Csm cookie sticky

Similar Messages

• Catalyst 6500 CSM-S Cookie stickiness timout ?

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Hi, anyone able to help with this ?
  We have a CSM-S sitting in a 6513, at the moment we have IP stickiness applied for a Vserver/Serverfarm. The back end product vendor advises that cookie stickiness would be more appropriate for their application.
  I have been scratching my head around the timeout of the inserted cookies; whatever I do they persist seemingly indefinitely, for example:
  Just a test configuration with a 10minute sticky timout.
  serverfarm applicationA
    nat server
    nat client applicationA_pool
    failaction reassign
    real 1.1.1.1
     inservice
    real 1.1.1.2
     inservice
    health retries 1 failed 120
    probe applicationA_probe
  sticky 1 cookie applicationA_sticky insert timeout 10
  vserver applicationA-HTTP
    virtual 2.2.2.10 tcp www
    unidirectional
    serverfarm applicationA
    sticky 10 group 1
    no persistent rebalance
    inservice
  Doing show mod csm 1 sticky
  group   sticky-data              real                  timeout
  1       cookie F5BF7115:F80EA688 1.1.1.1           0
  1       cookie 4AFC972B:BB722437 1.1.1.2           0
  Then a show mod csm 1 sticky config
  Group  NumEntries Timeout  Type
  1             82                           10        cookie-insert applicationA_sticky
  When browsing to the VIP I see the application page via one of the reals. For the sake of the test I am using round-robin. Without cookies applied my browser will bounce between reals (I turned off persistent rebalance during testing) as expected.
  With a sticky cookie inserted the browser stays on one of the real’s, however the timeout which I have applied does not work. The client will stay stuck to the real almost indefinitely (the actual cookie expiry is 2099!).
  The online documentation advised that the method I am using should work as expected:
  Quote
  This example shows how to configure a virtual server named barnett, associate it with the server farm named bosco, and configure a sticky connection with a duration of 50 minutes to sticky group 12:
  Router(config)# mod csm 2
  Router(config-module-csm)# sticky 1 cookie foo timeout 100
  Router(config-module-csm)# exit
  Router(config-module-csm)#
  Router(config-module-csm)# serverfarm bosco
  Router(config-slb-sfarm)# real 10.1.0.105
  Router(config-slb-real)# inservice
  Router(config-slb-real)# exit
  Router(config-slb-sfarm)#
  Router(config-slb-sfarm)# vserver barnett
  Router(config-slb-vserver)# virtual 10.1.0.85 tcp 80
  Router(config-slb-vserver)# serverfarm bosco
  Router(config-slb-vserver)# sticky 50 group 12
  Router(config-slb-vserver)# inservice
  Router(config-slb-vserver)# exit
  Router(config-module-csm)# end
  End Quote
  I am guessing that sticky group 12 / 1 is a typo
  Looking at the documentation, sticky can also be applied not in the vserver config but in a policy (this is how we are doing IP stickiness). I have tried both methods. Same result.
  I am natting the client address to a private pool which then talks to the reals (and back). Would'nt expect this to be any issue.
  The CSM is running Software version: 4.3(5).
  Any help appreciated.

  Good mornign Simon,
  The behavior you are seeing is the expected one.
  When the CSM is configured for cookie insertion, a static cookie value is created in the sticky table for each server. This is the cookie that is being inserted, using as expiration date the one defined in the COOKIE_INSERT_EXPIRATION_DATE variable.
  With this stickiness method, there is no need to use a timeout, because, since the sticky table will only contain one entry for each server, it will never become full.
  Quoting from the documentation:
  Note     The
  configurable timeout values are not applied when using cookie insert. 
  You can adjust the timeout value using the environment variables.
  If you don't want to keep the cookies in the client for that long, another approach you can use is setting an empty date in the COOKIE_INSERT_EXPIRATION_DATE variable. When doing that, the cookie will be inserted without an expiration date, so it will be cleared when the browser is closed.
  I hope this answers your question
  Regards
  Daniel

• CSM Cookie not working properly?

  We have a CSM v4.1.6 and are trying to use the cookie feature it seems to be working on initial establishment but subsequent connections are not loadbalancing correctly. It seems that every connection request coming in is being forced on one server. Both servers in the farm are showing operational. Any ideas?
  sticky 50 cookie JSESSIONID timeout 30
  ECCoreRTR1#sh mod csm 4 sticky group 50
  group sticky-data real timeout
  50 cookie F014E925:211A5C5F 172.22.25.40:80 1100
  50 cookie D66F0C62:6C7D3319 172.22.25.40:80 1099

  if the connection comes in with the cookie pointing to a particular server, the CSM will forward it to this server and not loadbalance.
  So, in order to know if there is a problem, you will have to capture a sniffer trace and verify if a connection that comes in with no cookie is sent always to the same server or not.
  It should work fine with your version.
  Gilles.

• Question on CSS cookie sticky

  Hi everyone,
  I have a question about CSS cookie sticky.
  - Server issues the following cookie string to the client and it is fixed to 18 bytes.
  Set-Cookie: JSESSIONID=aaabbbcccdddeeefff; path=/
  - Client embedded the following cookie string in the subsequent HTTP header.
  Cookie: xx_user_id=ZZZZ03; com.dummy.xyz.session.cookie=|user|pc|ja|Shift_JIS|default||yellow|/oooo/default.portal|; JSESSIONID=aaabbbcccdddeeefff
  * Note that I made cookie information suitable as example.
  There is the cookie string (JSESSIONID=aaabbbcccdddeeefff) issued by Server in the HTTP header from client but that cookie string (JSESSIONID=aaabbbcccdddeeefff) is located following the cookie string that the client made by oneself at the end of cookie string. And the cookie string and the length of cookie string that client made by oneself might change so the total length of cookie string also might change. It means I can not clarify the total length of the cookie string.
  In this situation, I want CSS to stick with cookie string "JSESSIONID=aaabbbcccdddeeefff".
  The characters of string located following the "JSESSIONID=" (in this case, "aaabbbcccdddeeefff") might change but it is fixed to 18 bytes. The total length of cookie string is 141 bytes in above mentioned example.
  So I informed customer to configure the following parameters to get CSS done cookie sticky for above mentioned cookie string. CSS software version is sg0750303.
  owner test
  content testsv-tcp80
  add service testsv1-tcp80
  add service testsv2-tcp80
  advanced-balance cookie
  　string range 1 to 200
  string process-length 18
  url "/*"
  redundant-index 1001
  protocol tcp
  port 80
  vip address xxx.xxx.xxx.xxx
  active
  However CSS was not able to treat the above mentioned cookie correctly which means the subsequent HTTP request was not stuck (persisted) to same server.
  I do not understand why CSS cookie sticky did not work correctly with this configuration.
  Then customer configured CSS with the following parameters to get CSS inserted cookie string and, of course, the result is OK that is CSS could stick the connection to same server.
  owner test
  content testsv-tcp80
  add service testsv1-tcp80
  add service testsv2-tcp80
  advanced-balance arrowpoint-cookie
  url "/*"
  redundant-index 1001
  protocol tcp
  port 80
  vip address xxx.xxx.xxx.xxx
  active
  Has anybody experienced similar thing ?
  Could you please let me know if you have any comment, information
  Your information would be appreciated.
  Best regards,

  the CSS does not learn dynamic cookie.
  You can match a fixed string inside a cookie and pre-define which server to use with that specific string.
  That's why your solution did not work.
  Arrowpoint-cookie is a better solution and easier to implement.
  Gilles.

• Cookie stickiness configuration issue with Cisco ACE

                     Hi,
  We have configured a ACE (in standby mode) with ip netmask stickiness and wanted to configure cookie stickiness for a remedy server placed behind the ace. BMC has said that they use JSESSIONID field on the remedy application and i want to know the procedure for configuring ace to see this field and deploy cookie stickiness feature on the ace.
  We tried configuring the ace to learn the cookie string dynamically and tried to insert the cookie in the server response to the client but both methods have failed and the user is not able to see the remedy app webpage in both occassions.
  Are there any pre-requisites to be configured on the ace before configuring cookie stickiness feature?   We would appreciate your timely response.
  Thanks in advance.

  Hi,
  Refer the document below for sample configuration. If this still doesn't work a full config and sniffer capture required to verify this.
  http://docwiki.cisco.com/wiki/Session_Persistence_Using_Cookie_Learning_on_the_Cisco_Application_Control_Engine_Configuration_Example
  Regards,
  Siva

• Http cookie stickiness

  Hi,
  I have an http session between Web Server farm and Application Server Farm.
  After firt http request, Application Server send this pck (see file http_header.txt ).
  So, I configured http cookie Stickiness with Dynamic cookie learning:
  sticky http-cookie JSESSIONID Cookie-Bea-Group
  cookie offset 0 length 64
  timeout 70
  timeout activeconns
  replicate sticky
  serverfarm BEA8-SFARM-3
  But it doesn't work. But if web server received an answer from Application server with only one set-cookie
  Set-Cookie:JSESSIONID=xxxxx
  It work
  if in the http header there are two set-cookie doesn't work.
  I need stick the session based only on JSESSIONID cookie.
  Is it possible and how?
  Thanks
  Dino

  Hi Dear,
  The ACE appliance/module has the dynamic cookie feature.
  You then just need configure the cookie name and the box does the rest.
  When static cookies are used there will only be one entry in the cookie database per real server. So, if ace-cookie is the only cookie defined and there are two servers, there will only be two entries in the sticky database, even if there are thousands of user sessions.
  Dynamic cookie learning is another option for keeping the SAP session persistent. The sticky table can hold a maximum of four million dynamic entries (four million simultaneous users). The key is choosing the right cookie name.
  Lets take an example of SAP sets a number of cookies for various purposes (note the ace_cookie was set by Cisco ACE using cookie insert, not SAP), but the saplb_* cookie is set by SAP specifically for load-balancers. It has the format saplb_=()[].
  Here, the cookie value also helps to verify which server instance and physical node you are connected to.
  The configuration process for cookie learning is similar-with a few changes in the syntax.
  Example configuration:
  ssticky http-cookie saplb_* ep-cookie
  replicate sticky
  serverfarm EP-HTTP
  policy-map type loadbalance http first-match ep-policy
  class class-default
  sticky-serverfarm ep-cookie
  In the above examples, the replicate sticky command is used so that the cookie information is replicated to the standby Cisco ACE context. With this implementation, session persistence is maintained in the event of a failover. The default timeout is one day.
  The show sticky data command retrieves the active sticky entries that have been dynamically learned. The value shown is not the actual cookie value, but a function of it created by Cisco ACE.
  Example configuration:
  switch/SAP-Datacenter# show sticky data
  sticky group : ep-cookie
  type : HTTP-COOKIE
  timeout : 100 timeout-activeconns : FALSE
  sticky-entry rserver-instance time-to-expire flags
  ---------------------+--------------------------------+--------------+-------+
  6026630525409626373 SAP-EP:50000 5983
  Load Balancing Identifier
  The Load Balancing Identifier used for Load balancing to Web AS Java instances has the following syntax.
  saplb_=()[]
  The cookie is set on path=”/” and domain=.
  The same syntax applies if the identifier is used via url rewriting.
  The applies only to the J2EE Engine where session stickyness on a process (JVM) level is required. The uniquely identifies a set of instances. If there are no special group definitions then the special group identifier '*' is used. This will be the case for a default installation.
  The SAP Web Dispatcher checks for path prefix match and thereby determines group name. This allows to obtain from the set of dispatch cookies or to do initial load balancing for the group. The Java dispatcher receives the request and also checks for the group. The Java dispatcher then reads from the appropriate dispatch cookie or performs initial dispatch on his local nodes.
  The CSS does not have the possibility to learn dynamic cookie value created on the server.
  So, you can either use arrowpoint cookies which is quite simple or have your server team add a static value to the jsessionid in order to identify the server.
  We can then configure the CSS to locate this static value and match it to a service.
  If possible kindly rate.
  Keep in touch.
  Kind regards,
  Sachin Garg

• Cisco GSS - Cookie Stickiness

  Hi,
  What all the parameters can be used for stickiness across different data centers via Cisco
  GSS. Is cookie stickiness possible.
  We are planning to implement an Active/Active site and the
  internet user requests will be load balanced across two sites. Since most of the users use ADSL connections, the source IPs are dynamic and changes within minutes and even seconds. If the stickiness would be configured based on IPs on the GSS, the sessions would be lost due to continuous IP changes and the user would be randomly directed to different data centers.
  Please suggest how could stickiness be achieved without IPs.
  Thanks.

  Hello there,
  Stickiness on the GSS is based on IP address.  There is local sticky, which means each GSS in the cluster maintains its own sticky database and doesn't share it with the other GSS in the cluster.  Global sticky is when each still has its own sticky database, but they update each GSS in the cluster so that if a request comes into a different GSS from the same host IP and requests the same domain, it will still be stuck to the same Answer.
  It does not matter if your clients are frequently changing their IP addresses, because an Internet user's IP address is not used, or known, by the GSS.  To the GSS, a client is actually an Internet user's D-proxy, or local DNS server.  Here's how it works:
  Internet user needs to resolve FQDN to IP address
  Internet user sends DNS query to his/her DNS server (D-proxy)
  D-proxy (which typically has a static IP address) makes request throughout DNS infrastructure sourced by its own IP address
  Eventually, the DNS request ends up at a GSS
  GSS checks to see if it already has a sticky entry for the IP address of this D-proxy
  If sticky entry exists, then the same Answer is given as last time
  If sticky entry does not exist, GSS will use configured method to choose Answer, return it, then create sticky entry
  If you are using global sticky, then the GSS will update the other GSS in cluster so they add the entry to their databases
  So as you can see, the Internet user's IP address has no relevance to the GSS's operation.
  I hope this helps.  Let me know if you have any questions.
  Thank you,
  Sean

• CSM 411 STICKY issue

  Could someone shead light on the use of STICKY in reference to a virtual server.
  My config:
  sticky 20 netmask 255.255.255.255 timeout 300
  policy FTP
  client-group CSMnets
  serverfarm FTPOUT
  vserver FTPOUT
  virtual 0.0.0.0 0.0.0.0 tcp ftp service ftp
  vlan 160
  sticky 300 group 20
  reverse-sticky 20
  replicate csrp sticky
  replicate csrp connection
  persistent rebalance
  slb-policy FTP
  inservice
  When I show csm 3 sticky, I do not receive any information.
  Did I configure it wrong?
  Thanks
  Frank

  Sorry, I missed entering the policy details.
  I have configured "STICKY" on BOTH the policy and Virtual Server. The Cisco docs are VERY VAGUE.
  This is what the Cisco documentations says:
  "(OPTIONAL) Configures connections from the client to use the same real server. The default is sticky off"
  Could you explain this in plain english, say for the dumb folks like me? 8)... PLEASE dont feel like you are giving me too much information - I have VERY thick skin.
  Did I configure it correctly, is it configured just wrong or what? My experience is that you can configure MANY things wrong and traffic still flows.
  My Topology:
  .INTERNET
  .|        |
   R-----R
   |         |
  CSM---CSM
   |         |
   FW    FW
   |         |
  CSM---CSM
   |         |
   R-----R
  INTERNAL NET
  My config:
  policy FTP
  client-group NIHnets
  serverfarm FTPOUT backup BACKUP-FTPOUT sticky
  serverfarm FTPOUT
  no nat server
  no nat client
  predictor hash address source
  failaction purge
  real name B12-GEFW1-DMZ
  health probe FWOS-[R]-CLIENT
  inservice
  real name FW-GEFW1-DMZ
  inservice
  probe OUT-SRV-ALIAS
  vserver FTPOUT
  virtual 0.0.0.0 0.0.0.0 tcp ftp service ftp
  vlan 160
  sticky 300 group 20
  reverse-sticky 20
  replicate csrp sticky
  replicate csrp connection
  persistent rebalance
  slb-policy FTP
  inservice
  sticky 20 netmask 255.255.255.255 timeout 300
  Thanks for helping!
  Frank
  PS URLs that explain this stuff in detail would be GREAT too!

• Shouldn't ACE 4710 ignore cookie stickiness when the server is down?

  Hello,
  I have implemented sticky load balancing with cookies. The problem is that if one of my two servers in the server farm is down (and even if the ace recognizes it as down via a probe) it keeps sending the requests to the server that is down, obviously because it has set a cookie for this server,
  Shouldn't the ACE ignore the cookie when the server is down?
  Is there a command to ignore cookie stickiness if the server is down? Is there another workaround?
  an example of my config is
  serverfarm host SF_Ebanking
    rserver RS_IAS_1 XXXX
      conn-limit max 4000000 min 4000000
      probe http_probe_ebanking
      inservice
    rserver RS_IAS_2 XXXX
      conn-limit max 4000000 min 4000000
      probe http_probe_ebanking
      inservice
  sticky http-cookie ACE_COOKIE ebanking_sticky
    cookie insert
    replicate sticky
    serverfarm SF_Ebanking
    16 static cookie-value "server01" rserver RS_IAS_1
    24 static cookie-value "server02" rserver RS_IAS_2
  thanks,
  george

  This is not as obvious as you seem to believe.
  ACE will not select a server that is down !!!! Even if the cookie points to that server.
  What might be happening is that the connection from the browser to the ACE has not been killed, so when client sends a new request it reuses the existing connection and ACE does allow an existing connection to be maintain with a dead server by default.
  Try the command 'failaction purge' under the serverfarm.
  This should kill the active connections with the dead server and allow a new connection to be open with the other server even if the cookie points to the dead one.
  Regards,
  Gilles.

• URL-learn cookie stickiness method

  Hello
  In our network we are trying to configure a SLB with stickiness based on the passive cookie method on the CSM-S module for cat6k.
  The server is setting the JSESSIONLIST cookie in the "set-cookie" field in the HTTP header. Unfortunately, each time a client is accessing the server, the server adds more data into the "Refer" field in the HTTP header that it's placed before the cookie field. Finally when the HTTP header is bigger then 4000 bytes, which is the maximum max-parse length value for CSM-S module, the module is unable to correctly stick the session based on the cookie value send by the client.
  When a server sets the set-cookie value in the HTTP header, at the same time, it sets the parameter called jsessionid in the URI that has the same value that the cookie JSESSIONLIST. Because of our problem with the long "Referer" field in subsequent client requests we have tried to configure the stickiness based on URL-Learn method.
  The virtual server is using a sticky group configured as below
  sticky 2 cookie JSESSIONLIST timeout 30
  cookie secondary jsessionid
  Unfortunately it does not work. We are wondering why. In the configuration-guide there is not much information about this kind of stickiness. We are wondering if it is not a problem for CSM to stick a session based on the "secondary cookie", when, at the same time, the cookie field is also transmitted in the client requests. We are also wondering if it is not a problem for a load balancer that the jsessionid parameter in the URI follows ";" not "?" as in the example in the configuration guide.
  I am attaching an example HTTP GET request from the client (some values were hidden). This trace shows the request with a short "Refere" field but the subsequent packets contain this field much more bigger.
  Thanks for any help in advance

  the CSM will look into the url if it can't find the cookie in the header.
  However, if the header length is too big, the CSM will consider this an error and it will stop parsing.
  A solution for you is to increase the parse length with a variable:
  gdufour-cat6k-2#sho mod csm 3 var | i PAR
  MAX_PARSE_LEN_MULTIPLIER 1
  It will multiply whatever parse length you have configured.
  Now, you could also change the server behavior with the referer.
  Increasing the size of the header will consume BW and reduce performance of the LB and SSL offloader.
  Gilles.

• CSM : cookie expiration date

  Hi,
  I use the cookie insertion feature of the CSM. Whatever the value of the timeout (2 minutes in the example
  below), the expired date (of the cookie file) which the CSM returns is always the same one : Fri, 1 Jan 2010 01:01:50 GMT
  Any idea ?
  Regards,
  Pascal
  sticky 10 cookie mycookie insert timeout 2
  vserver TEST-HTTP
  virtual 158.167.242.9 tcp www
  vlan 240
  serverfarm TEST-HTTP
  advertise active
  sticky 2 group 10
  persistent rebalance
  inservice
  Frame 94 (680 bytes on wire, 680 bytes captured)
  Ethernet II, Src: 00:04:9b:7a:4b:fc, Dst: 00:02:a5:bf:01:5a
  Internet Protocol, Src Addr: 158.167.242.9 (158.167.242.9), Dst Addr: 158.166.1.35 (158.166.1.35)
  Transmission Control Protocol, Src Port: http (80), Dst Port: 3220 (3220), Seq: 1, Ack: 396, Len: 626
  Hypertext Transfer Protocol
  HTTP/1.1 200 OK\r\n
  Response Code: 200
  Set-Cookie: mycookie=r1127814086; path=/; expires=Fri, 1 Jan 2010 01:01:50 GMT\r\n
  Date: Thu, 09 Jun 2005 13:10:38 GMT\r\n
  Server: Apache/1.3.26 (Unix) PHP/4.3.0-dev\r\n
  Last-Modified: Thu, 23 Mar 2000 09:48:14 GMT\r\n
  ETag: "7ca8-f9-38d9e85e"\r\n
  Accept-Ranges: bytes\r\n
  Content-Length: 249\r\n
  Keep-Alive: timeout=15, max=100\r\n
  Connection: Keep-Alive\r\n
  Content-Type: text/html\r\n
  \r\n
  Line-based text data: text/html

  Gilles,
  Thank you for your quick answer.
  I must say that I do not understand the use of such a fixed date. It implies a problem for us.
  In my serverfarm, I have 2 servers. If the server 1 falls, all the requests are sent towards the server 2. Thus, the clients will have the cookie of the server 2. When the server 1 is again available, all the clients who have a cookie of the server 2 will not go any more on the server 1. That can imply thus an imbalance of charge/session between the servers. Without manual intervention, we could even have all the requests on a server and none on the other.
  Regards,
  Pascal

• Configure Cookie Stickiness

  Needing to setup cookie based stickiness for the oracle guys. We have two 6513’s with CSM software version 3.1(4). I read a few of the Cisco docs to try and figure this out myself but what I configured is not working.
  Here is what the oracle guys want. If user is on Server 10.10.103.14 and Server 10.10.103.14 goes down the load balancers currently switches to Server 10.10.103.15. If server A comes back up the user is currently switched back to Server 10.10.103.14 and the session is lost. The Oracle guys want the user to stick on Server 10.10.103.15 until the session is completed.
  What is the best way to accomplish this using cookies and can you provide some config examples. Below is what my current config looks like.
  serverfarm ORACLEAPPFARM3
  nat server
  no nat client
  predictor hash address source
  failaction purge
  real 10.10.103.14
  inservice
  real 10.10.103.15
  inservice
  health retries 2 failed 2
  probe ORACLEICMPPROBE
  sticky 3 cookie CookieAPPFARM3 insert
  policy POLICYAPPFARM3
  sticky-group 3
  serverfarm ORACLEAPPFARM3
  vserver ORACLEVIRTUAL3
  virtual 10.0.103.22 any
  serverfarm ORACLEAPPFARM3
  replicate csrp connection
  persistent rebalance
  slb-policy POLICYAPPFARM3
  inservice

  cookie insert was introduced in version 4.1.
  So it is most probably not doing much with your 3.1 version.
  http://www.cisco.com/en/US/products/hw/modules/ps2706/prod_bulletin09186a00802072b0.html
  If you do not want to upgrade, you can do sticky based on source ip.
  Replace your sticky 3 cookie command with a 'sticky 3 netmask /32 timeout 600'
  Also, if you do stickyness you should change your predictor command to 'predictor leastconn' or 'predicot roundrobin'.
  Regards,
  Gilles.

• Arrowpoint cookie + stickiness

  Hi i have a question regarding advance balance arrowpoint cookie.
  The stickiness works fine unless the server goes down.When the server is dying and the user is making a request to the dying server then the CSS sends a RST but the client tries to reach still the old server. The stickiness is switching over to the next server only if I stop the pending request and I make a new request. Have you a suggestion ???
  Here the configuration of the content:
  content testcontent
  protocol tcp
  vip address 194.41.224.138
  redundant-index 1000
  add service h00bhm
  add service h00bhs
  arrowpoint-cookie expiration 00:00:30:00
  port 80
  url "/*"
  advanced-balance arrowpoint-cookie
  balance aca
  active

  if you have a persistent connection active when the server dies, the next request from the client is not loadbalanced and still forwarded to the server.
  This is the normal behavior.
  You can try the command 'no persistent' in the content rule and the command 'persistent reset remap' in global config.
  [might be persistence instead of persistent - never know which one is the correct spelling].
  Regards,
  Gilles.

• Cookie stickiness on ACE

  Hi:
  I have the following configuration. Although the users can hit the web server, the stickiness doesn't work.
  sticky http-cookie TEST1 TEST1
  timeout 300
  replicate sticky
  serverfarm PROXY
  policy-map type loadbalance first-match L7_TEMPORAL
  class HTTP-TEMPORAL
  sticky-serverfarm TEST1
  policy-map multi-match L4-VIP-LB-Policy
  class VIP-TEMPORAL
  loadbalance policy L7_TEMPORAL
  Raul

  Not sure if you already did that but to make stickiness work you need to assign resources for stickiness per context. Have look at the link.
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_chapter09186a0080686ebf.html#wp1051078
  sticky http-cookie TEST1 TEST1 says the ace is looking for a cookie named "TEST1" in the http header so you should make sure that cookie exists. Otherwise add a "cookie insert" and the ace should insert that a cookie named "TEST1" then.
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_chapter09186a0080686ebf.html#wp1015713
  [quote]
  The name argument in the sticky command specifies the cookie name that appears in the HTTP header. The name argument in the cookie secondary command specifies the cookie name that appears in the URL.
  [/quote]
  Roble

• ACE 4710 Can not confirm http cookie sticky connections

  We are using a ACE 4710 with A3(2.6) software release.
  I had to change our sticky load balancing method for HTTPS to cookie based.
  However while connections appear to work if I look at the sho sticky database table I can not see or confirm sticky entries for the cookie based connections.
  Here or config snippets to show the config
  sticky http-cookie ghh-www scook-ghh
    cookie insert browser-expire
    serverfarm ghh-www-443
  class-map match-all ghh-www-443_CLASS
    2 match virtual-address 172.16.1.21 tcp eq https
  class-map type http loadbalance match-any ghh-www-443_CLASSURL
    2 match http url [.]*
  policy-map type loadbalance first-match ghh-sticky-443_POLICY
    class class-default
      sticky-serverfarm scook-ghh
  policy-map multi-match POLICY
  class ghh-www-443_CLASS
        loadbalance vip inservice
        loadbalance policy ghh-sticky-443_POLICY
        loadbalance vip icmp-reply active
        appl-parameter http advanced-options CASE_PARAM

  Another point: please check whether your servers are listening only for HTTPS traffic or also for HTTP traffic:
  in the first case the ACE will have to: decrypt the traffic from the client, inspect the http header to take the loadbalance decision and then re-encrypt it and send it to the server
  in the second case the ACE would have to: decrypt the traffic from the client, inspect the http header to take the loadbalance decision and send it out as it is unencrypted to the server
  the second solution would have the benefit of being easier to configure and to require less resoucerces both on the ACE (only decryption to be performed) and on the servers (no need for SSL operations at all there) but it might be that your company or business sector have requirements for which this traffic should never flow unencrypted, in which case you would have to go for the first solution.
  Here you have a config example for the first solution:
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
  I would not expect you to have to pay extra for importing the cert and kepair into the ace, it would be just a copy, however as Alex said that may still depend on the license agreement with the CA.
  Cheers,
  Francesco