05-11-2011 03:56 AM
Hi, anyone able to help with this ?
We have a CSM-S sitting in a 6513, at the moment we have IP stickiness applied for a Vserver/Serverfarm. The back end product vendor advises that cookie stickiness would be more appropriate for their application.
I have been scratching my head around the timeout of the inserted cookies; whatever I do they persist seemingly indefinitely, for example:
Just a test configuration with a 10minute sticky timout.
!
serverfarm applicationA
nat server
nat client applicationA_pool
failaction reassign
real 1.1.1.1
inservice
real 1.1.1.2
inservice
health retries 1 failed 120
probe applicationA_probe
!
sticky 1 cookie applicationA_sticky insert timeout 10
!
vserver applicationA-HTTP
virtual 2.2.2.10 tcp www
unidirectional
serverfarm applicationA
sticky 10 group 1
no persistent rebalance
inservice
!
Doing show mod csm 1 sticky
group sticky-data real timeout
----------------------------------------------------------------
1 cookie F5BF7115:F80EA688 1.1.1.1 0
1 cookie 4AFC972B:BB722437 1.1.1.2 0
Then a show mod csm 1 sticky config
Group NumEntries Timeout Type
------------------------------------------------------------
1 82 10 cookie-insert applicationA_sticky
When browsing to the VIP I see the application page via one of the reals. For the sake of the test I am using round-robin. Without cookies applied my browser will bounce between reals (I turned off persistent rebalance during testing) as expected.
With a sticky cookie inserted the browser stays on one of the real’s, however the timeout which I have applied does not work. The client will stay stuck to the real almost indefinitely (the actual cookie expiry is 2099!).
The online documentation advised that the method I am using should work as expected:
Quote
This example shows how to configure a virtual server named barnett, associate it with the server farm named bosco, and configure a sticky connection with a duration of 50 minutes to sticky group 12:
Router(config-module-csm)# sticky 1 cookie foo timeout 100
Router(config-module-csm)# exit
Router(config-module-csm)# serverfarm bosco
Router(config-slb-sfarm)# real 10.1.0.105
Router(config-slb-real)# inservice
Router(config-slb-sfarm)# vserver barnett
Router(config-slb-vserver)# virtual 10.1.0.85 tcp 80
Router(config-slb-vserver)# serverfarm bosco
Router(config-slb-vserver)# sticky 50 group 12
Router(config-slb-vserver)# inservice
Router(config-slb-vserver)# exit
Router(config-module-csm)# end
End Quote
I am guessing that sticky group 12 / 1 is a typo
Looking at the documentation, sticky can also be applied not in the vserver config but in a policy (this is how we are doing IP stickiness). I have tried both methods. Same result.
I am natting the client address to a private pool which then talks to the reals (and back). Would'nt expect this to be any issue.
The CSM is running Software version: 4.3(5).
Any help appreciated.
Solved! Go to Solution.
05-12-2011 04:15 AM
Hi Simon,
I'm afraid it's not possible to set a specific timeout value. The only thing you can modify is the COOKIE_INSERT_EXPIRATION_DATE variable, which is a static value.
Regards
Daniel
05-11-2011 05:31 AM
Simon
This is not the right forum for these sorts of questions.
If you move this post into "Data Center -> Application Networking" then you should get the help you need.
Jon
05-12-2011 02:33 AM
Good mornign Simon,
The behavior you are seeing is the expected one.
When the CSM is configured for cookie insertion, a static cookie value is created in the sticky table for each server. This is the cookie that is being inserted, using as expiration date the one defined in the COOKIE_INSERT_EXPIRATION_DATE variable.
With this stickiness method, there is no need to use a timeout, because, since the sticky table will only contain one entry for each server, it will never become full.
Quoting from the documentation:
Note The
configurable timeout values are not applied when using cookie insert.
You can adjust the timeout value using the environment variables.
If you don't want to keep the cookies in the client for that long, another approach you can use is setting an empty date in the COOKIE_INSERT_EXPIRATION_DATE variable. When doing that, the cookie will be inserted without an expiration date, so it will be cleared when the browser is closed.
I hope this answers your question
Regards
Daniel
05-12-2011 03:19 AM
Thanks for the information Daniel.
I did notice that applying the configuration then viewing the sticky table showed the lines for the reals immediately, rather than being populated with connections like IP stickies.
So with my current configuration if I had 10 clients and 2 'reals', once all 10 have made an initial connection and obtained a cookie am I correct to say that they would then be stuck to one of the 'reals' until the expiry of the cookie (2099) ?
This is not the behaviour I am looking for. I did as you advised:
variable COOKIE_INSERT_EXPIRATION_DATE ""
This works fine, now my clients have cookies which expire at the end of the session. Thanks!
Although this method will work for me I would still prefer to set an actual timeout (say 24hours) on my cookies. Do you know the configuration which would achieve this?
Given that the documentation mentions timeouts and the command syntax includes it I would assume that this is possible ?
Many thanks again for the help.
Simon.
05-12-2011 04:15 AM
Hi Simon,
I'm afraid it's not possible to set a specific timeout value. The only thing you can modify is the COOKIE_INSERT_EXPIRATION_DATE variable, which is a static value.
Regards
Daniel
05-12-2011 06:23 AM
OK, thanks for the definitive answer Daniel.
I shall have to settle for session timeout and be done.
Ta!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide