Application Delivery (ADX)

Reply
New Contributor
Posts: 2
Registered: ‎08-17-2010

HTTP sticky sessions not working?

Having a devil of a time getting HTTP sessions to stay sticky on an old ServerIron XL.  This should be an easy one, but I just can't seem to get things to behave.

Here's the relevant bits of the config:

server sticky-age 60

server clock-scale 2

server tcp-age 60

!

server port 80

tcp 60 2

!

server real web1 10.0.0.1

port default disable

port http

port http keepalive

port http url "HEAD /"

port http status-code  200 201 300 302

port ssl

port ssl keepalive

!

server real web2 10.0.0.2

port default disable

port ssl

port ssl keepalive

port http

port http keepalive

port http url "HEAD /"

port http status-code  200 201 300 302

!

!

server virtual "Virtual Server" 10.0.0.3

port http sticky                                                

port ssl sticky

bind http web1 http web2 http

bind ssl web1 ssl web2 ssl

bind default web2 default web1 default

!

!                                                                

end

About as vanilla as they come.  Really the only things of note:

1.  The clock-scale is set to 2 to get 120 minute session aging

2.  The "default" site on the webservers in question immediately does a redirect, hence the inclusion of 302 as an accepted status code.

Excerpted "sh server" output:

Server Load Balancing - global parameters
Predictor =          least-conn
Force-deletion =     0
Reassign-threshold = 20
Reassign-limit =     3
Ping-interval =      2                                          
Ping-retries  =      4
HTTP-keepalive-interval = 5
HTTP-keepalive-retries  = 2
Session ID age =    30
TCP-age  =           60
UDP-age  =           5
Sticky-age  =        60
TCP-syn-limit =      65535
TCP-total conn =     355157
Unsuccessful conn =  0
ICMP-message = Disabled
RESET-message = Disabled
Virtual Server Name: Virtual Server,   IP: 10.0.0.3
        http -------> web1: 10.0.0.1,  http (Active)
                      web2: 10.0.0.2,  http (Active)
         ssl -------> web1: 10.0.0.1,  ssl (Failed)
                      web2: 10.0.0.2,  ssl (Failed)
     default -------> web2: 10.0.0.2,  default (User Disabled)
                      web1: 10.0.0.1,  default (User Disabled)

Client->Server       =          0  Server->Client       =          0
Drops                =          0  Aged                 =      94671
Fw_drops             =          0  Rev_drops            =          0
FIN_or_RST           =          0  old-conn             =          0
Disable_drop         =          0  Exceed_drop          =          0
Stale_drop           =          0  Unsuccessful         =          0
TCP SYN-DEF RST      =          0  Server Resets        =          0
Out of Memory        =          0  Out of Memory        =          0

Avail. Sessions      =     523903  Total Sessions       =     524288
Total C->S Conn      =     355157  Total S->C Conn      =          0
Total Reassign       =          0  Unsuccessful Conn    =          0
Server State - 1:enabled, 2:failed, 3:test, 4:suspect, 5:grace_dn, 6:active

Real Server     State   CurrConn    TotConn TotRevConn   CurrSess   PeakConn

web1                6          1     195447          0        285          0

web2                6          2     159710          0         92          0

A look at an active session:

Index Src-IP         Dst-IP         S-port D-port Age Serv    Flags 
===== ======         ======         ====== ====== === ==== ==========
0     10.10.10.1    10.0.0.30      0       0   web2 SLB1    
1     10.10.10.1    10.0.0.30      80      2   web2 SLB1    
2     10.10.10.1    10.0.0.341593  80      59  web2 SLB1>+  A
3     10.10.10.1    10.0.0.341594  80      59  web2 SLB1>+  A
4     10.10.10.1    10.0.0.341595  80      59  web2 SLB1>+  A
5     10.10.10.1    10.0.0.341596  80      59  web2 SLB1>+  A
6     10.10.10.1    10.0.0.341597  80      59  web2 SLB1>+  A
7     10.10.10.1    10.0.0.341598  80      59  web2 SLB1>+  A
8     10.10.10.1    10.0.0.341602  80      59  web2 SLB1>+  A
9     10.10.10.1    10.0.0.341603  80      59  web2 SLB1>+  A
10    10.10.10.1    10.0.0.341604  80      59  web2 SLB1>+  A
11    10.10.10.1    10.0.0.341605  80      59  web2 SLB1>+  A
12    10.10.10.1    10.0.0.341606  80      59  web2 SLB1>+  A
13    10.10.10.1    10.0.0.341607  80      59  web2 SLB1>+  A
14    10.10.10.1    10.0.0.341608  80      59  web2 SLB1>+  A
15    10.10.10.1    10.0.0.341609  80      59  web2 SLB1>+  A
16    10.10.10.1    10.0.0.341610  80      59  web2 SLB1>+  A
17    10.10.10.1    10.0.0.341611  80      59  web2 SLB1>+  A
18    10.10.10.1    10.0.0.341613  80      59  web2 SLB1>+  A
19    10.10.10.1    10.0.0.341614  80      59  web2 SLB1>+  A
20    10.10.10.1    10.0.0.341615  80      59  web2 SLB1>+  A
21    10.10.10.1    10.0.0.341616  80      59  web2 SLB1>+  A
22    10.10.10.1    10.0.0.341617  80      59  web2 SLB1>+  A
23    10.10.10.1    10.0.0.341618  80      59  web2 SLB1>+  A

According to what the ServerIron is telling me, that session is nailed to web2.  Repeatedly issuing "sh sessions all src-ip 10.10.10.1" confims that the session never budges from web2.  The user-experience, however, is quite different.  The web developers on the servers in question have inserted a tiny "1" or "2" in the corner of the web pages being served up to indicate which server is generating the content.  Browsing through the website or just sitting on a single hitting refresh results in that number changing back and forth at random -- exactly what you'd expect to see if sticky sessions were NOT enabled.

Is there something I've missed???

Thanks,

Andrew

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: HTTP sticky sessions not working?

Hi,

     Does the web site flick between http and https?  If so you would need the track-group to keep both on the same server. see below. Other then that the config looks fine to me.

ServerIron(config)# server virtual-name v1 209.157.22.1

ServerIron(config-vs-v1)# port 80 sticky

ServerIron(config-vs-v1)# port 69 sticky

ServerIron(config-vs-v1)# port 23 sticky

ServerIron(config-vs-v1)# track-group 80 69 23

ServerIron(config-vs-v1)# bind 80 r1 80 r2 80

ServerIron(config-vs-v1)# bind 23 r1 23 r2 23

ServerIron(config-vs-v1)# bind 69 r1 69 r2 69

ServerIron(config-vs-v1)# exit

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: HTTP sticky sessions not working?

Hi,

     Was this of any help?

Thanks.

New Contributor
Posts: 2
Registered: ‎08-17-2010

Re: HTTP sticky sessions not working?

Well, the site doesn't yet have SSL set up for it, so no it doesn't switch back and forth.  For lack of anything else to try though we loaded the same config onto another ServerIron just in case there was some kind of odd hardware problem and lo and behold that resolved the issue.  Identical switches running identical firmware with identical configs, but sticky sessions work on one and not the other.  Seems like an awfully strange way for a hardware problem to show up, but for now that appears to have been the issue.

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: HTTP sticky sessions not working?

Hi Andrew,

     Thanks for letting us know.  However the result is just plain strange.

Thanks

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.