Cookie question

Answered Question
Apr 2nd, 2009
User Badges:

folks


I have cisco ACE blade and I have 2 questions


2. Size of HTTP header/cookie the LB can accept to maintain the stickiness, is there any size limitation for cookie size?

3. Any fallback for stickiness if it doesn't support large header/cookie size



Correct Answer by Syed Iftekhar Ahmed about 7 years 12 months ago

By Default ACE can parse header of 4K Bytes . This default value can be changed using a http type parameter map.


The maximum an ACE can parse is 64K.


Following is an example to change it to maximum.


parameter-map type http APP1_PARAM_MAP

set header-maxparse-length 65535


then apply this parameter-map to the policy


policy-map multi-match xyz

class APP1

loadbalance vip inservice

loadbalance policy xxx

loadbalance vip icmp-reply

appl-parameter http advanced-options APP1_PARAM_MAP



Syed



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Syed Iftekhar Ahmed Thu, 04/02/2009 - 14:45
User Badges:
  • Blue, 1500 points or more

By Default ACE can parse header of 4K Bytes . This default value can be changed using a http type parameter map.


The maximum an ACE can parse is 64K.


Following is an example to change it to maximum.


parameter-map type http APP1_PARAM_MAP

set header-maxparse-length 65535


then apply this parameter-map to the policy


policy-map multi-match xyz

class APP1

loadbalance vip inservice

loadbalance policy xxx

loadbalance vip icmp-reply

appl-parameter http advanced-options APP1_PARAM_MAP



Syed



kirit_patel Thu, 04/02/2009 - 18:03
User Badges:

syed


thanks


If incase the http header exceeds 4kbytes what will happen to the persistence? Does it fall back to sticky by IP?

Is there a way we can setup session using ASP.NET session ID



Syed Iftekhar Ahmed Thu, 04/02/2009 - 18:25
User Badges:
  • Blue, 1500 points or more

No


If a cookie, HTTP header, or URL

exceeds the default value, the ACE drops the packet and sends a RST

(reset) to the client browser.


This behavior can be changed using "length-exceed continue", however

I dont recommend this.


Its better to increase the Header parse length to the header length expected by your app.


Syed

kirit_patel Thu, 04/02/2009 - 18:40
User Badges:

syed thanks


The client is asking for following and asking if it can be configured


1. Verify that the load balancer (LB) is configured to load balance jpeg files.

2. Review the configuration of the LB; the load balancer should be configured to balance requests based on the ASP.Net session id of the request.

3. Define the maximum size of HTTP header the LB is configured to handle.

4. Define the LB fallback configuration if the HTTP header size is exceeded.



Here is my current config:


serverfarm host xxx.x.xxx.xx-443

probe TCP_443

rserver nj09app515 443

inservice

rserver nj09app517

inservice

serverfarm host xxx.x.xxx.xx-80

probe TCP_NEW_80

rserver nj09app515 80

inservice

rserver nj09app517 80

inservice


sticky http-cookie INF_COOKIE xxx.x.xxx.xx-80_STICKY

cookie insert

timeout 30

replicate sticky

serverfarm xxx.x.xxx.xx-80


sticky ip-netmask 255.255.255.0 address source xxx.x.xxx.xx-443_STICKYIP

replicate sticky

serverfarm 204.8.132.74-443


class-map match-all xxx.x.xxx-443_CLASS

2 match virtual-address xxx.x.xxx.xx tcp eq https class-map match-all xxx.x.xxx.xx-80_CLASS

2 match virtual-address xxx.x.xxx.xx tcp eq www




Syed Iftekhar Ahmed Thu, 04/02/2009 - 23:45
User Badges:
  • Blue, 1500 points or more

1. Its Do-able

2. Use a sniffer check the static portion of Jsession-ID (usually its 10 bytes from offset 53). Following is the config for offset53,length10


sticky http-cookie JSESSIONID stitcky1

cookie offset 53 length 10

serverfarm APP1-SF


policy-map type loadbalance first-match APP1-POLICY

class class-default

sticky-serverfarm stitcky1


3. As I mentioned earlier, use sniffer check the size of the header for regular traffic. If its more than the default ACE value then adjust it using


parameter-map type http APP1_PARAM_MAP

set header-maxparse-length


4. By default packet is dropped & RST is sent by ACE. If you want to change this behavior then use "length-exceed continue" to allow such packets through ACE.


Syed


Actions

This Discussion