Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
350
Views
0
Helpful
1
Replies

ACE/Server redirects

cajalat
Level 1
Level 1

‎09-07-2007 06:05 PM

I'm looking for some guidance/thoughts on a problem I'm coming across. I have an SSL termination configuration as follows:

Client to VIP:80 does redirect to VIP:443

Client to VIP:8080 does redirect to VIP:8443

Client to VIP:443 load balances to Real:80

Client to VIP:8443 load balances to Real:8080

On the real server I'm running apache on 80 and tomcat on 8080.

Apache handles the main site while Tomcat handles java applets/authentication/etc.

The problem we're encountering is when apache needs to hand off to tomcat and the reverse. What's the best way to accomplish this while maintaining the connection to the same real server. What is happening is that the ACE is re-load balancing the request to a different real.

Thanks.

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎09-10-2007 02:17 AM

you could use static cookies [ cookie insert ].

Since you have 2 serverfarms, you'll get 2 different set of cookies.

So, for each sticky group, you need to learn the cookie value associated with each rserver.

Then for the other group, configure a static entry for each cookie value.

Do the same for each group.

Learning the cookie value requires the use of a sniffer. Sniff traffic going to the ACE slot. Open a connection to the vip and see which server is being used and what cookie value is returned. Delete the cookie and repeat until you get the cookie value for each server.

This is the only idea I have right now.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents