I'm looking for some guidance/thoughts on a problem I'm coming across. I have an SSL termination configuration as follows:
Client to VIP:80 does redirect to VIP:443
Client to VIP:8080 does redirect to VIP:8443
Client to VIP:443 load balances to Real:80
Client to VIP:8443 load balances to Real:8080
On the real server I'm running apache on 80 and tomcat on 8080.
Apache handles the main site while Tomcat handles java applets/authentication/etc.
The problem we're encountering is when apache needs to hand off to tomcat and the reverse. What's the best way to accomplish this while maintaining the connection to the same real server. What is happening is that the ACE is re-load balancing the request to a different real.
Since you have 2 serverfarms, you'll get 2 different set of cookies.
So, for each sticky group, you need to learn the cookie value associated with each rserver.
Then for the other group, configure a static entry for each cookie value.
Do the same for each group.
Learning the cookie value requires the use of a sniffer. Sniff traffic going to the ACE slot. Open a connection to the vip and see which server is being used and what cookie value is returned. Delete the cookie and repeat until you get the cookie value for each server.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...