Configuring cookie based sticky on ACE

Answered Question
Oct 20th, 2008
User Badges:

I have an ACE and I am trying to setup stickiness based on HTTP cookies. My objective is to stick a client to one of the real servers in the server farm until the the cookie expires. I am using the same COOKIE name for all three servers but using different values that are unique to each server. On testing I discovered that each client request when stuck to the same real server always uses the same sticky database entry and a browser refresh updates the same entry...what am I doing wrong?


My config is as follows:


context Admin

member STICKY


access-list ALL line 8 extended permit ip any any



rserver host SERVER1

description content server 1

ip address 134.178.51.17

inservice

rserver host SERVER2

description content server 2

ip address 134.178.51.18

inservice

rserver host SERVER3

description content server 3

ip address 134.178.51.19

inservice


serverfarm host SFARM1

predictor leastconns

rserver SERVER1

inservice

rserver SERVER2

inservice

rserver SERVER3

inservice


sticky http-cookie MYCOOKIE STICKYGroup

timeout 4

serverfarm SFARM1


class-map type http loadbalance match-any L7CLASS6

2 match http cookie MYCOOKIE cookie-value "123456"

3 match http cookie MYCOOKIE cookie-value "56789"


policy-map type loadbalance first-match L7POLICY6

class L7CLASS6

sticky-serverfarm STICKYGroup

class class-default

serverfarm SFARM1


class-map match-all V1L4VIPCLASS

2 match virtual-address 134.178.51.10 tcp eq www


policy-map multi-match V1L4SLBPOLICY

class V1L4VIPCLASS

loadbalance vip inservice

loadbalance policy L7POLICY6



Correct Answer by Syed Iftekhar Ahmed about 8 years 9 months ago

Cookie values are learned dynamically by ACE and sticky entries are created.So you do not need to match cookie values.


With Sticky group configuration you tell ACE which Cookie-name to look for in the HTTP traffic passing through ACE.


So following should be sufficient


sticky http-cookie MYCOOKIE STICKYGroup

timeout 4

serverfarm SFARM1


policy-map type loadbalance first-match L7POLICY6

class class-default

sticky-serverfarm STICKYGroup


Lets assume your Server1 is setting cookie value 123456 by using "SET-Cookie:MYCOOKIE=123456" & Server2 is sending ""SET-Cookie:MYCOOKIE=56789" the flow will be as follows


1. If a new client hits the VIP on ACE with no cookie set then ACE will select a Sever from the server farm as per the LB algo and forward the HTTP request to the selected server. Lets suppose ACE selects Server1.

3. Server1 will send "SET-Cookie:MYCOOKIE=123456" in the HTTP response to the client.

4. ACE on getting this response from Server1 will dynamically learn that Server1 is setting up cookie value 123456 and will create a sticky entry in the database.

(Due to this sticky db entry any subsequent http requests with "Cookie:MYCOOKIE=123456" will be directly forwarded to Server1.

5. This sticky entry in ACE sticky DB will only time out if "timeout in minutes" configured under sticky group elapses and no active conns are using this entry.With every new http request matching the sticky entry this timeout is initialized.

6. If a new client come with no cookie set in the Http request then ACE will select a server using LB logic and will learn the cookie value & will create appropriate sticky entry.

7. If a client sends a request with cookie value present then ACE will simply look into the sticky db and forward the request to the appropriate server.



HTH

Syed Iftekhar Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Syed Iftekhar Ahmed Mon, 10/20/2008 - 21:32
User Badges:
  • Blue, 1500 points or more

I dont understand the reason for class-map L7CLASS6.


What you are looking for can be achieved by Changing


policy-map type loadbalance first-match L7POLICY6

class L7CLASS6

sticky-serverfarm STICKYGroup

class class-default

serverfarm SFARM1


to


policy-map type loadbalance first-match L7POLICY6

class class-default

sticky-serverfarm STICKYGroup



By default, the ACE ages out a sticky table entry when the timeout (In your case 4 minutes) for that entry expires and no active connections matching that entry exist.


To specify that the ACE times out sticky table entries even if active connections exist after the sticky timer expires use


timeout activeconns


command under sticky group definition.



Syed Iftekhar Ahmed

b.athanasiadis Mon, 10/20/2008 - 22:11
User Badges:

Iftekhar, thanks for the response. What I am trying to do with the class map L7CLASS6 is to define a unique cookie value that is set by each of the servers - only two inservice at the moment. The cookie value "123456" is sent in the Set-Cookie message by server 2 for every client request and similarly "56789" is being sent by server 3. By doing this I thought that the ACE upon reading any subsequent requests from the client would forward the request to the server that set this value. Is my logic correct or should the cookie be unique for each and every request in which case how is each session tracked by the ACE?

Correct Answer
Syed Iftekhar Ahmed Mon, 10/20/2008 - 22:51
User Badges:
  • Blue, 1500 points or more

Cookie values are learned dynamically by ACE and sticky entries are created.So you do not need to match cookie values.


With Sticky group configuration you tell ACE which Cookie-name to look for in the HTTP traffic passing through ACE.


So following should be sufficient


sticky http-cookie MYCOOKIE STICKYGroup

timeout 4

serverfarm SFARM1


policy-map type loadbalance first-match L7POLICY6

class class-default

sticky-serverfarm STICKYGroup


Lets assume your Server1 is setting cookie value 123456 by using "SET-Cookie:MYCOOKIE=123456" & Server2 is sending ""SET-Cookie:MYCOOKIE=56789" the flow will be as follows


1. If a new client hits the VIP on ACE with no cookie set then ACE will select a Sever from the server farm as per the LB algo and forward the HTTP request to the selected server. Lets suppose ACE selects Server1.

3. Server1 will send "SET-Cookie:MYCOOKIE=123456" in the HTTP response to the client.

4. ACE on getting this response from Server1 will dynamically learn that Server1 is setting up cookie value 123456 and will create a sticky entry in the database.

(Due to this sticky db entry any subsequent http requests with "Cookie:MYCOOKIE=123456" will be directly forwarded to Server1.

5. This sticky entry in ACE sticky DB will only time out if "timeout in minutes" configured under sticky group elapses and no active conns are using this entry.With every new http request matching the sticky entry this timeout is initialized.

6. If a new client come with no cookie set in the Http request then ACE will select a server using LB logic and will learn the cookie value & will create appropriate sticky entry.

7. If a client sends a request with cookie value present then ACE will simply look into the sticky db and forward the request to the appropriate server.



HTH

Syed Iftekhar Ahmed

b.athanasiadis Tue, 10/21/2008 - 00:40
User Badges:

I really appreciate your explanation. Your first suggestion was enough to steer me in the right direction and I was able to figure out what I was doing wrong.


Thankyou for your effort!

Bill

Actions

This Discussion