topic Re: Cookie question in Application Networking

Cookie question

kirit_patel — Thu, 02 Apr 2009 21:32:32 GMT

folks

I have cisco ACE blade and I have 2 questions

2. Size of HTTP header/cookie the LB can accept to maintain the stickiness, is there any size limitation for cookie size?

3. Any fallback for stickiness if it doesn't support large header/cookie size

Re: Cookie question

Syed Iftekhar Ahmed — Thu, 02 Apr 2009 21:45:50 GMT

By Default ACE can parse header of 4K Bytes . This default value can be changed using a http type parameter map.

The maximum an ACE can parse is 64K.

Following is an example to change it to maximum.

parameter-map type http APP1_PARAM_MAP

set header-maxparse-length 65535

then apply this parameter-map to the policy

policy-map multi-match xyz

class APP1

loadbalance vip inservice

loadbalance policy xxx

loadbalance vip icmp-reply

appl-parameter http advanced-options APP1_PARAM_MAP

Syed

Re: Cookie question

kirit_patel — Fri, 03 Apr 2009 01:03:47 GMT

syed

thanks

If incase the http header exceeds 4kbytes what will happen to the persistence? Does it fall back to sticky by IP?

Is there a way we can setup session using ASP.NET session ID

Re: Cookie question

Syed Iftekhar Ahmed — Fri, 03 Apr 2009 01:25:45 GMT

If a cookie, HTTP header, or URL

exceeds the default value, the ACE drops the packet and sends a RST

(reset) to the client browser.

This behavior can be changed using "length-exceed continue", however

I dont recommend this.

Its better to increase the Header parse length to the header length expected by your app.

Syed

Re: Cookie question

kirit_patel — Fri, 03 Apr 2009 01:40:10 GMT

syed thanks

The client is asking for following and asking if it can be configured

1. Verify that the load balancer (LB) is configured to load balance jpeg files.

2. Review the configuration of the LB; the load balancer should be configured to balance requests based on the ASP.Net session id of the request.

3. Define the maximum size of HTTP header the LB is configured to handle.

4. Define the LB fallback configuration if the HTTP header size is exceeded.

Here is my current config:

serverfarm host xxx.x.xxx.xx-443

probe TCP_443

rserver nj09app515 443

inservice

rserver nj09app517

inservice

serverfarm host xxx.x.xxx.xx-80

probe TCP_NEW_80

rserver nj09app515 80

inservice

rserver nj09app517 80

inservice

sticky http-cookie INF_COOKIE xxx.x.xxx.xx-80_STICKY

cookie insert

timeout 30

replicate sticky

serverfarm xxx.x.xxx.xx-80

sticky ip-netmask 255.255.255.0 address source xxx.x.xxx.xx-443_STICKYIP

replicate sticky

serverfarm 204.8.132.74-443

class-map match-all xxx.x.xxx-443_CLASS

2 match virtual-address xxx.x.xxx.xx tcp eq https class-map match-all xxx.x.xxx.xx-80_CLASS

2 match virtual-address xxx.x.xxx.xx tcp eq www

Re: Cookie question

Syed Iftekhar Ahmed — Fri, 03 Apr 2009 06:45:56 GMT

1. Its Do-able

2. Use a sniffer check the static portion of Jsession-ID (usually its 10 bytes from offset 53). Following is the config for offset53,length10

sticky http-cookie JSESSIONID stitcky1

cookie offset 53 length 10

serverfarm APP1-SF

policy-map type loadbalance first-match APP1-POLICY

class class-default

sticky-serverfarm stitcky1

3. As I mentioned earlier, use sniffer check the size of the header for regular traffic. If its more than the default ACE value then adjust it using

parameter-map type http APP1_PARAM_MAP

set header-maxparse-length

4. By default packet is dropped & RST is sent by ACE. If you want to change this behavior then use "length-exceed continue" to allow such packets through ACE.

Syed