ace stickyness

Unanswered Question
Feb 19th, 2009

need help to understand what sticky entries are expected to be seen under show sticky database and for all it options.

we are not sure what cookie values are used by the servers. if i understood right

if servers dont send any cookie , then ACE will use the configured static cookie value and send the cookie to client on behalf of the server. if ace receives the cookie value from server then it forwards the info to the client. in this situation what configuration is required to maintain stickyness

below is my config..

sticky http-cookie sfarm1-sticky sticky-cookie-insert-8005

cookie insert

replicate sticky

serverfarm sfarm1-apache

policy-map type loadbalance first-match sfarm1-apache-8000_pol

class class-default

sticky-serverfarm sticky-cookie-insert-8005

policy-map multi-match VIPS

class sfarm1-apache-8000-cl

loadbalance vip inservice

loadbalance policy sfarm1-apache-8000_pol

loadbalance vip icmp-reply active

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (11 ratings)
Loading.
followurself Sat, 02/21/2009 - 15:54

this config is to support oracle ebusiness suite. if understood correctly The http-cookie name sfarm1-sticky, ACE will learn cookie values if the cookie name is matched when any oracle server response. is this the case? does the cookie name to be matched with cookies names used by oracle suit and configured within ACE? are there any standard names to b used

thnx

Syed Iftekhar Ahmed Sun, 02/22/2009 - 23:42

If the cookie insert feature is enabled for any sticky group,

then ACE will generate "unique random value" for all the reals

in the serverfarm configured under the sticky group & inserts that value

in all the server's response, before forwarding the response to the client.

For example in your case

sticky http-cookie sfarm1-sticky sticky-cookie-insert-8005

cookie insert

replicate sticky

serverfarm sfarm1-apache

for all the response from a server in the serverfarm "sfarm1-apache",

ACE will insert the Set-Cookie header as "Set-Cookie: sfarm1-sticky=R3015567854".

The random value "R3015567854" will be different for the other rservers in the sfarm1-apache serverfarm and will be a unique one.

The cookie-insert feature creates a static cookie.

Static cookies are not visble with show sticky database command

You will need to use

"show sticky database static"

HTH

Syed Iftekhar Ahmed

followurself Mon, 02/23/2009 - 05:08

Many Thanks for the reply

so that means when the server replies with a cookie name , ACE replaces that with the configured cookie name and generate a random cookie value

for example

if in our case server replies with set-cookie:oracle.com=R376589467, this will be learnt by the ACE and it will replace the cookiename with set-cookie:sfarm1-sticky=R3015567854.

in that case we dont need to know what cookie names are used by the server.

secondly , the example where Set-Cookie: sfarm1-sticky=R3015567854 is generated by ACE.

so for e.g. if we have 3 severs ACE will generate 3 different cookie values for 3 different servers

e.g.

for server 1 -- sfarm1-sticky=R3015567854

for server 2 ---sfarm1-sticky=R3015567855

for server 3---sfarm1-sticky=R3015567854

will the cookie values be always the same or will they get changed.

we are running ACE ersion 3.0(0)A1(4a),when i type show sticky database static, can see all the static cookie value created, though when i type sh sticky database client (ip address) , dont see any entry.

we are having issues where users expereience a blank white page, and when they refresh they get the page. DB team think its cookie issue. we areplanning to upgrade ACE

any ideas

Gilles Dufour Mon, 02/23/2009 - 07:34

The cookie insert feature work indepently from the server response.

We do not remove or change any cookie the server might be generating.

All we do is add our own cookie to the server response.

For the client browser this appears is if the cookie was sent/created by the server itself.

The value we insert in the cookie is not random. This is a hash of the serverfarm name + rserver name + port.

The result of the hash is preceeded with a 'R' which forms the cookie value.

The next release A2(1.4) will actually show for each server the associated cookie value.

The 'show stick data client' only applies to dynamic stickyness based on sticky source ip.

Do a 'show conn address ...' if you want to see where your client is connected.

Gilles.

followurself Mon, 02/23/2009 - 08:53

Thanks for the response

appreciate if further clarification is made

with our config

for e.g where the cookie name is sfarm1-sticky configured within ACE

when server replies with set-cookie:oracle.com=R376589467, ACE will add the hash of serverfarm+rserver+port to set-cookie:oracle.com=R688770736, the cookie value is changed, the client receives this response.

in this case what happens to the cookie name sfarm1-sticky?

apart from show sticky database static no other commands for show sticky database show anything which can confirm the stickyness.

how to verify if stickyness is working?

we r planning to use httpwatch, but from within ace using ace what commands can be used to see the stickyness is working.

btw this is for oracle enviornment for ebiz,

thnx

Syed Iftekhar Ahmed Mon, 02/23/2009 - 11:11

Client will receive two cookies. Cookie replied by server & cookie inserted by ACE.

Set-cookie:oracle.com=xxxxxxxx

&

Set-Cookie: sfarm1-sticky=R3015567854

ACE never replace/delete cookies from Server.With cookie-insert enabled it simply inserts another cookie in the header using the cookie name you configured with sticky-group.

You can verify this by running HTTP protocol analyzer at client.

Syed Iftekhar Ahmed

followurself Mon, 02/23/2009 - 12:22

Thanks

whats the benefit of having multiple cookies?

so if we remove the cookie-insert command, the client will be dependant on the server responded cookie from that server farm configured within the sticky group

we will using httpwatch to troubleshoot the white blank pages issue we are facing, any ideas why the users are receiving the blank page. can there be anything specific within ACE

Syed Iftekhar Ahmed Mon, 02/23/2009 - 12:31

Only taking out "cookie-insert" from the sticky group will not be sufficient. You need to tell ACE which cookie to look for.

If your App is setting set cookie:oracle=xxx

then your sticky group should be

sticky http-cookie oracle sticky-cookie-insert-8005

replicate sticky

serverfarm sfarm1-apache

Multiple cookies shouldnt pose any problems for ACE. Ace will only look for the cookie name you configured under sticky group even if there are 10 cookies in the header.

Syed Iftekhar Ahmed

followurself Mon, 02/23/2009 - 13:02

Thanks

this means that if server response with set cookie:oracle=xxx and if cookie-insert is enabled then ace will add its cookie set cookie:sfarm1-sticky=yyy+set cookie:oracle=xxx and send it to client.

client will look at the header and read the first part set cookie:sfarm1-sticky=yyy and use it for session stickyness

thnx

Syed Iftekhar Ahmed Mon, 02/23/2009 - 14:02

Nope.

Client doesnt use cookies for session persistence. It simply stores all the cookies it recieves from a Server response and use it in all the subsequent requests to the same server.

Its the Server that uses the cookie for session persistence. In a similar fashion ACE uses the cookies in HTTP header (in client requests) to hand the session over to the same rserver that issued that cookie.

If you use cookie insert then ACE looks for the cookie it inserted and make decisions on the basis of its inserted cookie.

So there will be multiple cookies in both "response to the client" and "request from the client" and its just a matter of telling ACE about the cookie it should use for persistence.

Syed Iftekhar Ahmed

followurself Mon, 02/23/2009 - 14:51

client--GET request---ACE----Server

server replies with set cookie:oracle.com=R3454647

ace receives it, it doesnt match sfarm1-sticky (cookie name), then what will ACE do?

what cookie name is send back to the client, is it oracle.com or sfarm1-sticky

if it is both then whethere client use oracle.com for one session and sfarm1-sticky for the othere session? how will ACE understand it. if ACE forward the cookie names sent from the server and maintain the database then why will it send its own configured cookie

will ACE maintain a database of cookie name oracle.com=R3544647? if yes how can we see that within ACE, if it doesnt maintain the database then how does it understand where to forward.

apologies for many questions

Syed Iftekhar Ahmed Mon, 02/23/2009 - 15:11

Case#1 (Ace is not inserting a cookie & looking for cookie "sfarm1-sticky" in server response

sticky http-cookie sfarm1-sticky sticky-cookie-insert-8005

replicate sticky

serverfarm sfarm1-apache

ACE wont see "Set cookie:sfarm1-sticky=xxx" and as a result it wont create a Sticky database entry for the Server.

Cookie set by Server Set Cookie:oracle.com=R3454647

will not used by ACE for persistence.

Case#2 (Ace is inserting a cookie "sfarm1-sticky" in server response )

sticky http-cookie sfarm1-sticky sticky-cookie-insert-8005

replicate sticky

cookie insert

serverfarm sfarm1-apache

ACE will insert cookie "sfarm1-sticky" in the server responses and will look for the same cookie in client requests.

Cookie set by Server Set Cookie:oracle.com=R3454647

will not used by ACE for persistence.

Case#3 (Ace is not inserting a cookie and is looking for oracle.com cookie set by server in server response )

sticky http-cookie oracle.com sticky-cookie-insert-8005

replicate sticky

serverfarm sfarm1-apache

ACE will look for "oracle.com" cookie in the server response and will create an sticky database entry for each rserver.

In all the above cases client will recieve cookie set by server (oracle.com=xxxxxx). All the client requests will use this coookie in their request header but ACE will only use it in case3 example.

HTH

Syed iftekhar Ahmed

Gilles Dufour Tue, 02/24/2009 - 01:43

The point is, if your server generates its own cookie, there is no need to use cookie-insert.

You need to configure dynamic cookie stickyness.

For that simply configure sticky cookie with your server cookie name (ie: oracle.com) and DO NOT configure cookie insert.

When the server response will go through ACE, it will learn the value and associate it with the server.

Next time the client sends the same cookie name+value, ACE will recognize the entry to match a particular server and we will send the traffic to that server.

The cookie value in your case is very similar to a cookie inserted by ACE.

So I would make sure the cookie is generated by the server and not by ACE itself.

If you are looking on the client side, you have no way to know.

Check on the server side to see what cookies are really generated by the server.

Gilles.

followurself Tue, 02/24/2009 - 08:57

Thanks Guys,

great explanation

we did http debugging and saw cookies sent by ACE and the server. client use both cookies

about the page issue, where user see page not found, the debugging shows there was no response back, client sends the request but there is no response packet. when we refresh the same link, the page gets delievered to the client. what we noticed in http debugger is the header size 2644 when it failed and didnt receive any response but when refresh the same link, the header size is 1940 and we get the response and the page.

is there any known issue with ACE with header size more then 2048

Syed Iftekhar Ahmed Tue, 02/24/2009 - 11:07

ACE supports parsing HTTP headers up to 64K bytes.

By default ACE Module can parse 4096 bytes (4K).

By default for ACE appliance can parse 2048 bytes.

You can change it to a higher number, for example to instruct ACE to parse 8192 bytes

parameter-map type http My_HTTP_PARAMS

set header-maxparse-length 8192

policy-map multi-match My-VIPS

class Syed

loadbalance vip inservice

loadbalance policy syed-policy

loadbalance vip icmp-reply active

appl-parameter http advanced-options My_HTTP_PARAMS

Increasing it to a very high number will have performance impacts.

More details at

ACE Module:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/classlb.html#wp1350453')">http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/classlb.html#wp1350453

ACE Appliance:

http://preview.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1062867')">http://preview.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1062867

Syed Iftekhar Ahmed

Giles,

I have a situation that some of the servers in my network generates the cookie and some don't. I already configured the ACE to generate the cookie:

sticky http-cookie acecookie Sticky-Insert-Cookie

cookie insert

serverfarm prodtest-testserver

Do I have to insert a command for the servers that generate their own cookie? If yes please attached a sample config.

Thank you,

John...

Syed Iftekhar Ahmed Tue, 02/24/2009 - 14:16

If you are inserting cookie via ACE & using that cookie for persistence then it doesn't matter if Servers are generating cookies or not.

You either use Dynamic cookie learning (where ACE learns Server generated cookies from server responses & use these cookies for persistence)

or Cookie insertion (where ACE inserts cookie by itself & uses that for persistence).

Syed Iftekhar Ahmed

followurself Tue, 02/24/2009 - 15:58

Thanks Syed,

our current version is 3.0.0 A1 , and the guide shows it support 2048 bytes.

interestingly we dont see any RST packet sent back to the browser.

we are looking to upgrade to A2 version , which by default supports 4096 as mentioned by you

hopefully this will fix the white page issue

thanks

dinoantonucci Wed, 03/11/2009 - 03:22

About hash alghoritm to create cookie Value: hash of serverfarm name + rserver name + port, last parameter "port", what's this port? source client port, vip port or probe server port?

Dino

I just wanted to ask 3 questions regarding static cookies. 1) I think this thread is great, but does the web client care what the server sends as a cookie header if the ACE is going to insert its own cookie, send it to the client and maintain session stickiness via the static cookie definition.

2. Does the ACE send cookie information over to the server?

3. what is the best way to verify that the session stickiness is working?

Thank you for your reply.

Kristopher Martinez Wed, 06/10/2009 - 09:35

It is the destination rserver port. A2(1.4) will allow you to look at the cookie variables and hash with the following output:

sdcn/context1# sh sticky cookie-insert group test-cookie-insert

Cookie | HashKey | rserver-instance

------------+----------------------+----------------------------------------+

R669151895 | 11778970594399315428 | https-900-901-2/10.91.100.105:443

R670337816 | 3650464631298052714 | https-900-901-2/10.91.100.106:443

R671523737 | 7818026631770276497 | https-900-901-2/10.91.100.107:443

R672709658 | 7993671127559957208 | https-900-901-2/10.91.100.108:443

Regards

Kris

dinoantonucci Wed, 03/11/2009 - 03:55

About hash alghoritm to create cookie Value: hash of serverfarm name + rserver name + port, last parameter "port", what's this port? source client port, vip port or probe server port?

Dino

tech_trac Wed, 06/10/2009 - 09:12

Hello,

Is it a good idea to use the client cookie (via dynamic learning) in case the server does not generate any cookie.

What are the disadvantages of using client cookies. Secondly, how does client build the cookie value. Is it the browser decision or something else. And for how long the client maintains the same cookie value. I believe in this case, clients around the world would come in with a huge number of distinct cookie values, thereby building up the sticky table.

Thanks.

tech_trac Wed, 06/10/2009 - 09:27

A client cookie example:

Cookie: ASP.NET_SessionId=h2ob4p55m3zzlev4e5uy3b55

tech_trac Tue, 06/16/2009 - 03:09

Hi,

With cookie based stickiness, I tried 'show sticky database static client IP' but it does not show the specific entry.

show sticky database static does show the sticky entries as well as show conn address IP.

Actions

This Discussion