Sticky group timer?

Hi,
What is the timer in the sticky group do? It is an idle timer or cache timer? I am using source ip based sticky on one of my vserver. there are two reals behind it and only two front end (proxy) web servers that hits it. when I remove one of the real (serverA), all the connection sourced by the two web server goes to the other real(serverB). When I bring back serverA, I don't see any connection going to it. I think that's because the two front end web servers are being "stuck" to serverB. When I view the sticky table, I see the specific group with a timer value that's decreasing. I'm tempted to change the sticky timer to 1 (minute) but am not sure it it's a idle timer or a cache timer.
example config:
sticky 130 netmask 255.255.255.255 timeout 30
vserver backend_App
virtual x.x.x.x
server x
sticky 30 group 130
thanks,
Steve

Steve,
sticky source-ip when there is only 2 ip coming in is not a very good solution.
If we are talking http, you should check the possibility to use cookie.
If your servers do not have a cookie that can be used for stickyness, then I would suggest to use the cookie-insert feature of the CSM allowing the CSM to generate is own cookie.
Gilles.

Similar Messages

  • Sticky group for multiple serverfarms

    For ACE, would the inclusion of more than one serverfarm on a sticky group create a conflict for the connections to servers?
    On CSM, usig the same sticky group on two different vservers will create a conflict for corresponding serverfarms.
    Is this an issue on ACE - should a separate sticky group created foe each ServerFarm?
    sticky ip-netmask 255.255.255.0 address source Group1
    timeout 60
    replicate sticky
    serverfarm SF1
    serverfarm SF2
    serverfarm SF3

    Its same as CSM. You can have just one serverfarm per sticky group.
    you should never use the same sticky group for different farms, otherwise that will break the VIP logic i.e. connections meant to serverfarm1 could end up being sent to serverfarm2.
    Syed Iftekhar Ahmed

  • CSM: Sticky groups limitation (1..255)

    Hi,
    The number off total different STICKY GROUPS is limited to 255
    This limits directly the number off VSERVERS/SERVERFARMS.
    In case I have different serverfarms (and each different vserver maps to only 1 different serverfarm)
    AND I want them all to be sticky (for example based on source ip address), I will have to configure
    a different sticky group for each serverfarm.
    This limits the number off vservers/serverfarms also to the maximun number off sticky groups.
    (which is limited to 255)
    Correctly or can I bypass this issue?
    Thank you, Wim

    That's correct.
    You can use different form of stickyness that do not require a sticky group, like 'predictor hash'.
    Regards,
    Gilles.

  • CSM Sticky Group or predictor command?

    Hi,
    i want to ensure that my client connections are connecting to the same real server as long as it is inservice. When it goes down a second server will take this job. Question: Is it possible to reach that goal by using a parameter in the predictor or weight command, or is it solely required to configure a sticky group?
    Thanx, Stephan

    If you do not need to loadbalance i would suggest to do a vserver with one serverfarm that has one server and assign to that serverfarm a sorry/backup serverfarm with one server
    rp(config-slb-vserver)#serverfarm black-red backup green-blue

  • CSM: Sticky timeout parameter: difference between sticky group and vserver

    Hi,
    Concerning the example in the CSM manual about configuration of stickiness:
    What (or why) is exactly the difference between the timeout parameter (100 minutes):
    sticky 12 cookie foo timeout 100 AND the sticky 50 group 12 in the vserver.
    The timeout parameter is overruled in the vserver configuration. (100 -> 50)
    For what could this be usefull?
    Thank you!
    Kind regards,
    Wim
    This example shows how to configure a virtual server named barnett, associate it with the server farm
    named bosco, and configure a sticky connection with a duration of 50 minutes to sticky group 12:
    Router(config)# mod csm 2
    Router(config-module-csm)# sticky 12 cookie foo timeout 100
    Router(config-module-csm)# exit
    Router(config-module-csm)#
    Router(config-module-csm)# serverfarm bosco
    Router(config-slb-sfarm)# real 10.1.0.105
    Router(config-slb-real)# inservice
    Router(config-slb-real)# exit
    Router(config-slb-sfarm)#
    Router(config-slb-sfarm)# vserver barnett
    Router(config-slb-vserver)# virtual 10.1.0.85 tcp 80
    Router(config-slb-vserver)# serverfarm bosco
    Router(config-slb-vserver)# sticky 50 group 12
    Router(config-slb-vserver)# inservice
    Router(config-slb-vserver)# exit
    Router(config-module-csm)# end

    if you configure the group under a policy, there is no option for the timeout.
    This is why the option exist under the stick-group.
    In the vserver, you can overrid this timeout - so the timeout is per vserver.
    If you want the same timeout, just configure the same value.
    gdufour-cat6k-2(config-module-csm)#policy test1
    gdufour-cat6k-2(config-slb-policy)#sticky-group ?
    <1-255> sticky group ID
    gdufour-cat6k-2(config-slb-policy)#sticky-group 12 ?
    Gilles.

  • Mobile Time Sheet - group time

    All,
    Our company would like to implement MTT (Mobile Time & Travel) with the ability to enter time for multiple employees at a time in MTS. We know that this function is driven by data entry profiles and is designed by SAP to allow single employee time entry. Has anyone faced this business requirement to adapt MTS for multiple employees (group time) or developed a Mobile Infrastructure applicatioj to address this functionality gap ?

    Hello Olivier,
    As of version xMTT 2.0 SR4, this functionality is available. The application is available on SMP.
    I hope this helps,
    Elise

  • Why do apple earphones get sticky over time?

    Hi. I bought my iPod Touch 4th Gen last 2011. I've used it for my day-to-day music listening. And over time, I notice that the earphones that come with the iPod touch becomes sticky and it feels like it has some kind of wax that coats that cord and eventually easy to break. This earphones are already broken as of now.
    So, I bought the latest Apple Earpods to replace my broken and sticky earphones. I am getting worried because I think my latest earpods will get sticky and break as days pass. It got me to think what kind of cord does Apple use to make this earphones sticky, waxy, and easily broken?

    Not sticky, they're some sort of rubberized I presume! The same problem occured with mine either. The rubber foam all around the earphones got very sticky and came peeled off! But the EarPods are different and should survive those as the casing is made entirely of plastic however the cord should get you worrying though. Handle it with care, it might give a good lifespan!

  • Using OS X Server For Group Time Machine

    I'm not an OS X Server user, so I'm looking for some help on some basic issues regarding Time Machine.
    Right now I have several clients (3-4) running utilizing Time Machine via a connected drive(s) to their systems. I'm considering converting an existing Mac Pro to OS X Server and consolidating TM backups to that system.
    Is there a way in Server to limit the amount of storage each client can have for TM backups?
    Is that something that is configured in Server?
    Or is that handled by creating a partition for each TM backup?
    Backups would be over Gigabit Ethernet. Would that be a performance issue?
    Thanks.

    Is there a way in Server to limit the amount of storage each client can have for TM backups?
    In some earlier versions of Server, it may have been possible to push a setting to the client with Workgroup Manager to limit backup storage. My understanding is that it hasn't worked since some version of 10.6.
    Or is that handled by creating a partition for each TM backup?
    Yes.
    Backups would be over Gigabit Ethernet. Would that be a performance issue?
    That depends on how much data you back up and how much other network traffic you have. It's slower than a local backup.

  • ACE sticky time-to-expire values

    I have sticky group configured on my ACE30 with timeout value set to 65 sec.
    Could anyone explain me those big values (greater than 3900)  in time-to-expire column on some entries?
    Petr
    sticky group : ICMS-PL-STICKY
    type         : HTTP-COOKIE
    timeout      : 65            timeout-activeconns : FALSE
      sticky-entry          rserver-instance                 time-to-expire flags
      ---------------------+--------------------------------+--------------+-------+
      6840807541167676193   PLGSICMSAS1:0                    1081840        -
      2753397034023974472   PLGSICMSAS1:0                    1082380        -
      10847873641012499591  PLGSICMSAS2:0                    1082684        -
      1065593196606202865   PLGSICMSAS1:0                    1083393        -
      11654981916929108848  PLGSICMSAS2:0                    1083434        -
      424854578666138098    PLGSICMSAS1:0                    1084043        -
      2695520236292916342   PLGSICMSAS2:0                    1084286        -
      11134113409222070163  PLGSICMSAS1:0                    1084351        -
      3422928344435152760   PLGSICMSAS1:0                    1084407        -
      10510136909582019409  PLGSICMSAS1:0                    1084713        -
      16597872959556568860  PLGSICMSAS2:0                    1084844        -
      8820984556865626114   PLGSICMSAS1:0                    555            -
      16660628589906144309  PLGSICMSAS1:0                    958            -
      5783030114279499454   PLGSICMSAS2:0                    1003           -
      2307644345389601454   PLGSICMSAS2:0                    1558           -

    Here you have a reference:
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/sticky.html
    Jorge

  • Connection is not following the Sticky database when one router is comming to up state.

    Dear Team,
    We have 2 routers configured  in Cisco ACE.( Router 1: 10.250.226.4,Router 2: 10.250.226.6) and VIP 10.250.226.19. In a normal scenario all the client connections are perfectly handled by ACE and Its sending to client request to router as per the sticky database. When the router 10.250.226.4 is down, ACE cleared all the sticky database entry belongs to the 10.250.226.4. All the client connections are shifted to router 10.250.226.6.
    when router 10.250.226.4 is  comes, backup connections are not loadbalance properly. That is connection not following sticky database for second connections of the same ip and giving issue in establishing IPSEC connectivity. Please find the below output.
    switch/RRI# sh sticky database client 10.239.10.86
    sticky group : STIK-RRI-FRM
    type         : IP
    timeout      : 1440          timeout-activeconns : FALSE
      sticky-entry          rserver-instance                 time-to-expire flags
      ---------------------+--------------------------------+--------------+-------+
      10.239.10.86          CISCO-7206-06:0                  65274          -
    switch/RRI# show conn | i 10.239.10.86
    1517152    2  in  UDP   90   10.239.10.86:4500     10.250.226.19:4500    --
    1427552    2  out UDP   9    10.250.226.4:4500     10.239.10.86:1637     --
    3051606    2  in  UDP   90   10.239.10.86:500      10.250.226.19:500     --
    3049659    2  out UDP   9    10.250.226.6:500      10.239.10.86:44977    --
    Please find the below sample configuration we are done in ACE.
    parameter-map type connection UDP_PARAM_MAP
      set timeout inactivity 86450
    sticky ip-netmask 255.255.255.255 address source STIK-RRI-FRM
      replicate sticky
      serverfarm RRI-FRM
    class-map match-all RRI-VIP
      2 match virtual-address 10.250.226.19 any
    policy-map type loadbalance first-match RRI-VIP-l7slb
      class class-default
        sticky-serverfarm STIK-RRI-FRM
    policy-map multi-match RRI
      class RRI-VIP
        loadbalance vip inservice
        loadbalance policy RRI-VIP-l7slb
        loadbalance vip icmp-reply
        connection advanced-options UDP_PARAM_MAP
    interface vlan 90
      ip address 10.250.226.17 255.255.255.240
      peer ip address 10.250.226.18 255.255.255.240
      access-group input ALL
      access-group output ALL
      service-policy input REMOTE_MGMT
      service-policy input RRI
      no shutdown
    As per the analysis its looks seems to be tthe bug CSCsv63364, CSCsu95356. Kindly suggest how we can resolve this issue.
    Image version: A2(3.4)
    Thanks in advance.
    Regards,
    Ranjith

    Hi,
    Its important to know whether there was a sticky entry when the router went down and the time it came back up. Leastconnection shouldn't be a problem here.
    If the IPSEC connection is active but not the UDP 500 connections, after timeout the UDP 500 connections will be removed as well as the sticky entry. If the current active IPSEC connection suddently needs to refresh SA's a new UDP 500 connection will be open and it could be sent to a different server. There is no evidence that this is the problem but want to try a higher sticky timeout has a fix for this.
    Siva

  • Breakdown of 'show sticky database' - ACE

    I need assistance to interpret the show sticky database response. What does the sticky entry value resolve to.
    I have set the stickiness on source and destination addresses. Is it possible to identify from show sticky database that which is the source IP for the sticky entry in the display.

    No.
    Client in this command is actual client.
    for e.g following command shows that ACE has a sticky entry for client "x.x.x.x"
    and this client is stuck to real server "Rserver2" due to sticky group "STICKY-GP1" and this sticky entry will remain in the sticky DB for 585 more seconds (if the connection remains idle).
    switch/ACE# show sticky database client x.x.x.<
    sticky group : STICKY-GP1
    type : IP
    timeout : 10
    timeout-activeconns : FALSE
    sticky-entry rserver-ints time-to-exp
    ---------------+--------------+------
    2702367184 rserver2:8888 585
    Syed

  • Http cookie stickiness

    Hi,
    I have an http session between Web Server farm and Application Server Farm.
    After firt http request, Application Server send this pck (see file http_header.txt ).
    So, I configured http cookie Stickiness with Dynamic cookie learning:
    sticky http-cookie JSESSIONID Cookie-Bea-Group
    cookie offset 0 length 64
    timeout 70
    timeout activeconns
    replicate sticky
    serverfarm BEA8-SFARM-3
    But it doesn't work. But if web server received an answer from Application server with only one set-cookie
    Set-Cookie:JSESSIONID=xxxxx
    It work
    if in the http header there are two set-cookie doesn't work.
    I need stick the session based only on JSESSIONID cookie.
    Is it possible and how?
    Thanks
    Dino

    Hi Dear,
    The ACE appliance/module has the dynamic cookie feature.
    You then just need configure the cookie name and the box does the rest.
    When static cookies are used there will only be one entry in the cookie database per real server. So, if ace-cookie is the only cookie defined and there are two servers, there will only be two entries in the sticky database, even if there are thousands of user sessions.
    Dynamic cookie learning is another option for keeping the SAP session persistent. The sticky table can hold a maximum of four million dynamic entries (four million simultaneous users). The key is choosing the right cookie name.
    Lets take an example of SAP sets a number of cookies for various purposes (note the ace_cookie was set by Cisco ACE using cookie insert, not SAP), but the saplb_* cookie is set by SAP specifically for load-balancers. It has the format saplb_=()[].
    Here, the cookie value also helps to verify which server instance and physical node you are connected to.
    The configuration process for cookie learning is similar-with a few changes in the syntax.
    Example configuration:
    ssticky http-cookie saplb_* ep-cookie
    replicate sticky
    serverfarm EP-HTTP
    policy-map type loadbalance http first-match ep-policy
    class class-default
    sticky-serverfarm ep-cookie
    In the above examples, the replicate sticky command is used so that the cookie information is replicated to the standby Cisco ACE context. With this implementation, session persistence is maintained in the event of a failover. The default timeout is one day.
    The show sticky data command retrieves the active sticky entries that have been dynamically learned. The value shown is not the actual cookie value, but a function of it created by Cisco ACE.
    Example configuration:
    switch/SAP-Datacenter# show sticky data
    sticky group : ep-cookie
    type : HTTP-COOKIE
    timeout : 100 timeout-activeconns : FALSE
    sticky-entry rserver-instance time-to-expire flags
    ---------------------+--------------------------------+--------------+-------+
    6026630525409626373 SAP-EP:50000 5983
    Load Balancing Identifier
    The Load Balancing Identifier used for Load balancing to Web AS Java instances has the following syntax.
    saplb_=()[]
    The cookie is set on path=”/” and domain=.
    The same syntax applies if the identifier is used via url rewriting.
    The applies only to the J2EE Engine where session stickyness on a process (JVM) level is required. The uniquely identifies a set of instances. If there are no special group definitions then the special group identifier '*' is used. This will be the case for a default installation.
    The SAP Web Dispatcher checks for path prefix match and thereby determines group name. This allows to obtain from the set of dispatch cookies or to do initial load balancing for the group. The Java dispatcher receives the request and also checks for the group. The Java dispatcher then reads from the appropriate dispatch cookie or performs initial dispatch on his local nodes.
    The CSS does not have the possibility to learn dynamic cookie value created on the server.
    So, you can either use arrowpoint cookies which is quite simple or have your server team add a static value to the jsessionid in order to identify the server.
    We can then configure the CSS to locate this static value and match it to a service.
    If possible kindly rate.
    Keep in touch.
    Kind regards,
    Sachin Garg

  • ACE with sticky http-cookies across two server farms issue

    Hi,
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:10.0pt;
    font-family:"Times New Roman","serif";}
    We need the same sticky http cookie to applied to two server farms (which are actually the same servers but listening on different ports in each farm) to persist sessions to the same real backend server.
    e.g.
    Farm1 (front end HTTP service) - StickyGroup1
    rserver1 - 192.168.0.1:80
    rserver2 - 192.168.0.2:80
    rserver3 - 192.168.0.3:80
    Farm2 (SSL front end authentication service) - StickyGroup2
    rserver1 - 192.168.0.1:443
    rserver2 - 192.168.0.2:443
    rserver3 - 192.168.0.3:443
    We have setup two Sticky Groups (one for each of the farms above) both using the same cookie name e.g. cookieXYZ
    Our service is behind a single virtual server configured as follows (example URL and addresses):
    Virtual Server Configuration
    Virtual server name: www.somedomain.com
    Virtual IP: 2.2.2.2
    TCP/443 (https)
    SSL Termination - Proxy service name: www.somedomain.com (all keys and certs loaded and correct)
    L7 Load Balancing - **inline** rule match HTTP URL:(/AuthenticateMe/).*  Action : Sticky, Group: StickyGroup2, SSL Initiation enabled (www.somedomain.com)
    Default L7 Load Balancing action : Sticky, Group: StickyGroup1
    So normally we would expect users to first hit www.somedomain.com first and therefore Farm1, get cookieXYZ from the ACE (cookie insert is only enabled on StickyGroup1) and then be redirected to www.somedomain.com/AuthenticateMe which matches the inline URL L7 rule which directs the request at Farm2 - at this point we expected the ACE to use cookieXYZ to persist the user to the same real server hit in Farm1 but instead the stickiness doesn't seem to work.
    We suspect that the ACE uses IP:port as the unique value in the Cookie ID and therefore the ACE fails to match the same real host in a different farm because we are using a mix of port numbers across farms. Is this correct? Is there another way of accomplishing what we are after with a different configuration but still the same setup with single VIP and multiple services on the backend servers?
    Any suggestions or solutions appreciated.
    Thanks
    Paul

    The issue is related to the fact that it's not about persistence because there are only "new" services in the backend in SSL, you want to keep the IP address.
    With a little bit of dev, the only way to acheive this is to redirect the user when he has been sent to http and adding a "tag" (cookie / token in the URL), then on the SSL virtual server, when performing SSL offload matching this tag to send to user to the right server. But it will be a 1-to-1 mapping.

  • ACE sticky cookie value

    Hello,
    I have a following configuration:
    sticky http-cookie STICKY_TMP STICKY_TMP
    cookie insert ...
    Cookies are sent and stickiness works. Everything is ok... Almost :-)
    Now I have a question regarding value of cookies created by ACE.
    Currently cookies have values that look like this "R4224709512"
    Is it possible to change this value so it reflects the target node that processes requests for this sticky session. This cookie could contain i.e. ip address of real server.
    Arrowpoint cookie on CSS1150 worked this way...
    Another question. How do I identify this cookie value with sticky-entries in "show sticky database static" output?
    This command doesn't show anything like R4224709512, but only numbers like 18293255029648678255
    best regards
    Kuba

    I am using ACE with version A3(2.1).
    The “sticky-entry” in "show sticky data static"is a hash of the cookie-value set by ACE for the real server. so you need to use "show sticky database http-cookie " to determine which server are serving the client.
    ACE-1/routed(config-pmap-lb-c)# do show sticky database http-cookie
    sticky group : web-sticky
    type : HTTP-COOKIE
    timeout : 5 timeout-activeconns : FALSE
    sticky-entry rserver-instance time-to-expire flags
    ---------------------+----------------------+--------------+-------+
    16820511103801384579 lnx1:0 0 -
    sticky group : web-sticky
    type : HTTP-COOKIE
    timeout : 5 timeout-activeconns : FALSE
    sticky-entry rserver-instance time-to-expire flags
    ---------------------+----------------------+--------------+-------+
    3347854103021350619 lnx2:0 0 -
    ..sometimes they'd only show up w/ the static instead of the cookies option for some reason.
    found some explanation about this:
    http://docwiki.cisco.com/wiki/Session_Persistence_Using_Cookie_Learning_on_the_Cisco_Application_Control_Engine_Configuration_Example
    There is a difference between inserting an ACE-generated cookie or using one learned by the ACE. The cookie-insert feature creates a static cookie.
    To look at static cookies you need to use the command:
    show sticky database static
    if you try static cookie (cookie inserted by ACE), the value is placed in the static sticky table at the time of configuration...
    so no need to send traffic, once the static sticky config is in place, you should see an entry with 'show sticky database static'.
    Do not try to filter the table with some other parameters...they do not work until A2(1.4)
    There are 2 database:
    One for static entries and one for dynamic entries.
    Every show command that does not include the static keyword will look into the dynamic database.
    So, you won't see anything by using those commands.
    You could perform some test to identify which cookie is sent to which server.
    The cookie value is static, so the number of value is limited to the number of servers.
    There is a dynamic cookie learning feature available in ACE.
    Kinly tell me if you want to discuus about that.
    Kindly rate if possible.
    Kind regards,
    Sachin garg

  • Catalyst 6500 CSM-S Cookie stickiness timout ?

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin-top:0cm;
    mso-para-margin-right:0cm;
    mso-para-margin-bottom:10.0pt;
    mso-para-margin-left:0cm;
    line-height:115%;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Hi, anyone able to help with this ?
    We have a CSM-S sitting in a 6513, at the moment we have IP stickiness applied for a Vserver/Serverfarm. The back end product vendor advises that cookie stickiness would be more appropriate for their application.
    I have been scratching my head around the timeout of the inserted cookies; whatever I do they persist seemingly indefinitely, for example:
    Just a test configuration with a 10minute sticky timout.
    serverfarm applicationA
      nat server
      nat client applicationA_pool
      failaction reassign
      real 1.1.1.1
       inservice
      real 1.1.1.2
       inservice
      health retries 1 failed 120
      probe applicationA_probe
    sticky 1 cookie applicationA_sticky insert timeout 10
    vserver applicationA-HTTP
      virtual 2.2.2.10 tcp www
      unidirectional
      serverfarm applicationA
      sticky 10 group 1
      no persistent rebalance
      inservice
    Doing show mod csm 1 sticky
    group   sticky-data              real                  timeout
    1       cookie F5BF7115:F80EA688 1.1.1.1           0
    1       cookie 4AFC972B:BB722437 1.1.1.2           0
    Then a show mod csm 1 sticky config
    Group  NumEntries Timeout  Type
    1             82                           10        cookie-insert applicationA_sticky
    When browsing to the VIP I see the application page via one of the reals. For the sake of the test I am using round-robin. Without cookies applied my browser will bounce between reals (I turned off persistent rebalance during testing) as expected.
    With a sticky cookie inserted the browser stays on one of the real’s, however the timeout which I have applied does not work. The client will stay stuck to the real almost indefinitely (the actual cookie expiry is 2099!).
    The online documentation advised that the method I am using should work as expected:
    Quote
    This example shows how to configure a virtual server named barnett, associate it with the server farm named bosco, and configure a sticky connection with a duration of 50 minutes to sticky group 12:
    Router(config)# mod csm 2
    Router(config-module-csm)# sticky 1 cookie foo timeout 100
    Router(config-module-csm)# exit
    Router(config-module-csm)#
    Router(config-module-csm)# serverfarm bosco
    Router(config-slb-sfarm)# real 10.1.0.105
    Router(config-slb-real)# inservice
    Router(config-slb-real)# exit
    Router(config-slb-sfarm)#
    Router(config-slb-sfarm)# vserver barnett
    Router(config-slb-vserver)# virtual 10.1.0.85 tcp 80
    Router(config-slb-vserver)# serverfarm bosco
    Router(config-slb-vserver)# sticky 50 group 12
    Router(config-slb-vserver)# inservice
    Router(config-slb-vserver)# exit
    Router(config-module-csm)# end
    End Quote
    I am guessing that sticky group 12 / 1 is a typo
    Looking at the documentation, sticky can also be applied not in the vserver config but in a policy (this is how we are doing IP stickiness). I have tried both methods. Same result.
    I am natting the client address to a private pool which then talks to the reals (and back). Would'nt expect this to be any issue.
    The CSM is running Software version: 4.3(5).
    Any help appreciated.

    Good mornign Simon,
    The behavior you are seeing is the expected one.
    When the CSM is configured for cookie insertion, a static cookie value is created in the sticky table for each server. This is the cookie that is being inserted, using as expiration date the one defined in the COOKIE_INSERT_EXPIRATION_DATE variable.
    With this stickiness method, there is no need to use a timeout, because, since the sticky table will only contain one entry for each server, it will never become full.
    Quoting from the documentation:
    Note     The
    configurable timeout values are not applied when using cookie insert. 
    You can adjust the timeout value using the environment variables.
    If you don't want to keep the cookies in the client for that long, another approach you can use is setting an empty date in the COOKIE_INSERT_EXPIRATION_DATE variable. When doing that, the cookie will be inserted without an expiration date, so it will be cleared when the browser is closed.
    I hope this answers your question
    Regards
    Daniel

Maybe you are looking for