|
Search |
This guide describes simple loadbalancing configuration with sticky connections enabled. In this example we use HTTP-cookie method to do that. Required elements and the initial server (A and B) configurations should be the same as in (VrackLoadBalancingACESimple) Some parts of ACE config described before are listed here without details. access-lists: rbx-99-6k-ace-1/vrack2070(config)# access-list ANY line 8 extended permit icmp any any rbx-99-6k-ace-1/vrack2070(config)# access-list ANY line 16 extended permit ip any any internal vlan: rbx-99-6k-ace-1/vrack2070(config)# interface vlan 2070 ip address 10.20.70.10 255.255.255.0 access-group input ANY nat-pool 1 10.20.70.254 10.20.70.254 netmask 255.255.255.0 pat no shutdown tcp probe: rbx-99-6k-ace-1/vrack2070(config)# probe tcp PROBE_TCP interval 30 passdetect interval 60 http-parameter map: rbx-99-6k-ace-1/vrack2070(config)# parameter-map type http HTTP_PARAMETER_MAP persistence-rebalance real servers: rbx-99-6k-ace-1/vrack2070(config)# rserver host SERVER1 ip address 10.20.70.10 conn-limit max 50000 min 40000 inservice rbx-99-6k-ace-1/vrack2070(config)# rserver host SERVER2 ip address 10.20.70.101 conn-limit max 50000 min 40000 inservice serverfarm config: rbx-99-6k-ace-1/vrack2070(config)# serverfarm host FARM_WEB predictor leastconns probe PROBE_TCP rserver SERVER1 inservice rserver SERVER2 inservice Layer4 class-map: rbx-99-6k-ace-1/vrack2070(config)# class-map match-all L4-WEB-IP 2 match virtual-address 188.165.125.115 tcp eq www Set cookie name and timeout parameter. We expect cookie named "CookieACE" send from a webfarm to a client. If it's found, then it's stored on ACE in a sticky connection database. We set timeout for 3600min and put CookieACE in StickyGroup1? which is connected to our FARM_WEB: Next thing is Layer7 policy-map loadbalance configuration. In this part we have to use sticky-serverfarm parameter: policy-map type loadbalance http first-match WEB_L7_POLICY class class-default sticky-serverfarm StickyGroup1? insert-http x-forward header-value "%is" As in the previous example, policy-map multi-match WEB-to-vIPs is used to put all things together: policy-map multi-match WEB-to-vIPs description Ties 4-WEB-IP class-map, WEB_L7_POLICY maps together and applies HTTP_PARAMETER_MAP. Uses NAT. class L4-WEB-IP loadbalance vip inservice loadbalance policy WEB_L7_POLICY loadbalance vip icmp-reply active nat dynamic 1 vlan 2070 appl-parameter http advanced-options HTTP_PARAMETER_MAP Apply service-policy and access-list to inbound VLAN interface rbx-99-6k-ace-1/vrack2070(config)# interface vlan 270 service-policy input WEB-to-vIPs access-group input ANY For testing stickiness we have to configure cookies on the website which reqiures that. Let's save page cookie.php in the main web-docs root. This will set cookie name CookieACE with some random value or just display it when it's already set on the browser: <html> <head> <?php $n = 'CookieACE'; if( ! $_COOKIE["$n"]) { $cookie=rand(1,10000); echo '<meta http-equiv="Set-Cookie" content="'.$n.'='.$cookie.'; path=/" />'; } ?> </head> <body> Hello from SERVER1 <?php if($_COOKIE["$n"]) echo "Got cookie: $n = $cookie"; else echo "New cookie set: $n = $cookie"; ?> </body> </html> Do the same on Server B, but put there "Hello from SERVER2" to see the difference between them. To test stickiness let's go to the http://188.165.125.115/cookie.php. We can see for example: Hello from SERVER1 set a new cookie: CookieACE = 3028 Now if our browser accepts cookies, after refreshing the site you should still get answers from the SERVER1. Example set of requests with cookies enabled in browser: Hello from SERVER1 Got cookie: CookieACE = 3028 Hello from SERVER1 Got cookie: CookieACE = 3028 Hello from SERVER1 Got cookie: CookieACE = 3028 Hello from SERVER1 Got cookie: CookieACE = 3028 Let's have a look at sticky database on ACE: rbx-99-6k-ace-1/vrack2070# show sticky database sticky group : StickyGroup1? type : HTTP-COOKIE timeout : 3600 timeout-activeconns : FALSE sticky-entry rserver-instance time-to-expire flags -------------------- ---------------------------------------------+-------+12411268269029278684 SERVER1:0 215995 - There is http-cookie from StickyGroup1? set. You could see there ACE timeout as well as cookie-type, name or real server instance. While the TCP session is alive it is possible to see the connection: rbx-99-6k-ace-1/vrack2070# show conn port 80 conn-id np dir proto vlan source destination state 383186 1 in TCP 270 78.8.249.77:39277 188.165.125.115:80 ESTAB 230973 1 out TCP 2070 10.20.70.101:80 10.20.70.254:14013 ESTAB In the browser you can see the cookie details: 1 cookie set: Name CookieACE Value 3028 Server 188.165.125.115 path / secure No expires End of session Finally, after removing this one and disabling cookies in the browser, it is possible to notice different requests are handled by different servers from serverfarm (but the TCP session must expire - one TCP session is handled by one rserver). Example set of requests with cookies disabled: Hello from SERVER1 set a new cookie: CookieACE = 6077 Hello from SERVER1 set a new cookie: CookieACE = 4231 Hello from SERVER2 set a new cookie: CookieACE = 4199 Hello from SERVER2 set a new cookie: CookieACE = 2803 Hello from SERVER1 set a new cookie: CookieACE = 926 -Cisco Application Control Engine Module Load Balancing Guide |
