backup rserver with sticky configured

jsarausos · ‎07-26-2010

Hi,

I would like to ask regarding the configuration for the backup rserver with sticky configured.

This is not documented in the Cisco guides.

Suppose the real server1 fails and connections are diverted to server2. Then server1 resumes service. What happens to existing connections on server2 and the new connections?

serverfarm SFARM1

rserver SERVER1

backup-rserver SERVER2

inservice

rserver SERVER2

inservice standby

yushimaz · ‎08-02-2010

- Existing connections keep accessing server2.

- If a new client request (connection) matches a sticky entry for server2, ACE forwards this request to server2.

ACE looks up sticky entries and use server2 since standby state is handled as UP.

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/rsfarms.html#wp1000385

- If a new client request (connection) doesn't match any sticky entry for server2, ACE forwards this request to server1.

If you want to use server1 after coming back OPERATIONAL, I recommend you use 'backup serverfarm' without sticky option as below.

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/sticky.html#wp1137791

---

serverfarm SFARM1

rserver SERVER1

inservice

serverfarm SFARM2

rserver SERVER2

inservice

sticky ip-netmask 255.255.255.255 address both sticky_ip

serverfarm SFARM1 backup SFARM2

---

The following is a test result of standby rserver and sticky ip.

ACE20a/Admin# sh rserver

rserver : sv1, type: HOST

state : OPERATIONAL (verified by arp response)

---------------------------------

----------connections-----------

real weight state current total

---+---------------------+------+------------+----------+--------------------

serverfarm: sf

192.168.72.11:0 8 PROBE-FAILED 0 2

rserver : sv2, type: HOST

state : OPERATIONAL (verified by arp response)

---------------------------------

----------connections-----------

real weight state current total

---+---------------------+------+------------+----------+--------------------

serverfarm: sf

192.168.72.12:0 8 OPERATIONAL 0 8

ACE20a/Admin#

!___ access from client to ACE vip

ACE20a/Admin# sh sticky database

sticky group : sticky_ip

type : IP

timeout : 1440 timeout-activeconns : FALSE

sticky-entry rserver-instance time-to-expire flags

---------------------+--------------------------------+--------------+-------+

13882423967172020068 sv2:0 86384 -

!___ ACE learns client address and registers the entry

ACE20a/Admin#

ACE20a/Admin# sh rserver

rserver : sv1, type: HOST

state : OPERATIONAL (verified by arp response)

---------------------------------

----------connections-----------

real weight state current total

---+---------------------+------+------------+----------+--------------------

serverfarm: sf

192.168.72.11:0 8 OPERATIONAL 0 2

!___ return OPERATIONAL

rserver : sv2, type: HOST

state : OPERATIONAL (verified by arp response)

---------------------------------

----------connections-----------

real weight state current total

---+---------------------+------+------------+----------+--------------------

serverfarm: sf

192.168.72.12:0 8 STANDBY 0 9

!___ return STANDBY

ACE20a/Admin# sh sticky database

sticky group : sticky_ip

type : IP

timeout : 1440 timeout-activeconns : FALSE

sticky-entry rserver-instance time-to-expire flags

---------------------+--------------------------------+--------------+-------+

13882423967172020068 sv2:0 86356 -

!___ ACE keeps sticky entry to server2.

ACE20a/Admin#

!___ access from client with new syn packet

ACE20a/Admin# sh sticky database

sticky group : sticky_ip

type : IP

timeout : 1440 timeout-activeconns : FALSE

sticky-entry rserver-instance time-to-expire flags

---------------------+--------------------------------+--------------+-------+

13882423967172020068 sv2:0 86389 -

!___ use this sticky entry (time-to-expire flag is reset) and send packets to server2

ACE20a/Admin#

ACE20a/Admin# sh ver | i image

system image file: [LCP] disk0:c6ace-t1k9-mz.A2_3_1.bin

jsarausos · ‎08-02-2010

Hi Yushimaz,

Thanks for your insightful and very helpful reply.

However I would like to confirm with you on something:

So when server1 goes to operational, server2 will still take in connections as long as it have an entry in its sticky table database. Will the server2 stops taking connections once all of its sticky database is cleared?

Thanks!

yushimaz · ‎08-02-2010

Hi jsarausos

When sticky database is cleared by clear sticky database command or timed out,

new connection will forward to server1 but existing connection will keep the connection

to server2 since ACE looks up connection table.

If you use sticky cookie insert feature, you may have to remove cookie by hand or

use browser-expire option since sticky database has never expired.

The following is the behavior after sticky database on ACE is cleared.

ACE20a/Admin# sh sticky database

sticky group : sticky_ip

type : IP

timeout : 1440 timeout-activeconns : FALSE

sticky-entry rserver-instance time-to-expire flags

---------------------+--------------------------------+--------------+-------+

13882423967172020068 sv2:0 86373 -

!___ primary rserver went down and then ACE learned a sticky entry for sv2.

ACE20a/Admin#

ACE20a/Admin# clear sticky database all

!___ issued clear command to remove all sticky entries

ACE20a/Admin# sh sticky database

ACE20a/Admin#

!___ all entries were cleared and then client sent a new request.

ACE20a/Admin# sh sticky database

sticky group : sticky_ip

type : IP

timeout : 1440 timeout-activeconns : FALSE

sticky-entry rserver-instance time-to-expire flags

---------------------+--------------------------------+--------------+-------+

13882423967172020068 sv1:0 86395 -

!___ ACE sent this request to server1 and created the entry.

ACE20a/Admin#

Regards,

Yuji