cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1268
Views
0
Helpful
7
Replies

ACE sticky inconsistant

arthurlove
Level 1
Level 1

i dotn seem to be getting a round robin effect on any of the 8 web servers being load balanced.

example from sh sticky database group GROUPn

  4427481407323410243   WEB-SRV2:0             0              -

  2452774824762134266   WEB-SRV1:0             0              -

  8113453920705035427   WEB-SRV1:0             0              -

  17215884597540077782  WEB-SRV1:0             0              -

  123286896185049456    WEB-SRV2:0             0              -

  13101217844384152730  WEB-SRV2:0             0              -

  8462688148628735445   WEB-SRV2:0             0              -

  8799530925601492925   WEB-SRV1:0             0              -

  9158066764881164093   WEB-SRV1:0             208            -

  4233929232369710669   WEB-SRV1:0             469            -

  652881741833831225    WEB-SRV1:0             730            -

  11929551358522611685  WEB-SRV2:0             935            -

  2201018326228455336  WEB-SRV2:0             1024           -

  540836670260610939    WEB-SRV2:0             1406           -

  4341078594550796939   WEB-SRV1:0             1567           -

MY STICKY CONFIG

sticky http-cookie JSESSIONID GROUP6
  replicate sticky
  serverfarm WEB_FARM1_FARM

any ideas ?

Thanks in advance

1 Accepted Solution

Accepted Solutions

As soon as you enable stickyness you can't see if the box is doing the correct predictor function.

This is because stickyness has a higer importance.

For example, take 2 users, they should be RR to your 2 servers.

But one user open 100 connections very quickly and then nothing and the other user open only 1 connection very hour.

Any command you use will show you that the first rserver got 100 connections and the 2nd one just a few.

You will also see the 2nd one getting all new connections.

And you could also see a single entry in your sticky database once the first user entry times out.

And during this time, ACE is working correctly.

As you can see with a basic example, it is impossible to guarantee even load distribution.

This is the result of stickyness.

Nothing you can do about this.

Gilles.

View solution in original post

7 Replies 7

Please, paste your config here. That should help to find answer.

Configs - ip etc removed

rserver host WEB-SRV1
   ip address nnnnn
  probe SRV_PROBE
  inservice
rserver host WEB-SRV2
  ip address nnnnn
  probe SRV_PROBE
  inservice

serverfarm host WEB_FARM
    rserver WEB-SRV1
    inservice
  rserver WEB-SRV2
    inservice
serverfarm host HTTPS_FARM
    rserver WEB-SRV1 443
    inservice
  rserver WEB-SRV2 443
    inservice

ssl-proxy service NAME_SSL_PROXY
  key name.key
  cert name.crt
  chaingroup NAME_CHAINGP

sticky http-cookie JSESSIONID GROUP1
  replicate sticky
  serverfarm WEB_FARM

class-map match-all HTTPS_VIP
  2 match virtual-address nnnn tcp eq https
class-map match-all WEB_VIP
  2 match virtual-address nnnn tcp eq www

policy-map type loadbalance first-match HTTPS_LB_POL
  class class-default
    sticky-serverfarm GROUP1
    insert-http X-Forward-For header-value "%is"
    ssl-proxy client NAME_SSL_PROXY

policy-map type loadbalance first-match WEB_LB_POL
  class class-default
    sticky-serverfarm GROUP1
    insert-http X-Forward-For header-value "%is"

policy-map multi-match CLIENT_VIPS
  class WEB
    loadbalance vip inservice
    loadbalance policy WEB_LB_POL
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 151

policy-map multi-match HTTPS_VIPS
  class HTTPS
    loadbalance vip inservice
    loadbalance policy HTTPS_LB_POL
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 151

interface vlan 15
  description WEB DMZ
  ip address nnn 255.255.255.192
  alias nnn  255.255.255.192
  peer ip address nnn  255.255.255.192
  no normalization
  no icmp-guard
  access-group input any
  access-group output any
  nat-pool 1 nnn nnn+1 netmask 255.255.255.192 pat
  service-policy input REMOTE_MGT
  no shutdown
interface vlan 90
  description CLIENT-FACING VLAN
  ip address nnn 255.255.255.240
  alias nnn 255.255.255.240
  peer ip address nnn 255.255.255.240
  mtu 1500
  no normalization
  no icmp-guard
  access-group input any
  access-group output any
  service-policy input REMOTE_MGT
  service-policy input HTTPS_VIPS
  service-policy input CLIENT_VIPS
  no shutdown

The topology is active/active the NAT is to route traffic back the way it came in - the servers use have static routes configured  to work with the ACE NAT

if you look at the show sticky database, you get the list of cookie.

So basically, the list of clients that connected to Web_farm.

Those clients, when they connect for the first time do not havve any cookie and therefore the default predictor method is used to loadbalance them.

That is roundrobin.

So, indeed you should see a roundrobin distribution of the cookie.

However, if some clients stay active while others are idle, the sticky entry can timeout faster for some clients vs others.

And therefore, it is hard to maintain an even number of entries between the servers.

In conclusion, the command you are using can't be used to determine if ACE is correctly doing roundrobin or not.

Gilles.

Thanks Gilles

... OK so then sh rserver is the way to show that RR LB is working ?

As soon as you enable stickyness you can't see if the box is doing the correct predictor function.

This is because stickyness has a higer importance.

For example, take 2 users, they should be RR to your 2 servers.

But one user open 100 connections very quickly and then nothing and the other user open only 1 connection very hour.

Any command you use will show you that the first rserver got 100 connections and the 2nd one just a few.

You will also see the 2nd one getting all new connections.

And you could also see a single entry in your sticky database once the first user entry times out.

And during this time, ACE is working correctly.

As you can see with a basic example, it is impossible to guarantee even load distribution.

This is the result of stickyness.

Nothing you can do about this.

Gilles.

thanks this is now clearer to me

Hello,

There is an issue in your sticky configuration.

You have to put the command "cookie insert" in your http_cookie group

like this:

sticky http-cookie JSESSIONID GROUP1
  replicate sticky

  cookie insert
  serverfarm WEB_FARM

In my configuration, when I remove it , stickyness don't work.

Rgds

Philippe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: