I?ve installed a css11501s some time ago, however the web company has just finished designing and testing the new site and hit a problem. The primary use of the css is for SSL proxy and load balancing across 2 servers.
Basically there is an issue with the authentication process on the web site and the load balancing. The authentication is tied to a server, and therefore as the css is doing the job, 50% of the time it works, obviously there are only two servers in this setup.
I am a little confused why it is balancing the traffic, as thought persistence was supposed to maintain a level of stickiness?
I believe that I may need to implement sticky cookies to resolve but just need some advice and info on how to do this. If there is a simpler way please also let me know.
Here is an extract of the config;
CSS11501# sh run
!Generated on 01/02/2007 02:02:16
!Active version: sg0810106
!*************************** GLOBAL ***************************
Many thanks for helping me out, I've been doing some investigation today as well ;-)
By configuring the above rule that matches specifically the secure traffic (http over port 8080 on server side & ssl 443 for clients connecting over the internet).
Should I also use the advanced-balance arrowpoint-cookie statement under the owner ssl_rule1 / content ssl_rule1 as even though this is encrypted between client and css it is not encrypted (port 8080 between css and server).
Should I still keep the original L3_Rule?
Should I also use this config for the L5_rule as well?
The reason I ask is that not sure where the web companies login fails (have meeting tomorrow) to see if it is before they enter the secure side of the site or not.
Also once I configure this do I need to go about setting up a web page to tell users how to enable cookies in their browsers if not switched on by default? (Think I do but little unsure as this is sometime referred as cookie INSERT ? is it the same).
After reading some of the notes on the earlier version of css code (pre 4.1) should it be best to set the expiration period on the cookies as well, read somewhere the client side would be one year unless set?
Thanks again for your assistance, I will add the new rule and test. I will then remove the L3_rule later if no longer matching traffic. If it resolves all my problems I owe you a big thank you. I will mark the post as resolved if positive news.
Moquery is the command line cousin of Vizore, it's very helpful and efficient sometimes during the troubleshooting. This article aims to provide moquery cheat sheet to the users for some most common seen scenarios.
Here is the checklist before customers/partners contact Cisco TAC:
Firmware Version of APIC and Switch
Download Switch and APIC techsupport logs
Problem description (Symptoms with details)
Business impact (eg, what kind of services...
moquery usageAPIC moquerySwitchmoquery
This document discuss a common issue observed during the VMM integration & VM workload migration to ACI fabric.
VMware Virtual machines are hosted in Cisco UCS-B seri...