Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
5
Helpful
5
Replies

Catalyst 6500 CSM-S Cookie stickiness timout ?

Go to solution
SDaniels1
Level 1
Level 1

‎05-11-2011 03:56 AM

Hi, anyone able to help with this ?


We have a CSM-S sitting in a 6513, at the moment we have IP stickiness applied for a Vserver/Serverfarm. The back end product vendor advises that cookie stickiness would be more appropriate for their application.

I have been scratching my head around the timeout of the inserted cookies; whatever I do they persist seemingly indefinitely, for example:


Just a test configuration with a 10minute sticky timout.


!

serverfarm applicationA

  nat server

  nat client applicationA_pool

  failaction reassign

  real 1.1.1.1

   inservice

  real 1.1.1.2

   inservice

  health retries 1 failed 120

  probe applicationA_probe

!

sticky 1 cookie applicationA_sticky insert timeout 10

!

vserver applicationA-HTTP

  virtual 2.2.2.10 tcp www

  unidirectional

  serverfarm applicationA

  sticky 10 group 1

  no persistent rebalance

  inservice

!

Doing show mod csm 1 sticky

group   sticky-data              real                  timeout

----------------------------------------------------------------

1       cookie F5BF7115:F80EA688 1.1.1.1           0

1       cookie 4AFC972B:BB722437 1.1.1.2           0

Then a show mod csm 1 sticky config

Group  NumEntries Timeout  Type

------------------------------------------------------------

1             82                           10        cookie-insert applicationA_sticky

When browsing to the VIP I see the application page via one of the reals. For the sake of the test I am using round-robin. Without cookies applied my browser will bounce between reals (I turned off persistent rebalance during testing) as expected.

With a sticky cookie inserted the browser stays on one of the real’s, however the timeout which I have applied does not work. The client will stay stuck to the real almost indefinitely (the actual cookie expiry is 2099!).

The online documentation advised that the method I am using should work as expected:


Quote

This example shows how to configure a virtual server named barnett, associate it with the server farm named bosco, and configure a sticky connection with a duration of 50 minutes to sticky group 12:

Router(config)# mod csm 2

Router(config-module-csm)# sticky 1 cookie foo timeout 100

Router(config-module-csm)# exit

Router(config-module-csm)#

Router(config-module-csm)# serverfarm bosco

Router(config-slb-sfarm)# real 10.1.0.105

Router(config-slb-real)# inservice

Router(config-slb-real)# exit

Router(config-slb-sfarm)#

Router(config-slb-sfarm)# vserver barnett

Router(config-slb-vserver)# virtual 10.1.0.85 tcp 80

Router(config-slb-vserver)# serverfarm bosco

Router(config-slb-vserver)# sticky 50 group 12

Router(config-slb-vserver)# inservice

Router(config-slb-vserver)# exit

Router(config-module-csm)# end

End Quote


I am guessing that sticky group 12 / 1 is a typo


Looking at the documentation, sticky can also be applied not in the vserver config but in a policy (this is how we are doing IP stickiness). I have tried both methods. Same result.

I am natting the client address to a private pool which then talks to the reals (and back). Would'nt expect this to be any issue.

The CSM is running Software version: 4.3(5).

Any help appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee
In response to SDaniels1

‎05-12-2011 04:15 AM

Hi Simon,

I'm afraid it's not possible to set a specific timeout value. The only thing you can modify is the COOKIE_INSERT_EXPIRATION_DATE variable, which is a static value.

Regards

Daniel

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎05-11-2011 05:31 AM

Simon

This is not the right forum for these sorts of questions.

If you move this post into "Data Center -> Application Networking" then you should get  the help you need.

Jon

Go to solution
Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎05-12-2011 02:33 AM

Good mornign Simon,

The behavior you are seeing is the expected one.

When the CSM is configured for cookie insertion, a static cookie value is created in the sticky table for each server. This is the cookie that is being inserted, using as expiration date the one defined in the COOKIE_INSERT_EXPIRATION_DATE variable.

With this stickiness method, there is no need to use a timeout, because, since the sticky table will only contain one entry for each server, it will never become full.

Quoting from the documentation:

Note     The
 configurable timeout values are not applied when using cookie insert.  
You can adjust the timeout value using the environment variables.

If you don't want to keep the cookies in the client for that long, another approach you can use is setting an empty date in the COOKIE_INSERT_EXPIRATION_DATE variable. When doing that, the cookie will be inserted without an expiration date, so it will be cleared when the browser is closed.

I hope this answers your question

Regards

Daniel

0 Helpful

Go to solution
SDaniels1
Level 1
Level 1
In response to Daniel Arrondo Ostiz

‎05-12-2011 03:19 AM

Thanks for the information Daniel.

I did notice that applying the configuration then viewing the sticky table showed the lines for the reals immediately, rather than being populated with connections like IP stickies.

So with my current configuration if I had 10 clients and 2 'reals', once all 10 have made an initial connection and obtained a cookie am I correct to say that they would then be stuck to one of the 'reals' until the expiry of the cookie (2099) ?


This is not the behaviour I am looking for. I did as you advised:

variable COOKIE_INSERT_EXPIRATION_DATE ""

This works fine, now my clients have cookies which expire at the end of the session. Thanks!

Although this method will work for me I would still prefer to set an actual timeout (say 24hours) on my cookies. Do you know the configuration which would achieve this?

Given that the documentation mentions timeouts and the command syntax includes it I would assume that this is possible ?


Many thanks again for the help.


Simon.

0 Helpful

Go to solution
Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee
In response to SDaniels1

‎05-12-2011 04:15 AM

Hi Simon,

I'm afraid it's not possible to set a specific timeout value. The only thing you can modify is the COOKIE_INSERT_EXPIRATION_DATE variable, which is a static value.

Regards

Daniel

0 Helpful

Go to solution
SDaniels1
Level 1
Level 1
In response to Daniel Arrondo Ostiz

‎05-12-2011 06:23 AM

OK, thanks for the definitive answer Daniel.

I shall have to settle for session timeout and be done.

Ta!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents