CSM: Sticky groups limitation (1..255)

Hi,
The number off total different STICKY GROUPS is limited to 255
This limits directly the number off VSERVERS/SERVERFARMS.
In case I have different serverfarms (and each different vserver maps to only 1 different serverfarm)
AND I want them all to be sticky (for example based on source ip address), I will have to configure
a different sticky group for each serverfarm.
This limits the number off vservers/serverfarms also to the maximun number off sticky groups.
(which is limited to 255)
Correctly or can I bypass this issue?
Thank you, Wim

That's correct.
You can use different form of stickyness that do not require a sticky group, like 'predictor hash'.
Regards,
Gilles.

Similar Messages

  • CSM Sticky Rule Limitation

    Hi
    Does anyone know if it is possible to have the same STICKY rule on multiple VIPs or what the max number of STICKY rules is on CSM SW version 3.2(1).
    Since we are using SSL modules too, we use an SSL STICKY rule per VIP and a Sticky rule per DECRYPT VIP. We currently have 209 Sticky Rules and would like to know when we will hit our limit.
    Regards
    Wayne

    you can use the same sticky group in multiple vserver.
    Just be aware that if client X is stuck to server Y for vserver Z, the same client X will get stuck to the same server Y for vserver Z' that would be using the same group.
    By using different group a client could be stuck to different server depending on the vserver they hit.
    Also, if you use the same group in multiple vserver, you need to make sure the same reals exist for the vserver.
    ie: if client X gets stuck to server Y on vserver Z, if client X open a connection with vserver Z' then the server Y must be part of the serverfarm under vserver Z'.
    Regards,
    Gilles.

  • CSM Sticky Group or predictor command?

    Hi,
    i want to ensure that my client connections are connecting to the same real server as long as it is inservice. When it goes down a second server will take this job. Question: Is it possible to reach that goal by using a parameter in the predictor or weight command, or is it solely required to configure a sticky group?
    Thanx, Stephan

    If you do not need to loadbalance i would suggest to do a vserver with one serverfarm that has one server and assign to that serverfarm a sorry/backup serverfarm with one server
    rp(config-slb-vserver)#serverfarm black-red backup green-blue

  • CSM: Sticky timeout parameter: difference between sticky group and vserver

    Hi,
    Concerning the example in the CSM manual about configuration of stickiness:
    What (or why) is exactly the difference between the timeout parameter (100 minutes):
    sticky 12 cookie foo timeout 100 AND the sticky 50 group 12 in the vserver.
    The timeout parameter is overruled in the vserver configuration. (100 -> 50)
    For what could this be usefull?
    Thank you!
    Kind regards,
    Wim
    This example shows how to configure a virtual server named barnett, associate it with the server farm
    named bosco, and configure a sticky connection with a duration of 50 minutes to sticky group 12:
    Router(config)# mod csm 2
    Router(config-module-csm)# sticky 12 cookie foo timeout 100
    Router(config-module-csm)# exit
    Router(config-module-csm)#
    Router(config-module-csm)# serverfarm bosco
    Router(config-slb-sfarm)# real 10.1.0.105
    Router(config-slb-real)# inservice
    Router(config-slb-real)# exit
    Router(config-slb-sfarm)#
    Router(config-slb-sfarm)# vserver barnett
    Router(config-slb-vserver)# virtual 10.1.0.85 tcp 80
    Router(config-slb-vserver)# serverfarm bosco
    Router(config-slb-vserver)# sticky 50 group 12
    Router(config-slb-vserver)# inservice
    Router(config-slb-vserver)# exit
    Router(config-module-csm)# end

    if you configure the group under a policy, there is no option for the timeout.
    This is why the option exist under the stick-group.
    In the vserver, you can overrid this timeout - so the timeout is per vserver.
    If you want the same timeout, just configure the same value.
    gdufour-cat6k-2(config-module-csm)#policy test1
    gdufour-cat6k-2(config-slb-policy)#sticky-group ?
    <1-255> sticky group ID
    gdufour-cat6k-2(config-slb-policy)#sticky-group 12 ?
    Gilles.

  • CSM sticky limitations

    Hello,
    I have a couple of CSMs in my ServerFarm Distribution Layer and am hoping someone could advise and help me, if possible.
    If I have a vserver with "sticky" applied and with a url policy applied in addition to a default serverfarm. Is there a way to force the CSM to make a load balance decision after an initial decision gets made and entered into the sticky table???
    Note: The policy points to different reals than the default serverfarm.
    With the "sticky" command applied to the vserver and a user comes in (1st time), they are processed either by the policy or by the default serverfarm (based on url) and are load balanced and entered into the sticky table. Everything works. However, if they come back in a 2nd time and need to be load balanced by the opposite process, (by policy or by default serverfarm this time), the CSM never processes it because the user is already in the sticky table. The CSM will not make a load balancing decision to other reals if the user is already in the sticky table from a previous load
    balancing decision.
    Is there any way the CSM can do this?? Or is the CSM limited for this type of
    requirement??
    Note: I cannot change the host name portion of my url.
    Thanks for your help. I greatly appreciate it.
    Tony

    We will need to see your config - policy and sticky.
    I'm not sure to understand how you created this.
    The CSM will normally parse the policy sequentially, and when it finds a match statement, it will use the sticky method or serverfarm configured.
    If no match, it goes to the next policy.
    Maybe all you need to do is configure different sticky group for each policy.
    ie:
    map Host1 header
    match protocol http header Host header-value ...
    map Host2 header
    sticky 1 ......
    sticky 2 ......
    policy P1
    header-map Host1
    sticky-group 1
    policy P2
    header-map Host2
    sticky-group 2
    Gilles.

  • Sticky group for multiple serverfarms

    For ACE, would the inclusion of more than one serverfarm on a sticky group create a conflict for the connections to servers?
    On CSM, usig the same sticky group on two different vservers will create a conflict for corresponding serverfarms.
    Is this an issue on ACE - should a separate sticky group created foe each ServerFarm?
    sticky ip-netmask 255.255.255.0 address source Group1
    timeout 60
    replicate sticky
    serverfarm SF1
    serverfarm SF2
    serverfarm SF3

    Its same as CSM. You can have just one serverfarm per sticky group.
    you should never use the same sticky group for different farms, otherwise that will break the VIP logic i.e. connections meant to serverfarm1 could end up being sent to serverfarm2.
    Syed Iftekhar Ahmed

  • Csm sticky - number of groupings

    We have numerous vservers supporting L4 load balancing - and have configured sticky based on source IP. We don't need stickieness across vservers - each vserver is independent and we just need to ensure that clients hitting a vserver will be directed to the same real server each time.
    We have over 255 vservers defined. Looks like there is limitation of 255 sticky groups. How do we keep stickieness for these vservers (we see that if we use the same sticky group in multiple vservers, we run into problems described in this forum since the real servers are different between vservers). Thanks.

    unfortunately the limitation can't be removed.
    So you need to find other form of stickyness that do not require a sticky group.
    You could use a 'predictor hash...' which is more or less equivalent to the sticky group.
    Regards,
    Gilles.

  • CSM sticky timeout value - is this an idle timeout value?

    We have sticky groups configured in our CSM, with an timeout value of 60 minutes. My question is does the timeout value reference an 'idle' value, such as a user disconnected from the session, and now that timer is counting down from the 60 minutes to 0, to remove the stale session out of CSM?
    Or is this some other kind of value? If so, what does the value actually represent?
    Group  CurrConns Timeout  Type
    17     290       60       src-ip netmask 255.255.255.255
    Also, from this info below, is "this" timeout value in seconds, or should this show in minutes? Or is this a bug that I need to resolve by updating the CSM version? We're still on v2.2(1).
    CSM with SSL  WS-X6066-SLB-S-K9
    Thanks, Tony
    switch#sho mod csm 1 sticky group 17
    group   sticky-data              real              timeout
    17      ip 10.x.x.x            10.x.x.x            3469
    17      ip 10.x.x.x            10.x.x.x            3275
    17      ip 10.x.x.x            10.x.x.x            3016
    17      ip 10.x.x.x            10.x.x.x            2791
    17      ip 10.x.x.x            10.x.x.x            879

    Hi Ajay, thank you for the response. From your reply, "It appears that you have configured the sticky timeout value higher then the default value. So the sticky timeout value is in minutes," we set each group to have a 60 minute timeout value. I had read from another string that the timeout values I'm seeing in this table were incorrectly displayed, due to an upgraded needed on the CSM. We're running 2.2(1), and I thought I remember reading 4.2.2 was required to correct this bug?
    switch#sho mod csm 1 sticky group 17
    group   sticky-data              real              timeout
    17      ip 10.x.x.x            10.x.x.x            3469
    17      ip 10.x.x.x            10.x.x.x            3275
    17      ip 10.x.x.x            10.x.x.x            3016
    17      ip 10.x.x.x            10.x.x.x            2791
    17      ip 10.x.x.x            10.x.x.x            879

  • Sticky group timer?

    Hi,
    What is the timer in the sticky group do? It is an idle timer or cache timer? I am using source ip based sticky on one of my vserver. there are two reals behind it and only two front end (proxy) web servers that hits it. when I remove one of the real (serverA), all the connection sourced by the two web server goes to the other real(serverB). When I bring back serverA, I don't see any connection going to it. I think that's because the two front end web servers are being "stuck" to serverB. When I view the sticky table, I see the specific group with a timer value that's decreasing. I'm tempted to change the sticky timer to 1 (minute) but am not sure it it's a idle timer or a cache timer.
    example config:
    sticky 130 netmask 255.255.255.255 timeout 30
    vserver backend_App
    virtual x.x.x.x
    server x
    sticky 30 group 130
    thanks,
    Steve

    Steve,
    sticky source-ip when there is only 2 ip coming in is not a very good solution.
    If we are talking http, you should check the possibility to use cookie.
    If your servers do not have a cookie that can be used for stickyness, then I would suggest to use the cookie-insert feature of the CSM allowing the CSM to generate is own cookie.
    Gilles.

  • CSM Sticky counters

    I am investigating resources for a new application that must have sticky set. I'm looking att counters for sticky and are a little confused. See following info.
    sho mod csm 5 sticky group 16
    group sticky-data real timeout
    16 ip 10.10.159.16 192.168.137.161 5398
    16 ip 10.10.167.36 192.168.137.165 6926
    16 ip 10.10.175.79 192.168.137.165 5923
    16 ip 10.10.187.84 192.168.137.165 4698
    16 ip 10.10.64.226 192.168.137.165 821
    16 ip 10.10.203.212 192.168.137.161 5028
    16 ip 10.10.81.227 192.168.137.165 6137
    16 ip 10.10.209.31 192.168.137.161 7177
    16 ip 10.10.210.84 192.168.137.165 574
    16 ip 10.10.232.8 192.168.137.161 5126
    16 ip 10.10.115.84 192.168.137.165 2443
    16 ip 10.10.138.14 192.168.137.165 498
    16 ip 10.10.138.87 192.168.137.165 248
    16 ip 10.10.139.148 192.168.137.165 5248
    16 ip 10.10.19.71 192.168.137.161 5319
    sho mod csm 5 sticky config
    Group CurrConns Timeout Type
    16 27 120 src-ip netmask 255.255.255.255
    The number of entries in sticky table and number of CurrConns doesn´t matsh. Is it a bug? How do I find out how meny entry I have in the sticky database? From my understanding ther can be 256.000 entries. Is it planned to increase that number? I'm running Ver 4.1(2).
    Regards
    Mats

    Currconns is number of connections.
    When source ip address can have multiple connections open, it will only create 1 single sticky entry.
    There is no plan to increase the number of entries.
    If you think you will need more, change the netmask, this will reduce the number of entries required.
    Regards,
    Gilles.

  • CSM Sticky Cookie Insert

    Hello,
    We have a Catalyst 6500 w/ CSM-S configuration that has 2 serverfarms with identical real servers using the same VIP. Each farm has 50 real servers (2 IPs with 25 consecutive ports each). One of the serverfarms is defined under a SLB policy with client NAT and the second one directly under the vserver. Both serverfarms are configured with the same sticky group for cookie insert. When I issue "show mod csm 13 sticky group 4" I only see 52 entries instead of 100. Also, some of the entries are duplicate. All the rest of the sticky groups are displaying the correct number of cookie entries, matching the number of real servers in the farms. Any ideas on why this is?

    You probably have encountered the following bug fixed only in version 4.2.2
    CSCsa74493
    CSM: sticky insert table not updated if adding new reals
    The workaround is to reboot the CSM or reconfigure reals, policy and vserver in the correct order.
    Gilles.

  • CSM - STICKY FOR SAP PORTAL USING SAPLB_* COOKIE

    Hello,
    Please, someone could send me an sample config implementing session persistence in SAP using saplb_* cookie in CSM with software 4.2 ?
    Thank You,

    we need more details.
    What's the cookie name ?
    Is it saplb_ ? is it changing  (so the asterisk saplb_*) ?
    The CSM can only learn the value of a cookie for a specific name which is static.
    This is done easily.
    IE:
    gdufour-cat6k-2(config-module-csm)#sticky 100 cookie saplb
    Once you have created your sticky group, you can assign to your vserver
    gdufour-cat6k-2(config-module-csm)#vserver www
    gdufour-cat6k-2(config-slb-vserver)#sticky 60 group 100
    Gilles.

  • Specify Interval Units limited to 255

    This question was previously asked then marked as answered even though it was never properly answered (as an aside I don't think it makes sense that a moderator can attempt to answer a question and then mark their own reply as the correct response, only
    the original asker should be able to mark a question as answered).  Here's the old thread:
    https://social.technet.microsoft.com/Forums/office/en-US/4b040e3d-4b3c-4bbe-a1fc-d705f6dda308/specify-interval-units-bug-255-max?forum=officeitpro
    To summarize: When setting labels on the X-axis (eg. in a line graph) in previous versions of Excel I could set an interval unit of anything, in Excel 2013 it is limited to 255.  Here is the option I'm referring to: http://i.imgur.com/G3mbunY.png
    Is there a solution to this problem?

    Hi,
    As far as I know, "Specify Interval Units" limitation 255 is by design in Excel 2013. When the mouse hover the box, we'll see the tip "Enter a whole number from 1 to 255".
    Thus, I recommend you submit the feedback with following website:
    http://office.microsoft.com/suggestions.aspx
    Thanks for your understanding.
    Regards,
    George Zhao
    TechNet Community Support
    It's recommended to download and install
    Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
    programs.

  • CSM sticky?

    I have configured the
    CSM with sticky on all vservers. The one problem I am having is the programmers that need to get directly to the server cannot, they are stuck on the server they inially attached to, they cannot even connect using telnet or http. What am I missing or what do I need to add to allow them to access servers, bypassing the sticky???

    Hi Thornick,
    If you say that they are always stuck to the same server,
    then they go to the server via the virtual ip address and NOT directly.
    I assume that de servers are directly attached behind the CSM blade.
    One possible solution could be to use a policy serverfarm (in your VSERVERs)
    which is not sticky and also use the client group option within this policy serverfarm.
    This client group refers to an access-list containing all ip addresses of
    your programmers PC's.
    Greetings, Wim

  • CSM Sticky Source IP

    Hello,
    I need help configuring my CSM; I have a group of networks which need to be routed to a specific server based on their location.
    I have a link which points to VIP:
    http://1.1.1.1
    If the request comes from source 2.2.2.0/24 they should be sent to http://1.1.1.2.
    If the request comes from source 3.3.3.0/24 they should be sent to http://1.1.1.3.
    What would be the best way to set ths up?
    Thank you,
    Scott

    module ContentSwitchingModule 5
    vlan 220 server
    ip address 10.20.220.2 255.255.255.0
    alias 10.20.220.1 255.255.255.0
    vlan 221 client
    ip address 10.20.221.5 255.255.255.0
    gateway 10.20.221.1
    alias 10.20.221.2 255.255.255.0
    probe PING icmp
    interval 2
    retries 2
    failed 10
    receive 2
    real SERVER1
    address 10.20.220.10
    inservice
    real SERVER2
    address 10.20.220.20
    inservice
    real SERVER3
    address 10.20.220.30
    inservice
    real SERVER4
    address 10.20.220.40
    inservice
    serverfarm WEBFARM
    nat server
    no nat client
    real name SERVER1
    inservice
    real name SERVER2
    inservice
    probe PING
    serverfarm WEBFARM2
    nat server
    no nat client
    real name SERVER3
    inservice
    real name SERVER4
    inservice
    policy SOURCE-IP-50
    client-group 50
    serverfarm WEBFARM2
    # A policy consists of a series of conditions, plus the
    # actions to take if those conditions are matched.
    # In this case, the only condition is "client-group 50"
    # which requires the incoming connection to match
    # the standard access-list 50
    # The only action to take is to use serverfarm WEBFARM2
    # to serve those requests.
    vserver WEB
    virtual 10.20.221.100 tcp www
    serverfarm WEBFARM
    persistent rebalance
    slb-policy SOURCE-IP-50
    # slb-policies associated to a vserver are always examined
    # in the order in which they are configured.
    # The defintion of the "serverfarm" under the vserver config
    # is the default policy and is always used as last resort
    # if no policy matches or if there are no policies
    # In this case, incoming requests will be processed to see
    # if they match the conditions of slb-policy SOURCe-IP-50
    # If they do, then WEBFARM2 is used, otherwise the default
    # policy is selected (i.e. WEBFARM will be used).
    # If a default farm is not configured, then connections
    # not matching any policy are dropped.
    inservice
    access-list 50 permit 10.20.1.100
    # Configuration of the IOS standard access-list
    # You can configure any of the 1-99 standard access-list
    # or you can configure named access-lists

Maybe you are looking for