CSS 11503 Session stickiness configuration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2012 01:22 PM
Hi,
I am a complete newbie on css configuration. I only have configured load balancing on apache with a very simple setup. I have to deploy 2 applications on my clients environment that run inside jboss. One of these applications needs session to be sticky to work properly. The other does not.
In apache I can configure is the sticky parameter is true or false, based on the url, like /appA/* is sticky and /appB/* is not sticky. Can I do that in a CSS 11503? I believe so, but can somebody give me an example? My client insists that it is impossible. That the CSS is only ip based.
I copied the configuration below from the manual:
owner arrowpoint
content ruleWapSticky
vip address 192.168.128.151
protocol tcp
port 80
url "/*"
add service server1
add service server2
advanced-balance wap-msisdn
active
I believe the url parameter is supposed to be my /appA/* or /appB/*. Am I right? Could I have two machines say, 10.1.1.2 and 10.1.1.3 both running jboss, and both having the two applications appA and appB deploying and one of the applications having sticky sessions enable and not the other?
Thanks
Kelly
- Labels:
-
Application Networking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2012 10:35 AM
Hi Kelly,
So you need to match the traffic based on the URI and stick the client. Here is an example of this using stickiness based on the source IP address:
content ruleWapSticky
vip address 192.168.128.151
protocol tcp
port 80
url "/appA"
add service server1
add service server2
advanced-balance sticky-srcip
active
content ruleWapSticky
vip address 192.168.128.151
protocol tcp
port 80
url "/appB"
add service server1
add service server2
active
With this configuration if someone hits the VIP address like this: http://192.168.128.151/appA is going to be loadbalanced to services server1 or server2 and stick to one of these servers based on the source IP address.
If someone hits the VIP address like this http://192.168.128.151/appB is going to be balanced to services server1 or server2 without stickiness, just normal loadbalance.
-------------------------------
Cesar R
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2012 11:52 AM
Thanks for your help. I will send this to my client. Another question: in this parameter
advanced-balance sticky-srcip
Could I make the stickiness based on JSESSIONID cookie?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2012 12:22 PM
Hi Kelly,
Yes, however it is easy if you use 'advanced-balance arrowpoint cookie' and let the CSS set a session based cookie.
---------------------
Cesar R
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2012 12:30 PM
I am sorry if this sounds stupid, but could you elaborate on "let the CSS set a session based cookie."? When I asked the question above I was just trying to avoid the situation where every request that leaves the same source ip address always goes to the same node. So I remembered the JSESSIONID cookie. So, if from the same source ip address I have multiple users, each one with a different browser session, they could go to different nodes.
Because I just really need the stickiness for that session, like in a shopping cart app. I don't really need that every request that leaves the same ip address is treated by the same node. Would this configuration that you suggested do this?
Thanks again
Kelly
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2012 12:40 PM
Hi Kelly,
Yes, with advanced-balance arrowpoint cookie the CSS is going to insert a cookie to the request and use that cookie to stick the client.
This is the best method in scenarios where the clients are accesing the VIP address thru a proxy for example.
Here is a good link about arrowpoint-cookie:
http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a00801c8c2f.shtml
------------------------------
Cesar R
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2012 12:35 PM
Sorry for the delayed reply and for still insisting on this, but my client still insists that the configuration posted here on the previous answer
content ruleWapSticky
vip address 192.168.128.151
protocol tcp
port 80
url "/appA"
add service server1
add service server2
advanced-balance sticky-srcip
active
content ruleWapSticky
vip address 192.168.128.151
protocol tcp
port 80
url "/appB"
add service server1
add service server2
active
is applied to all the server and not only to the url like, appA. Even using the arrow cookie solution suggested, all the requests from the same src ip address, even if the urls are different, always go to the same node. Is this true?
Thanks again
Kelly
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2012 01:21 PM
Hello Kelly,
Not really, the CSS is going to stick only the clients when they are accesing the Content Rule with arrowpoint-cookie configured.
The clients accesing the other Content Rule are not going to be sticky.
Stickiness is based on Content Rules not on servers
---------------------
Cesar R
ANS Team
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2012 03:38 AM
Thank you very much. That was what I thought. I am having a hard time trying to explain this to him.
When the arrow point cookie is correctly set I can expect to see a cookie with a name like
ARPT=on the request, right? Like I can see the JSESSIONID
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-28-2012 12:08 PM
Hi again,
this is my client's config (the one he sent me):
content hml-app1
protocol tcp
vip address 10.x.y.z
port 80
add service mac39
add service mac38
active
content hml-app1-https
protocol tcp
port 443
vip address 10.x.y.z
add service mac38-https
add service mac39-https
active
content hml-app1-https-app2
port 443
protocol tcp
url "/app2/*"
vip address 10.x.y.z
add service mac38-https
add service mac39-https
advanced-balance sticky-srcip
active
content hml-app-app2
vip address 10.x.y.z
protocol tcp
port 80
url "/app2/*"
add service mac39
add service mac38
advanced-balance sticky-srcip
active
With this configuration I hoped that only the requests that had /app2 on the request would have the sticky sessions. But this is not what is happening. What is wrong with this config? No request to app2 is being sticky.
Thanks
Kelly
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-28-2012 12:20 PM
Hi Kelly,
The problem is here:
content hml-app1-https-app2
port 443
protocol tcp
url "/app2/*"
vip address 10.x.y.z
add service mac38-https
add service mac39-https
advanced-balance sticky-srcip
active
If this traffic is encrypted, the command url "/app2/*" is not going to work because the CSS can't look the HTTP headers.
To make it work you need to do SSL Termination on the CSS
---------------------
Cesar R
ANS Team
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-28-2012 12:50 PM
Hi,
I am sorry but how do you do SSL Termination on the CSS?
Thanks,
Kelly
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-28-2012 12:56 PM
Hi Kelly,
here is the information about it:
The important here is that first you need to have an SSL module in your CSS
---------------------
Cesar R
ANS Team
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-01-2012 09:07 AM
Hi,
since I do not have access to the equipment that has to be configured, and my client is unable to do it by himself, is there a way I can contact a cisco specialist in Brazil that I can pay to go to my client site and make this configuration?
Thanks again
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-01-2012 04:04 PM
Hi Kelly,
Not sure about that but contact your Cisco Account Manager or Cisco Sales Engineer
---------------------
Cesar R
ANS Team
