Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 5
Registered: ‎02-28-2011

active-primary-overide-sticky not working in slb

in an slb configuration, where a csw policy for insertion of client ip address into http-header of incoming traffic towards servers is configured for a virtual server, active-primary-overide-sticky does not seem to work. once primary servers are shut down, health checks for these fail as expected and traffic is forwarded to backup server. but once these servers are back and health checks change to active for them, sessions which were directed to backup server in the meantime remain stuck to it and are not terminated quickly. in case csw policy is not attached to virtual server config, sessions to backup server are terminated immediately and new sessions are directed to primary servers again, which is the required behaviour.

system type: ServerIron ADX 1016-2-PREM

system version: 12.4.00bT403

config:

csw-policy "INSERT_CUSTOMER_IP"

default forward 999

default rewrite request-insert client-ip "Customer_IP"

server remote-name server_a 10.10.0.1

source-nat

....

server remote-name server_b 10.10.0.2

source-nat

....

server remote-name server_c 10.10.0.3

backup

source-nat

....

server group-real WEB_SERVERS

real-server server_a server_b server_c

server virtual xyz.com 1.2.3.4

sym-priority 110

port default disable

port http sticky

port http lb-pri-servers

port http active-primary-overide-sticky

port http response-rewrite-policy "REWRITE"

port ssl sticky

port ssl ssl-terminate SSL-xyz-profile

port ssl lb-pri-servers

port ssl active-primary-overide-sticky

port ssl response-rewrite-policy "REWRITE"

port ssl csw-policy "INSERT_CUSTOMER_IP"

port ssl csw

port ssl keep-alive

bind http group-real WEB_SERVERS http

bind ssl group-real WEB_SERVERS 81

since for a csw policy an action must be configured unconditionally, default forward 999 is configured. idea is, that, since group-id 999 is not existing, no decision on to which server traffic is forwarded should be taken by csw policy, but be based on virtual server config only (i tried also configuring a group id for all involved real servers and setting forward to this id in csw-policy, which didn´t help), and therefore active-primary-overide-sticky should work.

is this a bug and/or are there alternate ways to configure insertion of client-ip into http header of traffic while keeping active-primary-overide-sticky feature functional?

thanks

Community Manager
Posts: 100
Registered: ‎01-13-2009

Re: active-primary-overide-sticky not working in slb

Hi Claus,

I took a look and showed it to a colleague and it really looks like this is setup correctly.  Unfortunately at this point, I would recommend calling TAC to troubleshoot this one further.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook