URL-learn cookie stickiness method

Hello
In our network we are trying to configure a SLB with stickiness based on the passive cookie method on the CSM-S module for cat6k.
The server is setting the JSESSIONLIST cookie in the "set-cookie" field in the HTTP header. Unfortunately, each time a client is accessing the server, the server adds more data into the "Refer" field in the HTTP header that it's placed before the cookie field. Finally when the HTTP header is bigger then 4000 bytes, which is the maximum max-parse length value for CSM-S module, the module is unable to correctly stick the session based on the cookie value send by the client.
When a server sets the set-cookie value in the HTTP header, at the same time, it sets the parameter called jsessionid in the URI that has the same value that the cookie JSESSIONLIST. Because of our problem with the long "Referer" field in subsequent client requests we have tried to configure the stickiness based on URL-Learn method.
The virtual server is using a sticky group configured as below
sticky 2 cookie JSESSIONLIST timeout 30
cookie secondary jsessionid
Unfortunately it does not work. We are wondering why. In the configuration-guide there is not much information about this kind of stickiness. We are wondering if it is not a problem for CSM to stick a session based on the "secondary cookie", when, at the same time, the cookie field is also transmitted in the client requests. We are also wondering if it is not a problem for a load balancer that the jsessionid parameter in the URI follows ";" not "?" as in the example in the configuration guide.
I am attaching an example HTTP GET request from the client (some values were hidden). This trace shows the request with a short "Refere" field but the subsequent packets contain this field much more bigger.
Thanks for any help in advance

the CSM will look into the url if it can't find the cookie in the header.
However, if the header length is too big, the CSM will consider this an error and it will stop parsing.
A solution for you is to increase the parse length with a variable:
gdufour-cat6k-2#sho mod csm 3 var | i PAR
MAX_PARSE_LEN_MULTIPLIER 1
It will multiply whatever parse length you have configured.
Now, you could also change the server behavior with the referer.
Increasing the size of the header will consume BW and reduce performance of the LB and SSL offloader.
Gilles.

Similar Messages

Question on CSS cookie sticky

Hi everyone,
I have a question about CSS cookie sticky.
- Server issues the following cookie string to the client and it is fixed to 18 bytes.
Set-Cookie: JSESSIONID=aaabbbcccdddeeefff; path=/
- Client embedded the following cookie string in the subsequent HTTP header.
Cookie: xx_user_id=ZZZZ03; com.dummy.xyz.session.cookie=|user|pc|ja|Shift_JIS|default||yellow|/oooo/default.portal|; JSESSIONID=aaabbbcccdddeeefff
* Note that I made cookie information suitable as example.
There is the cookie string (JSESSIONID=aaabbbcccdddeeefff) issued by Server in the HTTP header from client but that cookie string (JSESSIONID=aaabbbcccdddeeefff) is located following the cookie string that the client made by oneself at the end of cookie string. And the cookie string and the length of cookie string that client made by oneself might change so the total length of cookie string also might change. It means I can not clarify the total length of the cookie string.
In this situation, I want CSS to stick with cookie string "JSESSIONID=aaabbbcccdddeeefff".
The characters of string located following the "JSESSIONID=" (in this case, "aaabbbcccdddeeefff") might change but it is fixed to 18 bytes. The total length of cookie string is 141 bytes in above mentioned example.
So I informed customer to configure the following parameters to get CSS done cookie sticky for above mentioned cookie string. CSS software version is sg0750303.
owner test
content testsv-tcp80
add service testsv1-tcp80
add service testsv2-tcp80
advanced-balance cookie
　string range 1 to 200
string process-length 18
url "/*"
redundant-index 1001
protocol tcp
port 80
vip address xxx.xxx.xxx.xxx
active
However CSS was not able to treat the above mentioned cookie correctly which means the subsequent HTTP request was not stuck (persisted) to same server.
I do not understand why CSS cookie sticky did not work correctly with this configuration.
Then customer configured CSS with the following parameters to get CSS inserted cookie string and, of course, the result is OK that is CSS could stick the connection to same server.
owner test
content testsv-tcp80
add service testsv1-tcp80
add service testsv2-tcp80
advanced-balance arrowpoint-cookie
url "/*"
redundant-index 1001
protocol tcp
port 80
vip address xxx.xxx.xxx.xxx
active
Has anybody experienced similar thing ?
Could you please let me know if you have any comment, information
Your information would be appreciated.
Best regards,

the CSS does not learn dynamic cookie.
You can match a fixed string inside a cookie and pre-define which server to use with that specific string.
That's why your solution did not work.
Arrowpoint-cookie is a better solution and easier to implement.
Gilles.

Cookie stickiness configuration issue with Cisco ACE

Hi,
We have configured a ACE (in standby mode) with ip netmask stickiness and wanted to configure cookie stickiness for a remedy server placed behind the ace. BMC has said that they use JSESSIONID field on the remedy application and i want to know the procedure for configuring ace to see this field and deploy cookie stickiness feature on the ace.
We tried configuring the ace to learn the cookie string dynamically and tried to insert the cookie in the server response to the client but both methods have failed and the user is not able to see the remedy app webpage in both occassions.
Are there any pre-requisites to be configured on the ace before configuring cookie stickiness feature? We would appreciate your timely response.
Thanks in advance.

Hi,
Refer the document below for sample configuration. If this still doesn't work a full config and sniffer capture required to verify this.
http://docwiki.cisco.com/wiki/Session_Persistence_Using_Cookie_Learning_on_the_Cisco_Application_Control_Engine_Configuration_Example
Regards,
Siva

Http cookie stickiness

Hi,
I have an http session between Web Server farm and Application Server Farm.
After firt http request, Application Server send this pck (see file http_header.txt ).
So, I configured http cookie Stickiness with Dynamic cookie learning:
sticky http-cookie JSESSIONID Cookie-Bea-Group
cookie offset 0 length 64
timeout 70
timeout activeconns
replicate sticky
serverfarm BEA8-SFARM-3
But it doesn't work. But if web server received an answer from Application server with only one set-cookie
Set-Cookie:JSESSIONID=xxxxx
It work
if in the http header there are two set-cookie doesn't work.
I need stick the session based only on JSESSIONID cookie.
Is it possible and how?
Thanks
Dino

Hi Dear,
The ACE appliance/module has the dynamic cookie feature.
You then just need configure the cookie name and the box does the rest.
When static cookies are used there will only be one entry in the cookie database per real server. So, if ace-cookie is the only cookie defined and there are two servers, there will only be two entries in the sticky database, even if there are thousands of user sessions.
Dynamic cookie learning is another option for keeping the SAP session persistent. The sticky table can hold a maximum of four million dynamic entries (four million simultaneous users). The key is choosing the right cookie name.
Lets take an example of SAP sets a number of cookies for various purposes (note the ace_cookie was set by Cisco ACE using cookie insert, not SAP), but the saplb_* cookie is set by SAP specifically for load-balancers. It has the format saplb_=()[].
Here, the cookie value also helps to verify which server instance and physical node you are connected to.
The configuration process for cookie learning is similar-with a few changes in the syntax.
Example configuration:
ssticky http-cookie saplb_* ep-cookie
replicate sticky
serverfarm EP-HTTP
policy-map type loadbalance http first-match ep-policy
class class-default
sticky-serverfarm ep-cookie
In the above examples, the replicate sticky command is used so that the cookie information is replicated to the standby Cisco ACE context. With this implementation, session persistence is maintained in the event of a failover. The default timeout is one day.
The show sticky data command retrieves the active sticky entries that have been dynamically learned. The value shown is not the actual cookie value, but a function of it created by Cisco ACE.
Example configuration:
switch/SAP-Datacenter# show sticky data
sticky group : ep-cookie
type : HTTP-COOKIE
timeout : 100 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+--------------------------------+--------------+-------+
6026630525409626373 SAP-EP:50000 5983
Load Balancing Identifier
The Load Balancing Identifier used for Load balancing to Web AS Java instances has the following syntax.
saplb_=()[]
The cookie is set on path=â/â and domain=.
The same syntax applies if the identifier is used via url rewriting.
The applies only to the J2EE Engine where session stickyness on a process (JVM) level is required. The uniquely identifies a set of instances. If there are no special group definitions then the special group identifier '*' is used. This will be the case for a default installation.
The SAP Web Dispatcher checks for path prefix match and thereby determines group name. This allows to obtain from the set of dispatch cookies or to do initial load balancing for the group. The Java dispatcher receives the request and also checks for the group. The Java dispatcher then reads from the appropriate dispatch cookie or performs initial dispatch on his local nodes.
The CSS does not have the possibility to learn dynamic cookie value created on the server.
So, you can either use arrowpoint cookies which is quite simple or have your server team add a static value to the jsessionid in order to identify the server.
We can then configure the CSS to locate this static value and match it to a service.
If possible kindly rate.
Keep in touch.
Kind regards,
Sachin Garg

ACE "Secondary" Sticky Method

We're currently switching to ACE to serve our loadbalance needs and are trying to replicate the same set up we had on our old load balancers from another vendor.
I currently have set up stickiness for our web servers using a COOKIE INSERT type sticky method and it appears to be working.
However, if a user comes to our site and has cookies turned off, I presume the stickiness will fail. I'd like to set up a secondary sticky method to use HTTP Headers.
If it works like we want, a user will be stickied to a server based on the cookie insert but if he has his cookies turned off, the ACE would revert to the sticky by HTTP Header method.
Is this possible? If not, does anyone have any other ideas on how to fill this requirement?
Thanks!

Gilles,
Thank you for your reply.
We use a third party content proxy vendor to distribute our website through-out the world. So it appears to our website that all (most) of our traffic is coming from this vendor. For this reason (and others, such as AOL changing source addresses at will), our primary wish is to use cookies to maintain stickiness. Our developers don't want to add the cookie to the application, nor do they want to maintain a session ID in the URL. So they would like the loadbalancer to insert the cookie. This I already have configured.
Now, on the chance that the client has cookies disabled in his browser, we would like to have a backup sticky method. Our contect proxy vendor inserts an HTTP HEADER called "True-Client-IP" that lists the client's true source IP. As a backup to the cookie disable problem, we would like to revert to using this HTTP HEADER to maintain stickiness.
When using the COOKIE INSERT method, what do most users do to combat the cookie disable problem?
Thanks in advance for your help!

Catalyst 6500 CSM-S Cookie stickiness timout ?

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Hi, anyone able to help with this ?
We have a CSM-S sitting in a 6513, at the moment we have IP stickiness applied for a Vserver/Serverfarm. The back end product vendor advises that cookie stickiness would be more appropriate for their application.
I have been scratching my head around the timeout of the inserted cookies; whatever I do they persist seemingly indefinitely, for example:
Just a test configuration with a 10minute sticky timout.
serverfarm applicationA
nat server
nat client applicationA_pool
failaction reassign
real 1.1.1.1
   inservice
real 1.1.1.2
   inservice
health retries 1 failed 120
probe applicationA_probe
sticky 1 cookie applicationA_sticky insert timeout 10
vserver applicationA-HTTP
virtual 2.2.2.10 tcp www
unidirectional
serverfarm applicationA
sticky 10 group 1
no persistent rebalance
inservice
Doing show mod csm 1 sticky
group   sticky-data              real                  timeout
1       cookie F5BF7115:F80EA688 1.1.1.1           0
1       cookie 4AFC972B:BB722437 1.1.1.2           0
Then a show mod csm 1 sticky config
Group NumEntries Timeout Type
1             82                           10        cookie-insert applicationA_sticky
When browsing to the VIP I see the application page via one of the reals. For the sake of the test I am using round-robin. Without cookies applied my browser will bounce between reals (I turned off persistent rebalance during testing) as expected.
With a sticky cookie inserted the browser stays on one of the real’s, however the timeout which I have applied does not work. The client will stay stuck to the real almost indefinitely (the actual cookie expiry is 2099!).
The online documentation advised that the method I am using should work as expected:
Quote
This example shows how to configure a virtual server named barnett, associate it with the server farm named bosco, and configure a sticky connection with a duration of 50 minutes to sticky group 12:
Router(config)# mod csm 2
Router(config-module-csm)# sticky 1 cookie foo timeout 100
Router(config-module-csm)# exit
Router(config-module-csm)#
Router(config-module-csm)# serverfarm bosco
Router(config-slb-sfarm)# real 10.1.0.105
Router(config-slb-real)# inservice
Router(config-slb-real)# exit
Router(config-slb-sfarm)#
Router(config-slb-sfarm)# vserver barnett
Router(config-slb-vserver)# virtual 10.1.0.85 tcp 80
Router(config-slb-vserver)# serverfarm bosco
Router(config-slb-vserver)# sticky 50 group 12
Router(config-slb-vserver)# inservice
Router(config-slb-vserver)# exit
Router(config-module-csm)# end
End Quote
I am guessing that sticky group 12 / 1 is a typo
Looking at the documentation, sticky can also be applied not in the vserver config but in a policy (this is how we are doing IP stickiness). I have tried both methods. Same result.
I am natting the client address to a private pool which then talks to the reals (and back). Would'nt expect this to be any issue.
The CSM is running Software version: 4.3(5).
Any help appreciated.

Good mornign Simon,
The behavior you are seeing is the expected one.
When the CSM is configured for cookie insertion, a static cookie value is created in the sticky table for each server. This is the cookie that is being inserted, using as expiration date the one defined in the COOKIE_INSERT_EXPIRATION_DATE variable.
With this stickiness method, there is no need to use a timeout, because, since the sticky table will only contain one entry for each server, it will never become full.
Quoting from the documentation:
Note     The
configurable timeout values are not applied when using cookie insert.
You can adjust the timeout value using the environment variables.
If you don't want to keep the cookies in the client for that long, another approach you can use is setting an empty date in the COOKIE_INSERT_EXPIRATION_DATE variable. When doing that, the cookie will be inserted without an expiration date, so it will be cleared when the browser is closed.
I hope this answers your question
Regards
Daniel

Cisco GSS - Cookie Stickiness

Hi,
What all the parameters can be used for stickiness across different data centers via Cisco
GSS. Is cookie stickiness possible.
We are planning to implement an Active/Active site and the
internet user requests will be load balanced across two sites. Since most of the users use ADSL connections, the source IPs are dynamic and changes within minutes and even seconds. If the stickiness would be configured based on IPs on the GSS, the sessions would be lost due to continuous IP changes and the user would be randomly directed to different data centers.
Please suggest how could stickiness be achieved without IPs.
Thanks.

Hello there,
Stickiness on the GSS is based on IP address. There is local sticky, which means each GSS in the cluster maintains its own sticky database and doesn't share it with the other GSS in the cluster. Global sticky is when each still has its own sticky database, but they update each GSS in the cluster so that if a request comes into a different GSS from the same host IP and requests the same domain, it will still be stuck to the same Answer.
It does not matter if your clients are frequently changing their IP addresses, because an Internet user's IP address is not used, or known, by the GSS. To the GSS, a client is actually an Internet user's D-proxy, or local DNS server. Here's how it works:
Internet user needs to resolve FQDN to IP address
Internet user sends DNS query to his/her DNS server (D-proxy)
D-proxy (which typically has a static IP address) makes request throughout DNS infrastructure sourced by its own IP address
Eventually, the DNS request ends up at a GSS
GSS checks to see if it already has a sticky entry for the IP address of this D-proxy
If sticky entry exists, then the same Answer is given as last time
If sticky entry does not exist, GSS will use configured method to choose Answer, return it, then create sticky entry
If you are using global sticky, then the GSS will update the other GSS in cluster so they add the entry to their databases
So as you can see, the Internet user's IP address has no relevance to the GSS's operation.
I hope this helps. Let me know if you have any questions.
Thank you,
Sean

URL in a sticky note

Hello,
does anyone have an idea how to put a clickable URL in a sticky note?
thanks,
Ruben

Not possible.
On Fri, Oct 10, 2014 at 11:31 AM, airwolfke1 <[email protected]>

Csm cookie sticky

Hello Gilles,
I have setup cookie stickiness using the following config:
sticky 1 cookie JSESSIONID timeout 100
serverfarm xxxxx
real 192.168.1.1
health probe HTTP01
inservice
real 192.168.1.2
health probe HTTP02
inservice
policy pol_IOW_stick
serverfarm xxxxxx
sticky-group 1
vserver yyyyyy
virtual 192.168.1.5 tcp 0
serverfarm xxxxx
replicate csrp sticky
replicate csrp connection
persistent rebalance
slb-policy POL_IOW_STICK
inservice
Load balancing is working to the real servers and I can see the policy being matched, however,
I never see any entries in the sticky table.
This is a test scenario and all connections are being proxied through 2x proxy servers. Should I
not see at least the ip addresses of both proxy servers in the sticky table?
We are running version CSM v3.1(4)
Thanks

you need 4.x to see the sticky entry when using something else than sticky source ip.
Stickyness shoud work, it's just the show commands that requires CSM version 4.x
Regards,
Gilles.

Shouldn't ACE 4710 ignore cookie stickiness when the server is down?

Hello,
I have implemented sticky load balancing with cookies. The problem is that if one of my two servers in the server farm is down (and even if the ace recognizes it as down via a probe) it keeps sending the requests to the server that is down, obviously because it has set a cookie for this server,
Shouldn't the ACE ignore the cookie when the server is down?
Is there a command to ignore cookie stickiness if the server is down? Is there another workaround?
an example of my config is
serverfarm host SF_Ebanking
rserver RS_IAS_1 XXXX
    conn-limit max 4000000 min 4000000
    probe http_probe_ebanking
    inservice
rserver RS_IAS_2 XXXX
    conn-limit max 4000000 min 4000000
    probe http_probe_ebanking
    inservice
sticky http-cookie ACE_COOKIE ebanking_sticky
cookie insert
replicate sticky
serverfarm SF_Ebanking
16 static cookie-value "server01" rserver RS_IAS_1
24 static cookie-value "server02" rserver RS_IAS_2
thanks,
george

This is not as obvious as you seem to believe.
ACE will not select a server that is down !!!! Even if the cookie points to that server.
What might be happening is that the connection from the browser to the ACE has not been killed, so when client sends a new request it reuses the existing connection and ACE does allow an existing connection to be maintain with a dead server by default.
Try the command 'failaction purge' under the serverfarm.
This should kill the active connections with the dead server and allow a new connection to be open with the other server even if the cookie points to the dead one.
Regards,
Gilles.

ACE 4710 Can not confirm http cookie sticky connections

We are using a ACE 4710 with A3(2.6) software release.
I had to change our sticky load balancing method for HTTPS to cookie based.
However while connections appear to work if I look at the sho sticky database table I can not see or confirm sticky entries for the cookie based connections.
Here or config snippets to show the config
sticky http-cookie ghh-www scook-ghh
cookie insert browser-expire
serverfarm ghh-www-443
class-map match-all ghh-www-443_CLASS
2 match virtual-address 172.16.1.21 tcp eq https
class-map type http loadbalance match-any ghh-www-443_CLASSURL
2 match http url [.]*
policy-map type loadbalance first-match ghh-sticky-443_POLICY
class class-default
    sticky-serverfarm scook-ghh
policy-map multi-match POLICY
class ghh-www-443_CLASS
      loadbalance vip inservice
      loadbalance policy ghh-sticky-443_POLICY
      loadbalance vip icmp-reply active
      appl-parameter http advanced-options CASE_PARAM

Another point: please check whether your servers are listening only for HTTPS traffic or also for HTTP traffic:
in the first case the ACE will have to: decrypt the traffic from the client, inspect the http header to take the loadbalance decision and then re-encrypt it and send it to the server
in the second case the ACE would have to: decrypt the traffic from the client, inspect the http header to take the loadbalance decision and send it out as it is unencrypted to the server
the second solution would have the benefit of being easier to configure and to require less resoucerces both on the ACE (only decryption to be performed) and on the servers (no need for SSL operations at all there) but it might be that your company or business sector have requirements for which this traffic should never flow unencrypted, in which case you would have to go for the first solution.
Here you have a config example for the first solution:
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
I would not expect you to have to pay extra for importing the cert and kepair into the ace, it would be just a copy, however as Alex said that may still depend on the license agreement with the CA.
Cheers,
Francesco

Learning Solution Delivery methods course type

Dear,
I'm searching for documentation/information on the different delivery methods (Course type -> SAP Learning Solution).
I'm interested in:
- virtual-classroom training
- web-based training
- on-line testing
- static web-based training
- class web-based training
Can someone help me?
Thanks,
Françoise

virtual-classroom training
These trainings are are done using virtual classroom tools.Connection to the virtual classroom environment has to be setup. It is time-dependent but not location-dependent.
web-based training
This comprises of e-learning content which can be used in a self paced manner by the learner. The course content is stored on a content management server. At the course type level, the learning net id of this content is attached. It is not time- dependent and also not location-dependent
on-line testing
You use this for creating and designing a test that is stored in an internal content management system. It is not time-dependent and not location-dependent.
static web-based training
In this delivery method a static URL is provided to the learner that takes him to a web-page or some other similar source for learning. Not time-dpendent and not location-dependent as well.
class web-based training
It is same as e-learning but is delivered to learners is a classroom environment. It is both time-dependent and location-dependent.

Arrowpoint cookie + stickiness

Hi i have a question regarding advance balance arrowpoint cookie.
The stickiness works fine unless the server goes down.When the server is dying and the user is making a request to the dying server then the CSS sends a RST but the client tries to reach still the old server. The stickiness is switching over to the next server only if I stop the pending request and I make a new request. Have you a suggestion ???
Here the configuration of the content:
content testcontent
protocol tcp
vip address 194.41.224.138
redundant-index 1000
add service h00bhm
add service h00bhs
arrowpoint-cookie expiration 00:00:30:00
port 80
url "/*"
advanced-balance arrowpoint-cookie
balance aca
active

if you have a persistent connection active when the server dies, the next request from the client is not loadbalanced and still forwarded to the server.
This is the normal behavior.
You can try the command 'no persistent' in the content rule and the command 'persistent reset remap' in global config.
[might be persistence instead of persistent - never know which one is the correct spelling].
Regards,
Gilles.

Cookie stickiness on ACE

Hi:
I have the following configuration. Although the users can hit the web server, the stickiness doesn't work.
sticky http-cookie TEST1 TEST1
timeout 300
replicate sticky
serverfarm PROXY
policy-map type loadbalance first-match L7_TEMPORAL
class HTTP-TEMPORAL
sticky-serverfarm TEST1
policy-map multi-match L4-VIP-LB-Policy
class VIP-TEMPORAL
loadbalance policy L7_TEMPORAL
Raul

Not sure if you already did that but to make stickiness work you need to assign resources for stickiness per context. Have look at the link.
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_chapter09186a0080686ebf.html#wp1051078
sticky http-cookie TEST1 TEST1 says the ace is looking for a cookie named "TEST1" in the http header so you should make sure that cookie exists. Otherwise add a "cookie insert" and the ace should insert that a cookie named "TEST1" then.
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_chapter09186a0080686ebf.html#wp1015713
[quote]
The name argument in the sticky command specifies the cookie name that appears in the HTTP header. The name argument in the cookie secondary command specifies the cookie name that appears in the URL.
[/quote]
Roble

ACE cookie stickiness issue

Hi,
We are having ACE as the load balancer
Software running on ACE
loader: Version 12.2[121]
system: Version A2(1.1a) [build 3.0(0)A2(1.1a) adbuild_22:19:41-2008/07/21_
/auto/adbu-rel3/rel_a2_1_1_throttle/REL_3_0_0_A2_1_1A]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_1a.bin
We have 2 webservers (load balanced) & 2 application servers(load balanced).Cookie based stickiness is currently used on Web & Application servers.
Ideal scenario:
1.Client opens the url http://...There is always a dual session whenever the client opens the url.One is for Java & the other for html.
2.Client--->Webserver1
3.Webserver1---->APP1
Most of the times when the client types the url, the dual sessions goes to one Webserver as per round robin (eg web server 1) & the webserver 1 communicates with Application server as per round robin (eg.application server 1).
Problem:
Now at times when the client types the url, the dual sessions gets split which means one session goes to one webserver & the other session goes to second webserver.Ideally it should not as per the application demands.
When this happens, both the webservers communicates with both the application servers.Here is where the problem happens.The client is asked for the login page again which indicates that the client has went to the second application server for the login.
What ideally should happen is the client should stick to the same application server depending up the sticky timeout.
Foll. is the output of show conns when prob occurs:
Primary-ACE/DMZ2# sh conn serverfarm SF-8888
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+
1321 1 in TCP 2504 172.21.46.34:2037 172.24.51.200:8888 ESTAB
1255 1 out TCP 2704 172.24.51.33:8888 172.21.46.34:2037 ESTAB
1108 2 in TCP 2504 172.21.46.34:2036 172.24.51.200:8888 ESTAB
1144 2 out TCP 2704 172.24.51.32:8888 172.21.46.34:2036 ESTAB
Primary-ACE/APP# sh conn serverfarm SF-8888
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+
959 2 in TCP 2507 172.24.51.32:58306 172.24.54.200:8888 ESTAB
115 2 out TCP 2707 172.24.54.32:8888 172.24.51.32:58306 ESTAB
651 2 in TCP 2507 172.24.51.33:51030 172.24.54.200:8888 ESTAB
901 2 out TCP 2707 172.24.54.33:8888 172.24.51.33:51030 ESTAB
I have attached the configs.
The web server we are testing is 172.24.51.32 & 33 - port 8888
Application servers - 172.24.54.32 & 33-port 8888
Rgds./Sachin

Sachin~
What is exactly your flow?
Is client hitting the Webserver farm (in web server context) and then Web servers hitting the APPs Servers in the APPS server context?
If thats the case (only Web servers are App server clients and client is not hitting application serverfarm ) then you can use source ip based sticky in APP server farm which will ensure that one web server sticks to a particular APP server and it never changes the APP server.
Following example will insert cookie named "Mycookie" in the server responses from APP1 rservers to the client
rserver host App1-Srvr1
ip address 192.168.1.1
inservice
rserver host App1-Srvr2
ip address 192.168.1.2
inservice
serverfarm host APP1-SFARM
rserver App1-Srvr1
inservice
rserver App1-Srvr2
inservice
class-map match-any APP1-VIP
2 match virtual-address 10.10.10.1 tcp eq www
sticky http-cookie MYcookie App1-sticky
cookie insert
timeout 720
replicate sticky
serverfarm App1-Sfarm
policy-map type loadbalance first-match APP1-POLICY
class class-default
sticky-serverfarm App1-sticky
policy-map multi-match VIPS
class VIP-P80
loadbalance vip inservice
loadbalance policy APP1-POLICY
loadbalance vip icmp-reply active
HTH
Syed Iftekhar Ahmed

URL-learn cookie stickiness method

Similar Messages

Maybe you are looking for