Cisco GSS - Cookie Stickiness

Unanswered Question
Jun 10th, 2010


What all the parameters can be used for stickiness across different data centers via Cisco

GSS. Is cookie stickiness possible.

We are planning to implement an Active/Active site and the

internet user requests will be load balanced across two sites. Since most of the users use ADSL connections, the source IPs are dynamic and changes within minutes and even seconds. If the stickiness would be configured based on IPs on the GSS, the sessions would be lost due to continuous IP changes and the user would be randomly directed to different data centers.

Please suggest how could stickiness be achieved without IPs.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Sean Merrow Thu, 06/10/2010 - 17:30

Hello there,

Stickiness on the GSS is based on IP address.  There is local sticky, which means each GSS in the cluster maintains its own sticky database and doesn't share it with the other GSS in the cluster.  Global sticky is when each still has its own sticky database, but they update each GSS in the cluster so that if a request comes into a different GSS from the same host IP and requests the same domain, it will still be stuck to the same Answer.

It does not matter if your clients are frequently changing their IP addresses, because an Internet user's IP address is not used, or known, by the GSS.  To the GSS, a client is actually an Internet user's D-proxy, or local DNS server.  Here's how it works:

  1. Internet user needs to resolve FQDN to IP address
  2. Internet user sends DNS query to his/her DNS server (D-proxy)
  3. D-proxy (which typically has a static IP address) makes request throughout DNS infrastructure sourced by its own IP address
  4. Eventually, the DNS request ends up at a GSS
  5. GSS checks to see if it already has a sticky entry for the IP address of this D-proxy
    1. If sticky entry exists, then the same Answer is given as last time
    2. If sticky entry does not exist, GSS will use configured method to choose Answer, return it, then create sticky entry
  6. If you are using global sticky, then the GSS will update the other GSS in cluster so they add the entry to their databases

So as you can see, the Internet user's IP address has no relevance to the GSS's operation.

I hope this helps.  Let me know if you have any questions.

Thank you,


dedra_live Thu, 06/10/2010 - 23:14

Thanks for the explanation.

Our web portal will only be used by the residents in one country and there are only two ISPs possibly with two client-D proxy IP addresses. In this case, GSLB via GSS in the method you have mentioned may not evenly/proportionately load balance across the data centers. That is, all internet users will be coming through two ISPs only.

Please suggest.

Sean Merrow Fri, 06/11/2010 - 06:19


I forgot to add in my original response that the GSS also takes into account the domain that is being requested.  So let's say D-Proxy makes a request for and it arrives at the GSS.  The GSS will check to see if it already has a sticky for this client D-Proxy AND this domain.  If it does, it will return the same Answer.  Now if a new request comes from the same D-Proxy but for a different domain, say, then it will be re-load balanced, then another sticky entry will be made.

So it is not that all requests that come from the same D-Proxy will always get the same Answer.  The GSS will create sticky entries based on unique combinations of D-Proxy IP Address/Requested Domain.  This should give you a pretty good load balancing distribution, assuming the two ISPs are fairly equal.

You can find more details on how sticky works on the GSS by reading the GSS Sticky Overview chapter in the documentation.

Does this help?


dedra_live Fri, 06/11/2010 - 09:29



In our case only single domain would be used. Is there any other way by which stickiness could be maintained on something more decomposible than Client D Proxy IP to achieve a more even balance. Cookie I believe should do a job if it were available.

Sean Merrow Fri, 06/11/2010 - 09:42


Cookies are only used in HTTP traffic.  They are not available in DNS packets and therefore, the GSS would never receive a cookie from a D-Proxy or submit one in its DNS response to a D-Proxy.  Only after a client is sent to one site or another would either a server or load balancer send the client a cookie for local sticky at that data center.  Cookies are not used in GSLB.

One option might be to send all clients from ISP-1 to Site-1, and then send them to Site-2 if Site-1 goes down.  And, in reverse, you could send all clients from ISP-2 to Site-2, and then send them to Site-1 only if Site-2 goes down.  This way, both Sites 1 and 2 will be active for one ISP's traffic, and the other Site will serve as a backup for an ISP.

You could accomplish this by using source-Address lists on the GSS to send D-Proxy requests from ISP-1 to Site-1, and vice-versa.

Would this work for you?


dedra_live Fri, 06/11/2010 - 10:19


I think this is the only option now and I will attempt it.

Is the source address list really required as the default round robin would take each ISP to a different site.

Sean Merrow Fri, 06/11/2010 - 10:39

Here's one way to accomplish this:

  1. Create an Answer-Group with a name like Prefer-Site-1 with the Answer from each site.  Set the Answer from Site-1 to have an "order" of 1 and the Answer from Site-2 to have an "order" of 2, within the group.
  2. Now create a second Answer-Group with a name like Prefer-Site-2 with the Answer from each site.  Set the Answer from Site-2 to have an "order" of 1 and the Answer from  Site-1 to have an "order" of 2, within the group.
  3. Create two source-address lists, one for each subnet of D-Proxies
  4. For the DNS-Rule for Site-1, apply the source-address list for ISP-1 D-Proxies, Set the Answer-Group for Prefer-Site-1 in clause 1, and set the method to Ordered-List. This way, the Site-1 Answer within the Prefer-Site-1 Answer-Group will always be returned, unless it is down, then the Site-2 Anwer would be returned.
  5. For the DNS-Rule for Site-2, apply the source-address list for ISP-2  D-Proxies, Set the Answer-Group for Prefer-Site-2 in clause 1, and set  the method to Ordered-List. This way, the Site-2 Answer within the  Prefer-Site-2 Answer-Group will always be returned, unless it is down,  then the Site-1 Anwer would be returned.

Let me know if you have any questions.



dedra_live Wed, 06/16/2010 - 22:50

Hi Sean,

If I were to load balance an ISP on two sites, how can it be achieved if load balancing occurs on Client-D proxy as well. An ISP may have several Client-D proxies. And it is not necessary that the ISP uses the same Client-D proxy for every request from the same user. In this case, how can I ensure that the same user continues to hit the same site.


Sean Merrow Thu, 06/17/2010 - 05:42


If you want users of a single ISP to be stuck to the same site, and those users may use multiple D-Proxies, then you would need to make sure that all of those D-Proxies were within the same sticky subnet in the GSS configuration.  To do this, you would need to find out the IP subnet(s) of the ISP's D-Proxies so that you can determine the best sticky mask to use in the GSS sticky configuration.

Hope this helps,



This Discussion