Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
910
Views
0
Helpful
4
Replies

Configuring cookie based sticky on ACE

Go to solution
b.athanasiadis
Level 1
Level 1

‎10-20-2008 08:50 PM

I have an ACE and I am trying to setup stickiness based on HTTP cookies. My objective is to stick a client to one of the real servers in the server farm until the the cookie expires. I am using the same COOKIE name for all three servers but using different values that are unique to each server. On testing I discovered that each client request when stuck to the same real server always uses the same sticky database entry and a browser refresh updates the same entry...what am I doing wrong?

My config is as follows:

context Admin

member STICKY

access-list ALL line 8 extended permit ip any any

rserver host SERVER1

description content server 1

ip address 134.178.51.17

inservice

rserver host SERVER2

description content server 2

ip address 134.178.51.18

inservice

rserver host SERVER3

description content server 3

ip address 134.178.51.19

inservice

serverfarm host SFARM1

predictor leastconns

rserver SERVER1

inservice

rserver SERVER2

inservice

rserver SERVER3

inservice

sticky http-cookie MYCOOKIE STICKYGroup

timeout 4

serverfarm SFARM1

class-map type http loadbalance match-any L7CLASS6

2 match http cookie MYCOOKIE cookie-value "123456"

3 match http cookie MYCOOKIE cookie-value "56789"

policy-map type loadbalance first-match L7POLICY6

class L7CLASS6

sticky-serverfarm STICKYGroup

class class-default

serverfarm SFARM1

class-map match-all V1L4VIPCLASS

2 match virtual-address 134.178.51.10 tcp eq www

policy-map multi-match V1L4SLBPOLICY

class V1L4VIPCLASS

loadbalance vip inservice

loadbalance policy L7POLICY6

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8
In response to b.athanasiadis

‎10-20-2008 10:51 PM

Cookie values are learned dynamically by ACE and sticky entries are created.So you do not need to match cookie values.

With Sticky group configuration you tell ACE which Cookie-name to look for in the HTTP traffic passing through ACE.

So following should be sufficient

sticky http-cookie MYCOOKIE STICKYGroup

timeout 4

serverfarm SFARM1

policy-map type loadbalance first-match L7POLICY6

class class-default

sticky-serverfarm STICKYGroup

Lets assume your Server1 is setting cookie value 123456 by using "SET-Cookie:MYCOOKIE=123456" & Server2 is sending ""SET-Cookie:MYCOOKIE=56789" the flow will be as follows

1. If a new client hits the VIP on ACE with no cookie set then ACE will select a Sever from the server farm as per the LB algo and forward the HTTP request to the selected server. Lets suppose ACE selects Server1.

3. Server1 will send "SET-Cookie:MYCOOKIE=123456" in the HTTP response to the client.

4. ACE on getting this response from Server1 will dynamically learn that Server1 is setting up cookie value 123456 and will create a sticky entry in the database.

(Due to this sticky db entry any subsequent http requests with "Cookie:MYCOOKIE=123456" will be directly forwarded to Server1.

5. This sticky entry in ACE sticky DB will only time out if "timeout in minutes" configured under sticky group elapses and no active conns are using this entry.With every new http request matching the sticky entry this timeout is initialized.

6. If a new client come with no cookie set in the Http request then ACE will select a server using LB logic and will learn the cookie value & will create appropriate sticky entry.

7. If a client sends a request with cookie value present then ACE will simply look into the sticky db and forward the request to the appropriate server.

HTH

Syed Iftekhar Ahmed

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎10-20-2008 09:32 PM

I dont understand the reason for class-map L7CLASS6.

What you are looking for can be achieved by Changing

policy-map type loadbalance first-match L7POLICY6

class L7CLASS6

sticky-serverfarm STICKYGroup

class class-default

serverfarm SFARM1

to

policy-map type loadbalance first-match L7POLICY6

class class-default

sticky-serverfarm STICKYGroup

By default, the ACE ages out a sticky table entry when the timeout (In your case 4 minutes) for that entry expires and no active connections matching that entry exist.

To specify that the ACE times out sticky table entries even if active connections exist after the sticky timer expires use

timeout activeconns

command under sticky group definition.

Syed Iftekhar Ahmed

0 Helpful

Go to solution
b.athanasiadis
Level 1
Level 1
In response to Syed Iftekhar Ahmed

‎10-20-2008 10:11 PM

Iftekhar, thanks for the response. What I am trying to do with the class map L7CLASS6 is to define a unique cookie value that is set by each of the servers - only two inservice at the moment. The cookie value "123456" is sent in the Set-Cookie message by server 2 for every client request and similarly "56789" is being sent by server 3. By doing this I thought that the ACE upon reading any subsequent requests from the client would forward the request to the server that set this value. Is my logic correct or should the cookie be unique for each and every request in which case how is each session tracked by the ACE?

0 Helpful

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8
In response to b.athanasiadis

‎10-20-2008 10:51 PM

Cookie values are learned dynamically by ACE and sticky entries are created.So you do not need to match cookie values.

With Sticky group configuration you tell ACE which Cookie-name to look for in the HTTP traffic passing through ACE.

So following should be sufficient

sticky http-cookie MYCOOKIE STICKYGroup

timeout 4

serverfarm SFARM1

policy-map type loadbalance first-match L7POLICY6

class class-default

sticky-serverfarm STICKYGroup

Lets assume your Server1 is setting cookie value 123456 by using "SET-Cookie:MYCOOKIE=123456" & Server2 is sending ""SET-Cookie:MYCOOKIE=56789" the flow will be as follows

1. If a new client hits the VIP on ACE with no cookie set then ACE will select a Sever from the server farm as per the LB algo and forward the HTTP request to the selected server. Lets suppose ACE selects Server1.

3. Server1 will send "SET-Cookie:MYCOOKIE=123456" in the HTTP response to the client.

4. ACE on getting this response from Server1 will dynamically learn that Server1 is setting up cookie value 123456 and will create a sticky entry in the database.

(Due to this sticky db entry any subsequent http requests with "Cookie:MYCOOKIE=123456" will be directly forwarded to Server1.

5. This sticky entry in ACE sticky DB will only time out if "timeout in minutes" configured under sticky group elapses and no active conns are using this entry.With every new http request matching the sticky entry this timeout is initialized.

6. If a new client come with no cookie set in the Http request then ACE will select a server using LB logic and will learn the cookie value & will create appropriate sticky entry.

7. If a client sends a request with cookie value present then ACE will simply look into the sticky db and forward the request to the appropriate server.

HTH

Syed Iftekhar Ahmed

0 Helpful

Go to solution
b.athanasiadis
Level 1
Level 1
In response to Syed Iftekhar Ahmed

‎10-21-2008 12:40 AM

I really appreciate your explanation. Your first suggestion was enough to steer me in the right direction and I was able to figure out what I was doing wrong.

Thankyou for your effort!

Bill

0 Helpful
Customers Also Viewed These Support Documents