Application Delivery (ADX)

Reply
New Contributor
Posts: 3
Registered: ‎05-07-2012

ADX1000 12.5.01bT401

I upgraded to the latest version.

Now i have a very strange issue, after changing any stickiness parameter in a virtual port configuration i cant configure anything again.

I always get the message: 

 

Error: Update failed. Reason: The client subnet sticky, and sticky, or persist hash cannot be defined for the same port. Please configure the sticky or client subnet sticky.

 

Only if i delete and recreate the port , i can change the parameter again...one time...and after saving, same thing.

 

Anyone experienced the same issues ?

 

Thomas

Brocadian
Posts: 95
Registered: ‎01-13-2009

Re: ADX1000 12.5.01bT401

Hi Thomas,

 

I saw your issue and I was wondering if you got this sorted out or not.  If you are still dealing with it, please reply back with some additional details about what version you were running prior to the your recent upgrade and perhaps the reason for the upgrade if there was one. Also, the config would be helpful in this situation.

New Contributor
Posts: 3
Registered: ‎05-07-2012

Re: ADX1000 12.5.01bT401

Hi Martin

 

I have still the same issue. Which part of the config you need ?

 

These are the version prior to the upgrade:

 

Running Image     12.01.00     ASM12100d     Jun 16 2010 13:23:24 PDT
Primary     12.01.00     ASM12100d     Jun 16 2010 13:23:24 PDT
Secondary     12.01.00     ASM12100d     Jun 16 2010 13:23:24 PDT
Boot Image     12.01.00     dob12100ba     Feb 26 2010 11:39:51 PST

 

Here the first part of the config:

 

 

!
ver      12.5.01bT401
!

ssl profile or.awd.ch
 keypair-file star_awd.key
 certificate-file star.awd.ch.crt
 cipher-suite all-cipher-suites
 enable-ssl-v2
 enable-certificate-chaining
 allow-self-signed-cert
 disable-certificate-checking
 ca-cert-file DigicertChain
 session-cache off

ssl profile star.awd.ch
 keypair-file star.awd.ch.new.key
 certificate-file star.awd.ch.new.crt
 cipher-suite all-cipher-suites
 enable-ssl-v2
 enable-certificate-chaining
 allow-self-signed-cert
 disable-certificate-checking
 ca-cert-file DigiCertCA.crt
 session-cache off

ssl profile server.pfs.awd.ch
 cipher-suite all-cipher-suites
 ca-cert-file DigicertChain
 session-cache off

ssl profile star.slsag.ch
 keypair-file star.slsag.ch.key
 certificate-file star_slsag_ch.crt
 cipher-suite all-cipher-suites
 enable-certificate-chaining
 allow-self-signed-cert
 disable-certificate-checking
 verify-cert-depth 10
 ca-cert-file DigiCertCA.crt
 session-cache off
!
server session-id-age 240
server source-nat
server source-ip 172.24.15.21 255.255.255.0 172.24.15.1
server source-ip 172.30.60.41 255.255.255.0 172.30.60.1
!
context default
!
!
csw-rule "JSESSIONID" header "cookie" search "JSESSIONID" case-insensitive
csw-rule "SourceIP" header "ACCEPT" pattern "SOURCEIP=" case-insensitive
csw-rule "rLBuID" header "LBuID" exists
csw-rule "rMatchAwdAgentId" url pattern "awdAgentId="
csw-rule "rOr.awd.ch" response-header "Location" pattern "http://or.awd.ch"
csw-rule "rTempMvd301" response-status-code 301 303
!
csw-policy "pLBuID"
 match "rLBuID" persist offset 0 length 6  
 default forward 1
!
csw-policy "pMatchAwdAgentId"
 match "rMatchAwdAgentId" persist offset 0 length 6  
 default forward 2
!
csw-policy "pOr.awd.ch" type response-rewrite
 match "rOr.awd.ch" rewrite response-header-replace "https://or.awd.ch" offset 0 length 16
 match "rTempMvd301" response-header-rewrite
!
csw-policy "pfs" type response-rewrite case-insensitive
!
csw-policy "pfs_cookie"
!
csw-policy "pfs_default"
 default forward 100
!
csw-policy "pfs_session_lock" case-insensitive
 match "JSESSIONID" persist offset 0 length 1  
 default forward 100
!
!
server real ortest.awd.ch 172.24.15.28
 description ortest
 alias-name ortest
 port 8080
!
server real pfs2.awd.ch 172.24.15.14
 snmp-request community 1 $-nUrnU
 snmp-request oid 1 .1.3.6.1.4.1.2789.2500.3003.1
 port ssl
 port ssl keepalive
 port ssl server-id 1025
 port ssl group-id  100 100
 port http
 port http url "HEAD /"
 port http group-id  100 100
!
server real pfs1.awd.ch 172.24.15.12
 snmp-request community 1 $-nUrnU
 snmp-request oid 1 .1.3.6.1.4.1.2789.2500.3003.1
 port ssl
 port ssl keepalive
 port ssl server-id 1024
 port ssl group-id  100 100
 port http
 port http url "HEAD /"
 port http group-id  100 100
!
server real or1.awd.ch 172.24.15.25
 max-conn 2000000
 port 8080
!
server real or2.awd.ch 172.24.15.26
 max-conn 2000000
 port 8080
!
server real devprxy01.slsag.ch 172.30.60.58
 description "SDD Proxy 1"
 source-nat
 max-conn 2000000
 port http
 port http keepalive
 port http url "HEAD /"
 port http l4-check-only
 port 11080
 port 11080 keepalive
 port 10080
 port 10080 keepalive
 port ssl
 port ssl keepalive
 port ssl l4-check-only
 hc-track-port 80 443
!
server real devprxy02.slsag.ch 172.30.60.59
 description "SDD Proxy 2"
 source-nat
 max-conn 2000000
 port http
 port http keepalive
 port http url "HEAD /"
 port http l4-check-only
 port 10080
 port 11080
 port ssl
 port ssl keepalive
 port ssl l4-check-only
 hc-track-port 80 443
!
server real dms01.awd.ch 172.24.15.37
 description "DMS IIS 1"
 max-conn 2000000
 snmp-request community 1 $Si2^=d
 snmp-request oid 1 .1.3.6.1.4.1.311.1.7.3.1.13.0
 snmp-request oid 2 .1.3.6.1.2.1.25.3.3.1.2
 port http
 port http keepalive
 port http url "HEAD /Portal/Antragserfassung/SearchDocuments.aspx"
 port http status-code  401 401
!
server real dms02.awd.ch 172.24.15.38
 description "DMS2 IIS"
 max-conn 2000000
 snmp-request community 1 $Si2^=d
 snmp-request oid 1 .1.3.6.1.4.1.311.1.7.3.1.13.0
 snmp-request oid 2 .1.3.6.1.2.1.25.3.3.1.2
 port http
 port http keepalive
 port http url "HEAD /Portal/Antragserfassung/SearchDocuments.aspx"
 port http status-code  401 401
!
server group-real pfs
!
server virtual ortestlb.awd.ch 172.24.15.29
 predictor least-conn
 port ssl
 no port ssl sticky
 port ssl spoofing
 port ssl ssl-terminate or.awd.ch
 port ssl response-rewrite-policy "pOr.awd.ch"
 port http
 bind ssl ortest.awd.ch 8080
!
server virtual pfs.awd.ch 172.24.15.23
 predictor least-conn
 port ssl
 no port ssl sticky
 port ssl spoofing
 port ssl ssl-proxy star.awd.ch server.pfs.awd.ch
 port ssl csw-policy "pfs_session_lock"
 port ssl csw
 port ssl keep-alive
 port http
 bind ssl pfs1.awd.ch ssl pfs2.awd.ch ssl
!
server virtual or.awd.ch 172.24.15.27
 predictor least-conn
 port http
 port ssl sticky
 port ssl ssl-terminate or.awd.ch
 bind http or1.awd.ch 8080 or2.awd.ch 8080
 bind ssl or1.awd.ch 8080 or2.awd.ch 8080
!
server virtual dms.awd.ch 172.24.15.24
 predictor round-robin
 port http
 port http persist-hash
 bind http dms01.awd.ch http dms02.awd.ch http
!
server virtual devlbint.slsag.ch 172.30.60.45
 description "Dev Proxy Int"
 predictor round-robin
 port http
 port http persist-hash
 port ssl concurrent
 no port ssl sticky
 port 10080 concurrent
 port 11080 concurrent
 track http 443
 bind default devprxy01.slsag.ch default devprxy02.slsag.ch default
 bind http devprxy01.slsag.ch http devprxy02.slsag.ch http
 bind ssl devprxy01.slsag.ch ssl devprxy02.slsag.ch ssl
 bind 10080 devprxy01.slsag.ch 10080 devprxy02.slsag.ch 10080
 bind 11080 devprxy01.slsag.ch 11080 devprxy02.slsag.ch 11080
!

 

 

Thanks for help

Contributor
Posts: 74
Registered: ‎08-18-2011

Re: ADX1000 12.5.01bT401

Hi Thomas,

Thanks for sharing config, can you also let me know what CLI you were executing when you get this error ? 


-Mohit

-Mohit Sahni
New Contributor
Posts: 3
Registered: ‎05-07-2012

Re: ADX1000 12.5.01bT401

I never worked woth the CLI. i Always used the Webinterface.

 

In the Webinterface, i do the following:

 

Configure > Traffic > Virual Servers

 

Selecting the port of an Virtual Server > Stickiness > No Stickiness Enable, Or any other Value an Apply

 

Screenshot: http://pbrd.co/1oWz1S8

 

 

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.