Trying ACE secondary cookie and not able to get it working.
I guess, secondary cookie work, when the primary cookie is not present in the header ?
I have the following configuration on ACE A5(1.2)
sticky http-cookie PrimaryCookie test-sticky
cookie secondary SecondaryCookie
When a connection is happening with both the cookie (or atleast the primary cookie), persistence works fine.
On few occation client is sending only the SecondaryCookie (no PrimaryCookie) in the header. I assume ACE will look into the secondary and maintain the persistence with the same rserver in the serverfarm. But it is not happening, ACE just forwards to a different rserver ?
Also anyway to find out whether secondary cookie specifically in database ?
Sniffer traces would be useful to understand exactly what is going on in this scenario. However, the way this typically works is that the server is configured to insert the same secondary cookie in both the Set-Cookie header and the HTML
URI. ACE creates a sticky entry based on the Set-Cookie header of the server response. Then, when client returns
with the same cookie value in the URL query, it is stuck to the same server.
"cookie secondary" is not meant to work independently of regular cookies. It is meant to be a complementary feature for cases where the client has disabled cookies in their browser. The server is still expected to insert a standard Set-Cookie header in the response.
As well, we don't store the values in readable format within the database, we actually store a hash of the value only.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...