ACE module client connecting to several realservers while stickyness enabled

javiercastro · ‎03-17-2010

Hi All,

I have the following issue with an ACE Module configured for source-destination IP stickyness ("both" keyword).

The client is accessing a web service through a configured VIP. No proxy is used so each individual client IP address is used to establish the connection.

In some cases the client gets connected to the server, when trying to retrieve the information needed he gets blank information from the corporate web page. When this happens the following connections to the realservers are present:

ACE01/WEB# sh conn rserver SERVER1 | include 172.16.88.62
ACE01/WEB# sh conn rserver SERVER2 | include 172.16.88.62
3650       1 in TCP   70   172.16.88.62:3775     172.16.240.25:80      ESTAB
ACE01/WEB# sh conn rserver SERVER-3 | include 172.16.88.62
1356       1 in TCP   70   172.16.88.62:3778     172.16.240.25:80      ESTAB
4237       1 in TCP   70   172.16.88.62:3780     172.16.240.25:80      ESTAB
4823       2 in TCP   70   172.16.88.62:3777     172.16.240.25:80      ESTAB

As far as I know, stickyness means that one client should be hitting the same realserver while his connections are active.

The following configuration is been used:

rserver host SERVER1
ip address x.x.x.4
inservice
rserver host SERVER2
ip address x.x.x.5
inservice
rserver host SERVER3
ip address x.x.x.6
inservice
serverfarm host SERVER
rserver SERVER1
    inservice
rserver SERVER2
    inservice
rserver SERVER3
    inservice
sticky ip-netmask 255.255.255.0 address both SERVER
replicate sticky
serverfarm SERVER
policy-map type loadbalance http first-match SERVER
class class-default
    sticky-serverfarm SERVER
    insert-http x-forward header-value "%is"
class L4VIPCLASS6
    loadbalance vip inservice
    loadbalance policy SERVER
    loadbalance vip icmp-reply active
    loadbalance vip advertise active
    nat dynamic Y vlan ZZ

Important to mention that this is a random behaviour.

Anyone with a good guess regarding this issue?

dario.didio · ‎03-18-2010

Hi,

Can you paste the output of "show sticky database client 172.16.88.62" when this client connects to the VIP?

Do you have enough resources allocated for sitckyness in your resource class? (show resource usage)

HTH,

Dario

javiercastro · ‎03-18-2010

I have the following information from the commands you metioned:

ACE0# show sticky database client 172.16.88.66
sticky group : IPRIS
type         : IP
timeout      : 1440          timeout-activeconns : FALSE
sticky-entry          rserver-instance                 time-to-expire flags
---------------------+--------------------------------+--------------+-------+
12398506534061010944 IPRIS-2:0                        86400          -
sticky group : WEBINT
type         : IP
timeout      : 1440          timeout-activeconns : FALSE
sticky-entry          rserver-instance                 time-to-expire flags
---------------------+--------------------------------+--------------+-------+
2886752256            WEBINT-2:0                       84914          -

ACE0# show resource usage
                                                     Allocation
        Resource         Current       Peak        Min        Max       Denied
-------------------------------------------------------------------------------
Context: WEB
conc-connections           5993       9697          0    8000000          0
mgmt-connections              2        546          0     100000          0
proxy-connections           223       2391          0    1048574          0
xlates                        0          0          0    1048574          0
bandwidth               7845848   38513059          0 1125000000          0
    throughput            7842509   34062595          0 1000000000          0
    mgmt-traffic rate        3339    4450464          0 125000000          0
connection rate             200       4326          0    1000000          0
ssl-connections rate          0          0          0       1000          0
mac-miss rate                 0         29          0       2000          0
inspect-conn rate             0          0          0       6000          0
acl-memory                10528      10600          0   78610432          0
sticky                      209        209        418          0          0
regexp                        0          0          0    1048576          0
syslog buffer           4189184    4189184          0    4194304          0
syslog rate                 399       8167          0     100000          0

ACE0# sh conn rserver SERVER1 | include 172.16.88.66
72         1 in TCP   70   172.16.88.66:1520     172.16.240.25:80      ESTAB
ACE0# sh conn rserver SERVER2 | include 172.16.88.66
4289       1 in TCP   70   172.16.88.66:1522     172.16.240.25:80      ESTAB
1565       2 in TCP   70   172.16.88.66:1523     172.16.240.25:80      ESTAB
ACE0# sh conn rserver SERVER3 | include 172.16.88.66
1557       2 in TCP   70   172.16.88.66:1525     172.16.240.25:80      ESTAB

I believe that means something is wrong with stickyness for group SERVER because I'm using the same configuration for groups IPRIS & WEBINT, the same client is connected only to one realserver for those groups.

Regarding the "show resource usage" command output could it be a matter of resources exhausted for stickyness? Current value equals peak value, how could I change this values?

Many thanks for your support.

javiercastro · ‎03-18-2010

By the way.... sticky resources configuration:

resource-class sticky
limit-resource all minimum 0.00 maximum unlimited
limit-resource sticky minimum 0.01 maximum unlimited

.

context XXX
allocate-interface vlan Y-Z
member sticky

If the issue is being caused by wrong resource configuration, is there any recommendation to do this?

dario.didio · ‎03-22-2010

Hi,

Can you post your complete config, because the output of the commands does not reflect the config you posted earlier...

Thanks,
Dario

javiercastro · ‎03-22-2010

here it goes..