Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1492
Views
0
Helpful
9
Replies

Ace ip stickyness

Go to solution
fabio.marino
Level 1
Level 1

‎11-27-2013 02:30 PM

Hi all,

I would like to better understand the following command

sticky ip-netmask netmask address {source | dest | both} name         

Honestly I am not able to figure out the effect of this command.

In particular I would like to focus on the keyword 'netmask' , 'destination' and 'both'

I only got that

  • Using the source then all connections from the same source will be stick always to the same real server

     Any tips?

Thanks 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to fabio.marino

‎11-28-2013 06:04 AM

Hi Fabio,

Yes you are correct with your understanding.

Regards,

Kanwal

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎11-27-2013 02:38 PM

Hi Fabio,

address—Specifies the IP address used for stickiness. Enter one of the following options after the address keyword:

–source—Specifies that the ACE use the client source IP address to stick the client to a server. You typically use this keyword in web application environments.

–destination—Specifies that the ACE use the destination address specified in the client request to stick the client to a server. You typically use this keyword in caching environments.

–both—Specifies that the ACE use both the source IP address and the destination IP address to stick the client to a server.

Netmask can be either 255.255.255.255 (host based /32) or can be anything like 255.255.255.0 etc. So you can tell to stick the connections based on per client IP or enture subnet.

When using subnet on modules be careful since ACE may use only 1 network processor for sticky and that can be a problem if you have a lot of traffic for sticky.

From user guide:

Note: (ACE module only) If you configure a network mask other than 255.255.255.255 (/32), the ACE module may populate the sticky entries only on one of its four network processors which may reduce the number of available sticky entries by 25 percent. This reduction in resources may cause problems when heavy sticky use occurs on the ACE module.

So using netmask as 255.255.255.255 is the efficient way.

Regards,

Kanwal

0 Helpful

Go to solution
fabio.marino
Level 1
Level 1
In response to Kanwaljeet Singh

‎11-27-2013 10:35 PM

Hi Singh,

Thanks for the reply. I already read the information provided by you in the user guide. Problem form the user guide is that no practical example are provided. Can you do a practical example of the meaning of netmask? Honestly I did not get you and the user guide as wel at this point . What will be the effect of /32 or /28 in terms of connections bound on the same real server?

From a different forum I read

Netmask specifies, how many connections will be bound to the same real server / farm, etc., after first match.

It seems that if we are going to use a configuration like

sticky ip-netmask 255.255.255.0 address source yyy-xxx-443-sticky

The load balancer should:

- Looks at the source ip of the incoming request

- Apply the netmask to the source IP but in this way all the request will be bounded to the the same real server!!! Where is the balance of the load here?????

Moreover, normally the request is based on client ip and vip. Where is the destination ip? If the destinaton ip is the real server then in the request you should specify it but it makes no sense. Could you please clarify?

Thanks.

0 Helpful

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to fabio.marino

‎11-28-2013 04:57 AM

Hi Fabio,

Let me give you an example:

Client 1---->1.1.1.1

Client 2---->1.1.2.1

Clinet 3---->1.1.1.3

Client 1 hits the VIP , gets loadbalanced to rserver A. Client 2 comes and ACE founds that there is no matching connection( it doesn't match the sticky entry )so gets loadbalanced to Rserver B.

Client 3 hits the VIP and gets loadbalanced to Rserver A again since it will match the sticky entry.

This is when you are using sticky IP based on netmask 255.255.255.0 It will match complete subnet.

If you had been using the source IP based on netmask 255.255.255.255 then all three clients 1, 2 and 3 would have been loadbalanced.

Now, regarding the sticky based on destination IP as it says it sticks the connections based on destination IP and is used in caching environments so that request for same destination is sent to same server/caching engine. I haven't done it myself  but it might be helpful in configurations like DSR where ACE doesn't do destination NAT and simply rewrites the destination MAC to give the traffic to server.

Both source and destination would be useful for similar scenario as well.

Regards,

Kanwal

0 Helpful

Go to solution
fabio.marino
Level 1
Level 1
In response to Kanwaljeet Singh

‎11-28-2013 05:29 AM

Hi Kanwal,

If you had been using the source IP based on netmask 255.255.255.255 then all three clients 1, 2 and 3 would have been loadbalanced. -> I agree with you

What about the netmask 255.255.255.0? In this case I think that the load balancer will balance only on one real server.

Do you agree?

0 Helpful

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to fabio.marino

‎11-28-2013 05:32 AM

Hi Fabio,

If it was netmask 255.255.255.0, Client 1 and client 3 would have gone to same server but client 2 would have been loadbalanced.

Regards,

Kanwal

0 Helpful

Go to solution
fabio.marino
Level 1
Level 1
In response to Kanwaljeet Singh

‎11-28-2013 05:40 AM

HI,

I agree.

So we can coclcude that if all the clients belong to the network 1.1.1.x/24 and we are using source ip stickyness with nextmask 24, then no load balacing is possible. All the request will go to the same real server.

Do you agree?

0 Helpful

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to fabio.marino

‎11-28-2013 06:04 AM

Hi Fabio,

Yes you are correct with your understanding.

Regards,

Kanwal

0 Helpful

Go to solution
fabio.marino
Level 1
Level 1
In response to Kanwaljeet Singh

‎11-28-2013 06:16 AM

OK,

I think I can close here the discussion. I am wondering about this behaviour of the stickyness and should be nice to understand benefits and not of using different kind of subnets but this is out of scope here.

Thanks Singh.

Regards,

Fabio.

0 Helpful

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to fabio.marino

‎11-28-2013 06:30 AM

Hi Fabio,

You are welcome!

Regards,

Kanwal

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card