cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

834
Views
0
Helpful
9
Replies
Jeff Bull
Beginner

SAP InfoViewApp behind Cisco ACE

I have a VIP built to load balance traffic to 2
SAP servers hosting the InfoViewApp. The VIP is functioning just fine, and balances traffic without a problem, but single-sign-on is not working. When a user points his/her browser to the server directly, it works, but when going through the ACE it always lands on the login page awaiting entry. I've tried IP-source, JSESSIONID, and http-cookie for stickiness, all with the same result.

Can anyone give me some advice as to what I may be missing here?

Jeff Bull

Network Analyst 2 | IGT

9 REPLIES 9
cpomeroy
Beginner

Jeff,

    When you have stickyness configured, have you verified that you are indeed getting sticky entires?  The show sticky database command will show all the sticky entries.  Could you share the configuration you are using for sticky?

Thanks

Chris

Chris,

        I am indeed getting a sticky created in the database (see below). Also, i've attached the sticky config for this VIP.

sticky group : SAP-BOXI_SG
type         : IP   
timeout      : 720           timeout-activeconns : FALSE
  sticky-entry          rserver-instance                 time-to-expire flags  
  ---------------------+--------------------------------+--------------+-------+
  181561366             rnosapbop1:8080                  43196          -

-Jeff B

Sticky config:

sticky ip-netmask 255.255.255.255 address source SAP-BOXI_SG
  timeout 720
  replicate sticky
  serverfarm SAP-BOXI_SF

Jeff,

    Is this vip in production?  If not can you do the following:

Clear serverfarm SAP-BOXI_SF  (This will clear the counters on the serverfarm)

Attach to vip

Do sh serverfarm SAP-BOXI_SF

See which server got the connection.

Attach to vip the second time

do sh serverfarm SAP-BOXI_SF again.

you should now see 2 total connections on the same Rserver.

Can you please verify that you are indeed being stuck the the same Rserver.

Thanks

Here's what I get after performing those steps...looks like the traffic is sticking to the same server:

ACE/SAP_CRM#               clear serverfarm SAP-BOXI_SF
ACE/SAP_CRM# sh serverfarm SAP-BOXI_SF
serverfarm     : SAP-BOXI_SF, type: HOST
total rservers : 2
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: rnosapbop1
       10.210.42.109:8080    8      OPERATIONAL  1          1          0
   rserver: rnosapbop2
       10.210.42.158:8080    8      OPERATIONAL  0          0          0

ACE/SAP_CRM#               clear serverfarm SAP-BOXI_SF
ACE/SAP_CRM# sh serverfarm SAP-BOXI_SF
serverfarm     : SAP-BOXI_SF, type: HOST
total rservers : 2
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: rnosapbop1
       10.210.42.109:8080    8      OPERATIONAL  1          1          0
   rserver: rnosapbop2
       10.210.42.158:8080    8      OPERATIONAL  0          0          0

cpomeroy
Beginner

Jeff,

I was expecting to see total = 2.  Looks like it just reconnected on the same TCP connection.  You may need to close the browser and reopen it to get a new TCP connection.

Jeff Bull
Beginner

(cont'd)...

Cleared out my browser cookies, and ran the test again....here's the result:

ACE/SAP_CRM#               clear serverfarm SAP-BOXI_SF 
ACE/SAP_CRM# sh serverfarm SAP-BOXI_SF
serverfarm     : SAP-BOXI_SF, type: HOST
total rservers : 2
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: rnosapbop1
       10.210.42.109:8080    8      OPERATIONAL  3          3          0
   rserver: rnosapbop2
       10.210.42.158:8080    8      OPERATIONAL  0          0          0

Jeff,

Sticky is working and returning the Client to the same Rserver.  It would be best if you would open a TAC Case so we can get some sniffer traces to look at.

Thanks,

Chris

Chris,

    Good point, and already done. Unfortunately, I haven't received any response from my assigned engineer since yesterday afternoon, which is why I came here.

Jeff B

As a follow-up for anyone else reading this. The issue turned out to be a few 'setspn' commands that were needed on the SAP

servers. Once that was done (per SAP), single-sign-on began to work just fine.

Content for Community-Ad
This widget could not be displayed.