cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
552
Views
0
Helpful
5
Replies

Arrowpoint Cookies, Reverse Proxy and Multiplexed Client Requests

Hi,

I have a reverse proxy which is performing SSL offload and making backend connections to two web servers. Between the reverse proxy and the two webservers, a CSS is in place to load balance between the web servers. There is a requirement for session stickiness on the web servers and since client IP details are lost through the reverse proxy I have used the arrowpoint-cookie method to load balance connections.

However, the reverse proxy seems to make only a handful of connections to the servers compared to the number incoming client connections and we have noticed that stickiness is broken. Now, I would assume this is correct if arrowpoint-cookie makes a load balancing based on the first HTTP get in a tcp stream and not on a per transaction basis AND our reverse proxy is multiplexing client requests. However, I can not convince myself of how the arrowpoint-cookie method actually works.

I wondered if anyone had any insight on this or had experienced similar issues with arrowpoint cookies?

5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

We can loadbalance per request.

You need :

CSS11503(config)# persistence reset remap

CSS11503(config)# owner gdufour

CSS11503(config-owner[gdufour])# content WWW

CSS11503(config-owner-content[gdufour-WWW])# no persistent

This should work.

Also make sure you increase the idle timeout, with a flow-timeout-multiplier because we do not "remap" connection that are considered idle.

Gilles.

Hi Giles,

Thanks very much for your response. I will look at the configuration and applying it, and will let you know how things go.

Just to confirm, using this configuration would inspect the arrowpoint cookie on each HTTP GET? Are you also aware if this will work with the POST method?

Thanks again,

David.

Davi,

it will also work the POST method.

Gilles.

Hi Gilles,

That's brilliant, I have just read up on it in the config guides and will look to implement ASAP.

Thanks again (and apologies for mispelling your name on the earlier post!).

All the best,

David.

Hi Gilles,

I have implemented this today, and we are still seeing issues with requests hitting the wrong server.

A bit more info, the reverse proxy is an AXG Web Aopplication Firewall. I have been looking at this and am considering disabling connection re-use on here.

However I am also wondering if this might be to do with the flow timeout multiplier I am using which is 5 (80 seconds). Perhaps this is too low?

Thanks, David.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: