-activeconns : FALSE
  sticky-entry rserver-instance time-to-expire flags
  ---------------------+----------------------+--------------+-------+
  16820511103801384579 lnx1:0 0 -
  sticky group : web-sticky
  type : HTTP-COOKIE
  timeout : 5 timeout-activeconns : FALSE
  sticky-entry rserver-instance time-to-expire flags
  ---------------------+----------------------+--------------+-------+
  3347854103021350619 lnx2:0 0 -
  ..sometimes they'd only show up w/ the static instead of the cookies option for some reason.
  found some explanation about this:
  http://docwiki.cisco.com/wiki/Session_Persistence_Using_Cookie_Learning_on_the_Cisco_Application_Control_Engine_Configuration_Example
  There is a difference between inserting an ACE-generated cookie or using one learned by the ACE. The cookie-insert feature creates a static cookie.
  To look at static cookies you need to use the command:
  show sticky database static
  if you try static cookie (cookie inserted by ACE), the value is placed in the static sticky table at the time of configuration...
  so no need to send traffic, once the static sticky config is in place, you should see an entry with 'show sticky database static'.
  Do not try to filter the table with some other parameters...they do not work until A2(1.4)
  There are 2 database:
  One for static entries and one for dynamic entries.
  Every show command that does not include the static keyword will look into the dynamic database.
  So, you won't see anything by using those commands.
  You could perform some test to identify which cookie is sent to which server.
  The cookie value is static, so the number of value is limited to the number of servers.
  There is a dynamic cookie learning feature available in ACE.
  Kinly tell me if you want to discuus about that.
  Kindly rate if possible.
  Kind regards,
  Sachin garg

• ACE static cookie

  I leverage "cookie insert broswer-expire" to use ACE generated static cookie.
  Now I add some additional "static cookie-value "xxx" rserver xxx", in order to make cookie more "meanful" and would be easier for troubleshooting.
  But how can I activate the new static cookie, since the previous static cookit never expires? thanks.

  If I understand you question correctly then
  you would like to configure cookie string value when using the COOKIE insert feature.
  This was possible in CSS using string command.
  With ACE currently you cannot configure a cookie-value for the cookie that is inserted by ACE (-- using cookie-insert feature). ACE
  always automatically add a cookie value for the cookie it inserts.
  This cookie value is similar to R2482639152
  If you use
  static cookie-value "xxx" rserver yyy"
  The static cookie option will only work if a client happens to come in with
  the cookie=xxx. Then that connection will be stuck to rserver yyy.
  Syed

• ACE : Stickyness problem with http cookies

  Hi,
  I am facing a serious problem with stickyness in a e-commerce configuration.
  Here is the setup :
  An ACE load balance user requests on two Apache servers
  cookie-insert is used to stick a user on one Apache server
  The home page is accessed via http on port 80
  On the Home page, there is a link to allowing the user to login
  The login process uses SSL
  During the login, backend SSL is required between the ACE and the selected Apache server
  The login is a POST request to the Apache server
  After a successful login, the home page is reloaded on port 80 and the name of the user should appear on the top of the page
  The ACE configuration :
  Two sticky groups are configured : one for HTTP acess and another for HTTPS access
  Two server farms are defined, both using the same real servers, but with different ports (80 and 441)
       sticky http-cookie STICKED-TO ECOM_STICKY_TEST_HTTP
         cookie insert browser-expire
         timeout 240
         replicate sticky
         serverfarm ECOM_FARM_TEST_HTTP
            sticky http-cookie STICKED-TO ECOM_STICKY_TEST_HTTPS
         cookie insert browser-expire
         timeout 240
         replicate sticky
         serverfarm ECOM_FARM_TEST_HTTPS
       serverfarm host ECOM_FARM_TEST_HTTP
         description *** e-Commerce Test Server Farm ***
         probe ECOM_PROBE_TEST
         rserver HQCHECOM01 80
          inservice
         rserver HQCHECOM02 80
          inservice
           serverfarm host ECOM_FARM_TEST_HTTPS
        description *** e-Commerce Test Server Farm ***
        probe ECOM_PROBE_TEST
        rserver HQCHECOM01 443
         inservice
        rserver HQCHECOM02 443
         inservice
  The problem :
  Let analyse the sequence of events and the value of the http cookie for each of them :
  When the the home page is originally loaded, the ACE selects SERVER-1
  The ACE inserts the cookie "A" in the server responses
  The user is sticked to SERVER-1
  Then, the user tries to login and an SSL session is established with the ACE
  The user sends a POST request containing the cookie "A"
  A backend SSL session is established with SERVER-1
  The POST request is forwarded to SERVER-1
  SERVER-1 responds with a 200 OK and the ACE generates another cookie "B" as it belongs to the sticky group ECOM_STICKY_TEST_HTTPS
  The client browser reloads the page on port 80 and provides the cookie "B" (the last received) !!
  The ACE sees the cookie "B" but does not find it in its database for the sticky group ECOM_STICKY_TEST_HTTP
  The ACE perform another load balancing decision and selects SERVER-2 ! (instead of SERVER-1)
  The page is reloaded, but the name of the user does not appear on it
  The question :
  As it is not possible to have only one sticky group in this configuration what would be the solution to make sure that the same server is selected for http and https ?
  Thank you for any hints,
  Yves

  Hi Gilles,
  I followed your recommendation to configure static cookie entries in each sticky group, but I still experience the problem of sessions getting re-load balanced to the second server when returning from HTTPS to HTTP :
  It seems that the ACE ignores the static entries !
  To make my question clear, I repeat hereafter the setup and the encountered problem :
  Here is the setup :
  An ACE load balance user requests on two Apache servers
  cookie-insert is used to stick a user on one Apache server
  The home page is accessed via http on port 80
  On the Home page, there is a link to allowing the user to login
  The login process uses SSL
  During the login, backend SSL is required between the ACE and the selected Apache server
  The login is a POST request to the Apache server
  After a successful login, the home page is reloaded on port 80 and the name of the user should appear on the top of the page
  The ACE configuration :
  Two sticky groups are configured : one for HTTP acess and another for HTTPS access
  Two server farms are defined, both using the same real servers, but with different ports (80 and 443)
  In the ECOM_STICKY_TEST_HTTP stick group the two following cookies are automatically generated :
  R105816849   for the server HQCHECOM01
  R105852786   for the server HQCHECOM02
  In the ECOM_STICKY_TEST_HTTPS stick group the two following cookies are automatically generated :
  R355972695   for the server HQCHECOM01
  R357158616   for the server HQCHECOM02
  I statically configured in the each sticky group the cookies used by the other sticky group, to allow stickiness when the browser switches from HTTP to HTTPS and vice versa :
  sticky http-cookie STICKED-TO ECOM_STICKY_TEST_HTTP
    cookie insert browser-expire
    timeout 240
    replicate sticky
    serverfarm ECOM_FARM_TEST_HTTP backup WEB_REDIRECT_001
    56 static cookie-value "R355972695" rserver HQCHECOM01
    64 static cookie-value "R357158616" rserver HQCHECOM02
  sticky http-cookie STICKED-TO ECOM_STICKY_TEST_HTTPS
    cookie insert browser-expire
    timeout 240
    replicate sticky
    serverfarm ECOM_FARM_TEST_HTTPS backup WEB_REDIRECT_001
    72 static cookie-value "R105816849" rserver HQCHECOM01
    80 static cookie-value "R105852786" rserver HQCHECOM02
  serverfarm host ECOM_FARM_TEST_HTTP
    description *** e-Commerce Test Server Farm ***
    probe ECOM_PROBE_TEST
    rserver HQCHECOM01 80
     inservice
    rserver HQCHECOM02 80
     inservice
  serverfarm host ECOM_FARM_TEST_HTTPS
    description *** e-Commerce Test Server Farm ***
    probe ECOM_PROBE_TEST
    rserver HQCHECOM01 443
     inservice
    rserver HQCHECOM02 443
     inservice
  The problem :
  Let analyse the sequence of events and the value of the http cookie for each of them :
  When the the home page is originally loaded, the ACE selects SERVER-1
  The ACE inserts the cookie "A" in the server responses
  The user is sticked to SERVER-1
  Then, the user tries to login and an SSL session is established with the ACE
  The user sends a POST request containing the cookie "A"
  A backend SSL session is established with SERVER-1
  The POST request is forwarded to SERVER-1
  SERVER-1 responds with a 200 OK and the ACE generates another cookie "B" as it belongs to the sticky group ECOM_STICKY_TEST_HTTPS
  The client browser reloads the page on port 80 and provides the cookie "B" (the last received)
  The ACE sees the cookie "B" and should use the static cookie entry to select the SERVER-1
  But instead, the ACE perform another load balancing decision and selects SERVER-2 !
  The page is reloaded, but the name of the user does not appear on it
  LiveHTTP Trace on Firefox :
  GET /ecom/medias/sys_master/8800775602206/Home-page-main-banners-video.jpg HTTP/1.1
  Host: ecom.test.toto.com
  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
  Accept: image/png,image/*;q=0.8,*/*;q=0.5
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://ecom.test.toto.com/uk/en/home
  Cookie: STICKED-TO=R105816849;
  HTTP/1.1 200 OK
  Set-Cookie: STICKED-TO=R105816849; path=/
  Date: Mon, 18 Oct 2010 15:31:37 GMT
  Server: Apache/2.2.13 (Red Hat)
  Connection: close
  Transfer-Encoding: chunked
  Content-Type: image/jpeg
  Here we switch on HTTPS :
  https://ecom.test.toto.com/uk/en/j_spring_security_check
  POST /uk/en/j_spring_security_check HTTP/1.1
  Host: ecom.test.toto.com
  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://ecom.test.toto.com/uk/en/home
  Cookie: STICKED-TO=R105816849; JSESSIONID=089DCF987DC03CAE0F516298EB886DAB.node1;
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 75
  spring-security-redirect=&j_username=yves144%40yahoo.com&j_password=junon01
  Here we see cookie for the same server but for the HTTPS sticky group :
  HTTP/1.1 302 Moved Temporarily
  Set-Cookie: STICKED-TO=R355972695; path=/
  Set-Cookie: _hybris.tenantID_=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly
  Date: Mon, 18 Oct 2010 15:31:39 GMT
  Server: Apache/2.2.13 (Red Hat)
  Location: http://ecom.test.toto.com/uk/en/home
  Content-Length: 0
  Connection: close
  Content-Type: text/plain; charset=UTF-8
  Here we switch back to HTTP :
  http://ecom.test.toto.com/uk/en/home
  GET /uk/en/home HTTP/1.1
  Host: ecom.test.toto.com
  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://ecom.test.toto.com/uk/en/home
  Cookie: STICKED-TO=R355972695; JSESSIONID=089DCF987DC03CAE0F516298EB886DAB.node1;
  Here we see that the second server has been wrongly selected !
  HTTP/1.1 200 OK
  Set-Cookie: STICKED-TO=R105852786; path=/
  Set-Cookie: _hybris.tenantID_=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly
  Set-Cookie: JSESSIONID=5A0F6EB8FBF63D5D0590FECEC62A302E.node2; Path=/; HttpOnly
  Date: Mon, 18 Oct 2010 15:31:40 GMT
  Server: Apache/2.2.13 (Red Hat)
  Pragma: no-cache
  Expires: Thu, 01 Jan 1970 00:00:00 GMT
  Cache-Control: no-cache, no-store
  Content-Language: en-GB
  Connection: close
  Transfer-Encoding: chunked
  Content-Type: text/html;charset=UTF-8
  http://ecom.test.toto.com/ecom/medias/sys_master/8796174057502/uk.gif
  GET /ecom/medias/sys_master/8796174057502/uk.gif HTTP/1.1
  Host: ecom.test.toto.com
  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
  Accept: image/png,image/*;q=0.8,*/*;q=0.5
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://ecom.test.toto.com/uk/en/home
  Cookie: STICKED-TO=R105852786; JSESSIONID=5A0F6EB8FBF63D5D0590FECEC62A302E.node2;
  HTTP/1.1 200 OK
  Set-Cookie: STICKED-TO=R105852786; path=/
  Date: Mon, 18 Oct 2010 15:31:40 GMT
  Server: Apache/2.2.13 (Red Hat)
  Content-Length: 382
  Connection: close
  Content-Type: image/gif
  Hypothesis :
  It seems that the static entries are not considered by the ACE...

• ACE : Stickyness with static cookies problem

  Hi Gilles
  I restart a conversatoion as a question to clarify the situation :
  I followed your recommendation to configure static cookie entries in each sticky group, but I still experience the problem of sessions getting re-load balanced to the second server when returning from HTTPS to HTTP :
  It seems that the ACE ignores the static entries !
  To make my question clear, I repeat hereafter the setup and the encountered problem :
  Here is the setup :
  An ACE load balance user requests on two Apache servers
  cookie-insert is used to stick a user on one Apache server
  The home page is accessed via http on port 80
  On the Home page, there is a link to allowing the user to login
  The login process uses SSL
  During the login, backend SSL is required between the ACE and the selected Apache server
  The login is a POST request to the Apache server
  After a successful login, the home page is reloaded on port 80 and the name of the user should appear on the top of the page
  The ACE configuration :
  Two sticky groups are configured : one for HTTP acess and another for HTTPS access
  Two server farms are defined, both using the same real servers, but with different ports (80 and 443)
  In the ECOM_STICKY_TEST_HTTP stick group the two following cookies are automatically generated :
  R105816849   for the server HQCHECOM01
  R105852786   for the server HQCHECOM02
  In the ECOM_STICKY_TEST_HTTPS stick group the two following cookies are automatically generated :
  R355972695   for the server HQCHECOM01
  R357158616   for the server HQCHECOM02
  I statically configured in the each sticky group the cookies used by the other sticky group, to allow stickiness when the browser switches from HTTP to HTTPS and vice versa :
  sticky http-cookie STICKED-TO ECOM_STICKY_TEST_HTTP
    cookie insert browser-expire
    timeout 240
    replicate sticky
    serverfarm ECOM_FARM_TEST_HTTP backup WEB_REDIRECT_001
    56 static cookie-value "R355972695" rserver HQCHECOM01
    64 static cookie-value "R357158616" rserver HQCHECOM02
  sticky http-cookie STICKED-TO ECOM_STICKY_TEST_HTTPS
    cookie insert browser-expire
    timeout 240
    replicate sticky
    serverfarm ECOM_FARM_TEST_HTTPS backup WEB_REDIRECT_001
    72 static cookie-value "R105816849" rserver HQCHECOM01
    80 static cookie-value "R105852786" rserver HQCHECOM02
  serverfarm host ECOM_FARM_TEST_HTTP
    description *** e-Commerce Test Server Farm ***
    probe ECOM_PROBE_TEST
    rserver HQCHECOM01 80
     inservice
    rserver HQCHECOM02 80
     inservice
  serverfarm host ECOM_FARM_TEST_HTTPS
    description *** e-Commerce Test Server Farm ***
    probe ECOM_PROBE_TEST
    rserver HQCHECOM01 443
     inservice
    rserver HQCHECOM02 443
     inservice
  The problem :
  Let analyse the sequence of events and the value of the http cookie for each of them :
  When the the home page is originally loaded, the ACE selects SERVER-1
  The ACE inserts the cookie "A" in the server responses
  The user is sticked to SERVER-1
  Then, the user tries to login and an SSL session is established with the ACE
  The user sends a POST request containing the cookie "A"
  A backend SSL session is established with SERVER-1
  The POST request is forwarded to SERVER-1
  SERVER-1 responds with a 200 OK and the ACE generates another cookie "B" as it belongs to the sticky group ECOM_STICKY_TEST_HTTPS
  The client browser reloads the page on port 80 and provides the cookie "B" (the last received)
  The ACE sees the cookie "B" and should use the static cookie entry to select the SERVER-1
  But instead, the ACE perform another load balancing decision and selects SERVER-2 !
  The page is reloaded, but the name of the user does not appear on it
  LiveHTTP Trace on Firefox :
  GET /ecom/medias/sys_master/8800775602206/Home-page-main-banners-video.jpg HTTP/1.1
  Host: ecom.test.toto.com
  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
  Accept: image/png,image/*;q=0.8,*/*;q=0.5
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://ecom.test.toto.com/uk/en/home
  Cookie: STICKED-TO=R105816849;
  HTTP/1.1 200 OK
  Set-Cookie: STICKED-TO=R105816849; path=/
  Date: Mon, 18 Oct 2010 15:31:37 GMT
  Server: Apache/2.2.13 (Red Hat)
  Connection: close
  Transfer-Encoding: chunked
  Content-Type: image/jpeg
  Here we switch on HTTPS :
  https://ecom.test.toto.com/uk/en/j_spring_security_check
  POST /uk/en/j_spring_security_check HTTP/1.1
  Host: ecom.test.toto.com
  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://ecom.test.toto.com/uk/en/home
  Cookie: STICKED-TO=R105816849; JSESSIONID=089DCF987DC03CAE0F516298EB886DAB.node1;
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 75
  spring-security-redirect=&j_username=yves144%40yahoo.com&j_password=junon01
  Here we see cookie for the same server but for the HTTPS sticky group :
  HTTP/1.1 302 Moved Temporarily
  Set-Cookie: STICKED-TO=R355972695; path=/
  Set-Cookie: _hybris.tenantID_=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly
  Date: Mon, 18 Oct 2010 15:31:39 GMT
  Server: Apache/2.2.13 (Red Hat)
  Location: http://ecom.test.toto.com/uk/en/home
  Content-Length: 0
  Connection: close
  Content-Type: text/plain; charset=UTF-8
  Here we switch back to HTTP :
  http://ecom.test.toto.com/uk/en/home
  GET /uk/en/home HTTP/1.1
  Host: ecom.test.toto.com
  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://ecom.test.toto.com/uk/en/home
  Cookie: STICKED-TO=R355972695; JSESSIONID=089DCF987DC03CAE0F516298EB886DAB.node1;
  Here we see that the second server has been wrongly selected !
  HTTP/1.1 200 OK
  Set-Cookie: STICKED-TO=R105852786; path=/
  Set-Cookie: _hybris.tenantID_=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly
  Set-Cookie: JSESSIONID=5A0F6EB8FBF63D5D0590FECEC62A302E.node2; Path=/; HttpOnly
  Date: Mon, 18 Oct 2010 15:31:40 GMT
  Server: Apache/2.2.13 (Red Hat)
  Pragma: no-cache
  Expires: Thu, 01 Jan 1970 00:00:00 GMT
  Cache-Control: no-cache, no-store
  Content-Language: en-GB
  Connection: close
  Transfer-Encoding: chunked
  Content-Type: text/html;charset=UTF-8
  http://ecom.test.toto.com/ecom/medias/sys_master/8796174057502/uk.gif
  GET /ecom/medias/sys_master/8796174057502/uk.gif HTTP/1.1
  Host: ecom.test.toto.com
  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
  Accept: image/png,image/*;q=0.8,*/*;q=0.5
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://ecom.test.toto.com/uk/en/home
  Cookie: STICKED-TO=R105852786; JSESSIONID=5A0F6EB8FBF63D5D0590FECEC62A302E.node2;
  HTTP/1.1 200 OK
  Set-Cookie: STICKED-TO=R105852786; path=/
  Date: Mon, 18 Oct 2010 15:31:40 GMT
  Server: Apache/2.2.13 (Red Hat)
  Content-Length: 382
  Connection: close
  Content-Type: image/gif
  Hypothesis :
  It seems that the static entries are not considered by the ACE...

  Yves,
  you have to specify the destination port
  56 static cookie-value "R355972695" rserver HQCHECOM01 80
  64 static cookie-value "R357158616" rserver HQCHECOM02 80
  serverfarm host  ECOM_FARM_TEST_HTTP
    description *** e-Commerce Test Server Farm ***
     probe ECOM_PROBE_TEST
    rserver HQCHECOM01 80
     inservice
     rserver HQCHECOM02 80
     inservice
  Gilles.

• ACE 4710 balance among URL

  I have ACE 4710 and I need configuration:
  I have real web-server with  folders : /1/index.html, /2/index.html, /3/index.html
  I need to  balance virtual service:
  If I try to connect URL: http://server/index.html,  then ACE balance among
  http://real_server/1/index.html,
  http://real_server/2/index.html,
  http://real_server/3/index.htm
  How can I  configure ACE ?

  ACE, can't modify the url.
  But it can send redirect.
  So you could build 3 redirect rservers, and have ACE loadbalance between them.
  rserver redirect HTTP-REDIRECT1
    webhost-redirection http://real_server/1/index.html
    inservice
  rserver redirect HTTP-REDIRECT2
     webhost-redirection http://real_server/2/index.html
     inservice
  rserver redirect HTTP-REDIRECT3
     webhost-redirection http://real_server/3/index.html
     inservice
  serverfarm redirect SF_REDIRECT
    rserver HTTP-REDIRECT1
      inservice
    rserver HTTP-REDIRECT2
      inservice
    rserver HTTP-REDIRECT3
      inservice
  But even if it works, this does not sound good.
  It seems like a design done by an application server person who does not know how network loadbalancers work.
  It seems like all you need is stickyness, which you are trying to achieve by redirecting to /1 or /2 or /3.
  But this can be done differently with cookies or by just doing stickyness on source ip address.
  Gilles.

• Ace stickyness

  need help to understand what sticky entries are expected to be seen under show sticky database and for all it options.
  we are not sure what cookie values are used by the servers. if i understood right
  if servers dont send any cookie , then ACE will use the configured static cookie value and send the cookie to client on behalf of the server. if ace receives the cookie value from server then it forwards the info to the client. in this situation what configuration is required to maintain stickyness
  below is my config..
  sticky http-cookie sfarm1-sticky sticky-cookie-insert-8005
  cookie insert
  replicate sticky
  serverfarm sfarm1-apache
  policy-map type loadbalance first-match sfarm1-apache-8000_pol
  class class-default
  sticky-serverfarm sticky-cookie-insert-8005
  policy-map multi-match VIPS
  class sfarm1-apache-8000-cl
  loadbalance vip inservice
  loadbalance policy sfarm1-apache-8000_pol
  loadbalance vip icmp-reply active
  Thanks

  ACE supports parsing HTTP headers up to 64K bytes.
  By default ACE Module can parse 4096 bytes (4K).
  By default for ACE appliance can parse 2048 bytes.
  You can change it to a higher number, for example to instruct ACE to parse 8192 bytes
  parameter-map type http My_HTTP_PARAMS
  set header-maxparse-length 8192
  policy-map multi-match My-VIPS
  class Syed
  loadbalance vip inservice
  loadbalance policy syed-policy
  loadbalance vip icmp-reply active
  appl-parameter http advanced-options My_HTTP_PARAMS
  Increasing it to a very high number will have performance impacts.
  More details at
  ACE Module:
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/classlb.html#wp1350453')">http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/classlb.html#wp1350453
  ACE Appliance:
  http://preview.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1062867')">http://preview.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1062867
  Syed Iftekhar Ahmed

• ACE Stickyness problem

  I am trying to configure stickyness on an ACE appliance. I can't seem to get it to work. I have tried a http cookie and a IP Netmask and can't get it to work. When I do a show stat sticky or a show sticky database I get nothing. Attached is the config of my ace.

  you need to assign sticky resources to your context before you can start using it.
  Use the following command to see if you have allocated sticky resources
  switch/Admin# show np 1 me-stats "-slb -v" | i Stick
  Num Active Sticky Entry: 1 0
  Num Active Reverse Sticky Entry: 0 0
  Free Sticky Entry Count: 944765 0
  switch/Admin#
  Gilles.

• ACE class-map match url syntax

  Can someone help me with the string that would match a url with no path specified?  For instance; user types "https://outlook.domain.net" into their browser and I want the ACE to redirect that request to https://outlook.domain.net/owa".
    2 match http url oulook\.domain\.net\

  Adam and Shday,
  I'll give you a hand on this =)
  Adam we can solve your problem only if you're doing SSL offloading on the ACE as the layer 5 information that needs to be checked is being sent encrypted.
  In case SSL termination is configured then the configuration would be like this:
  rserver redirect OWA
    webhost-redirection https://%h/owa 301
    inservice
  serverfarm redirect OWA
    rserver OWA
      inservice
  class-map type http loadbalance match-any OWA
  2 match http header Host header-value "outlook.domain.net"
  policy-map type loadbalance first-match OWA
  class OWA
    serverfarm OWA
  class class-default
    serverfarm Backend
  Shday yours is pretty much the same but you need to decide if class-default needs
  to be in place:
  rserver redirect Domain
  webhost-redirection http://%h/any_path 301
  inservice
  serverfarm redirect Domain
     rserver Domain
       inservice
  class-map type http loadbalance match-any Any
  2 match http url /.*
  class-map type http loadbalance match-any Domain
  2 match http header Host header-value "domain.com"
  policy-map type loadbalance first-match Domain
  class Any
    serverfarm Backend
  class Domain
    serverfarm Domain
  HTH
  Pablo

• ACE Stickyness via SSL

  Hello,
  i've wanted to configure Stickyness via SSL Session ID.
  I coul'd not find anything in the docs how to do this.
  Is this feature not supported by the ACE?
  Sven

  I read somewhere it will be supported with the next major release or Gilles mentioned something like that.
  AFAIK it is not supported right now.
  Ergo -> geht nicht :)
  Roble

• Delete Cookies in URL iView

  Hello:
  I have to delete cookies from a url iview with target a asp.net web application when the iview is selected.
  Can you Help me?

  cookies usually stores in your local broser.
  click on tools-> internet options,,,,,,,,,,,,,u can find delete cookies option there.....try to delete it
  Koti Reddy

• ACE balance cookie + https

  Hello Everyone,
  i have a ACE 4400 Appliance, for balance some applications on the network.
  i have one application(citrix), the connection to this site is https(443).
  I had a balance of cookie, plus this only worked if I left only one  server in "inservice" on Serverfarm if I add the second, the application  showed me a scree saying "your web interface session is in an  inconsistent state."
  Since the above problems, I set the cookie for connection to work with "persistence rebalance," but the problem continued.
  After I passed the Serverfarm to be balanced by source IP, the troubles are over, I kept the persistence rebalance.
  Now comes the question, why not work with cookie? https does not work if the balancing change something in the package, such as information inside a cookie?
  Old configuration:
  sticky http-cookie NFUSE-COOKIE STICKY-HIAE-NFUSE-COOKIE
    cookie insert browser-expire
    replicate sticky
    serverfarm SF-HIAE-NFUSE
  Current Configuration:
  sticky ip-netmask 255.255.255.255 address source STICKY-HIAE-TESTE-NFUSE
    replicate sticky
    serverfarm SF-HIAE-NFUSE
  Class/Policy and Parameter map.
  class-map match-all VS-HIAE-NFUSE
     2 match virtual-address 192.168.16.30 tcp any
  policy-map type loadbalance first-match VS-HIAE-NFUSE-l7slb
    class class-default
      sticky-serverfarm STICKY-HIAE-TESTE-NFUSE
    class VS-HIAE-NFUSE
      loadbalance vip inservice
      loadbalance policy VS-HIAE-NFUSE-l7slb
      loadbalance vip icmp-reply active primary-inservice
      appl-parameter http advanced-options HTTP-OPTS
  parameter-map type http HTTP-OPTS
      persistence-rebalance
  Tks a lot.
  Rafael Mendes

  Realized the configuration as specified in the link.
  Apparently, everything ok.
  However, I can not access the page using internet explorer. I tested with firefox, safari, opera, everything works with internet explorer not.
  Configuration follows below, is something wrong?
  Thanks.
  serverfarm host SF-HIAE-NFUSE
    description Servidores nfuse.einstein.br
    rserver WPVAP06
      inservice
    rserver WPVAP07
      inservice
  parameter-map type generic sslidparam
     set max-parse-length 70
  sticky layer4-payload STICK-L4-NFUSE-SSL
    serverfarm SF-HIAE-TESTESSLTERM
    response sticky
  layer4-payload offset 43 length 32 begin-pattern "\x20"
  class-map match-all VS-L4-NFUSE-SSL-TERMINATOR
    2 match virtual-address 192.168.16.254 tcp eq https
  policy-map type loadbalance generic first-match VS-HIAE-TESTESSLTERM
    class class-default
      sticky-serverfarm STICK-L4-NFUSE-SSL
  policy-map multi-match int10
  class VS-L4-NFUSE-SSL-TERMINATOR
     loadbalance vip inservice
     loadbalance policy VS-HIAE-TESTESSLTERM
     loadbalance vip icmp-reply active primary-inservice
     appl-parameter generic advanced-options sslidparam

• ACE Module Cookie Parsing causes Reset Connection

  I am trying to upgrade my ACE Modules from A2(1.3) to A2(3.2) . Unfortunately, the cookie parsing breaks when there are illegal characters and causes a connection reset (RST) when there is an invalid cookie, but only on code later than A2(1.3).
  The cookie in question is being passed by a third party so making them change the cookie is not necessarily do-able. The cookie has the following value:
  Cookie:  CurrentUser={"UserKey":{"Key":"anonymous"},"LastUpdated":"10/13/2010 1:35:52 PM"}
  We are using the following parameter map:
  parameter-map type http CASE_PARAM
    case-insensitive
    persistence-rebalance
    set header-maxparse-length 20480
    length-exceed continue
  On the older code, the request is passed on to the server.
  Is there a setting similar to "length-exceed continue" that I can give the ACE to tell it to ignore cookies it cannot parse?

  HTTP inspection is not enabled.
  Did you mean adding a class-default to the policy-map?
  Adding it to the policy-map does make it match the class-default. Unfortunately, cookie parse errors result in the inability to parse both the cookie and the host header as well. It seems that rather than just failing to parse the cookie and being unable to do sticky matching - it completely fails the entire header parsing.
  Here's our setup:
  rserver host test1
    ip address 192.168.1.101
    inservice
  rserver host test2
     ip address 192.168.1.102
     inservice
  rserver host test3
     ip address 192.168.1.103
     inservice
  rserver host test4
     ip address 192.168.1.104
     inservice
  serverfarm host auto
    probe HTTP-diagnostic
    rserver test1
      inservice
    rserver test2
      inservice
  serverfarm host news
    probe HTTP-diagnostic
    rserver test3
      inservice
    rserver test4
      inservice
  sticky http-cookie autoCookie auto-cookie
    cookie insert browser-expire
    replicate sticky
    serverfarm auto
  sticky http-cookie newsCookie news-cookie
    cookie insert browser-expire
    replicate sticky
    serverfarm news
  class-map type http loadbalance match-any auto
    2 match http header Host header-value "www.auto.local"
    3 match http header Host header-value "auto.local"
  class-map type http loadbalance match-any news
     2 match http header Host header-value "www.news.local"
     3 match http header Host header-value "news.local"
  class-map match-all prod_VIP
    2 match virtual-address XXX.XXX.XXX.XXX tcp eq www
  policy-map type loadbalance first-match prod_POLICY
    class auto
      sticky-serverfarm auto-cookie
    class news
      sticky-serverfarm news-cookie
    class class-default
      sticky-serverfarm auto-cookie
  policy-map multi-match aggregate-slb-apps
    class prod_VIP
      loadbalance vip inservice
      loadbalance policy prod_POLICY
      loadbalance vip icmp-reply active
      loadbalance vip advertise
      appl-parameter http advanced-options CASE_PARAM

• Alternatives for HTTP Session(Cookies or URL Reqriting)

  Sir/Madam,
  Actually we can handle session using (1) URL rewriting and (2) Cookies , apart from this is there any way to handle sessions ? If so what are they ?.
  Thanks and Regards
  - Raja.

  Of course... You could use (1) Cookies and (2) URL rewriting, as an alternative.
  Or you could write your own JSP/servlet engine and require all pages to be forms that have the session ID in them or whatever other custom hair-brained idea you wanted.

• ACE-Single VIP-Multiple URL-Multiple ServerFarm

  Hi Everyone,
  I am trying to put together a configuration that has multiple requirements that are all dependant so I wanted to post in a single discussion.  Please see the parameters below:
  1. ACE 4710 placed in DMZ in one-armed mode
  2. Use only 2 VIPS (1 for HTTP traffic and 1 HTTPS traffic)
  3. Multiple URLs for each VIP. Each URL makes use of sub-domains (ex. "subdomain1.domain.com" , "subdomain2.domain.com")
  4. Match on the hostheader and send to a corresponding serverfarm. (each URL has seperate serverfarm).
  5. SSL off-load. All Secure URL's share a single wild-card certificate.
  6. Any connections to Secure URL's that connect using HTTP need to be redirected to HTTPS and then load-balanced. I would like to have a single redirect serverfarm that will take the path and url that is sent,whichever that may be, and redirect it to HTTPS.
  So here are my questions:
  1. One of the URL's being matched is for Exchange 2010 (OWA and ActiveSync).  Since all services will be directed at the same serverfarm I believe that matching on the sub-domain (host header) will be sufficient for both services but I would like some confirmation.
  2. I would like to confirm that the composition of my class-maps and subsequent policy-maps will meet the requirements listed above.
  3. I would like any suggestions on how I may make this configuration more efficient.
  I have attached a scrubbed copy of my configuration, any suggestions would be greatly appreciated!!!

  Hi Michael,
  One of the URL's being matched is for Exchange 2010 (OWA and ActiveSync).  Since all services will be directed at the same serverfarm I believe that matching on the sub-domain (host header) will be sufficient for both services but I would like some confirmation
  The ACE performs regular expression matching against the received packet data and hence you can use a single expression like \.mvnu\.edu and that should match msmail\.mvnu\.edu", ihelp\.mvnu\.edu and ishare\.mvnu\.edu and since all of them need to go to same serverfarm there is no need to define three different server farms under policy map.
  2. I would like to confirm that the composition of my class-maps and subsequent policy-maps will meet the requirements listed above.
  The config looks fine but you can make it more stream line by using one regex which will match all host header information and since it needs to go one serverfarm only, it is not required to have three different server farms unless needed of course. Pardon if i haven't  understood your requirment correctly.
  3. I would like any suggestions on how I may make this configuration more efficient.
  It should be there in answer 1:)
  Please feel free to discuss if there is something which is not what you were looking for.
  Regards,
  Kanwal