Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6247
Views
0
Helpful
18
Replies

Cisco Ace load balance

Go to solution
frede_frede
Level 1
Level 1

‎11-21-2013 05:36 AM

Hi,

I need to balance https in port 8091, I already make this configuration in port 443 and works, but with port 8091 the sessions are broken and the users have to constantly make login

probe tcp KPalive_server_8091

  port 8091

  interval 10

  faildetect 2

  passdetect interval 10

  passdetect count 2

  open 1

rserver host server01

  ip address 192.168.32.128

  inservice

rserver host server02

  ip address 192.168.32.129

inservice

serverfarm host SRVfarm_server

  probe KPalive_server_8091

  rserver server01

    inservice

  rserver server02

    inservice

sticky layer4-payload server_HTTPS

  serverfarm SRVfarm_server

  response sticky

  layer4-payload offset 43 length 64 begin-pattern "(\x20|\x00\xST)"

class-map match-all CLA4_HTTPS

  2 match virtual-address 192.168.30.60 tcp eq 8091

policy-map type loadbalance generic first-match POL7_HTTPS

  class class-default

    sticky-serverfarm server_HTTPS

policy-map multi-match POL4_HTTPS

  class CLA4_HTTPS

    loadbalance vip inservice

    loadbalance policy POL7_HTTPS

    loadbalance vip icmp-reply active

thanks

Fred

P.S.

sorry for the repeated topic, but accidentally I choose write answer

Labels:
0 Helpful
18 Replies 18

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to frede_frede

‎11-25-2013 09:11 AM

Hi Fred,

Also, i see that you have the cookie in URL so for ACE to read the cookie in URL you should use secondary cookie option.

the way this typically works is that the server is configured to insert the same secondary cookie in both the Set-Cookie header and the HTML URI. ACE creates a sticky entry based on the Set-Cookie header of the server response. Then, when client returns

with the same cookie value in the URL query, it is stuck to the same server.

"cookie secondary" is not meant to work independently of regular cookies. It is meant to be a complementary feature for cases where the client has disabled cookies in their browser. The server is still expected to insert a standard Set-Cookie header in the response.

Something like this:

sticky http-cookie jsessionid sticky-cookie

cookie offset 0 length 42

cookie secondary jsessionid

timeout 35

replicate sticky

You can also define http parameter map to define secondary cookie start or url delimiters.

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/classlb.html#wp1475884

Regards,

Kanwal

0 Helpful

Go to solution
frede_frede
Level 1
Level 1
In response to Kanwaljeet Singh

‎11-27-2013 08:47 AM

Hi Kanwal,

unfortunately is still not okay. When I make show sticky I can see the sessions, users can work, but there are times when all sessions begin to fall with no apparent reason.

This is my parameter configuration.

parameter-map type http PERSIST-REBALANCE

  case-insensitive

  persistence-rebalance

  set header-maxparse-length 65535

  set content-maxparse-length 65535

  length-exceed continue

The sticky

sticky http-cookie JSESSIONID stickyconf

  timeout 10

  replicate sticky

  serverfarm FARM

One note, at this moment all my sessions arrive with the same IP, this can be the problem. The sessions cross a NAT

Thanks for the support and the patience

Regards,

Fred

0 Helpful

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to frede_frede

‎11-27-2013 09:30 AM

Hi Fred,

Did you try using secondary cookie configuration as suggested above since your cookie comes in URL.

Regarding the NAT it shouldn't be an issue because ACE is sticking sessions on the basis of cookie and not src IP.

Regards,

Kanwal

0 Helpful

Go to solution
Steven Doremus
Level 1
Level 1
In response to frede_frede

‎11-27-2013 05:25 PM

Fred

Did you allocate resources in the context See Below

To begin the configuration, allocate sticky resources to the context you will be using. In this example a context “routed” has already been defined. Create a resource class, allocate the desired amount of sticky entries, and apply them to the “routed” context.

ACE-1/Admin# show run | begin routed
context routed
  allocate-interface vlan 10
  allocate-interface vlan 20
allocate-interface vlan 40

ACE-1/Admin(config)# resource-class sticky
ACE-1/Admin(config-resource)# limit-resource all minimum 0.00 maximum unlimited
ACE-1/Admin(config-resource)# limit-resource sticky minimum 10.00 maximum equal-to-min

ACE-1/Admin(config)# context context name by default, Admin, C001, etc.
ACE-1/Admin(config-context)# member sticky
0 Helpful
Customers Also Viewed These Support Documents