Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1948
Views
0
Helpful
5
Replies

Sticky query - CSS11501

Go to solution
grichardson661
Level 1
Level 1

‎03-27-2013 09:07 AM

Hi,

So i'm pretty new to the CSS.

I've picked up a problem and need to verify how the sticky configuration works.

I've got two content rules as follows...

content HTTP

    vip address 10.31.33.100

    add service WEB01

    add service WEB02

    redundant-index 570

    port 80

    protocol tcp

    advanced-balance sticky-srcip

    url "//www.asdfghhjjkl.com/*"

    active

  content HTTPS

    vip address 10.31.33.100

    add service SSL.WEB01

    add service SSL.WEB02

    port 443

    protocol tcp

    url "/*"

    redundant-index 970

    application ssl

    advanced-balance sticky-srcip

    active

If a user were to navigate between 80 and 443 but based around the same VIP 10.31.33.100 but different content rules as per above, how would the sticky session apply? I would like a user to be stuck to a single web server regardless of which content rule they hit as per the above configuration.

Any ideas?

Cheers and much appreciated

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Cesar Roque
Level 4
Level 4

‎03-28-2013 10:53 AM

Hi,

you need a configuration like this:

content HTTP

    vip address 10.31.33.100

    add service WEB01

    add service WEB02

    redundant-index 570

    protocol tcp

    advanced-balance sticky-srcip

    active

The services don't have to be configured with a port.

This Content Rule will take all the traffic going to the VIP address regardless if the client is doing HTTP or HTTPS, so the client will be sticky to the same server all the time.

Each Content Rule has its own sticky table so even when you are using the same VIP and same servers it does not mean that you will be sticky to the same server in two Content Rules

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

View solution in original post

0 Helpful

Go to solution
Cesar Roque
Level 4
Level 4
In response to grichardson661

‎03-28-2013 01:29 PM

Hi,

You just need one Content Rule and two services.

About the keepalive, it may be possible with a custom script but with the default keepalives is not .  You can configure a TCP keepalive in the service for example, but if you dont configure a port in the Content Rule or Service the CSS will send the keepalive to port 80.

So you can check only one port.

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎03-28-2013 02:36 AM

Hi,

According to the above configuration the client should stick to the same server as you want.

When a client will come on port 80, there will be match to a different content rule than when it comes on port 443 and hence it will match a different flow. Stickyness is based on src IP and coming traffic will match a single content rule and hence will be sent to the same server.

Regards,

Kanwaljeet Singh

0 Helpful

Go to solution
Cesar Roque
Level 4
Level 4

‎03-28-2013 10:53 AM

Hi,

you need a configuration like this:

content HTTP

    vip address 10.31.33.100

    add service WEB01

    add service WEB02

    redundant-index 570

    protocol tcp

    advanced-balance sticky-srcip

    active

The services don't have to be configured with a port.

This Content Rule will take all the traffic going to the VIP address regardless if the client is doing HTTP or HTTPS, so the client will be sticky to the same server all the time.

Each Content Rule has its own sticky table so even when you are using the same VIP and same servers it does not mean that you will be sticky to the same server in two Content Rules

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team
0 Helpful

Go to solution
grichardson661
Level 1
Level 1
In response to Cesar Roque

‎03-28-2013 01:18 PM

Hi Cesar,

As i thought, but with this being a production platform i've not had chance to play around with the configuration.

One query i've got is the keepalives in a single content configuration. I need to apply two service policies under the single content rule as we are performing a health check for 443 and 80. Is this possible under a single content rule?

So i would have 4 service policies under the single content policy? 2 health checks for port 80 per server (web01 and web02) and 2 more service policies for port 443 per server (web01 and web02)

Cheers!!

0 Helpful

Go to solution
Cesar Roque
Level 4
Level 4
In response to grichardson661

‎03-28-2013 01:29 PM

Hi,

You just need one Content Rule and two services.

About the keepalive, it may be possible with a custom script but with the default keepalives is not .  You can configure a TCP keepalive in the service for example, but if you dont configure a port in the Content Rule or Service the CSS will send the keepalive to port 80.

So you can check only one port.

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team
0 Helpful

Go to solution
grichardson661
Level 1
Level 1
In response to Cesar Roque

‎03-28-2013 01:33 PM

Thanks for your swift reply.

This will not work for us then as we need a sticky session for the none secure and secure traffic in a single content rule, and we need to perform keepalives based around TCP 80 and 443.

Cheers,

0 Helpful
Customers Also Viewed These Support Documents