Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1031
Views
0
Helpful
4
Replies

HOWTO: Build and monitor Layer 7 stickyness

robwu2006
Level 1
Level 1

‎01-27-2011 06:03 AM

Hi All,

We currently have a situation where we are sending traffic from an ISA server to our VIP hosted on the ACE, but we are using a layer 3 IP based stickyness (30 min timeout), and we are seeing that the same rserver is 'sticking' on its return within the 30 mins period.

There are multiple clients which connect to the one VIP address, rough ascii diagram below

     C1      C2        C3     Cn

       \          \         /        /

          \        \      /        /

         ----------------------------------

         :     I       S      A         :

         ----------------------------------

                        :

                        :

                      VIP

                     /     \

                    /       \

                 R1       R2

R1/R2 = Rservers

C1/2/3/n = Clients

We would like to perform a sessions / layer 7 based sticky, but I'm not sure which configuration and post implementation testing is required to check that everything is working ok?  FYI all the clients refer to the same URL to get to the ISA

Any help on this would be great!

Cheers,

Rob

Message was edited by: robwu2006

Labels:
0 Helpful
4 Replies 4

litrenta
Level 3
Level 3

‎01-27-2011 06:42 AM

if the traffic is http and clients are using browser the simplest way to do sticky would to have the ace insert a cookie i.e.

sticky http-cookie ACECOOKIE
  cookie insert browser-expire
  replicate sticky
  serverfarm serverfarm1

this inserts a cookie on the first response that is tied to the server. use of browser-expire means when the ace sends the client the set-cookie it will not include an expires line so the browser will continue to use it until they close the browser session.

if we don't use broser expire i.e.

sticky http-cookie ACECOOKIE
   cookie insert

  timeout 30
   replicate sticky
   serverfarm serverfarm1

when the ace sends the set-cookie in the response to the first get it will include an expire time (in GMT) and browser itself is smart enough to stop using this cookie when it expires.

ace can also learn cookies from server, or sticky can be done on http headers .

with cookie insert it is a static entry into the cookie databse so there is one unique value of the cookie for each server.

regards

0 Helpful

robwu2006
Level 1
Level 1
In response to litrenta

‎01-27-2011 09:14 AM

Yes sorry to mention, we are trying to load balance HTTP traffic, on one particular port.

Is there a good set of commands to verify that the cookie stickiness is working/not working?

Cheers

Rob

0 Helpful

litrenta
Level 3
Level 3
In response to robwu2006

‎01-28-2011 06:52 AM

There isn't really a good way to verify this on teh ace itself. Because when we insert

a cookie it is a static entry that is there all the time. You can see it with

show cookie database static you will see

Switch/sam# show sticky da static
sticky group : QA.MYPORTICO-HTTP-STICKY
type         : HTTP-COOKIE
timeout      : 720           timeout-activeconns : TRUE
  sticky-entry          rserver-instance                 time-to-expire flags
  ---------------------+--------------------------------+--------------+-------+
  R2958891576            SLEEPY:80                           never         -
sticky group : SAM-D2L-HTTP-STICKY
type         : HTTP-COOKIE
timeout      : 720           timeout-activeconns : TRUE
  sticky-entry          rserver-instance                 time-to-expire flags
  ---------------------+--------------------------------+--------------+-------+
  R2833108882            ADAMA:80                            never         -
sticky group : SAM-D2L-HTTP-STICKY
type         : HTTP-COOKIE
timeout      : 720           timeout-activeconns : TRUE
  sticky-entry          rserver-instance                 time-to-expire flags
  ---------------------+--------------------------------+--------------+-------+
  R349361917             STARBUCK:80                         never         -
sticky group : SAM-D2L-HTTP-STICKY-DEV

the values starting with R will be the cookie values for each server.

I

if however you are learning a cookie then

show sticky database group

will show entries for each of the server cookies learned in response back to client.

whenever you think you have a problem with sticky the quickest way to verify if it is not working correctly is to reduce serverfarm to 1 seerver in service then if problem goes away it is probably sticky (although could be a malfunctioning server and you took it out)

the definitive way to troubleshoot is with a packet capture of ace front end and back end traffic. here you would be able to see if sticky is broken .

0 Helpful

robwu2006
Level 1
Level 1
In response to litrenta

‎02-14-2011 04:21 AM

Hi litrenta

Thanks for the infor, we will be implemented this later this wk, so will let you know how we go! Also sorry about the late reply, a few wks of holidays!

0 Helpful
Customers Also Viewed These Support Documents