Arrowpoint Cookies, Reverse Proxy and Multiplexed Client Requests

Unanswered Question
Jun 5th, 2009
User Badges:


I have a reverse proxy which is performing SSL offload and making backend connections to two web servers. Between the reverse proxy and the two webservers, a CSS is in place to load balance between the web servers. There is a requirement for session stickiness on the web servers and since client IP details are lost through the reverse proxy I have used the arrowpoint-cookie method to load balance connections.

However, the reverse proxy seems to make only a handful of connections to the servers compared to the number incoming client connections and we have noticed that stickiness is broken. Now, I would assume this is correct if arrowpoint-cookie makes a load balancing based on the first HTTP get in a tcp stream and not on a per transaction basis AND our reverse proxy is multiplexing client requests. However, I can not convince myself of how the arrowpoint-cookie method actually works.

I wondered if anyone had any insight on this or had experienced similar issues with arrowpoint cookies?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Mon, 06/08/2009 - 01:10
User Badges:
  • Cisco Employee,

We can loadbalance per request.

You need :

CSS11503(config)# persistence reset remap

CSS11503(config)# owner gdufour

CSS11503(config-owner[gdufour])# content WWW

CSS11503(config-owner-content[gdufour-WWW])# no persistent

This should work.

Also make sure you increase the idle timeout, with a flow-timeout-multiplier because we do not "remap" connection that are considered idle.


egl.davidfarrell Mon, 06/08/2009 - 01:18
User Badges:

Hi Giles,

Thanks very much for your response. I will look at the configuration and applying it, and will let you know how things go.

Just to confirm, using this configuration would inspect the arrowpoint cookie on each HTTP GET? Are you also aware if this will work with the POST method?

Thanks again,


Gilles Dufour Mon, 06/08/2009 - 02:07
User Badges:
  • Cisco Employee,


it will also work the POST method.


egl.davidfarrell Mon, 06/08/2009 - 02:10
User Badges:

Hi Gilles,

That's brilliant, I have just read up on it in the config guides and will look to implement ASAP.

Thanks again (and apologies for mispelling your name on the earlier post!).

All the best,


egl.davidfarrell Tue, 06/16/2009 - 04:44
User Badges:

Hi Gilles,

I have implemented this today, and we are still seeing issues with requests hitting the wrong server.

A bit more info, the reverse proxy is an AXG Web Aopplication Firewall. I have been looking at this and am considering disabling connection re-use on here.

However I am also wondering if this might be to do with the flow timeout multiplier I am using which is 5 (80 seconds). Perhaps this is too low?

Thanks, David.


This Discussion