Szukaj


drukuj pdf English

Simple Loadbalancing on Cisco ACE with stickiness


This guide describes simple loadbalancing configuration with sticky connections enabled. In this example we use HTTP-cookie method to do that.

Cisco ACE: configuration


Required elements and the initial server (A and B) configurations should be the same as in (VrackLoadBalancingACESimple)
Some parts of ACE config described before are listed here without details.

Basic configuration


access-lists:
rbx-99-6k-ace-1/vrack2070(config)# access-list ANY line 8 extended permit icmp any any
rbx-99-6k-ace-1/vrack2070(config)# access-list ANY line 16 extended permit ip any any


internal vlan:
rbx-99-6k-ace-1/vrack2070(config)# interface vlan 2070
ip address 10.20.70.10 255.255.255.0
access-group input ANY
nat-pool 1 10.20.70.254 10.20.70.254 netmask 255.255.255.0 pat
no shutdown


tcp probe:
rbx-99-6k-ace-1/vrack2070(config)# probe tcp PROBE_TCP
interval 30
passdetect interval 60


http-parameter map:
rbx-99-6k-ace-1/vrack2070(config)# parameter-map type http HTTP_PARAMETER_MAP
persistence-rebalance


real servers:
rbx-99-6k-ace-1/vrack2070(config)# rserver host SERVER1
ip address 10.20.70.10
conn-limit max 50000 min 40000
inservice
rbx-99-6k-ace-1/vrack2070(config)# rserver host SERVER2
ip address 10.20.70.101
conn-limit max 50000 min 40000
inservice


serverfarm config:
rbx-99-6k-ace-1/vrack2070(config)# serverfarm host FARM_WEB
predictor leastconns
probe PROBE_TCP
rserver SERVER1
inservice
rserver SERVER2
inservice


Layer4 class-map:
rbx-99-6k-ace-1/vrack2070(config)# class-map match-all L4-WEB-IP
2 match virtual-address 188.165.125.115 tcp eq www


Stickiness configuration


Set cookie name and timeout parameter. We expect cookie named "CookieACE" send from a webfarm to a client. If it's found, then it's stored on ACE in a sticky connection database.
We set timeout for 3600min and put CookieACE in StickyGroup1? which is connected to our FARM_WEB:
sticky http-cookie CookieACE StickyGroup1?
timeout 3600
serverfarm FARM_WEB


Next thing is Layer7 policy-map loadbalance configuration. In this part we have to use sticky-serverfarm parameter:
policy-map type loadbalance http first-match WEB_L7_POLICY
class class-default
sticky-serverfarm StickyGroup1?
insert-http x-forward header-value "%is"


As in the previous example, policy-map multi-match WEB-to-vIPs is used to put all things together:
policy-map multi-match WEB-to-vIPs
description Ties 4-WEB-IP class-map, WEB_L7_POLICY maps together and applies HTTP_PARAMETER_MAP. Uses NAT.
class L4-WEB-IP
loadbalance vip inservice
loadbalance policy WEB_L7_POLICY
loadbalance vip icmp-reply active
nat dynamic 1 vlan 2070
appl-parameter http advanced-options HTTP_PARAMETER_MAP


Apply service-policy and access-list to inbound VLAN interface
rbx-99-6k-ace-1/vrack2070(config)# interface vlan 270
service-policy input WEB-to-vIPs
access-group input ANY


Server cookie setting

For testing stickiness we have to configure cookies on the website which reqiures that.
Let's save page cookie.php in the main web-docs root. This will set cookie name CookieACE with some random value or just display it when it's already set on the browser:
<html>
<head>
<?php
$n = 'CookieACE';
if( ! $_COOKIE["$n"]) {
$cookie=rand(1,10000);
echo '<meta http-equiv="Set-Cookie" content="'.$n.'='.$cookie.'; path=/" />';
}
?>
</head>
<body>
Hello from SERVER1
<?php
if($_COOKIE["$n"])
echo "Got cookie: $n = $cookie";
else
echo "New cookie set: $n = $cookie";
?>
</body>
</html>


Do the same on Server B, but put there "Hello from SERVER2" to see the difference between them.

Testing Loadbalancing


To test stickiness let's go to the http://188.165.125.115/cookie.php. We can see for example:
Hello from SERVER1 set a new cookie: CookieACE = 3028


Now if our browser accepts cookies, after refreshing the site you should still get answers from the SERVER1.
Example set of requests with cookies enabled in browser:
Hello from SERVER1 Got cookie: CookieACE = 3028

Hello from SERVER1 Got cookie: CookieACE = 3028

Hello from SERVER1 Got cookie: CookieACE = 3028

Hello from SERVER1 Got cookie: CookieACE = 3028


Let's have a look at sticky database on ACE:
rbx-99-6k-ace-1/vrack2070# show sticky database
sticky group : StickyGroup1?
type : HTTP-COOKIE
timeout : 3600 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
-----------------------------------------------------------------+-------+
12411268269029278684 SERVER1:0 215995 -


There is http-cookie from StickyGroup1? set. You could see there ACE timeout as well as cookie-type, name or real server instance.

While the TCP session is alive it is possible to see the connection:
rbx-99-6k-ace-1/vrack2070# show conn port 80

conn-id np dir proto vlan source destination state

383186 1 in TCP 270 78.8.249.77:39277 188.165.125.115:80 ESTAB
230973 1 out TCP 2070 10.20.70.101:80 10.20.70.254:14013 ESTAB


In the browser you can see the cookie details:
1 cookie set:
Name CookieACE
Value 3028
Server 188.165.125.115
path /
secure No
expires End of session


Finally, after removing this one and disabling cookies in the browser, it is possible to notice different requests are handled by different servers from serverfarm (but the TCP session must expire - one TCP session is handled by one rserver).

Example set of requests with cookies disabled:
Hello from SERVER1 set a new cookie: CookieACE = 6077

Hello from SERVER1 set a new cookie: CookieACE = 4231

Hello from SERVER2 set a new cookie: CookieACE = 4199

Hello from SERVER2 set a new cookie: CookieACE = 2803

Hello from SERVER1 set a new cookie: CookieACE = 926


Additional documents

-Cisco Application Control Engine Module Load Balancing Guide