02-08-2009 06:44 AM
Hi Guys,
I have inherited the config on this loadbalancer to troubleshoot.
OUr customer needs the CSS to create sticky sessions based on the jsessionid= in the URL. This does ot seem ot be working so well for us.
Can you have a look at config below and tell me where it is going wrong?
The Client traces shows encrypted data. I am waiting for a server trace.
Can the CSS make stickies based on URL wih this config?
!*************************** GLOBAL ***************************
ssl associate rsakey key.key key.key
ssl associate cert ceis_cun ceis_cun_gov_uk.pem
ssl associate cert queus queus_gov_uk.pem
ip route 0.0.0.0 0.0.0.0 10.171.6.1 1
!************************* INTERFACE *************************
interface e1
bridge vlan 20
phy 100Mbits-FD
interface e2
bridge vlan 20
phy 100Mbits-FD
interface e3
bridge vlan 20
phy 100Mbits-FD
interface e4
bridge vlan 20
phy 100Mbits-FD
interface e5
bridge vlan 20
phy 100Mbits-FD
interface e6
bridge vlan 20
phy 100Mbits-FD
interface e7
phy 100Mbits-FD
interface e8
bridge vlan 20
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN20
ip address 10.171.6.5 255.255.255.192
ip virtual-router 1 priority 110 preempt
ip redundant-vip 1 10.171.6.4
ip redundant-vip 1 10.171.6.10
ip redundant-interface 1 10.171.6.9
!*********************** SSL PROXY LIST ***********************
ssl-proxy-list ssl
ssl-server 4
ssl-server 4 vip address 10.171.6.4
ssl-server 4 rsacert ceis_cun
ssl-server 4 rsakey key.key
ssl-server 10
ssl-server 10 vip address 10.171.6.10
ssl-server 10 rsakey key.key
ssl-server 10 rsacert queus
ssl-server 4 cipher rsa-with-rc4-128-md5 10.171.6.14 80
ssl-server 10 cipher rsa-with-rc4-128-md5 10.171.6.14 80
active
!************************** SERVICE **************************
service app-1
ip address 10.171.6.21
port 80
keepalive port 80
keepalive type http
keepalive uri "/uptime.txt"
active
service app-2
ip address 10.171.6.22
port 80
keepalive type http
keepalive uri "/uptime.txt"
active
service app-3
ip address 10.171.6.23
port 80
keepalive type http
keepalive uri "/uptime.txt"
active
service REDIRECT_ceis
keepalive type none
type redirect
no prepend-http
domain "https://queus.uk"
active
service REDIRECT_que
keepalive type none
type redirect
no prepend-http
domain "https://ceis.cun.uk"
active
service ssl-module
type ssl-accel
keepalive type none
slot 2
add ssl-proxy-list ssl
active
!*************************** OWNER ***************************
owner content
content app-http
add service app-1
add service app-2
add service app-3
vip address 10.171.6.14
protocol tcp
port 80
string range 1 to 22
advanced-balance url
string prefix "jsessionid="
active
content REDIRECT_ceis
vip address 10.171.6.10
add service REDIRECT_ceis
protocol tcp
port 80
url "/*"
active
content REDIRECT_que
port 80
url "/*"
protocol tcp
vip address 10.171.6.4
add service REDIRECT_que
active
content SSL_ceis
port 443
vip address 10.171.6.10
add service ssl-module
active
content SSL_que
port 443
protocol tcp
vip address 10.171.6.4
add service ssl-module
active
Cheers
Stephen
Solved! Go to Solution.
02-11-2009 03:09 AM
Stephen,
this is exactly what I meant.
Once there is a static portion in the cookie, you can assign this static value to the service and tell the CSS to do match the cookie value to the string configured under the service.
This should be described in the documentation.
If you have problem with this, let me know.
I'd like to also repeat the fact that the arrowpoint cookie is a valid solution which does not require any modification of the servers.
ACE will inject a static cookie that is different for each server.
G.
02-09-2009 12:19 AM
Stephen,
the CSS does not support dynamic cookie.
We can work with static cookie - you know in advance the cookie value or a portion of the cookie set by the server. Or you let the CSS generate its own cookie value.
The new ACE Appliance C4710 does support dynamic cookie.
Gilles.
02-09-2009 12:40 AM
Hi Gilles,
Thanks for the reply. In our case, the text that comes after the jsessionid= is static for the duration of the session. But only for that session.
Is this classified as a dynamic cookie?
Also, is it a case with our config that the CSS cannot read the url header becuase it is encrypted?
Thanks
Stephen
02-09-2009 08:15 AM
Stephen,
it is considered dynamic.
If the jsessionid contained the servername (which is normally static) we could stick using that info.
Try arrowpoint-cookie instead.
If the client browser supports cookie, another one would not be a problem.
The command you need is 'advanced-balance arrowpoint'
Gilles.
02-10-2009 01:36 PM
Hi Gilles,
Thanks for update. this is very helpful.
We have gone back to the developers to have them attempt to pass a specific string per server in the url.
ie
jsessionid=server1568756
jsessionid=server2776867
etc...
I assume this is what you mean? Once a specific string is passed for each server, we can provide sticy on this??
Thanks
Stephen
02-11-2009 03:09 AM
Stephen,
this is exactly what I meant.
Once there is a static portion in the cookie, you can assign this static value to the service and tell the CSS to do match the cookie value to the string configured under the service.
This should be described in the documentation.
If you have problem with this, let me know.
I'd like to also repeat the fact that the arrowpoint cookie is a valid solution which does not require any modification of the servers.
ACE will inject a static cookie that is different for each server.
G.
02-11-2009 03:12 AM
Thanks for you help again gilles.
I agree about arrowpoint, but the application developers do not want to use it.
We will attempt to put static entries in the URL/Cookie.
Thanks for you help agian.
Stephen
02-16-2009 10:35 AM
Hi Gilles,
I have applies a new config as the app developer has applied a static portion to the cookie.
The URL is https://url.domain.local/whoShould;jsessionid=1940875311106FF91885.app2
A potion of our new config is
service 2011-dun-app-1
ip address 10.171.6.21
port 80
keepalive uri "/uptime.txt"
keepalive type http
string app1
active
service 2011-dun-app-2
ip address 10.171.6.22
port 80
keepalive uri "/uptime.txt"
keepalive type http
string app2
active
service 2011-dun-app-3
ip address 10.171.6.23
port 80
keepalive uri "/uptime.txt"
keepalive type http
string app3
active
!*************************** OWNER ***************************
owner 2011
content 2011-dun-app-http
add service 2011-dun-app-1
add service 2011-dun-app-2
add service 2011-dun-app-3
vip address 10.171.6.14
string match first-string-found
advanced-balance url
string range 1 to 200
string process-length 4
string skip-length 21
port 80
protocol tcp
string prefix "jsessionid="
active
But stickyness is still not working. :(
Has the fact that https is on this box anything to do with my issue.
Thanks again
Stephen
02-18-2009 05:39 PM
Hello Stephen,
Have you tried changing the advanced-balance method on the content rule to cookies or cookieurl? Also, apply the following within the content rule "url /*". Since you are attempting to use L5 persistance this command will force the CSS to see this content rule as a layer 5 rule.
Hope the info helps!
02-19-2009 01:39 AM
Stephen,
the advanced-balance option does not seem right.
Here is an example
You need cookie or cookieurl if the cookie only exist in the url.
Gilles
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide