Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Debugging cookie stickiness

We are having problems when the frontend SSL session times out, and browser reuses the same SSL-id and cookie, and we get routed to a different server (not sticking).

Is there any way to debug the cookie content in the intermediate http flow ?

Thanks in anticipation.

1 REPLY
New Member

Re: Debugging cookie stickiness

Actually, we have another proxy in front, and that is using a new SSL-id after a timeout and not reusing from a prior session.

Does the CSS care if a subsequent connection is on a different SSL-id? Should it not send traffic to the appropriate backend server based on the 'advanced-balance cookies'.

Our config (extract):

ssl-proxy-list ssllist1

ssl-server 252

ssl-server 252 vip address 192.168.10.252

ssl-server 252 port 443

ssl-server 252 cipher 192.168.10.252 8080

ssl-server 252 cipher 192.168.10.252 8080

ssl-server 252 rsacert myrsacert1

ssl-server 252 rsakey myrsakey1

backend-server 31

backend-server 31 ip address 192.168.40.31

backend-server 31 port 17112

backend-server 31 server-ip 192.168.40.31

backend-server 31 server-port 7112

backend-server 31 cipher

backend-server 31 cipher

backend-server 31 rsacert myrsacert1

backend-server 31 rsakey myrsakey1

backend-server 32

backend-server 32 ip address 192.168.40.31

backend-server 32 port 17122

backend-server 32 server-ip 192.168.40.31

backend-server 32 server-port 7122

backend-server 32 cipher

backend-server 32 rsacert myrsacert1

backend-server 32 rsakey myrsakey1

active

service sslulb3svr0

type ssl-accel

slot 6

keepalive type none

add ssl-proxy-list ssllist1

active

service sslaportal1-1

type ssl-accel-backend

keepalive type ssl

keepalive frequency 60

keepalive retryperiod 255

add ssl-proxy-list ssllist1

ip address 192.168.40.31

port 17112

keepalive port 7112

active

service sslaportal1-2

type ssl-accel-backend

keepalive type ssl

keepalive frequency 60

keepalive retryperiod 255

add ssl-proxy-list ssllist1

ip address 192.168.40.31

port 17122

keepalive port 7122

active

content ssl-ulb3svr0-rule

vip address 192.168.10.252

protocol tcp

port 443

add service sslulb3svr0

balance roundrobin

advanced-balance ssl

application ssl

flow-timeout-multiplier 50

flow-reset-reject

active

content uportalrule1

protocol tcp

port 8080

url "/approot*"

add service sslaportal1-1

add service sslaportal1-2

balance roundrobin

advanced-balance cookies

string prefix "def_clus_JSESSIONID="

string process-length 52

sticky-serverdown-failover balance

vip address 192.168.10.252

flow-timeout-multiplier 50

flow-reset-reject

active

115
Views
0
Helpful
1
Replies
CreatePlease to create content