CSS backend SSL - Arrowpoint cookies

Unanswered Question
Nov 2nd, 2007
User Badges:

Hi,


I have configured a pair of CSSs for backend SSL. The setup includes self signed certificates. The server farm is two VMs with IIS6. HTTPS requests work like a charm. I am trying to get L5 stickiness with Arrowpoint cookies and i have a problem when the client is IE6 and IE7. The cookie is not shown in the Temporary Internet files of IE thus stickiness won't work. I have tried mozilla and it works beatifully - the cookie is inserted and it shows the backend server IP. Note that cookies from Internet sites work ok so it should no be any IE security issue. I have searched bug toolkit for a related bug but no luck. Attached is my config.


P.S. Tried it also with no SSL but same problem


./G



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Sat, 11/03/2007 - 01:26
User Badges:
  • Cisco Employee,

if it works with other browsers, I don't think this is a bug on the CSS.


I would suggest to try to remove the following command line : "arrowpoint-cookie browser-expire" see if it makes any difference.


Finally, take a sniffer trace on the client and with wireshark and the CSS private key, decode the trace and see if the css sent the cookie and what it looks like.

If the CSS sent the cookie, this is a browser issue.


Gilles.

g-georgiou Sat, 11/03/2007 - 12:37
User Badges:

Hi Gilles,


Thanks for your response. From the capture it is clear that the CSS is sending the cookie. I found out that the cookie had an expiration dat of year 1970!!!. In the meantime i also used Opera and worked. I fixed the expiration timer to some period and walla... the cookie appeared in the IE temporary folder. The strange thing is that when i cheched the cookie (in all browsers) i showed an expiration year of 2008! The CSS clock is correctly fixed to the current date and time. Also tried NTP but same issue. I am i the only one having this issue? Also is it possible to have a sorry server with the backend solution? Would that sorry server has to be HTTPS like the backend or i can use just an HTTP server with a notification that the real servers are under maintenance for example.


P.S: The final implementation will include 2 AVSs that will be used as backend SSL servers and then proxy the request to the backend SSL application servers so as to implement a full SSL solution with cookie stickiness all the way.


Your help will be very much appreciated since the documentation is poor for this kind of setup.


./G

Actions

This Discussion