CSM Sticky Rule Limitation
Hi
Does anyone know if it is possible to have the same STICKY rule on multiple VIPs or what the max number of STICKY rules is on CSM SW version 3.2(1).
Since we are using SSL modules too, we use an SSL STICKY rule per VIP and a Sticky rule per DECRYPT VIP. We currently have 209 Sticky Rules and would like to know when we will hit our limit.
Regards
Wayne
you can use the same sticky group in multiple vserver.
Just be aware that if client X is stuck to server Y for vserver Z, the same client X will get stuck to the same server Y for vserver Z' that would be using the same group.
By using different group a client could be stuck to different server depending on the vserver they hit.
Also, if you use the same group in multiple vserver, you need to make sure the same reals exist for the vserver.
ie: if client X gets stuck to server Y on vserver Z, if client X open a connection with vserver Z' then the server Y must be part of the serverfarm under vserver Z'.
Regards,
Gilles.
Similar Messages
-
CSM: Sticky groups limitation (1..255)
Hi,
The number off total different STICKY GROUPS is limited to 255
This limits directly the number off VSERVERS/SERVERFARMS.
In case I have different serverfarms (and each different vserver maps to only 1 different serverfarm)
AND I want them all to be sticky (for example based on source ip address), I will have to configure
a different sticky group for each serverfarm.
This limits the number off vservers/serverfarms also to the maximun number off sticky groups.
(which is limited to 255)
Correctly or can I bypass this issue?
Thank you, WimThat's correct.
You can use different form of stickyness that do not require a sticky group, like 'predictor hash'.
Regards,
Gilles. -
ACE: Different Sticky rules for different URLs
Is there a way to apply different sticky rules (or no sticky at all) depending on the URL for a given site under ACE?
The reason I want to do this is because I have an extremely common URL that chews up sticky resources when it doesn't matter if the URL is sticky. We have several thousand PC's that have a web based screen saver on them that just pull random pages to be displayed on the users' screen when the screen saver kicks in. These pages do not need to be sticky but other pages on the same farm need sticky. Is this possible?
CaseyCreate a more specific Layer 7 class map and instead of calling sticky serverfarm use serverfarm.
for example
sticky http-cookie COOKIE STATIC
cookie insert browser-expire
timeout 5
serverfarm WEBFARM
serverfarm host WEBFARM
rserver SV1 80
inservice
rserver SV2 80
inservice
class-map match-any APP1-VIP
2 match virtual-address 10.86.178.160 tcp eq http
class-map type http loadbalance match-all Condition1
2 match http url .*
3 match http header Host header-value 172.16.31.*
4 match http header User-Agent header-value .*MSIE.*
class-map type http loadbalance match-all Condition2
2 match http url .*
policy-map type loadbalance first-match L7_COOKIE_STATIC
class Condition2
sticky-serverfarm STATIC
class Condition1
serverfarm WEBFARM
policy-map multi-match CLIENT_VIPS
class APP1-VIP
loadbalance vip inservice
loadbalance policy L7_COOKIE_STATIC
loadbalance vip icmp-reply active
loadbalance vip advertise active
Syed -
Hello,
We have a Catalyst 6500 w/ CSM-S configuration that has 2 serverfarms with identical real servers using the same VIP. Each farm has 50 real servers (2 IPs with 25 consecutive ports each). One of the serverfarms is defined under a SLB policy with client NAT and the second one directly under the vserver. Both serverfarms are configured with the same sticky group for cookie insert. When I issue "show mod csm 13 sticky group 4" I only see 52 entries instead of 100. Also, some of the entries are duplicate. All the rest of the sticky groups are displaying the correct number of cookie entries, matching the number of real servers in the farms. Any ideas on why this is?You probably have encountered the following bug fixed only in version 4.2.2
CSCsa74493
CSM: sticky insert table not updated if adding new reals
The workaround is to reboot the CSM or reconfigure reals, policy and vserver in the correct order.
Gilles. -
CSM - STICKY FOR SAP PORTAL USING SAPLB_* COOKIE
Hello,
Please, someone could send me an sample config implementing session persistence in SAP using saplb_* cookie in CSM with software 4.2 ?
Thank You,we need more details.
What's the cookie name ?
Is it saplb_ ? is it changing (so the asterisk saplb_*) ?
The CSM can only learn the value of a cookie for a specific name which is static.
This is done easily.
IE:
gdufour-cat6k-2(config-module-csm)#sticky 100 cookie saplb
Once you have created your sticky group, you can assign to your vserver
gdufour-cat6k-2(config-module-csm)#vserver www
gdufour-cat6k-2(config-slb-vserver)#sticky 60 group 100
Gilles. -
CSM: Sticky timeout parameter: difference between sticky group and vserver
Hi,
Concerning the example in the CSM manual about configuration of stickiness:
What (or why) is exactly the difference between the timeout parameter (100 minutes):
sticky 12 cookie foo timeout 100 AND the sticky 50 group 12 in the vserver.
The timeout parameter is overruled in the vserver configuration. (100 -> 50)
For what could this be usefull?
Thank you!
Kind regards,
Wim
This example shows how to configure a virtual server named barnett, associate it with the server farm
named bosco, and configure a sticky connection with a duration of 50 minutes to sticky group 12:
Router(config)# mod csm 2
Router(config-module-csm)# sticky 12 cookie foo timeout 100
Router(config-module-csm)# exit
Router(config-module-csm)#
Router(config-module-csm)# serverfarm bosco
Router(config-slb-sfarm)# real 10.1.0.105
Router(config-slb-real)# inservice
Router(config-slb-real)# exit
Router(config-slb-sfarm)#
Router(config-slb-sfarm)# vserver barnett
Router(config-slb-vserver)# virtual 10.1.0.85 tcp 80
Router(config-slb-vserver)# serverfarm bosco
Router(config-slb-vserver)# sticky 50 group 12
Router(config-slb-vserver)# inservice
Router(config-slb-vserver)# exit
Router(config-module-csm)# endif you configure the group under a policy, there is no option for the timeout.
This is why the option exist under the stick-group.
In the vserver, you can overrid this timeout - so the timeout is per vserver.
If you want the same timeout, just configure the same value.
gdufour-cat6k-2(config-module-csm)#policy test1
gdufour-cat6k-2(config-slb-policy)#sticky-group ?
<1-255> sticky group ID
gdufour-cat6k-2(config-slb-policy)#sticky-group 12 ?
Gilles. -
Confirming Sticky rule applied or not
when I apply sticky rule on contents rule,
How can I confirm it applied or not for specific user(Ip address)?content WWW
add service test2 weight 1
add service test1 weight 2
balance weightedrr
vip address 100.100.100.100
advanced-balance sticky-srcip
sticky-mask 255.255.255.0
active
By above rule, client contact test1 at first then next connection should be on test1.
But for some client loadbalanced by weightrr at every connection then what will be the problem, and how can I find out weightrr rule applied instead sticky-srcip rule? -
Hello,
I have a couple of CSMs in my ServerFarm Distribution Layer and am hoping someone could advise and help me, if possible.
If I have a vserver with "sticky" applied and with a url policy applied in addition to a default serverfarm. Is there a way to force the CSM to make a load balance decision after an initial decision gets made and entered into the sticky table???
Note: The policy points to different reals than the default serverfarm.
With the "sticky" command applied to the vserver and a user comes in (1st time), they are processed either by the policy or by the default serverfarm (based on url) and are load balanced and entered into the sticky table. Everything works. However, if they come back in a 2nd time and need to be load balanced by the opposite process, (by policy or by default serverfarm this time), the CSM never processes it because the user is already in the sticky table. The CSM will not make a load balancing decision to other reals if the user is already in the sticky table from a previous load
balancing decision.
Is there any way the CSM can do this?? Or is the CSM limited for this type of
requirement??
Note: I cannot change the host name portion of my url.
Thanks for your help. I greatly appreciate it.
TonyWe will need to see your config - policy and sticky.
I'm not sure to understand how you created this.
The CSM will normally parse the policy sequentially, and when it finds a match statement, it will use the sticky method or serverfarm configured.
If no match, it goes to the next policy.
Maybe all you need to do is configure different sticky group for each policy.
ie:
map Host1 header
match protocol http header Host header-value ...
map Host2 header
sticky 1 ......
sticky 2 ......
policy P1
header-map Host1
sticky-group 1
policy P2
header-map Host2
sticky-group 2
Gilles. -
Csm sticky - number of groupings
We have numerous vservers supporting L4 load balancing - and have configured sticky based on source IP. We don't need stickieness across vservers - each vserver is independent and we just need to ensure that clients hitting a vserver will be directed to the same real server each time.
We have over 255 vservers defined. Looks like there is limitation of 255 sticky groups. How do we keep stickieness for these vservers (we see that if we use the same sticky group in multiple vservers, we run into problems described in this forum since the real servers are different between vservers). Thanks.unfortunately the limitation can't be removed.
So you need to find other form of stickyness that do not require a sticky group.
You could use a 'predictor hash...' which is more or less equivalent to the sticky group.
Regards,
Gilles. -
CSM sticky timeout value - is this an idle timeout value?
We have sticky groups configured in our CSM, with an timeout value of 60 minutes. My question is does the timeout value reference an 'idle' value, such as a user disconnected from the session, and now that timer is counting down from the 60 minutes to 0, to remove the stale session out of CSM?
Or is this some other kind of value? If so, what does the value actually represent?
Group CurrConns Timeout Type
17 290 60 src-ip netmask 255.255.255.255
Also, from this info below, is "this" timeout value in seconds, or should this show in minutes? Or is this a bug that I need to resolve by updating the CSM version? We're still on v2.2(1).
CSM with SSL WS-X6066-SLB-S-K9
Thanks, Tony
switch#sho mod csm 1 sticky group 17
group sticky-data real timeout
17 ip 10.x.x.x 10.x.x.x 3469
17 ip 10.x.x.x 10.x.x.x 3275
17 ip 10.x.x.x 10.x.x.x 3016
17 ip 10.x.x.x 10.x.x.x 2791
17 ip 10.x.x.x 10.x.x.x 879Hi Ajay, thank you for the response. From your reply, "It appears that you have configured the sticky timeout value higher then the default value. So the sticky timeout value is in minutes," we set each group to have a 60 minute timeout value. I had read from another string that the timeout values I'm seeing in this table were incorrectly displayed, due to an upgraded needed on the CSM. We're running 2.2(1), and I thought I remember reading 4.2.2 was required to correct this bug?
switch#sho mod csm 1 sticky group 17
group sticky-data real timeout
17 ip 10.x.x.x 10.x.x.x 3469
17 ip 10.x.x.x 10.x.x.x 3275
17 ip 10.x.x.x 10.x.x.x 3016
17 ip 10.x.x.x 10.x.x.x 2791
17 ip 10.x.x.x 10.x.x.x 879 -
Hi,
My setup is as follow, I have 2 CSM in two different 6509 running in active and standby mode and 2 SSLM running also in two different 6509 too.
My SSL traffic terminates at my SSLM
Currently my CSM and SSL is working fine but I notice there's this niggling issue whereby at times accessing my web servers via HTTPS traffic. My SSL stickyness don't seem to be working at times. The secnario is as that while accessing the pages via HTTPS the certificate web pages keep prompting and after checking the cert there are from 2 different SSLM. Furthermore after doing a trace I can confirm that the SSL sticky don work at times but this is like a 5-10 % rate.
After reading some of the post in the forum, the SSL ID in IE will expire and renegoiate again. Could this cause this problem ? ALso how can I rectify this. Pls advise. Thanks
Attached are my config and the screen cature of the errorindeed IE is most probably the culprit here.
The CSM learns the SSLID generated by the SSLM and create a sticky entry to link this value to the SSLM.
when IE wants to renegotiate the SSLID, it starts a new SSL session with a blank [0x00] SSLID.
The CSM can't stick this client to the corresponding SSLM and therefore it will loadbalance the session to the next SSLM.
If you have no control on the browser, there is no solution using SSLID.
What some people will do is use another form of stickyness to resolve the problem.
The only other sticky method is based on source ip address.
Regards,
Gilles. -
Problems with Outlook 2013 Rule Limits
I have recently run into the Outlook 2013 limit on the number of rules you can have.
The main reason for this is that I have a sub-folder into which all emails from work colleagues get moved to. For each work contact I therefore have a rule that says 'If from x contact, move to x folder'. I now however have too many contacts and too many
active rules that this set-up no longer works.
Is there a more efficient way of doing this?
I wondered if I could put all my contacts into a contact group and then base the rule on the contact group but unfortunately contact groups do not sync on my phone (Windows Phone 8.1) therefore I would not see them there.
Thanks.Hi Maracles,
Based on my knowledge, there is no number limitation for Inbox rule in Outlook. Instead, there is a limit size for Exchange mailbox. The rules size limit for mailboxes in Exchange Server 2007 (and later) has a default size of 64 KB per mailbox.
Additionally, the total rules size limit is also customizable limit up to 256 KB per mailbox. We can contact your Exchange Administrator to increase the rule Quota for your mailbox:
Set-Mailbox [email protected] -RulesQuota:256kb
Personal suggestion, I noticed that the rule is created for each Contacts. It would be convenient to read every message from each contacts. In Outlook, there is another workaround to achieve this. We can directly set the Inbox view by From, then all
items in Inbox folder can be viewed by each sender. It is easier to manage all items.
Regards,
Winnie Liang
TechNet Community Support -
I am investigating resources for a new application that must have sticky set. I'm looking att counters for sticky and are a little confused. See following info.
sho mod csm 5 sticky group 16
group sticky-data real timeout
16 ip 10.10.159.16 192.168.137.161 5398
16 ip 10.10.167.36 192.168.137.165 6926
16 ip 10.10.175.79 192.168.137.165 5923
16 ip 10.10.187.84 192.168.137.165 4698
16 ip 10.10.64.226 192.168.137.165 821
16 ip 10.10.203.212 192.168.137.161 5028
16 ip 10.10.81.227 192.168.137.165 6137
16 ip 10.10.209.31 192.168.137.161 7177
16 ip 10.10.210.84 192.168.137.165 574
16 ip 10.10.232.8 192.168.137.161 5126
16 ip 10.10.115.84 192.168.137.165 2443
16 ip 10.10.138.14 192.168.137.165 498
16 ip 10.10.138.87 192.168.137.165 248
16 ip 10.10.139.148 192.168.137.165 5248
16 ip 10.10.19.71 192.168.137.161 5319
sho mod csm 5 sticky config
Group CurrConns Timeout Type
16 27 120 src-ip netmask 255.255.255.255
The number of entries in sticky table and number of CurrConns doesn´t matsh. Is it a bug? How do I find out how meny entry I have in the sticky database? From my understanding ther can be 256.000 entries. Is it planned to increase that number? I'm running Ver 4.1(2).
Regards
MatsCurrconns is number of connections.
When source ip address can have multiple connections open, it will only create 1 single sticky entry.
There is no plan to increase the number of entries.
If you think you will need more, change the netmask, this will reduce the number of entries required.
Regards,
Gilles. -
I am running 4.1(4) on my CSM. I know 4.2 supports the sticky header command, but at this time I cannot upgrade to 4.2. How can I do sticky based on header information using 4.1(4). Would I have to do some type of policy? Can you provide an example if this is possible.
Thanks,
LBstrange request.
You know sticky on header is a feature that was introduced with 4.2 but still you want to do it with 4.1 ?
Unfortunately, if this feature was introduced in 4.2 it means it did not exist before that and that there was no way of doing it before 4.2.
As indicated in the following document, http header stickyness is a new feature in release 4.2
http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a00803e006a.html
Gilles. -
Hi
Does anyone know what resets the sticky timer on a CSM? It appears to be the initial connection and not subsequent packets once the socket has been opened.
We have an application that keeps the the socket open for an undefined period of time but the sticky timer does not get reset.
Is this normal? If so is there a way to work around this so that the timer is reset by each packet.
Thx
WayneWayne,
this is normal.
The timer is only reset by new connections.
There is no workaround as this is the intended behavior.
You should maybe use a different solution or increase the sticky timeout to a higher value.
Regards,
Gilles.
Maybe you are looking for
-
Reading the registry from a .bat file
I've searched a bit on web before asking and I apologies a head of time but my knowledge of .bat files is a little lacking. Currently I have a working .bat file I created, but was looking to adding something extra to it and just can't seem to find ex
-
Installing CS2 on Windows 7 64-bit
My company owns Illustrator as part of CS2. The guy who edited the Illustrator files has left, so I needed to install it on my PC. I didn't find a post that described all the steps I had to do to get it to work, so I'm posting my notes. 1. Download t
-
Hi Gurus, I have a requirement in module pool programing to create a password popup, I created two screen., when the user clicks on the push button of the first screen then it should lead to second screen, in the second screen user need to key in use
-
Pcmanfm alt+arrow shortcuts for "back" and "cd ../" not working
A recent update must have stopped this from working for me. In previous versions, alt+up arrow caused me to go up a directory level, and alt+left arrow caused me to go back to whatever directory I had previously been in. Now alt only causes lines to
-
Change of Business Area in Cost Center
Hi, We want to change the business area for the existing cost center from next fiscal year. Suppose i have a cost center 1001ADM with Business area 1000 and validity time is 01.04.2007 to 31.12.2999. Now i want to change the business area to 2000 for