08-11-2010 02:17 AM
Hi.
Be most grateful if anyone is able to offer some insight as to why I I can't get this to be sticky - I know it's not working as if I take one of the servers out of service in the serverfarm everything functions as it should, but as soon as I add another back, I get various results, mostly to do with getting shunted back to the login screen after getting a brief glimpse of the main inbox screen, which I think is because part of my test flow is hitting the server that didn't handle the successful login transaction. Initially I also had issue with the 302s the server sends but a url-rewrite policy seems to have sorted those... I tried adding a sticky group to the MAIL-BE vserver but this kills the whole app altogether for some reason. Config snippets below:
From CSM:
serverfarm MAIL-BE
nat server
nat client BE_MAIL_NAT
real name <server1>
inservice
real name <server2>
inservice
serverfarm MAIL-FE
nat server
nat client FE_MAIL_NAT
real <ssl module vip ipaddr> local
inservice
sticky 2 ssl timeout 60
vserver MAIL-BE
virtual <ipaddr> any
serverfarm MAIL-BE
replicate csrp connection
persistent rebalance
inservice
vserver MAIL-FE
virtual <ipaddr> tcp https
serverfarm MAIL-FE
sticky 60 group 2
replicate csrp connection
persistent rebalance
inservice
From SSL module on CSM:
ssl-proxy policy url-rewrite MAIL-RED
url <string>
ssl-proxy service mail-ssl-vip
virtual ipaddr <ssl module vip ipaddr> protocol tcp port 443 secondary
server ipaddr <mail-be ipaddr> protocol tcp port 80
policy url-rewrite MAIL-RED
certificate rsa general-purpose trustpoint <tp>
inservice
Thanks in advance !
08-12-2010 01:01 PM
Jake,
It looks like you have the sticky applied to the wrong vserver. You have it tied to the SSL vserver that has only one sslm in the serverfarm. There is no need for sticky here if you only have a single real in the farm.
I think the problem is when you terminate and hit the CSM clear text vip you do not have sticky applied here and that is why you keep bouncing servers. You will need to create a sticky group based on source IP, or cookie and apply it to the clear text vserver your proxy service points to.
Regards
Jim
08-17-2010 02:20 AM
Jim,
Thanks very much for the reply - you are right, the sticky shown above is not needed, I had misunderstood what it was doing until you explained it. When I initially tried to put it on the other vserver instead it broke the flow completely for some unknown reason, but after I cleared all the config out and rebuilt it cleanly in conjunction with no nat client as well, it all works fine. Much obliged for the suggestion, thanks again!
Kind regards, Jake.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: