11-21-2013 05:36 AM
Hi,
I need to balance https in port 8091, I already make this configuration in port 443 and works, but with port 8091 the sessions are broken and the users have to constantly make login
probe tcp KPalive_server_8091
port 8091
interval 10
faildetect 2
passdetect interval 10
passdetect count 2
open 1
rserver host server01
ip address 192.168.32.128
inservice
rserver host server02
ip address 192.168.32.129
inservice
serverfarm host SRVfarm_server
probe KPalive_server_8091
rserver server01
inservice
rserver server02
inservice
sticky layer4-payload server_HTTPS
serverfarm SRVfarm_server
response sticky
layer4-payload offset 43 length 64 begin-pattern "(\x20|\x00\xST)"
class-map match-all CLA4_HTTPS
2 match virtual-address 192.168.30.60 tcp eq 8091
policy-map type loadbalance generic first-match POL7_HTTPS
class class-default
sticky-serverfarm server_HTTPS
policy-map multi-match POL4_HTTPS
class CLA4_HTTPS
loadbalance vip inservice
loadbalance policy POL7_HTTPS
loadbalance vip icmp-reply active
thanks
Fred
P.S.
sorry for the repeated topic, but accidentally I choose write answer
Solved! Go to Solution.
11-25-2013 09:11 AM
Hi Fred,
Also, i see that you have the cookie in URL so for ACE to read the cookie in URL you should use secondary cookie option.
the way this typically works is that the server is configured to insert the same secondary cookie in both the Set-Cookie header and the HTML URI. ACE creates a sticky entry based on the Set-Cookie header of the server response. Then, when client returns
with the same cookie value in the URL query, it is stuck to the same server.
"cookie secondary" is not meant to work independently of regular cookies. It is meant to be a complementary feature for cases where the client has disabled cookies in their browser. The server is still expected to insert a standard Set-Cookie header in the response.
Something like this:
sticky http-cookie jsessionid sticky-cookie
cookie offset 0 length 42
cookie secondary jsessionid
timeout 35
replicate sticky
You can also define http parameter map to define secondary cookie start or url delimiters.
Regards,
Kanwal
11-27-2013 08:47 AM
Hi Kanwal,
unfortunately is still not okay. When I make show sticky I can see the sessions, users can work, but there are times when all sessions begin to fall with no apparent reason.
This is my parameter configuration.
parameter-map type http PERSIST-REBALANCE
case-insensitive
persistence-rebalance
set header-maxparse-length 65535
set content-maxparse-length 65535
length-exceed continue
The sticky
sticky http-cookie JSESSIONID stickyconf
timeout 10
replicate sticky
serverfarm FARM
One note, at this moment all my sessions arrive with the same IP, this can be the problem. The sessions cross a NAT
Thanks for the support and the patience
Regards,
Fred
11-27-2013 09:30 AM
Hi Fred,
Did you try using secondary cookie configuration as suggested above since your cookie comes in URL.
Regarding the NAT it shouldn't be an issue because ACE is sticking sessions on the basis of cookie and not src IP.
Regards,
Kanwal
11-27-2013 05:25 PM
Fred
Did you allocate resources in the context See Below
To begin the configuration, allocate sticky resources to the context you will be using. In this example a context “routed” has already been defined. Create a resource class, allocate the desired amount of sticky entries, and apply them to the “routed” context.
ACE-1/Admin# show run | begin routed context routed allocate-interface vlan 10 allocate-interface vlan 20 allocate-interface vlan 40 ACE-1/Admin(config)# resource-class sticky ACE-1/Admin(config-resource)# limit-resource all minimum 0.00 maximum unlimited ACE-1/Admin(config-resource)# limit-resource sticky minimum 10.00 maximum equal-to-min ACE-1/Admin(config)# context context name by default, Admin, C001, etc. ACE-1/Admin(config-context)# member sticky
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide