Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
774
Views
0
Helpful
5
Replies

Arrowpoint Cookies, Reverse Proxy and Multiplexed Client Requests

egl.davidfarrell
Level 1
Level 1

‎06-05-2009 07:23 AM

Hi,

I have a reverse proxy which is performing SSL offload and making backend connections to two web servers. Between the reverse proxy and the two webservers, a CSS is in place to load balance between the web servers. There is a requirement for session stickiness on the web servers and since client IP details are lost through the reverse proxy I have used the arrowpoint-cookie method to load balance connections.

However, the reverse proxy seems to make only a handful of connections to the servers compared to the number incoming client connections and we have noticed that stickiness is broken. Now, I would assume this is correct if arrowpoint-cookie makes a load balancing based on the first HTTP get in a tcp stream and not on a per transaction basis AND our reverse proxy is multiplexing client requests. However, I can not convince myself of how the arrowpoint-cookie method actually works.

I wondered if anyone had any insight on this or had experienced similar issues with arrowpoint cookies?

Labels:
0 Helpful
5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

‎06-08-2009 01:10 AM

We can loadbalance per request.

You need :

CSS11503(config)# persistence reset remap

CSS11503(config)# owner gdufour

CSS11503(config-owner[gdufour])# content WWW

CSS11503(config-owner-content[gdufour-WWW])# no persistent

This should work.

Also make sure you increase the idle timeout, with a flow-timeout-multiplier because we do not "remap" connection that are considered idle.

Gilles.

0 Helpful

egl.davidfarrell
Level 1
Level 1
In response to Gilles Dufour

‎06-08-2009 01:18 AM

Hi Giles,

Thanks very much for your response. I will look at the configuration and applying it, and will let you know how things go.

Just to confirm, using this configuration would inspect the arrowpoint cookie on each HTTP GET? Are you also aware if this will work with the POST method?

Thanks again,

David.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to egl.davidfarrell

‎06-08-2009 02:07 AM

Davi,

it will also work the POST method.

Gilles.

0 Helpful

egl.davidfarrell
Level 1
Level 1
In response to Gilles Dufour

‎06-08-2009 02:10 AM

Hi Gilles,

That's brilliant, I have just read up on it in the config guides and will look to implement ASAP.

Thanks again (and apologies for mispelling your name on the earlier post!).

All the best,

David.

0 Helpful

egl.davidfarrell
Level 1
Level 1
In response to Gilles Dufour

‎06-16-2009 04:44 AM

Hi Gilles,

I have implemented this today, and we are still seeing issues with requests hitting the wrong server.

A bit more info, the reverse proxy is an AXG Web Aopplication Firewall. I have been looking at this and am considering disabling connection re-use on here.

However I am also wondering if this might be to do with the flow timeout multiplier I am using which is 5 (80 seconds). Perhaps this is too low?

Thanks, David.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card