[f-nsp] question on cookie persistance+L7 health check

Bahwal, Osama B osama.bahwal at aramco.com
Wed Jul 29 01:34:53 EDT 2009 

Greetings,

I'm facing strange situation and need advise on this issue. I'm trying to use L7 heath check with cookie persistence, L7 is working fine and the cookie was inserted as I can see it using http analyzer. However, the foundry did not functioning as it should be by providing stickiness between the Clint and the real server based on the server ID. Each time I open new session or refresh the opened one it flip me to the other server for http requests. For https, it always switched the requests to server "B" all the time.

Below is the configuration I'm using, please advise me why this is happening.



Context test
healthck check_A tcp
  dest-ip 10.1.180.14
  port 44444
  protocol http
  protocol http url "GET /enable.html"
  l7-check

healthck checkSSL_A tcp
  dest-ip 10.1.180.14
  port 44445
  protocol ssl
  protocol ssl use-complete
  l7-check

healthck checkSSL_B tcp
  dest-ip 10.1.180.7
  port 44445
  protocol ssl
  protocol ssl use-complete
  l7-check

healthck check_B tcp
  dest-ip 10.1.180.7
  port 44444
  protocol http
  protocol http url "GET /enable.html"
  l7-check

healthck checkboth_A boolean
  and check_A checkSSL_A

healthck checkboth_B boolean
  and check_B checkSSL_B

csw-rule "r2" header "cookie" search "ServerID="
!
csw-policy "p2"
 match "r2" persist offset 0 length 4 group-or-server-id
 default forward 1
 default rewrite insert-cookie
!
server real A 10.1.180.14
 source-nat
 weight 1 1
 port 44444
 port 44444 healthck check_A
 port 44444 keepalive
 port 44444 server-id 1218
 port 44444 group-id  1 1
 port 44445
 port 44445 healthck checkboth_A
 port 44445 keepalive
 port 44445 server-id 1218
 port 44445 group-id  1 1
!
server real B 10.1.180.7
 source-nat
 weight 1 1
 port 44444
 port 44444 healthck check_B
 port 44444 keepalive
 port 44444 server-id 1211
 port 44444 group-id  1 1
 port 44445
 port 44445 healthck checkboth_B
 port 44445 keepalive
 port 44445 server-id 1211
 port 44445 group-id  1 1
!
!
server virtual Final_test 10.1.180.10
 predictor repons-time
 port http
 port http reset-on-port-fail
 port http cookie-name "serverID"
 port http csw-policy "p2"
 port http csw
 port http cookie-age 5
 port ssl sticky
port ssl sticky-age 5
 port ssl reset-on-port-fail
 bind http A 44444 B 44444
 bind ssl A 44445 B 44445


________________________________
The contents of this email, including all related responses, files and attachments transmitted with it (collectively referred to as "this Email"), are intended solely for the use of the individual/entity to whom/which they are addressed, and may contain confidential and/or legally privileged information. This Email may not be disclosed or forwarded to anyone else without authorization from the originator of this Email. If you have received this Email in error, please notify the sender immediately and delete all copies from your system. Please note that the views or opinions presented in this Email are those of the author and may not necessarily represent those of Saudi Aramco. The recipient should check this Email and any attachments for the presence of any viruses. Saudi Aramco accepts no liability for any damage caused by any virus/error transmitted by this Email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20090729/956f6938/attachment.html>

More information about the foundry-nsp mailing list