cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1492
Views
0
Helpful
9
Replies

Ace ip stickyness

fabio.marino
Level 1
Level 1

Hi all,

I would like to better understand the following command

sticky ip-netmask netmask address {source | dest | both} name         

Honestly I am not able to figure out the effect of this command.

In particular I would like to focus on the keyword 'netmask' , 'destination' and 'both'

I only got that

  • Using the source then all connections from the same source will be stick always to the same real server

     Any tips?

Thanks 

1 Accepted Solution

Accepted Solutions

Hi Fabio,

Yes you are correct with your understanding.

Regards,

Kanwal

View solution in original post

9 Replies 9

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi Fabio,

address—Specifies the IP address used for stickiness. Enter one of the following options after the address keyword:

–source—Specifies that the ACE use the client source IP address to stick the client to a server. You typically use this keyword in web application environments.

–destination—Specifies that the ACE use the destination address specified in the client request to stick the client to a server. You typically use this keyword in caching environments.

–both—Specifies that the ACE use both the source IP address and the destination IP address to stick the client to a server.

Netmask can be either 255.255.255.255 (host based /32) or can be anything like 255.255.255.0 etc. So you can tell to stick the connections based on per client IP or enture subnet.

When using subnet on modules be careful since ACE may use only 1 network processor for sticky and that can be a problem if you have a lot of traffic for sticky.

From user guide:

Note: (ACE module only) If you configure a network mask other than 255.255.255.255 (/32), the ACE module may populate the sticky entries only on one of its four network processors which may reduce the number of available sticky entries by 25 percent. This reduction in resources may cause problems when heavy sticky use occurs on the ACE module.

So using netmask as 255.255.255.255 is the efficient way.

Regards,

Kanwal

Hi Singh,

Thanks for the reply. I already read the information provided by you in the user guide. Problem form the user guide is that no practical example are provided. Can you do a practical example of the meaning of netmask? Honestly I did not get you and the user guide as wel at this point . What will be the effect of /32 or /28 in terms of connections bound on the same real server?

From a different forum I read

Netmask specifies, how many connections will be bound to the same real server / farm, etc., after first match.

It seems that if we are going to use a configuration like

sticky ip-netmask 255.255.255.0 address source yyy-xxx-443-sticky

The load balancer should:

- Looks at the source ip of the incoming request

- Apply the netmask to the source IP but in this way all the request will be bounded to the the same real server!!! Where is the balance of the load here?????

Moreover, normally the request is based on client ip and vip. Where is the destination ip? If the destinaton ip is the real server then in the request you should specify it but it makes no sense. Could you please clarify?

Thanks.

Hi Fabio,

Let me give you an example:

Client 1---->1.1.1.1

Client 2---->1.1.2.1

Clinet 3---->1.1.1.3

Client 1 hits the VIP , gets loadbalanced to rserver A. Client 2 comes and ACE founds that there is no matching connection( it doesn't match the sticky entry )so gets loadbalanced to Rserver B.

Client 3 hits the VIP and gets loadbalanced to Rserver A again since it will match the sticky entry.

This is when you are using sticky IP based on netmask 255.255.255.0 It will match complete subnet.

If you had been using the source IP based on netmask 255.255.255.255 then all three clients 1, 2 and 3 would have been loadbalanced.

Now, regarding the sticky based on destination IP as it says it sticks the connections based on destination IP and is used in caching environments so that request for same destination is sent to same server/caching engine. I haven't done it myself  but it might be helpful in configurations like DSR where ACE doesn't do destination NAT and simply rewrites the destination MAC to give the traffic to server.

Both source and destination would be useful for similar scenario as well.

Regards,

Kanwal

Hi Kanwal,

If you had been using the source IP based on netmask 255.255.255.255 then all three clients 1, 2 and 3 would have been loadbalanced. -> I agree with you

What about the netmask 255.255.255.0? In this case I think that the load balancer will balance only on one real server.

Do you agree?

Hi Fabio,

If it was netmask 255.255.255.0, Client 1 and client 3 would have gone to same server but client 2 would have been loadbalanced.

Regards,

Kanwal

HI,

I agree.

So we can coclcude that if all the clients belong to the network 1.1.1.x/24 and we are using source ip stickyness with nextmask 24, then no load balacing is possible. All the request will go to the same real server.

Do you agree?

Hi Fabio,

Yes you are correct with your understanding.

Regards,

Kanwal

OK,

I think I can close here the discussion. I am wondering about this behaviour of the stickyness and should be nice to understand benefits and not of using different kind of subnets but this is out of scope here.

Thanks Singh.

Regards,

Fabio.

Hi Fabio,

You are welcome!

Regards,

Kanwal

Review Cisco Networking for a $25 gift card