05-13-2010 01:24 AM
Hello
I have a question about sticky for MS Terminal services. Now I have one 4710 demo box and MS terminal servers farm containg 15 servers. All servers running Windows 2003 Standard Edition. ACE working in bridge mode. Sticky config:
sticky ip-netmask 255.255.255.255 address both SG1
timeout 120
serverfarm TSTERM
All working fine, but sticky timeout decreased for active clients. In Administration Guide present following:
The sticky timeout specifies the period of time that the ACE keeps (if possible) the IP address sticky information for a client connection in the sticky table after the latest client connection terminates. The ACE resets the sticky timer for a specific sticky-table entry each time that the appliance opens a new connection or receives a new HTTP GET on an existing connection matching that entry. High connection rates may cause the sticky table entries to age out prematurely.
By default, the ACE ages out a sticky table entry when the timeout for that entry expires and no active connections matching that entry exist. To specify that the ACE time out IP address sticky table entries even if active connections exist after the sticky timer expires, use the timeout activeconns command.
What's happened after 120 minutes for active clients? Sticky entry removed from table and if session is broken and client try to reconnect ACE connect it to different server? How avoid this?
Regards,
Stanislav Kuchma
05-14-2010 02:18 AM
Hi,
The sticky table uses a timer to expire entries in its table. 2 possibilities exist here:
- Active connects cannot timeout: When a client connects the first time, an entry in the sticky table is created. As long as connections from that client are seen, the timer is reset. That means that if the timer is 2 hours, an idle time from that client needs to be 2 hours before the entry is removed. Everytime that client reconnects within the 2 hours, the timer is reset.
- Active connects do timeout: When a client connects the first time, an entry in the sticky table is created, and the expire timer is started. If the client is idle or new connections are made, the expire timer is never reset and keeps running. When the timer expires, the entry is removed from the sticky table, and a new load-balancing decision is made on the frist connection after the timer has expired.
For you scenario, the best is not to timeout active connections. This is also the default behaviour of the ACE.
In any case, you can configure "no timeout activeconns" in your sticky serverfarm config.
Have you concidered RDP load-balancing on ACE?
You need a Session Director that passes routing tokens.
Take a look at following document: http://download.microsoft.com/download/8/6/2/8624174c-8587-4a37-8722-00139613a5bc/TS_Session_Directory.doc
HTH,
Dario
05-14-2010 04:34 AM
In my config "Active connects cannot timeout", but for RDP it's doesn't work. Timer isn't reset and continue to decrease. I verify this with sh stiscky database command for active client. And I can't use Session Directory because server farm must running Windows Enterprise or Datacenter Editon. We use Standard Edition.
05-14-2010 04:44 AM
Hi,
If you can't use RDP load-balancing (like you said, indeed your version of Win2003 does not suit), you cannot use the L7 policy type RDP. You should use the normal policy map type loadbalance.
Can you post your config?
Thanks,
Dario
05-14-2010 05:38 AM
logging enable
logging timestamp
logging trap 6
logging buffered 6
access-list bpdu-fixup ethertype permit bpdu
access-list ALL line 8 extended permit ip any any
probe icmp ICMPPROBE
interval 2
faildetect 5
passdetect interval 60
passdetect count 5
rserver host TSTERM1
ip address 10.0.0.100
inservice
rserver host TSTERM10
ip address 10.0.0.112
inservice
rserver host TSTERM11
ip address 10.0.0.113
inservice
rserver host TSTERM12
ip address 10.0.0.114
inservice
rserver host TSTERM13
ip address 10.0.0.115
inservice
rserver host TSTERM14
ip address 10.0.0.116
inservice
rserver host TSTERM15
ip address 10.0.0.117
inservice
rserver host TSTERM2
ip address 10.0.0.101
inservice
rserver host TSTERM3
ip address 10.0.0.102
inservice
rserver host TSTERM4
ip address 10.0.0.103
inservice
rserver host TSTERM5
ip address 10.0.0.104
inservice
rserver host TSTERM6
ip address 10.0.0.108
inservice
rserver host TSTERM7
ip address 10.0.0.109
inservice
rserver host TSTERM8
ip address 10.0.0.110
inservice
rserver host TSTERM9
ip address 10.0.0.111
inservice
serverfarm host TSTERM
predictor leastconns
probe ICMPPROBE
rserver TSTERM10
inservice
rserver TSTERM11
inservice
rserver TSTERM12
inservice
rserver TSTERM13
inservice
rserver TSTERM14
inservice
rserver TSTERM15
inservice
rserver TSTERM2
inservice
rserver TSTERM3
inservice
rserver TSTERM4
inservice
rserver TSTERM5
inservice
rserver TSTERM6
inservice
rserver TSTERM7
inservice
rserver TSTERM8
inservice
rserver TSTERM9
inservice
sticky ip-netmask 255.255.255.255 address source SG-TSTERM
timeout 600
serverfarm TSTERM
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
class-map match-all slb-TSTERM-vip
2 match virtual-address 10.0.0.126 tcp eq rdp
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance rdp first-match slb-TSTERM-vip
class class-default
sticky-serverfarm SG-TSTERM
policy-map multi-match client-vips
class slb-TSTERM-vip
loadbalance vip inservice
loadbalance policy slb-TSTERM-vip
loadbalance vip icmp-reply
interface vlan 108
bridge-group 2
access-group input bpdu-fixup
access-group input ALL
access-group output ALL
no shutdown
interface vlan 1108
bridge-group 2
access-group input bpdu-fixup
access-group input ALL
access-group output ALL
service-policy input client-vips
service-policy input remote_mgmt_allow_policy
no shutdown
interface bvi 2
ip address 10.0.0.125 255.255.255.224
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.0.97
05-14-2010 05:54 AM
Hi,
change the following and you should be good to go:
policy-map type loadbalance rdp first-match slb-TSTERM-vip
class class-default
sticky-serverfarm SG-TSTERM
should become
policy-map type loadbalance first-match slb-TSTERM-vip
class class-default
sticky-serverfarm SG-TSTERM
Because you don't have a session director, you should load-balance the RDP traffic like any other traffic.
Let me know if it solved your problem.
HTH,
Dario
05-15-2010 08:43 AM
Hello
I changed policy to include all traffic, but it doesn't work. Sticky timer continue to decrease for active RDP sessions. I think it's ok, because ACE reset sticky timer only for new TCP session or HTTP request.
Regards,
Stanislav Kuchma
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide