I have a couple of ACE that load balances two web servers using stickyness with cookie insert (BTW the topology is one armed mode). You can see the sanitized config below:
rserver host WEBSERVER1
ip address 10.10.10.101
rserver host WEBSERVER2
ip address 10.10.10.102
serverfarm host MY-SF
sticky http-cookie MY-COOKIE MY-SF-STICKY
class-map match-all WEB-VIP
2 match virtual-address 10.10.10.100 tcp eq www
policy-map type loadbalance http first-match WEB-POLICY
policy-map multi-match VIPS
loadbalance vip inservice
loadbalance policy WEB-POLICY
loadbalance vip icmp-reply active
nat dynamic 10 vlan 222
interface vlan 222
ip address 10.10.10.1 255.255.255.0
alias 10.10.10.10 255.255.255.0
peer ip address 10.10.10.2 255.255.255.0
access-group input IP-ICMP-ANY
nat-pool 10 10.10.10.200 10.10.10.200 netmask 255.255.255.0 pat
service-policy input VIPS
The web application asks the Client to connect to two different URLs, for example red.xyz.com and blue.xyz.com.
For each URL the Client receives correctly a cookie. How can we force the ACE to send for each of the two URLs a cookie that sticks to a unique real server ? Shall we change the load balancing policy ?
Are both urls resolving to the same vip address. If so, The ace does not care about the url when inserting cookies. Any connections that comes to the same vip address will get the cookie. The client will remember the cookie for that url, however, and if the client connects on a subsequent request to the same vip address but using a different url, more than likely the client will not provide the cookie that it had learned from the previous request at the other url, and that will cause the ace to potentially load balance that request to a new server. So it will be possible in this scenario for the client to be stuck to two different servers to the same vip address, one for each url or FQDN.
Thanks Joel Lamousnery TAC Customer Support Engineer
CCIE R&S - 36768
Engineer, Customer Support
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...