Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1035
Views
0
Helpful
9
Replies

SAP InfoViewApp behind Cisco ACE

Jeff Bull
Level 1
Level 1

‎01-06-2011 11:31 AM

I have a VIP built to load balance traffic to 2
SAP servers hosting the InfoViewApp. The VIP is functioning just fine, and balances traffic without a problem, but single-sign-on is not working. When a user points his/her browser to the server directly, it works, but when going through the ACE it always lands on the login page awaiting entry. I've tried IP-source, JSESSIONID, and http-cookie for stickiness, all with the same result.

Can anyone give me some advice as to what I may be missing here?

Jeff Bull

Network Analyst 2 | IGT

Labels:
0 Helpful
9 Replies 9

cpomeroy
Level 1
Level 1

‎01-06-2011 12:06 PM

Jeff,

    When you have stickyness configured, have you verified that you are indeed getting sticky entires?  The show sticky database command will show all the sticky entries.  Could you share the configuration you are using for sticky?

Thanks

Chris

0 Helpful

Jeff Bull
Level 1
Level 1
In response to cpomeroy

‎01-06-2011 01:12 PM

Chris,

        I am indeed getting a sticky created in the database (see below). Also, i've attached the sticky config for this VIP.

sticky group : SAP-BOXI_SG
type         : IP   
timeout      : 720           timeout-activeconns : FALSE
  sticky-entry          rserver-instance                 time-to-expire flags  
  ---------------------+--------------------------------+--------------+-------+
  181561366             rnosapbop1:8080                  43196          -

-Jeff B

Sticky config:

sticky ip-netmask 255.255.255.255 address source SAP-BOXI_SG
  timeout 720
  replicate sticky
  serverfarm SAP-BOXI_SF

0 Helpful

cpomeroy
Level 1
Level 1
In response to Jeff Bull

‎01-06-2011 01:36 PM

Jeff,

    Is this vip in production?  If not can you do the following:

Clear serverfarm SAP-BOXI_SF  (This will clear the counters on the serverfarm)

Attach to vip

Do sh serverfarm SAP-BOXI_SF

See which server got the connection.

Attach to vip the second time

do sh serverfarm SAP-BOXI_SF again.

you should now see 2 total connections on the same Rserver.

Can you please verify that you are indeed being stuck the the same Rserver.

Thanks

0 Helpful

Jeff Bull
Level 1
Level 1
In response to cpomeroy

‎01-06-2011 01:43 PM

Here's what I get after performing those steps...looks like the traffic is sticking to the same server:

ACE/SAP_CRM#               clear serverfarm SAP-BOXI_SF
ACE/SAP_CRM# sh serverfarm SAP-BOXI_SF
serverfarm     : SAP-BOXI_SF, type: HOST
total rservers : 2
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: rnosapbop1
       10.210.42.109:8080    8      OPERATIONAL  1          1          0
   rserver: rnosapbop2
       10.210.42.158:8080    8      OPERATIONAL  0          0          0

ACE/SAP_CRM#               clear serverfarm SAP-BOXI_SF
ACE/SAP_CRM# sh serverfarm SAP-BOXI_SF
serverfarm     : SAP-BOXI_SF, type: HOST
total rservers : 2
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: rnosapbop1
       10.210.42.109:8080    8      OPERATIONAL  1          1          0
   rserver: rnosapbop2
       10.210.42.158:8080    8      OPERATIONAL  0          0          0

0 Helpful

cpomeroy
Level 1
Level 1

‎01-06-2011 01:45 PM

Jeff,

I was expecting to see total = 2.  Looks like it just reconnected on the same TCP connection.  You may need to close the browser and reopen it to get a new TCP connection.

0 Helpful

Jeff Bull
Level 1
Level 1

‎01-06-2011 01:45 PM

(cont'd)...

Cleared out my browser cookies, and ran the test again....here's the result:

ACE/SAP_CRM#               clear serverfarm SAP-BOXI_SF 
ACE/SAP_CRM# sh serverfarm SAP-BOXI_SF
serverfarm     : SAP-BOXI_SF, type: HOST
total rservers : 2
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: rnosapbop1
       10.210.42.109:8080    8      OPERATIONAL  3          3          0
   rserver: rnosapbop2
       10.210.42.158:8080    8      OPERATIONAL  0          0          0

0 Helpful

cpomeroy
Level 1
Level 1
In response to Jeff Bull

‎01-06-2011 01:54 PM

Jeff,

Sticky is working and returning the Client to the same Rserver.  It would be best if you would open a TAC Case so we can get some sniffer traces to look at.

Thanks,

Chris

0 Helpful

Jeff Bull
Level 1
Level 1
In response to cpomeroy

‎01-06-2011 01:56 PM

Chris,

    Good point, and already done. Unfortunately, I haven't received any response from my assigned engineer since yesterday afternoon, which is why I came here.

Jeff B

0 Helpful

Jeff Bull
Level 1
Level 1
In response to Jeff Bull

‎01-19-2011 11:34 AM

As a follow-up for anyone else reading this. The issue turned out to be a few 'setspn' commands that were needed on the SAP

servers. Once that was done (per SAP), single-sign-on began to work just fine.

0 Helpful
Customers Also Viewed These Support Documents