Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1683
Views
0
Helpful
1
Replies

Sticky load balancing across 2 ports with cookies

angelatodd
Level 1
Level 1

‎09-26-2011 05:46 AM

Hi,

I have a server configuration where I have 1 top level Apache server that deals with SSL termination (and handles static content) and proxy passes dynamic content onto 2 Tomcat servers on 2 ports, one for http requests (9001) and one for the requests that were secure, but have now been un-encrypted by Apache (9002).  My 2 Tomcat servers are load balanced using a CSS and I need this load balancing to stick to the tomcat servers regardless of port so that the user is stuck to the same Tomcat server for their entire session. 

I would like to use arrowpoint cookies to perform this stickyness, but the documentation suggests that arrowpoint cookie load balancing (in fact any cookie based load balancing) requires the port to be specified in the content rule.  Is this correct?  Is my only option to use the source IP for stickyness? I don't understand why the port should be required if the stickyness is via a cookie. Can I not simply configure my 2 tomcat servers as services with no port and add a single content rule that load balances these services using arrowpoint-cookie advanced balancing?

service tomcat1

  ip address x.x.x.x

  active

service tomcat2

  ip address x.x.x.x

  active

owner me

   content sticky

     vip address x.x.x.x

     protocol tcp

     url "/*"

     add service tomcat-1

     add service tomcat-2

     advanced-balance arrowpoint-cookie

     active

Labels:
0 Helpful
1 Reply 1

chrhiggi
Level 3
Level 3

‎10-03-2011 01:46 PM

Angela-

The issue with port is that cookies are very specifically HTTP only and the CSS has no way of knowing what protocol will hit a VIP prior to trying to address it as HTTP. Your issue is actually a bit clearer than it is initially led to be - you can still use 2 different rules by using the configuration below. 

However, you might be headed for a headache if you don't implicitly control the client's actions.  By default, browsers don't generally send cookies cross-protocol and definitely not cross-domain.  Use something like httpwatch or iewatch to check out the headers your client sends to your site.  Make sure when the 200ok arrives with the set-cookie that the client sends that cookie in all preceeding packets that are HTTP and HTTPS both.

service tomcat1

  string "tomcat1"

  ip address x.x.x.x

  active

service tomcat2

  string "tomcat2"

  ip address x.x.x.x

  active

owner me

   content sticky9001

     vip address x.x.x.x

     protocol tcp

     url "/*"

     port 9001

     add service tomcat-1

     add service tomcat-2

     advanced-balance arrowpoint-cookie

     active

   content sticky9002

     vip address x.x.x.x

     protocol tcp

     url "/*"

     port 9002

     add service tomcat-1

     add service tomcat-2

     advanced-balance arrowpoint-cookie

     active

With this configuration, the CSS will use the "string" as the cookie value. So if the client were to recieve set-cookie: ArrowpointCookie=tomcat1, it should use it for either rule, and end up on tomcat1 accessing either VIP.

Regards,

Chris

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card