03-27-2013 09:07 AM
Hi,
So i'm pretty new to the CSS.
I've picked up a problem and need to verify how the sticky configuration works.
I've got two content rules as follows...
content HTTP
vip address 10.31.33.100
add service WEB01
add service WEB02
redundant-index 570
port 80
protocol tcp
advanced-balance sticky-srcip
url "//www.asdfghhjjkl.com/*"
active
content HTTPS
vip address 10.31.33.100
add service SSL.WEB01
add service SSL.WEB02
port 443
protocol tcp
url "/*"
redundant-index 970
application ssl
advanced-balance sticky-srcip
active
If a user were to navigate between 80 and 443 but based around the same VIP 10.31.33.100 but different content rules as per above, how would the sticky session apply? I would like a user to be stuck to a single web server regardless of which content rule they hit as per the above configuration.
Any ideas?
Cheers and much appreciated
Solved! Go to Solution.
03-28-2013 10:53 AM
Hi,
you need a configuration like this:
content HTTP
vip address 10.31.33.100
add service WEB01
add service WEB02
redundant-index 570
protocol tcp
advanced-balance sticky-srcip
active
The services don't have to be configured with a port.
This Content Rule will take all the traffic going to the VIP address regardless if the client is doing HTTP or HTTPS, so the client will be sticky to the same server all the time.
Each Content Rule has its own sticky table so even when you are using the same VIP and same servers it does not mean that you will be sticky to the same server in two Content Rules
---------------------
Cesar R
ANS Team
03-28-2013 01:29 PM
Hi,
You just need one Content Rule and two services.
About the keepalive, it may be possible with a custom script but with the default keepalives is not . You can configure a TCP keepalive in the service for example, but if you dont configure a port in the Content Rule or Service the CSS will send the keepalive to port 80.
So you can check only one port.
---------------------
Cesar R
ANS Team
03-28-2013 02:36 AM
Hi,
According to the above configuration the client should stick to the same server as you want.
When a client will come on port 80, there will be match to a different content rule than when it comes on port 443 and hence it will match a different flow. Stickyness is based on src IP and coming traffic will match a single content rule and hence will be sent to the same server.
Regards,
Kanwaljeet Singh
03-28-2013 10:53 AM
Hi,
you need a configuration like this:
content HTTP
vip address 10.31.33.100
add service WEB01
add service WEB02
redundant-index 570
protocol tcp
advanced-balance sticky-srcip
active
The services don't have to be configured with a port.
This Content Rule will take all the traffic going to the VIP address regardless if the client is doing HTTP or HTTPS, so the client will be sticky to the same server all the time.
Each Content Rule has its own sticky table so even when you are using the same VIP and same servers it does not mean that you will be sticky to the same server in two Content Rules
---------------------
Cesar R
ANS Team
03-28-2013 01:18 PM
Hi Cesar,
As i thought, but with this being a production platform i've not had chance to play around with the configuration.
One query i've got is the keepalives in a single content configuration. I need to apply two service policies under the single content rule as we are performing a health check for 443 and 80. Is this possible under a single content rule?
So i would have 4 service policies under the single content policy? 2 health checks for port 80 per server (web01 and web02) and 2 more service policies for port 443 per server (web01 and web02)
Cheers!!
03-28-2013 01:29 PM
Hi,
You just need one Content Rule and two services.
About the keepalive, it may be possible with a custom script but with the default keepalives is not . You can configure a TCP keepalive in the service for example, but if you dont configure a port in the Content Rule or Service the CSS will send the keepalive to port 80.
So you can check only one port.
---------------------
Cesar R
ANS Team
03-28-2013 01:33 PM
Thanks for your swift reply.
This will not work for us then as we need a sticky session for the none secure and secure traffic in a single content rule, and we need to perform keepalives based around TCP 80 and 443.
Cheers,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide