ACE 4710 - Cookie insertion issue.

Answered Question
May 27th, 2010

Hi

I am doing cookie insertion and am finding that I am still hitting all servers.

What I have found is that the

  1. Cookie is inserted
  2. Occasionally the cookie is inserted with browser expire info - though not in the config as browser expire.
  3. Multiple connections are opened to download content
  4. When new connections are opened - they contain the cookie
  5. Even with the cookie in a new session the ACE sets the cookie again (expected) but to a different server (not expected)
  6. As an asside, I have inserted config to read an existing server cookie that does not make it into the sticky database(hense insert mode)

Stream1 - Starts with

Stream2 - Starts with

Stream3 - Starts with

Stream4 - Starts with

StickToffeeCookie=R4178416476

and changes half way in to

StickToffeeCookie=R4178415387

Also to note the the cookies are set with expire info - though not in the config as "Browser Expire"

Relevant config is below -

parameter-map type http HTTP_PMAP
  server-conn reuse
  persistence-rebalance
  header modify per-request
  set header-maxparse-length 65535
  set content-maxparse-length 65535
  length-exceed continue
parameter-map type connection TCP_IDLE_30min
  set timeout inactivity 1800

rserver host Evolution-1
  description Teligent Evolution Server 1
  ip address 10.0.4.129
  inservice
rserver host Evolution-2
  description Teligent Evolution Server 2
  ip address 10.0.4.130
  inservice

serverfarm host EVOLUTION-INTERNAL
  description Internal Teligent Evolution Servers
  predictor leastconns
  rserver Evolution-1
    inservice
  rserver Evolution-2
    inservice

sticky http-cookie StickToffeeCookie EVOLUTION-INTERNAL-STICKY
  cookie insert
  timeout 30
  replicate sticky
  serverfarm EVOLUTION-INTERNAL

policy-map type loadbalance first-match EVOLUTION-INTERNAL-LB-POLICY
  class class-default
    sticky-serverfarm EVOLUTION-INTERNAL-STICKY


policy-map multi-match L4WEB_POLICY
    class EVOLUTION-VIP
    loadbalance vip inservice
    loadbalance policy EVOLUTION-INTERNAL-LB-POLICY
    loadbalance vip icmp-reply
    appl-parameter http advanced-options HTTP_PMAP
    connection advanced-options TCP_IDLE_30min
    class EVOLUTION_REAL_SERVERS
    nat dynamic 1 vlan 81

interface vlan 61
  description core switch uplink
  ip address 10.0.3.250 255.255.255.224
  alias 10.0.3.251 255.255.255.224
  peer ip address 10.0.3.249 255.255.255.224
  service-policy input L4WEB_POLICY
  no shutdown
interface vlan 81
  description Evolution Real Server Lan
  ip address 10.0.4.157 255.255.255.224
  alias 10.0.4.158 255.255.255.224
  peer ip address 10.0.4.156 255.255.255.224
  nat-pool 1 10.0.4.153 10.0.4.155 netmask 255.255.255.224 pat
  service-policy input L4WEB_POLICY
  no shutdown

Any Help greatly appreciated.

Thanks

Mark

StickToffeeCookie=R4178416476

and changes straight with a set cookie to (this is the one that changes it for the other sessions)

StickToffeeCookie=R4178415387

StickToffeeCookie=R4178416476

and changes half way in to without a set cookie to

StickToffeeCookie=R4178415387

StickToffeeCookie=R4178416476

and changes half way in without a set cookie to

StickToffeeCookie=R4178415387

I have this problem too.
0 votes
Correct Answer by Gilles Dufour about 6 years 6 months ago

I believe this is because the server also sends invalid cookie

Cookie: CommunityServer-UserCookie2121=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Thu, 27 May 2010 08:50:46 GMT; AuthorizationCookie=d968001d-7950-4fd3-9736-9f0972be391b; CommunityServer-UserCookie2112=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Thu, 27 May 2010 09:17:04 GMT; StickToffeeCookie=R4178416476; CommunityServer-LastVisitUpdated-2112=

By RFC definition a cookie should be something like NAME=VALUE where the value can't contain separators like spaces or comas.

This will confuse ACE and it will stops parsing the cookie list.

Fix your server cookies and everything should be ok after that.

RFC 2965 obsoletes RFC 2109.  The author of those  two RFCs also wrote a nice doc on the  history of cookies, and clearly states:

NAME=VALUE

NAME is the  cookie’s name, and VALUE is its value. Thus the  header Set-Cookie:

id=waldo sets a cookie  with name id and value waldo. Both the cookie  NAME

and its VALUE may be any  sequence of characters except semi-colon,  comma,

or  whitespace.

Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mark_tegg Thu, 05/27/2010 - 05:08

Formatting broke - was meant to read

Stream1 - Starts with
StickToffeeCookie=R4178416476
and changes half way in to
StickToffeeCookie=R4178415387

Stream2 - Starts with
StickToffeeCookie=R4178416476
and changes half way in to
StickToffeeCookie=R4178415387


Stream3 - Starts with
StickToffeeCookie=R4178416476
and is Set at the start to (this is the one that I think messes the other sessions.)
StickToffeeCookie=R4178415387


Stream4 - Starts with
StickToffeeCookie=R4178416476
and changes half way in to
StickToffeeCookie=R4178415387

Also left out the first

A1-S1E-NLB03-01/InternalSC#   sh sticky cookie-insert group EVOLUTION-INTERNAL-STICKY
     Cookie   |        HashKey       |           rserver-instance  
  ------------+----------------------+----------------------------------------+
  R4178415387 | 6989910007459052230  | EVOLUTION-INTERNAL/Evolution-1:0
  R4178416476 | 6321323087346987460  | EVOLUTION-INTERNAL/Evolution-2:0

Thanks

Mark

Correct Answer
Gilles Dufour Thu, 05/27/2010 - 06:15

I believe this is because the server also sends invalid cookie

Cookie: CommunityServer-UserCookie2121=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Thu, 27 May 2010 08:50:46 GMT; AuthorizationCookie=d968001d-7950-4fd3-9736-9f0972be391b; CommunityServer-UserCookie2112=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Thu, 27 May 2010 09:17:04 GMT; StickToffeeCookie=R4178416476; CommunityServer-LastVisitUpdated-2112=

By RFC definition a cookie should be something like NAME=VALUE where the value can't contain separators like spaces or comas.

This will confuse ACE and it will stops parsing the cookie list.

Fix your server cookies and everything should be ok after that.

RFC 2965 obsoletes RFC 2109.  The author of those  two RFCs also wrote a nice doc on the  history of cookies, and clearly states:

NAME=VALUE

NAME is the  cookie’s name, and VALUE is its value. Thus the  header Set-Cookie:

id=waldo sets a cookie  with name id and value waldo. Both the cookie  NAME

and its VALUE may be any  sequence of characters except semi-colon,  comma,

or  whitespace.

Gilles.

mark_tegg Thu, 05/27/2010 - 08:09

Hi Gilles

Thanks for the prompt responce.

I'll chase the vendor.

Thanks

Mark

Actions

This Discussion