Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
954
Views
0
Helpful
2
Replies

CISCO CMS HTTP and HTTPS Sticky

pedronovais
Level 1
Level 1

‎07-31-2011 12:43 AM

Hi,

We have a CISCO CMS and we have configured it to load balance some webs pages that can be reached with HTTP and HTTPS with Sticky session.

The problem we are facing is that once a computer is connected using a protocol we cannot change,

t0 - PC1 establishes connection using HTTP - Success

t0 - PC2 establishes connection using HTTPS -Success

t1 - PC1 -tries to establish connection using HTTPS - Failed

t1 - PC2 -tries to establish connection using HTTP - Failed

so once a PC establishes a connection using a protocol it is bounded to it. Both protocols are working simultaneously on the server side but we need to have them on the client side also

Below is the configuration on the CISCO CMS

sticky 30 netmask 255.255.255.240 address source

sticky 20 netmask 255.255.255.255 address source


natpool LB-PGW 172.21.148.20 172.21.148.20 netmask 255.255.255.0


probe SERVICE tcp
interval 3
failed 3

probe 8080 tcp
interval 3
no failed 3
port 8080


serverfarm PGWWEB80
nat server
nat client LB-PGW
real 172.21.148.10 80
  inservice
real 172.21.148.11 80
  inservice
probe SERVICE

vserver PGWWEB80
  virtual 172.21.148.20 tcp 80
  serverfarm PGWWEB80
  sticky 1440 group 30
  persistent rebalance
  inservice


serverfarm PGWWEB8101
nat server
nat client LB-PGW
real 172.21.148.10 8101
  inservice
real 172.21.148.11 8101
  inservice
probe SERVICE

vserver PGWWEB8101
  virtual 172.21.148.20 tcp 8101
  serverfarm PGWWEB8101
  sticky 1440 group 30
  persistent rebalance
  inservice


serverfarm PGWWEB443
nat server
nat client LB-PGW
real 172.21.148.10 443
  inservice
real 172.21.148.11 443
  inservice
probe SERVICE

vserver PGWWEB443
  virtual 172.21.148.20 tcp 443
  serverfarm PGWWEB443
  sticky 1440 group 30
  persistent rebalance
  inservice

Appreciate if someone can provide so help on this subject.

Thanks

Labels:
0 Helpful
2 Replies 2

pablo.nxh
Level 3
Level 3

‎07-31-2011 05:30 PM

Hello Pedro,

The problem description is a little bit confusing but if I got it right when I client connects to the HTTP VIP then it cannot send a new fresh request over HTTPS to the same VIP.

Your problem may be related to the sticky groups... it is not recommended to have the same sticky group attached to different servers that are serving requests on different ports; this is only used for some e-commerce sites and in that case you use the shared sticky group number 0.

Also can you make the sticky groups a 32 bit mask instead of 28?

Modify your sticky group #30

sticky 30 netmask 255.255.255.255 address source

Create a new sticky group # 40

sticky 40 netmask 255.255.255.255 address source

Associate sticky group 30 with HTTP vserver and 40 to HTTPS.

HTH

__ __

Pablo

0 Helpful

litrenta
Level 3
Level 3
In response to pablo.nxh

‎08-01-2011 09:40 AM

Pablo is correct here.

Since you do not need to do port redirection because it appears you want the traffic to go to the servers on the same port that they hit on the vserver you should configure the 3 vservers to use a comman servefarm without port redirection as in:

serverfarm PGWWEB80

nat server

nat client LB-PGW

real 172.21.148.10

  inservice

real 172.21.148.11

  inservice

probe SERVICE

then you would use this serverfarm in all 3 vservers and can use the same sticky group.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card