Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1003
Views
0
Helpful
1
Replies

Sticky session to Citrix CSG

butlerb
Level 1
Level 1

‎02-01-2006 06:49 AM

Hi ,

I am experiencing a problem load balancing 4 Citrix-CSG servers on a Cisco CSS11506 running WebNS 7.40.0.04………

We have 3 independent 3rd party clients which are destination natted to three different internal address, which are internally resolved to the VIP address of 10.139.15.20, Source address is unchanged…. These clients are connected for about 8 hours a day.

The CSS is configured to round-robin between the four Citrix-CSG servers, but it appears to happily all work for approximately a month , then it appears that one of our 3rd party clients appears to be stuck to a single server (Citrix-CSG) according to the sho flows command and does not appear to round-robin, However the remaining two 3rd party clients appear to be round –robin as normal…

Do you have any suggestions why this would be happening?

The current config is as follows:

!************************** SERVICE **************************

service ngtsrvth001-citrix

ip address 10.139.0.22

protocol tcp

port 443

keepalive type ssl

keepalive port 443

active

service ngtsrvth002-citrix

ip address 10.139.0.23

protocol tcp

port 443

keepalive type ssl

keepalive port 443

active

service ngtsrvtl001-citrix

ip address 10.139.0.20

protocol tcp

port 443

keepalive type ssl

keepalive port 443

active

service ngtsrvtl002-citrix

ip address 10.139.0.21

protocol tcp

port 443

keepalive port 443

keepalive type ssl

active

!*************************** OWNER ***************************

owner Citrix-Main

content citrix-csg

add service ngtsrvtl001-citrix

add service ngtsrvtl002-citrix

protocol tcp

advanced-balance ssl

application ssl

port 443

vip address 10.139.15.20

add service ngtsrvth001-citrix

add service ngtsrvth002-citrix

active

!*************************** GROUP ***************************

group citrix-csg

add destination service ngtsrvtl001-citrix

vip address 10.139.1.254

add destination service ngtsrvtl002-citrix

add destination service ngtsrvth001-citrix

add destination service ngtsrvth002-citrix

active

Labels:
0 Helpful
1 Reply 1

dcayer
Level 1
Level 1

‎02-06-2006 06:22 PM

I see you have configured "advanced-balance ssl"... Have you investigated the SSL session ID's being used for that particular client during all that time (month)? Your servers could be "re-using" the same SSL session ID for this client over and over indefinitely (a month)?

I have seen the opposite situation where the server was not handling the SSL session-id "re-use" option properly. Our servers were instead providing a bran new SSL session-id for the clients every 90 seconds, causing the clients to bounce from server to server because the CSS would not find a match in its SSL-sticky table and load-balancing would therefore take effect and cause the client to end up on a different server.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card