Solved: CSS11500 Load Balancing issue

Sergio Lima · ‎01-07-2010

Hi all,

I using the CSS 11500 sg0750004 (07.50.0.04) to balacing requests between two web application servers, but the after applied the configurations, the balancing requests don't occurs as expect, see the configuration applied:

service SAPSRV1_8000
ip address 192.215.13.44
protocol tcp
keepalive method get
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv1
active

service SAPSRV2_8000
ip address 192.215.13.45
protocol tcp
keepalive method get
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv2
active

content SAPSRVS_8000
    add service SAPSRV1_8000
    add service SAPSRV2_8000
    vip address 192.215.13.40
    advanced-balance cookies
    string process-length 7
    no persistent
    protocol tcp
    port 8000
    url "/*"
    string prefix "sap-hostid="
    string range 1 to 1999
    active

group SAPSRV1_SAPSRV2Servers
add destination service SAPSRV1_8000
add destination service SAPSRV2_8000
vip address 192.215.13.40
active

So, the VIP Address is exclusively to the group service and the tcp port also is exclusively.

Could you please assist me, why the load balancing doesn't running correctly?

Case need more information, please let me know.

Thank you in advanced.

Sergio Lima

jason.espino · ‎01-07-2010

Hello Sergio,

Can you please elaborate on the issues you are experiencing? When you mention the VIP is not working as expected is that due to the fact that the connection simply hangs? Is the CSS actually balancing the inbound traffic? Or is it successfully balancing the traffic, but not maintaining session persistence based on the server-side cookie? Do you know if the session cookie will be embedded within the HTTP header or the URL string? If you are unsure you can always change the "advanced-balance" method to "cookie-url". Can you ping the VIP address?

Also, can you confirm that the server-side cookie should be located directly after the following name "sap-hostid="?

Ex:

sap-hostid=sapsrv1

The reason why I ask is you do not have a string skip-length defined so the CSS will attempt to locate the server-side cookie string after the prefix.

Also, have you verified the services have passed their keep-alive check? This can be performed by running the following command:

show service-summary

Both of the services should "alive" on their keep-alive check.

Also, on your service configuration you do not require the "keepalive method get" command since the services are setup to perform a tcp socket connection for their keep-alive check and not a keepalive type of http to a URI page.

service SAPSRV1_8000
ip address 192.215.13.44
protocol tcp
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv1
active

service SAPSRV2_8000
ip address 192.215.13.45
protocol tcp
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv2
active

Also, based on the service and content rule configuration it would seem as though your CSS has been deployed in Bridged Mode (single Circuit VLAN). That being said, the Group Rule will allow users from the 192.215.13.0/24 network to establish a port 8000 connection to the 192.215.13.40 VIP. However, please be advised external clients establishing a connection to the 192.215.13.40 VIP will "appear" as the .40 VIP address within the destination server logs. The CSS will SNAT the inbound client traffic and masquerade their true source address as the VIP. Unfortunately, the CSS does not support the X-Forwarded-For HTTP header option. However, this can be bypassed through the use of ACLs on the CSS.

- Jason

View solution in original post

jason.espino · ‎01-07-2010

Hello Sergio,

Can you please elaborate on the issues you are experiencing? When you mention the VIP is not working as expected is that due to the fact that the connection simply hangs? Is the CSS actually balancing the inbound traffic? Or is it successfully balancing the traffic, but not maintaining session persistence based on the server-side cookie? Do you know if the session cookie will be embedded within the HTTP header or the URL string? If you are unsure you can always change the "advanced-balance" method to "cookie-url". Can you ping the VIP address?

Also, can you confirm that the server-side cookie should be located directly after the following name "sap-hostid="?

Ex:

sap-hostid=sapsrv1

The reason why I ask is you do not have a string skip-length defined so the CSS will attempt to locate the server-side cookie string after the prefix.

Also, have you verified the services have passed their keep-alive check? This can be performed by running the following command:

show service-summary

Both of the services should "alive" on their keep-alive check.

Also, on your service configuration you do not require the "keepalive method get" command since the services are setup to perform a tcp socket connection for their keep-alive check and not a keepalive type of http to a URI page.

service SAPSRV1_8000
ip address 192.215.13.44
protocol tcp
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv1
active

service SAPSRV2_8000
ip address 192.215.13.45
protocol tcp
keepalive type tcp
keepalive port 8000
keepalive frequency 30
port 8000
string sapsrv2
active

Also, based on the service and content rule configuration it would seem as though your CSS has been deployed in Bridged Mode (single Circuit VLAN). That being said, the Group Rule will allow users from the 192.215.13.0/24 network to establish a port 8000 connection to the 192.215.13.40 VIP. However, please be advised external clients establishing a connection to the 192.215.13.40 VIP will "appear" as the .40 VIP address within the destination server logs. The CSS will SNAT the inbound client traffic and masquerade their true source address as the VIP. Unfortunately, the CSS does not support the X-Forwarded-For HTTP header option. However, this can be bypassed through the use of ACLs on the CSS.

- Jason

Sergio Lima · ‎01-07-2010

Hi Jason,

Many thanks for your information.

I review configurations applied on my CSS around the string and, observe that some errors. I reconfigure this and have success.

Now, I gonna review the all configurations applied on some services to check faults.

As soon as possible, I pass to you the information requested.

Thanks a lot.

Cheers.