CSM Sticky Cookie Insert

Hello,
We have a Catalyst 6500 w/ CSM-S configuration that has 2 serverfarms with identical real servers using the same VIP. Each farm has 50 real servers (2 IPs with 25 consecutive ports each). One of the serverfarms is defined under a SLB policy with client NAT and the second one directly under the vserver. Both serverfarms are configured with the same sticky group for cookie insert. When I issue "show mod csm 13 sticky group 4" I only see 52 entries instead of 100. Also, some of the entries are duplicate. All the rest of the sticky groups are displaying the correct number of cookie entries, matching the number of real servers in the farms. Any ideas on why this is?

You probably have encountered the following bug fixed only in version 4.2.2
CSCsa74493
CSM: sticky insert table not updated if adding new reals
The workaround is to reboot the CSM or reconfigure reals, policy and vserver in the correct order.
Gilles.

Similar Messages

  • Catalyst 6500 CSM-S Cookie stickiness timout ?

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin-top:0cm;
    mso-para-margin-right:0cm;
    mso-para-margin-bottom:10.0pt;
    mso-para-margin-left:0cm;
    line-height:115%;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Hi, anyone able to help with this ?
    We have a CSM-S sitting in a 6513, at the moment we have IP stickiness applied for a Vserver/Serverfarm. The back end product vendor advises that cookie stickiness would be more appropriate for their application.
    I have been scratching my head around the timeout of the inserted cookies; whatever I do they persist seemingly indefinitely, for example:
    Just a test configuration with a 10minute sticky timout.
    serverfarm applicationA
      nat server
      nat client applicationA_pool
      failaction reassign
      real 1.1.1.1
       inservice
      real 1.1.1.2
       inservice
      health retries 1 failed 120
      probe applicationA_probe
    sticky 1 cookie applicationA_sticky insert timeout 10
    vserver applicationA-HTTP
      virtual 2.2.2.10 tcp www
      unidirectional
      serverfarm applicationA
      sticky 10 group 1
      no persistent rebalance
      inservice
    Doing show mod csm 1 sticky
    group   sticky-data              real                  timeout
    1       cookie F5BF7115:F80EA688 1.1.1.1           0
    1       cookie 4AFC972B:BB722437 1.1.1.2           0
    Then a show mod csm 1 sticky config
    Group  NumEntries Timeout  Type
    1             82                           10        cookie-insert applicationA_sticky
    When browsing to the VIP I see the application page via one of the reals. For the sake of the test I am using round-robin. Without cookies applied my browser will bounce between reals (I turned off persistent rebalance during testing) as expected.
    With a sticky cookie inserted the browser stays on one of the real’s, however the timeout which I have applied does not work. The client will stay stuck to the real almost indefinitely (the actual cookie expiry is 2099!).
    The online documentation advised that the method I am using should work as expected:
    Quote
    This example shows how to configure a virtual server named barnett, associate it with the server farm named bosco, and configure a sticky connection with a duration of 50 minutes to sticky group 12:
    Router(config)# mod csm 2
    Router(config-module-csm)# sticky 1 cookie foo timeout 100
    Router(config-module-csm)# exit
    Router(config-module-csm)#
    Router(config-module-csm)# serverfarm bosco
    Router(config-slb-sfarm)# real 10.1.0.105
    Router(config-slb-real)# inservice
    Router(config-slb-real)# exit
    Router(config-slb-sfarm)#
    Router(config-slb-sfarm)# vserver barnett
    Router(config-slb-vserver)# virtual 10.1.0.85 tcp 80
    Router(config-slb-vserver)# serverfarm bosco
    Router(config-slb-vserver)# sticky 50 group 12
    Router(config-slb-vserver)# inservice
    Router(config-slb-vserver)# exit
    Router(config-module-csm)# end
    End Quote
    I am guessing that sticky group 12 / 1 is a typo
    Looking at the documentation, sticky can also be applied not in the vserver config but in a policy (this is how we are doing IP stickiness). I have tried both methods. Same result.
    I am natting the client address to a private pool which then talks to the reals (and back). Would'nt expect this to be any issue.
    The CSM is running Software version: 4.3(5).
    Any help appreciated.

    Good mornign Simon,
    The behavior you are seeing is the expected one.
    When the CSM is configured for cookie insertion, a static cookie value is created in the sticky table for each server. This is the cookie that is being inserted, using as expiration date the one defined in the COOKIE_INSERT_EXPIRATION_DATE variable.
    With this stickiness method, there is no need to use a timeout, because, since the sticky table will only contain one entry for each server, it will never become full.
    Quoting from the documentation:
    Note     The
    configurable timeout values are not applied when using cookie insert. 
    You can adjust the timeout value using the environment variables.
    If you don't want to keep the cookies in the client for that long, another approach you can use is setting an empty date in the COOKIE_INSERT_EXPIRATION_DATE variable. When doing that, the cookie will be inserted without an expiration date, so it will be cleared when the browser is closed.
    I hope this answers your question
    Regards
    Daniel

  • Cookie insert in the CSM module

    Hello
    I would like to ask if anbody know why when I use the "cookie insert" option in the CSM configuration with the timeout of 60 minutes, from the browser point of view the cookie expires in 2010? I have checked in on the CSM and CSM-S and in both of them it works the same way.
    Thanks in advance
    Regards
    Lukas

    Its because of the variable (COOKIE_INSERT_EXPIRATION_DATE) that sets the expiry date to Jan 2010. Use "show mod csm X
    variable" to see it.
    xyz#sh mod csm 3 var | include EXPIRATION
    COOKIE_INSERT_EXPIRATION_DATE Fri, 1 Jan 2010 01:01:50 GMT
    Setting this variable to none makes it a session cookie ( expire at
    the end of the session -- cookie will be erased when the browser is closed).
    (config-module-csm)#variable COOKIE_INSERT_EXPIRATION_DATE ""
    With "cookie insert feature" on the CSM ,
    the timeout value configured in the sticky has no affect. You will always see a timeout of zero.
    Syed Iftekhar Ahmed

  • CSM - STICKY FOR SAP PORTAL USING SAPLB_* COOKIE

    Hello,
    Please, someone could send me an sample config implementing session persistence in SAP using saplb_* cookie in CSM with software 4.2 ?
    Thank You,

    we need more details.
    What's the cookie name ?
    Is it saplb_ ? is it changing  (so the asterisk saplb_*) ?
    The CSM can only learn the value of a cookie for a specific name which is static.
    This is done easily.
    IE:
    gdufour-cat6k-2(config-module-csm)#sticky 100 cookie saplb
    Once you have created your sticky group, you can assign to your vserver
    gdufour-cat6k-2(config-module-csm)#vserver www
    gdufour-cat6k-2(config-slb-vserver)#sticky 60 group 100
    Gilles.

  • Cookie Insert-Based Persistence

    Hi,
    I'm slightly confused by the relationship between the various timers with relation to cookies.
    For example, I want to use the "cookie insert" feature to provide persistence, but only across sessions. To do this I think I need to modify the COOKIE_INSERT_EXPIRATION_DATE variable to set it to null.
    So far so good.
    1) do I need to do anything more (like match cookie) to enable this persistence? or does it happen automatically?
    2) if I do this what effect does the timer values have on persistence? (i.e. there is a default timeout of 1440 minutes - does this get ignored?)
    thanks,
    Ray.

    setting COOKIE_INSERT_EXPIRATION_DATE to null makes "inserted cookie" session based cookie.
    You just need to
    1. Define a sticky group with insert cookie
    sticky 19 cookie APP1-cookie insert timeout 30
    (timeout defined here has no significance, CSM will insert cookie "APP1-cookie" in the server responses.Cookie values will be different for all the reals)
    2. And Assign it to a VServer/ policy
    vserver APP1-VS
    virtual 10.10.10.12 tcp www
    serverfarm APP1-SF
    sticky 30 group 19
    replicate csrp sticky
    replicate csrp connection
    persistent rebalance
    inservice
    Syed Iftekhar Ahmed

  • ACE 4710 and load balancing with sticky cookie

    Configuring load balancing with SSL termination and stickiness for a couple of citrix xenapp servers.  I'm doing a source-NAT as the ACE resides in the DMZ and these particular servers reside on the inside arm of the firewall.  The ACE is in bridged mode to load balance web servers that reside in the DMZ.  Everything seems to work just fine, but the cookie stickiness does not seem to be working.

    Hi David,
    As you may know, using Wireshark to look at an HTTPS capture is only useful if you've installed the server SSL key.This is why I find it easier to use something like LiveHTTPHeaders or HTTPWatch.
    When using cookie-insert, the ACE will not create any dynamic cookie entries.  It will simply create one static entry for each rserver with a cookie value, such as R3911631338, and any client that gets load balanced to that rserver will receive a cookie with that value.  So what you see there is what is expected.
    You are correct in that when using location cookies that the server supplies, the ACE will create a dynamic entry when it sees the server response with the cookie.   The cookie is included in the server's response, and the ACE will look for the value as configured.  The cookie will also be sent to the client.  If the cookie is not in the server's first response, you will need enable persistence-rebalance so that it will look in subsequent server responses.  If the browser opens new connections with that cookie, then the ACE will stick to the same server.
    My suggestion would be to get sticky working with cookie-insert first.  Then if that meets your needs, go with that permanently.  If you need to use server cookies, then once cookie insert is working, migrate your sticky to cookie location.
    Sean

  • ACE sticky cookie value

    Hello,
    I have a following configuration:
    sticky http-cookie STICKY_TMP STICKY_TMP
    cookie insert ...
    Cookies are sent and stickiness works. Everything is ok... Almost :-)
    Now I have a question regarding value of cookies created by ACE.
    Currently cookies have values that look like this "R4224709512"
    Is it possible to change this value so it reflects the target node that processes requests for this sticky session. This cookie could contain i.e. ip address of real server.
    Arrowpoint cookie on CSS1150 worked this way...
    Another question. How do I identify this cookie value with sticky-entries in "show sticky database static" output?
    This command doesn't show anything like R4224709512, but only numbers like 18293255029648678255
    best regards
    Kuba

    I am using ACE with version A3(2.1).
    The “sticky-entry” in "show sticky data static"is a hash of the cookie-value set by ACE for the real server. so you need to use "show sticky database http-cookie " to determine which server are serving the client.
    ACE-1/routed(config-pmap-lb-c)# do show sticky database http-cookie
    sticky group : web-sticky
    type : HTTP-COOKIE
    timeout : 5 timeout-activeconns : FALSE
    sticky-entry rserver-instance time-to-expire flags
    ---------------------+----------------------+--------------+-------+
    16820511103801384579 lnx1:0 0 -
    sticky group : web-sticky
    type : HTTP-COOKIE
    timeout : 5 timeout-activeconns : FALSE
    sticky-entry rserver-instance time-to-expire flags
    ---------------------+----------------------+--------------+-------+
    3347854103021350619 lnx2:0 0 -
    ..sometimes they'd only show up w/ the static instead of the cookies option for some reason.
    found some explanation about this:
    http://docwiki.cisco.com/wiki/Session_Persistence_Using_Cookie_Learning_on_the_Cisco_Application_Control_Engine_Configuration_Example
    There is a difference between inserting an ACE-generated cookie or using one learned by the ACE. The cookie-insert feature creates a static cookie.
    To look at static cookies you need to use the command:
    show sticky database static
    if you try static cookie (cookie inserted by ACE), the value is placed in the static sticky table at the time of configuration...
    so no need to send traffic, once the static sticky config is in place, you should see an entry with 'show sticky database static'.
    Do not try to filter the table with some other parameters...they do not work until A2(1.4)
    There are 2 database:
    One for static entries and one for dynamic entries.
    Every show command that does not include the static keyword will look into the dynamic database.
    So, you won't see anything by using those commands.
    You could perform some test to identify which cookie is sent to which server.
    The cookie value is static, so the number of value is limited to the number of servers.
    There is a dynamic cookie learning feature available in ACE.
    Kinly tell me if you want to discuus about that.
    Kindly rate if possible.
    Kind regards,
    Sachin garg

  • ACE: new stiky cookie inserted for different URL?

    I have sticky cookies set (cookie insert) and http persistence rebalance on. The virtual server is made of a group of three real http servers.
    The DNS name of the virtual server is for example "vhost.domain.com".
    If I browse (from the internal network) to "http://vhost/" my session is stuck to a real server using cookie stickiness. My question is, when I click a link which is fully qualified e.g. "http://vhost.domain.com/newpage.html" is a stickiness maintained or as the http header has changed is it seen as a new session and potentially sending me to a different real server?

    ACE doesn't care about the url.
    It will simply look for the presence of the cookie.
    If the cookie is there, you will stick to the same rserver.
    If not, this is considered a new connection and the request is loadbalanced.
    So, it all depends if your browser consider that vhost and vhost.domain.com are the same because the cookie is associated to a domain.
    Normally it should consider them the same.
    Gilles.

  • ACE Cookie insert behavior

    Hi ,
    My requirement is as follows
    i have following url
    http://x.x.x.x/abc
    http://x.x.x./dce
    http://x.x.x.x/fgh
    only for http://x.x.x.x/abc should be using stickiness based on http cookie insert remaining all it should use ip based stickiness.
    problem what i am facing is ,
    if i access http://x.x.x.x/dce , it is not showing any COOKIE in the header ( which is as expected ) and when i access http://x.x.x./abc it showing the inserted COOKIE (again expected) , but when i am accessing the url http://x.x.x.x/dce or fgh again , it is still showing the INSERTED COOKIE  is it a known behaviour?.
    as far as i understand , before the session  request , ACE maintains the insert cookie values in the cookie database and thus it is less processing intensive.
    However , why is it inserting to all request , even though i am not configuring as such .
    following is my configuration  , is it a known behaviour or is it the way it should work?
    serverfarm host SF-FOR-DCE
      probe TCP_8032
      rserver MYSERVER1 8032
        inservice
      rserver MYSERVER2 8032
        inservice
    serverfarm host SF-FOR-FGH
      probe TCP_8083
      rserver MYSERVER1 8083
        inservice
      rserver MYSERVER2  8083
        inservice
    serverfarm host SF-FOR-ABC
      probe TCP_8081
      rserver MYSERVER1 8081
        inservice
      rserver MYSERVER1 8081
        inservice
    sticky http-cookie COOKIE-SKYCHAIN STICKY-ABC
      cookie insert browser-expire
      timeout 720
      replicate sticky
      serverfarm SF-FOR-ABC
    sticky ip-netmask 255.255.255.0 address source STICKY-DCE
      timeout 720
      replicate sticky
      serverfarm SF-FOR-DCE
    sticky ip-netmask 255.255.255.0 address source STICKY-EFG
      timeout 720
      replicate sticky
      serverfarmSF-FOR-FGH
    class-map type http loadbalance match-all CM7-1
      2 match http url /dce/*.*
    class-map type http loadbalance match-all CM7-2
      2 match http url /fgh/*.*
    class-map type http loadbalance match-all CM7-3
      2 match http url /abc*.*
    policy-map type loadbalance first-match PM7-1
      class CM7-1
        sticky-serverfarm STICKY-DCE
      class CM7-2
        sticky-serverfarm STICKY-EFG
      class CM7-3
        sticky-serverfarm STICKY-ABC
    class-map match-any CM3-VIP
      3 match virtual-address x.x.x.x tcp eq www
    policy-map multi-match PM34-VIP
    class CM3-VIP
        loadbalance vip inservice
        loadbalance policy PM7-1
        loadbalance vip icmp-reply
    Assistance appreciated.
    thanks
    -PMD

    Are you seeing the client still send the cookie when going to the other locations /DCE or /FGH, or are you seeing the ACE insert the cookie? If you are only seeing the client still sending the cookie this is expected behavior. The cookie is issued for the path / so if the client learned the cookie from the domain x.x.x.x it will send the cookie any time it goes to that domain regardless of the path that is being used.
    Regards
    Jim

  • ACE cookie-insert stickyness

    Hi, I am trying to understand the ACE`s cookie-insert method of stickiness. So the ACE will always insert a cookie into the http-header when sending a response to the client/browser. Based on that if it recieves the same cookie-id in the subsequent requests it knows to which end-server to send it as it does an internal hash based on the cookie-value.
    My question is, what happens if the server also sends a cookie? Does ACE dis-regards that cookie and inserts a new one on it`s own? How do the cookie-insertion from the server (which is done by default by the web-servers) co-exist with the cookie insertion by the ACE?
    thnx

    Hi,
    As long as they don't both use the Same Cookie name they won't influence each other.
    If you don't assign a cookie-name ACE will create a unique one per rserver.
    Or you can configure one e.g.
    rserver WebServer1 80
        cookie-string "ACEWS1Cookie"
    More details can be found here:
    http://www.cisco.com/en/US/customer/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/sticky.html

  • CSM: Sticky timeout parameter: difference between sticky group and vserver

    Hi,
    Concerning the example in the CSM manual about configuration of stickiness:
    What (or why) is exactly the difference between the timeout parameter (100 minutes):
    sticky 12 cookie foo timeout 100 AND the sticky 50 group 12 in the vserver.
    The timeout parameter is overruled in the vserver configuration. (100 -> 50)
    For what could this be usefull?
    Thank you!
    Kind regards,
    Wim
    This example shows how to configure a virtual server named barnett, associate it with the server farm
    named bosco, and configure a sticky connection with a duration of 50 minutes to sticky group 12:
    Router(config)# mod csm 2
    Router(config-module-csm)# sticky 12 cookie foo timeout 100
    Router(config-module-csm)# exit
    Router(config-module-csm)#
    Router(config-module-csm)# serverfarm bosco
    Router(config-slb-sfarm)# real 10.1.0.105
    Router(config-slb-real)# inservice
    Router(config-slb-real)# exit
    Router(config-slb-sfarm)#
    Router(config-slb-sfarm)# vserver barnett
    Router(config-slb-vserver)# virtual 10.1.0.85 tcp 80
    Router(config-slb-vserver)# serverfarm bosco
    Router(config-slb-vserver)# sticky 50 group 12
    Router(config-slb-vserver)# inservice
    Router(config-slb-vserver)# exit
    Router(config-module-csm)# end

    if you configure the group under a policy, there is no option for the timeout.
    This is why the option exist under the stick-group.
    In the vserver, you can overrid this timeout - so the timeout is per vserver.
    If you want the same timeout, just configure the same value.
    gdufour-cat6k-2(config-module-csm)#policy test1
    gdufour-cat6k-2(config-slb-policy)#sticky-group ?
    <1-255> sticky group ID
    gdufour-cat6k-2(config-slb-policy)#sticky-group 12 ?
    Gilles.

  • CSS cookie insertion

    Hi everyone,
    I have a question about the cookie insertion.
    I understand there are two method of inserting cookie,
    1: by Server
    2: by CSS
    and those method can not be configured simultaneously, that is, if the cookie inserted by server,
    CSS can not insert the cookie for the connection.
    Because if the cookie inserted by server and by CSS, the server can not accept the cookie
    information.
    For example,
    Server inserts the cookie "0123456789"
    and also
    CSS inserts the cookie "ARPT=bbbbbbbsssssttttttt"
    Server expects the cookie information is "0123456789" but the cookie information reaches
    to the server is "ARPT=bbbbbbbsssssttttttt;0123456789".
    So the server can not recognize the HTTP connection includes the cookie "ARPT=bbbbbbbsssssttttttt;0123456789"
    because the server only understands the cookie "0123456789".
    Does my understand is true ?
    Or in this situation, does CSS remove the own inserted cookie (ARPT...) by understanding that
    "the server also inserts cookie so I (CSS) need to remove cookie" ?
    Your information would be greatly appreciated.
    Best regards,

    just use a different cookie name on the server.
    ARPT is the one by default on the CSS and it stands for ARrowPoinT.
    If your server uses a different cookie name like SERVER, then both cookie can exist at the same time.
    The client would received
    ARPT=bbbbbbbsssssttttttt
    SERVER=0123456789
    and it will also send this data when sending the next request.
    The CSS will detect the ARPT=... value and use it and then pass all the data to the server.
    The server will also see its own cookie SERVER=.....
    Gilles.

  • CSM sticky timeout value - is this an idle timeout value?

    We have sticky groups configured in our CSM, with an timeout value of 60 minutes. My question is does the timeout value reference an 'idle' value, such as a user disconnected from the session, and now that timer is counting down from the 60 minutes to 0, to remove the stale session out of CSM?
    Or is this some other kind of value? If so, what does the value actually represent?
    Group  CurrConns Timeout  Type
    17     290       60       src-ip netmask 255.255.255.255
    Also, from this info below, is "this" timeout value in seconds, or should this show in minutes? Or is this a bug that I need to resolve by updating the CSM version? We're still on v2.2(1).
    CSM with SSL  WS-X6066-SLB-S-K9
    Thanks, Tony
    switch#sho mod csm 1 sticky group 17
    group   sticky-data              real              timeout
    17      ip 10.x.x.x            10.x.x.x            3469
    17      ip 10.x.x.x            10.x.x.x            3275
    17      ip 10.x.x.x            10.x.x.x            3016
    17      ip 10.x.x.x            10.x.x.x            2791
    17      ip 10.x.x.x            10.x.x.x            879

    Hi Ajay, thank you for the response. From your reply, "It appears that you have configured the sticky timeout value higher then the default value. So the sticky timeout value is in minutes," we set each group to have a 60 minute timeout value. I had read from another string that the timeout values I'm seeing in this table were incorrectly displayed, due to an upgraded needed on the CSM. We're running 2.2(1), and I thought I remember reading 4.2.2 was required to correct this bug?
    switch#sho mod csm 1 sticky group 17
    group   sticky-data              real              timeout
    17      ip 10.x.x.x            10.x.x.x            3469
    17      ip 10.x.x.x            10.x.x.x            3275
    17      ip 10.x.x.x            10.x.x.x            3016
    17      ip 10.x.x.x            10.x.x.x            2791
    17      ip 10.x.x.x            10.x.x.x            879

  • CSM sticky limitations

    Hello,
    I have a couple of CSMs in my ServerFarm Distribution Layer and am hoping someone could advise and help me, if possible.
    If I have a vserver with "sticky" applied and with a url policy applied in addition to a default serverfarm. Is there a way to force the CSM to make a load balance decision after an initial decision gets made and entered into the sticky table???
    Note: The policy points to different reals than the default serverfarm.
    With the "sticky" command applied to the vserver and a user comes in (1st time), they are processed either by the policy or by the default serverfarm (based on url) and are load balanced and entered into the sticky table. Everything works. However, if they come back in a 2nd time and need to be load balanced by the opposite process, (by policy or by default serverfarm this time), the CSM never processes it because the user is already in the sticky table. The CSM will not make a load balancing decision to other reals if the user is already in the sticky table from a previous load
    balancing decision.
    Is there any way the CSM can do this?? Or is the CSM limited for this type of
    requirement??
    Note: I cannot change the host name portion of my url.
    Thanks for your help. I greatly appreciate it.
    Tony

    We will need to see your config - policy and sticky.
    I'm not sure to understand how you created this.
    The CSM will normally parse the policy sequentially, and when it finds a match statement, it will use the sticky method or serverfarm configured.
    If no match, it goes to the next policy.
    Maybe all you need to do is configure different sticky group for each policy.
    ie:
    map Host1 header
    match protocol http header Host header-value ...
    map Host2 header
    sticky 1 ......
    sticky 2 ......
    policy P1
    header-map Host1
    sticky-group 1
    policy P2
    header-map Host2
    sticky-group 2
    Gilles.

  • SSL CSM Sticky

    Hi,
    My setup is as follow, I have 2 CSM in two different 6509 running in active and standby mode and 2 SSLM running also in two different 6509 too.
    My SSL traffic terminates at my SSLM
    Currently my CSM and SSL is working fine but I notice there's this niggling issue whereby at times accessing my web servers via HTTPS traffic. My SSL stickyness don't seem to be working at times. The secnario is as that while accessing the pages via HTTPS the certificate web pages keep prompting and after checking the cert there are from 2 different SSLM. Furthermore after doing a trace I can confirm that the SSL sticky don work at times but this is like a 5-10 % rate.
    After reading some of the post in the forum, the SSL ID in IE will expire and renegoiate again. Could this cause this problem ? ALso how can I rectify this. Pls advise. Thanks
    Attached are my config and the screen cature of the error

    indeed IE is most probably the culprit here.
    The CSM learns the SSLID generated by the SSLM and create a sticky entry to link this value to the SSLM.
    when IE wants to renegotiate the SSLID, it starts a new SSL session with a blank [0x00] SSLID.
    The CSM can't stick this client to the corresponding SSLM and therefore it will loadbalance the session to the next SSLM.
    If you have no control on the browser, there is no solution using SSLID.
    What some people will do is use another form of stickyness to resolve the problem.
    The only other sticky method is based on source ip address.
    Regards,
    Gilles.

Maybe you are looking for

  • Combo box popup width adjusting no longer work in 1.0.6_26-b03

    Previously, I was able to adjusting combo box popup's width, by referring to the technique described in [http://tips4java.wordpress.com/2010/11/28/combo-box-popup/|http://tips4java.wordpress.com/2010/11/28/combo-box-popup/]. During that time, I was u

  • Why can't I access my music on my ITouch?  It wants me to connect to a wireless network in order to listen to my music

    For the last few days, when I want to listen to music on my Itouch, it is asking to connect to a wireless network?

  • Brick images

    Hey, making a breakout clone, four players, over a network. But i was wondering, is there a faster way to draw and redraw the 'ball' and paddles than just drawing a rectangle and square? im worried about performance issues over a network, so i need t

  • Media manager crashes - across - disks

    I was trying to use media manager in FCP (latest version) to copy (and delete excess) a project. I was doing so from one LaCie firewire disk to another. I kept getting kernels. Tried as much debugging as possible without luck. Finally tried by doing

  • Best Procedure to Validate data in Xlsx

    Hi All, I have a requirement where we have to build an ETL  to load xlsx files into my SQL Database. Before loading to my target table i would need to validate the data. I have Two Procedures to validate the data 1) Import every thing into SQL, valid