02-15-2006 09:24 AM
Dear support,
I am new to content networking and still trying to read through the several hundred pages of the manuals.
just wonder if anyone could help me out with finalising my config on a 11501 that i've purchased to act as a ssl proxy / load balancer.
I think the config, though basic does what I need to, but now i've been told by the web site designers that I now need to keep all session sticky to which ever server the remote user connects to.
Also, I seem to have some latency in the test lab (have two laptops with IIS installed to simulate the real environment).
The problem seem to be that the initial https connection seems to take a long time before the security box is displayed then even longer for the actual page to be produced.
Please can some one help me with the latency issue and the sticky session.
(also not sure if i've setup the load balancing correctly if sticky is used).
thanks in advance.
regards,
Adrian.
Please find attached config.
Solved! Go to Solution.
02-21-2006 08:34 AM
This document will be very useful to you. This document explains the different features that the CSS supports and how to configure those features.
02-21-2006 08:34 AM
This document will be very useful to you. This document explains the different features that the CSS supports and how to configure those features.
02-22-2006 02:12 AM
On your content rules you will need to configure sticky. This is done using the advanced balance commands under the rule, and there are lots to puck from!
As for the latency, there does not look to be much wrong, though I note you are not using any routing, so how is the return traffic passing through the CSS? Are the servers configured with 192.168.68.171 as theit default gateway? If not you may need to add a source group to translate source addresses of users to an address that will force traffic back through the CSS.
03-01-2006 01:56 PM
Where are your interface settings? See example.
!************ INTERFACE *******************
interface e1
redundancy-phy
phy 100Mbits-FD
interface e3
bridge vlan 3
redundancy-phy
phy 100Mbits-FD
interface e8
bridge vlan 99
phy 100Mbits-FD
!*************** CIRCUIT *********************
circuit VLAN1
description "service net"
redundancy
ip address 10.67.10.10 255.255.255.0
circuit VLAN3
description "firewall net"
redundancy
ip address 10.67.3.10 255.255.255.0
circuit VLAN99
description "css-primary vrrp net"
ip address 10.67.8.10 255.255.255.0
redundancy-protocol
!************** SERVICE *****************
service web3_webapp443
keepalive type tcp
protocol tcp
port 443
ip address 10.67.10.216
keepalive frequency 20
active
service web4_webapp443
keepalive type tcp
protocol tcp
port 443
ip address 10.67.10.236
keepalive frequency 20
active
service web5_webapp443
keepalive type tcp
protocol tcp
port 443
ip address 10.67.10.206
keepalive frequency 20
active
service web20_webapp443
keepalive type tcp
protocol tcp
port 443
ip address 10.67.10.236
keepalive frequency 20
active
!**************** OWNER *******************
content webapp_balance443
add service web3_webapp
add service web4_webapp
add service web5_webapp
add service web20_webapp
protocol tcp
port 81
vip address 10.67.3.34
advanced-balance arrowpoint-cookie
arrowpoint-cookie browser-expire
active
We use the advanced-balance arrowpoint-cookie to address the megaproxy issue. Any will work depending on your requirements/application. This will not work if you do not set a cookie in the user browser session used to track sticky in this mode.
If your application is SSL you will not be able to see the cookie as it will be encrypted. In this case you will need to do the SSL decryption/encryption on the CSS itself
The rest looks pretty good. You may have latency if the interface settings are in conflict.
I am no guru with the CSS but this may help
Keith.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: