Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
2
Replies

CSS backend SSL - Arrowpoint cookies

g-georgiou
Level 1
Level 1

‎11-02-2007 01:34 AM

Hi,

I have configured a pair of CSSs for backend SSL. The setup includes self signed certificates. The server farm is two VMs with IIS6. HTTPS requests work like a charm. I am trying to get L5 stickiness with Arrowpoint cookies and i have a problem when the client is IE6 and IE7. The cookie is not shown in the Temporary Internet files of IE thus stickiness won't work. I have tried mozilla and it works beatifully - the cookie is inserted and it shows the backend server IP. Note that cookies from Internet sites work ok so it should no be any IE security issue. I have searched bug toolkit for a related bug but no luck. Attached is my config.

P.S. Tried it also with no SSL but same problem

./G

Labels:
Preview file
4 KB
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-03-2007 01:26 AM

if it works with other browsers, I don't think this is a bug on the CSS.

I would suggest to try to remove the following command line : "arrowpoint-cookie browser-expire" see if it makes any difference.

Finally, take a sniffer trace on the client and with wireshark and the CSS private key, decode the trace and see if the css sent the cookie and what it looks like.

If the CSS sent the cookie, this is a browser issue.

Gilles.

0 Helpful

g-georgiou
Level 1
Level 1
In response to Gilles Dufour

‎11-03-2007 12:37 PM

Hi Gilles,

Thanks for your response. From the capture it is clear that the CSS is sending the cookie. I found out that the cookie had an expiration dat of year 1970!!!. In the meantime i also used Opera and worked. I fixed the expiration timer to some period and walla... the cookie appeared in the IE temporary folder. The strange thing is that when i cheched the cookie (in all browsers) i showed an expiration year of 2008! The CSS clock is correctly fixed to the current date and time. Also tried NTP but same issue. I am i the only one having this issue? Also is it possible to have a sorry server with the backend solution? Would that sorry server has to be HTTPS like the backend or i can use just an HTTP server with a notification that the real servers are under maintenance for example.

P.S: The final implementation will include 2 AVSs that will be used as backend SSL servers and then proxy the request to the backend SSL application servers so as to implement a full SSL solution with cookie stickiness all the way.

Your help will be very much appreciated since the documentation is poor for this kind of setup.

./G

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents