Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
735
Views
1
Helpful
4
Replies

Problem with load balancing on CSS

dporod
Level 1
Level 1

‎02-19-2010 10:22 AM

Hi, we have a pair of servers that are load balanced for port 80 traffic to 198.x.x.21 using the h_www_tcp:80 content rule . I recently got a request that port 80 traffic directed to 198.x.x.21/apps/auction be directed only to one of the load balanced servers. I created a service and content rule r_auction_tcp:80, but traffic still seems to matching the load balancing content rule and going to the wrong server (the /app/auction site only exits on the first server).

I thought it might be sticyness so I experimented by assigning my pc IP addresses that have not be used and I would still end up on the wrong server with some of the addresses.

Any ideals?

content h_www_tcp:80
  vip address 198.x.x.21
  port 80
  protocol tcp
  advanced-balance sticky-srcip
  add service webwa1.1_tcp:80
  add service webwa2.1_tcp:80
  redundant-index 1064
  sticky-inact-timeout 480
  active

service webwa1.1_tcp:80
  ip address 10.6.3.30
  protocol tcp
  port 80
  keepalive type tcp
  keepalive port 80
  redundant-index 130
  active

service webwa2.1_tcp:80
  ip address 10.6.3.31
  protocol tcp
  port 80
  keepalive type tcp
  keepalive port 80
  redundant-index 140
  active


content r_auction_tcp:80
  vip address 198.x.x.21
  redundant-index 1077
  add service webwa1.1-auction_tcp:80
  port 80
  protocol tcp
  url "/apps/auction/*"
  active

service webwa1.1-auction_tcp:80
  ip address 10.6.3.30
  protocol tcp
  port 80
  keepalive type tcp
  keepalive port 80
  redundant-index 131
  active

Labels:
0 Helpful
4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

‎02-22-2010 02:06 AM

does that never work, or is it just some requests that sometimes fail to be remapped to the appropriate server?

It should normally work, but with the current config it is possible to see failures for session that stayed idle.

The solution is then to increase the flow-timeout-multiplier under each content rule to 50.

Gilles.

0 Helpful

dporod
Level 1
Level 1
In response to Gilles Dufour

‎02-22-2010 05:24 AM

It does work about half the time. Seems to depend on the source IP address, once it doesn't work on a certain address it seems to "never" work. I tried adding the flow-timeout-multiplier 50 to each of the content rules but still have the same result.

0 Helpful

donaldrayfl
Level 1
Level 1

‎03-09-2010 06:55 AM

Why don't you just disable service webwa1.1_tcp:80 or service webwa2.1_tcp:80?  If you disable one of them, by default all traffic will go to the other.  Currently, both appear to set as active which means they are available for requests.

Gilles Dufour
Cisco Employee
Cisco Employee
In response to donaldrayfl

‎03-11-2010 01:38 AM

Seems like the sticky src ip takes precedence.

Try to add the command : url "/*"

under the original rule.

It will force the traffc to be L7.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents