I have the following issue with an ACE Module configured for source-destination IP stickyness ("both" keyword).
The client is accessing a web service through a configured VIP. No proxy is used so each individual client IP address is used to establish the connection.
In some cases the client gets connected to the server, when trying to retrieve the information needed he gets blank information from the corporate web page. When this happens the following connections to the realservers are present:
ACE01/WEB# sh conn rserver SERVER1 | include 172.16.88.62
ACE01/WEB# sh conn rserver SERVER2 | include 172.16.88.62
3650 1 in TCP 70 172.16.88.62:3775 172.16.240.25:80 ESTAB
ACE01/WEB# sh conn rserver SERVER-3 | include 172.16.88.62
1356 1 in TCP 70 172.16.88.62:3778 172.16.240.25:80 ESTAB
4237 1 in TCP 70 172.16.88.62:3780 172.16.240.25:80 ESTAB
4823 2 in TCP 70 172.16.88.62:3777 172.16.240.25:80 ESTAB
As far as I know, stickyness means that one client should be hitting the same realserver while his connections are active.
The following configuration is been used:
rserver host SERVER1
ip address x.x.x.4
rserver host SERVER2
ip address x.x.x.5
rserver host SERVER3
ip address x.x.x.6
serverfarm host SERVER
sticky ip-netmask 255.255.255.0 address both SERVER
policy-map type loadbalance http first-match SERVER
insert-http x-forward header-value "%is"
loadbalance vip inservice
loadbalance policy SERVER
loadbalance vip icmp-reply active
loadbalance vip advertise active
nat dynamic Y vlan ZZ
Important to mention that this is a random behaviour.
Anyone with a good guess regarding this issue?