Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
559
Views
0
Helpful
3
Replies

Sticky 11501 problem.

ahmadfarkhan
Level 1
Level 1

‎02-23-2006 01:28 AM

Dear Champions,

owner TAHAN

content WEB

vip address 202.71.106.111

add service WEB1

add service WEB2

add service WEB3

protocol tcp

advanced-balance sticky-srcip

sticky-inact-timeout 60

flow-reset-reject

active

I have some problem here which is some users can access and some users cannot access to the Webserver using https (SSL). The users cannot access is not totally cannot access. For example morning session user A can login and do transaction but on afternoon session user A cannot access and have to wait for a couple of time before can access to webserver again. Is there any fine tunnig did i need to change for the configuration above ?. What is the best sticky-inact timeout time ?

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎02-23-2006 08:58 AM

you should capture a sniffer trace to verify what is going on.

I feel like one of your server is having problems, so with your example, user A would connect to web1 and have no problem, and with your sticky timeout, user A will keep using web1 until the sticky entry timeout.

So, when connection again in the afternoon, user A is sent to web2 which is having a problem and the connection fail.

But for the time of sticky-timeout, A will be sent to web2 and the connections will fail.

So, capture a trace and verify your servers.

Your config is fine. No tunring required.

Gilles.

0 Helpful

ahmadfarkhan
Level 1
Level 1
In response to Gilles Dufour

‎02-23-2006 06:08 PM

Hi giles,

Thanks for your reply. Is there any solution or config change to make sure load balancer will not send to web2 which is having problem?. What i mean is load balancer can define which server is dead and alive.

0 Helpful

Gregory Scarlett
Cisco Employee
Cisco Employee
In response to ahmadfarkhan

‎02-24-2006 02:07 AM

The CSS will be sending pings to the servers by default. If it receives a response, it will mark the server as alive. If the webserver software is having problems, the CSS will still be keeping it up if it responds to a ping.

You can change the keepalive to HTTP, which will give a better indication. Have a look at this URL for more details:

http://www.cisco.com/en/US/partner/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080576069.html#wp1098267

As Giles suggested, a packet capture would show exactly where the problem is, but the keepalives will help if it is the server that is the problem.

Hope this helps.

Greg.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card