[f-nsp] cookie based switching on serveriron

Nils Domrose nils at domrose.net
Fri Mar 9 18:09:54 EST 2007


Hi Dalton,

I use a Serveriron 400 with 09.4.00 I assume you use an SiXL ?
In this case there is no csw (content switching) option.

I never managed to get cookie switching working on the XL the way i  
needed it
since I was not able to set a Cookie with the serverID as value  
without introducing
additional processes (apaches, rewrite the application etc. which set  
the cookie) since we mostly deal with j2ee apps which simply using  
JSESSIONID's plus jvmroute (or server suffix) appended.
The XL cookie switching requires the real servers to set a dedicate  
cookie while on the big boxes you can parse the cookie and hash or  
switch on patterns out of it.

Cookie hashing on the XL is strange as well since the Set-Cookie is  
not honoured - so its almost unusable since the first request is  
balanced round robin, the second will have the cookie included which  
was set in the first response - now the XL hashes the Cookie and  
selects a box - Most likely this is not the box which set the cookie  
for the first request - so it will set a new cookie, and we startover  
again.
There are almost no cases where you already have a cookie and require  
persistence on the 3 request ;-)

The reason why XL cookie-switching is not working concurrently with  
DSR is also a mystery to me.
One explaination may be that the device is "actively" working on  
layer 2 only and ignores all higher layers, since only the  
destination MAC is rewritten ?! Maybe its based on limited resources  
on the XL or for performance reasons.

Nils


>
> Hi Nils.
>
> Thanks for the help.
> What version of os are you using, i am using SW: Version 07.4.00T12
> I dont see those csw commands available.
>
> However, following the foundry docs for setting up cookie-switching
> i have implemented the following.
>
> server real cookie-test1 192.168.1.231
>  port default disable
>  port http
>  port http url "HEAD /"
>  port http server-id 1024
> !
> server real cookie-test2 192.168.1.232
>  port default disable
>  port http
>  port http url "HEAD /"
>  port http server-id 1025
>
> on the vip:
>
> server virtual cookie-vip 192.168.1.234
>  port default disable
>  port http
>  port http dsr
>  port http cookie-name "ServerID"
>  bind http cookie-test1 http cookie-test2 http
>
> I was thinking the same thing with regards to cookie-switching, but  
> when I try to enable it on the vip I get the following:
>
> SSH at si2-192(config-vs-cookie-vip)#port http cookie-switching
> You have to disable dsr before enabling this feature
>
> If I have cookie-switching enabled on the vip, and then try to  
> enable dsr
> it tells me
>
> SSH at si2-128(config-vs-cookie-vip)#port http dsr
> You have to disable proxy before enabling this feature
>
>
> Perhaps in this version of the OS, "cookie-switching" is actually  
> doing
> "cookie Hashing"? or maybe I missing something obvious here.
>
> Thanks,
> Dalton
>
>
>
>
> I dont see those csw commands available on my serveriron running 7.4
> On Fri, Mar 09, 2007 at 06:36:26PM +0100, Nils Domrose wrote:
>> Hi Dalton,
>>
>>
>> you need to turn DSR off in Cookie Hashing scenarios
>> In DSR the Serveriron does not process the Answer, and therfore would
>> not "see" any Set-Cookie responses required to make Cookie Hashing  
>> work.
>>
>>
>> If you use Cookie Switching you will parse the Request Cookie value
>> and look for a specific string - based on this value you will send
>> the request to a defined real server.
>>
>> Since no part of the response is required for this to work, this
>> should work in DSR scenarios as well.
>>
>>
>> something like:
>>
>> csw-rule "test1-8080" header "Cookie" pattern ".pattern1"
>>
>> csw-policy "virtual-test"
>> match "test1-8080" forward 1025
>>
>>
>> server real test1 x.x.x.x
>>  port 8080 server-id 1025
>>
>> server virtual virtual-test y.y.y.y
>>   port http csw-policy "virtual-test"
>>   port dsr
>>   port http csw
>>
>>
>> should work ....
>>
>> unfortunenately i do not have a testbox at hand at the moment...
>>
>>
>> Nils
>> On Mar 9, 2007, at 5:47 PM, dalton wrote:
>>
>>>
>>> Hi,
>>>
>>> I am reading through the foundry documentation about cookie-based
>>> switching.
>>> Another person here mentioned that she remembered that it required
>>> turning
>>> off DSR, though I dont see anything in the docs to indicate that.
>>>
>>> Anyone ever play with this? Do I need to turn off DSR to make this
>>> work?
>>>
>>> Thanks.
>>>
>>> Dalton
>>> _______________________________________________
>>> foundry-nsp mailing list
>>> foundry-nsp at puck.nether.net
>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>




More information about the foundry-nsp mailing list