Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
329
Views
0
Helpful
1
Replies

Debugging cookie stickiness

soumya.sarkar
Level 1
Level 1

‎07-25-2007 11:35 AM

We are having problems when the frontend SSL session times out, and browser reuses the same SSL-id and cookie, and we get routed to a different server (not sticking).

Is there any way to debug the cookie content in the intermediate http flow ?

Thanks in anticipation.

Labels:
0 Helpful
1 Reply 1

soumya.sarkar
Level 1
Level 1

‎07-25-2007 02:20 PM

Actually, we have another proxy in front, and that is using a new SSL-id after a timeout and not reusing from a prior session.

Does the CSS care if a subsequent connection is on a different SSL-id? Should it not send traffic to the appropriate backend server based on the 'advanced-balance cookies'.

Our config (extract):

ssl-proxy-list ssllist1

ssl-server 252

ssl-server 252 vip address 192.168.10.252

ssl-server 252 port 443

ssl-server 252 cipher 192.168.10.252 8080

ssl-server 252 cipher 192.168.10.252 8080

ssl-server 252 rsacert myrsacert1

ssl-server 252 rsakey myrsakey1

backend-server 31

backend-server 31 ip address 192.168.40.31

backend-server 31 port 17112

backend-server 31 server-ip 192.168.40.31

backend-server 31 server-port 7112

backend-server 31 cipher

backend-server 31 cipher

backend-server 31 rsacert myrsacert1

backend-server 31 rsakey myrsakey1

backend-server 32

backend-server 32 ip address 192.168.40.31

backend-server 32 port 17122

backend-server 32 server-ip 192.168.40.31

backend-server 32 server-port 7122

backend-server 32 cipher

backend-server 32 rsacert myrsacert1

backend-server 32 rsakey myrsakey1

active

service sslulb3svr0

type ssl-accel

slot 6

keepalive type none

add ssl-proxy-list ssllist1

active

service sslaportal1-1

type ssl-accel-backend

keepalive type ssl

keepalive frequency 60

keepalive retryperiod 255

add ssl-proxy-list ssllist1

ip address 192.168.40.31

port 17112

keepalive port 7112

active

service sslaportal1-2

type ssl-accel-backend

keepalive type ssl

keepalive frequency 60

keepalive retryperiod 255

add ssl-proxy-list ssllist1

ip address 192.168.40.31

port 17122

keepalive port 7122

active

content ssl-ulb3svr0-rule

vip address 192.168.10.252

protocol tcp

port 443

add service sslulb3svr0

balance roundrobin

advanced-balance ssl

application ssl

flow-timeout-multiplier 50

flow-reset-reject

active

content uportalrule1

protocol tcp

port 8080

url "/approot*"

add service sslaportal1-1

add service sslaportal1-2

balance roundrobin

advanced-balance cookies

string prefix "def_clus_JSESSIONID="

string process-length 52

sticky-serverdown-failover balance

vip address 192.168.10.252

flow-timeout-multiplier 50

flow-reset-reject

active

0 Helpful
Customers Also Viewed These Support Documents