Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1480
Views
0
Helpful
8
Replies

issue with cookie based stickiness

arulnambis
Level 1
Level 1

‎07-24-2012 01:37 AM

Dears,

We have ACE 4710, It is configured with IP based stickiness and working fine for a web application server (BMC Remedy). We tried configuring cookie based stickiness for the same server. Server application is having JSESSIONID.

But after configuring cookie based stickiness, there is an issue that the first page is coming for entering login credentials and after entering it the page is blank or not responding. 

What is the pre-requirement for configuring cookie based stickiness in ACE for BMC Remedy web application and which type of cookie based stickiness is suitable or possible?

Req. your suggestions and please post in case of any additional information required on this. Thanks in advance.

Regards,

Labels:
0 Helpful
8 Replies 8

sivaksiv
Cisco Employee
Cisco Employee

‎07-24-2012 01:47 AM

Hi,

We need the full config and sniffer capture to verify this.

Regards,

Siva

0 Helpful

arulnambis
Level 1
Level 1
In response to sivaksiv

‎07-24-2012 03:19 AM

Hi Siva,

Thanks for your feedback.

But we are getting empty logs from Wireshark while capturing for Application server Virtual IP address. Any suggestion?

Will Wireshark not work for VIP !!???

Thanks & Regards,

0 Helpful

sivaksiv
Cisco Employee
Cisco Employee
In response to arulnambis

‎07-24-2012 03:22 AM

Hi,

You can take a capture on ACE itself to verify. If not you need to span both the client and server vlan to capture the traffic.

If its a valid capture you should be able to see all the packets in wireshark,

ACE capture:

http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Troubleshooting_Guide_--_Overview_of_ACE_Troubleshooting#Capturing_Packets_in_Real_Time

Regards,
Siva

0 Helpful

Jorge Bejarano
Level 4
Level 4

‎07-24-2012 09:36 AM

Hi,

Can you include your current configuration?

It might be possible you need a http parameter.

Jorge

0 Helpful

arulnambis
Level 1
Level 1
In response to Jorge Bejarano

‎07-24-2012 10:34 PM

Hi Jorge,

Now ACE is running with IP based stickiness. However the below are the configuration we tried for cookie stickiness.

Please suggest and let me know if you require any additional clarification . Thanks.

rserver host Remedy-Prod1
  description RemedyProd-Primary-Server
  ip address 10.132.11.21
  inservice
rserver host Remedy-Prod2
  description RemedyProd-Secondary-Server
  ip address 10.132.11.22
  inservice

serverfarm host SF_Remedy-Prod
  probe HTTP_probe1
  probe ICMP_probe
  rserver Remedy-Prod1
    conn-limit max 4000000 min 4000000
    inservice
  rserver Remedy-Prod1 80
    inservice
  rserver Remedy-Prod2
    conn-limit max 4000000 min 4000000
    inservice
  rserver Remedy-Prod2 80
    inservice


sticky http-cookie JSESSIONID Remedy-PROD-COOKIE
  serverfarm SF_Remedy-Prod
timeout 720
timeout activeconns

class-map match-any Remedy-Prod-VIP
  3 match virtual-address 10.132.11.51 tcp eq https


policy-map type management first-match remote_mgmt_allow_policy
  class remote_access
    permit

policy-map type loadbalance first-match slb-Remedy-Prod
  class class-default
    sticky-serverfarm Remedy-PROD-COOKIE

policy-map multi-match VIP_Access

class Remedy-Prod-VIP
    loadbalance vip inservice
    loadbalance policy slb-Remedy-Prod
    loadbalance vip icmp-reply
    nat dynamic 5 vlan 11
========================================================================

Regards,

0 Helpful

Surya ARBY
Level 4
Level 4
In response to arulnambis

‎07-25-2012 06:47 AM

Can you remove the timeout and put "cookie insert browser-expire".

Also change the name of the sticky groupe (not "JSESSIONID"; put something else; there is probably a conflict with an existing JSESSIONID cookie)

Does it change something ?

0 Helpful

arulnambis
Level 1
Level 1
In response to Surya ARBY

‎07-26-2012 02:17 AM

Hi Surya,

Thanks for your suggestion...

Already we tried with cookie insert browser-expire option also but not working.

We will try once again as per your suggestion and will share the feedback. I believe stick group name mentioned as Remedy-PROD-COOKIE in my configuration.

Thanks.

Regards,

0 Helpful

Jorge Bejarano
Level 4
Level 4

‎07-26-2012 06:38 PM

Hi Arulnambi,

Can you try this perhaps?

parameter-map type http PARAMETER-HTTP

  case-insensitive

  persistence-rebalance

  set header-maxparse-length 65535

  set content-maxparse-length 65535

  length-exceed continue

  parsing non-strict

policy-map multi-match VIP_Acces

class Remedy-Prod-VIP

    loadbalance vip inservice

    loadbalance policy slb-Remedy-Prod

    loadbalance vip icmp-reply

    nat dynamic 5 vlan 11

    appl-parameter http advanced-options PARAMETER-HTTP ---> apply it like this

Jorge

0 Helpful
Customers Also Viewed These Support Documents