Table Of Contents
Configuring Sticky Parameters for Content Rules
Specifying an Advanced Load-Balancing Method for Sticky Content
Configuring SSL-Layer 4 Fallback
Configuring Sticky Serverdown Failover
Configuring Sticky Inactive Timeout
Configuring Sticky Content for SSL
Comparing Hash Method with Match Method
Enabling or Disabling String ASCII Conversion
Specifying End-of-String Characters
Specifying a String Process Length
Specifying a String Skip Length
Configuring Sticky-No-Cookie-Found-Action
Configuring Sticky Parameters for E-Commerce Applications
Configuring an Advanced Balance ArrowPoint Cookie
Configuring an ArrowPoint Cookie
Configuring an ArrowPoint Cookie Name
Configuring an Arrowpoint Cookie Path
Configuring an ArrowPoint-Cookie Expiration Time
Configuring ArrowPoint-Cookie Browser Expire
Configuring ArrowPoint-Cookie Expire Services
Improving CSS Performance with ArrowPoint Cookies
Configuring an ArrowPoint Cookie Domain
Configuring a Domain Name for the Location Cookie
Examples of Location Cookie Flow
Displaying Location Cookie Information
Configuring Wireless Users for E-Commerce Applications
Showing Sticky Table Configurations
Showing Layer 3 Sticky Table Information
Showing Layer 4 Sticky Table Information
Showing SIP Call-ID Sticky Table Information
Showing SSL Sticky Table Information
Showing WAP Sticky Table Information
Showing Sticky Connection Statistics
Configuring Sticky Parameters for Content Rules
This chapter describes how to configure sticky parameters for content rules. The information in this chapter applies to all CSS models, except where noted. This chapter contains the following major sections:
•
Configuring Sticky on the CSS
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Sticky Overview
During a session, the CSS maintains an association between a client and a server. This association is referred to as stickiness. Stickiness enables transactions over the Web when the client must remain on the same server for the entire session. Depending on the content rule, the CSS "sticks" a client to an appropriate server after the CSS has determined which load-balancing method to use.
If the CSS determines that a client is already stuck to a particular service, then the CSS places the client request on that service, regardless of the load-balancing criteria specified by the matched content rule. If the CSS determines that the client is not stuck to a particular service, it applies normal load balancing to the content request.
Client cookies uniquely identify clients to the services providing content. A cookie is a small data structure used by a server to deliver data to a Web client and request that the client store the information. In certain applications, the client returns the information to the server to maintain the state between the client and the server.
When the CSS examines a request for content and determines through content rule matching that the content is sticky, it examines any cookie or URL present in the content request. The CSS uses this information to place the content request on the appropriate server.
The total number of entries in the CSS sticky table depends on the size of the CPU memory. The Cisco 11000 series CSS supports a 32K sticky table.
The size of the sticky table means that once 32K simultaneous users are on the site, the table wraps and the first users become "unstuck."
The following sections describe stickiness and its uses:
Why Use Stickiness?
When customers visit an e-commerce site, they usually start out by browsing the site, the Internet equivalent of window shopping. Depending on the application, the site may require that the customer become "stuck" to one server once the connection is established, or the application may not require this until the customer starts to build a shopping cart.
In either case, once the customer adds items to the shopping cart, it is important that all of the customer's requests get directed to the same server so that all the items are contained in one shopping cart on one server. An instance of a customer's shopping cart is typically local to a particular Web server and is not duplicated across multiple servers.
E-commerce applications are not the only types of applications that require stickiness. Any Web application that maintains client information may require stickiness, such as banking applications or online trading.
Because the application must distinguish each user or group of users, the CSS needs to determine how a particular user is stuck to a specific Web server. The CSS can use a variety of methods, including:
•
•
•
•
The e-commerce application itself dictates which of these methods is appropriate for a particular e-commerce vendor.
Using Layer 3 Sticky
If an application requires that a user be stuck for the entire session, use Layer 3 sticky, which sticks a user to a server based on the user's IP address. The total number of entries in the sticky table depends on the size of the CPU memory (128K sticky table with 288 MB of CPU memory or a 32K sticky table with 144 MB of CPU memory).
If the volume of your site is such that you will have more than 128K or 32K users at a time, or if a large percentage of your customers come to you through a mega-proxy, then consider using either a different sticky method (for example, the advanced-balance method cookies, cookieurl, or url), or increasing your sticky mask.
Note
The default sticky mask is 255.255.255.255, which means that each entry in the sticky table is an individual IP address. Some mega-proxies allow one user to use several different IP addresses in a range of addresses over the life of one session. This use of multiple addresses for one session can cause some of the TCP connections to get stuck to one server, and other TCP connections to a different server for the same transaction. The result is possibly losing some items from the shopping cart. To avoid this problem, use one of the more advanced methods of sticking. If you cannot, Cisco Systems recommends using a sticky mask of 255.255.240.0.
Using Layer 4 Sticky
Layer 4 sticky functions identically to Layer 3 sticky, except that it sticks based on a combination of source IP address, protocol, and destination port. Layer 4 sticky also uses a sticky table and has the same limitations as Layer 3 sticky.
If the CSS sees the same IP address with two different destination ports, it will use two entries. You can also apply sticky mask to Layer 4 sticky.
If you are concerned about whether your site can handle all of the simultaneous sessions, then consider using the Layer 5 advanced-balanced methods of arrowpoint-cookie, cookie, cookieurl, or url.
Using Layer 5 Sticky
Layer 5 sticky uses a combination of destination IP address, protocol, port, and URL that may or may not contain an HTTP cookie or a domain name. Layer 5 sticky can function based on a sticky string in a cookie or URL, or based on an SSL version 3 session ID. The advanced-balanced methods such as arrowpoint-cookie, cookie, cookieurl, and url do not use a sticky table to keep track of IDs. The advanced-balance ssl method for SSL sticky does use a sticky table.
Note
Configuring Sticky on the CSS
Configuring sticky on the CSS requires you to:
•
•
If you use advanced-balance methods cookies, url, or cookieurl, you must also:
•
•
To configure sticky on the CSS:
1.
•
•
•
•
•
2.
If you configured an advanced-balance method of sticky-srcip or sticky-srcip-dstport, no further steps are required.
If you configured the advanced-balance methods cookies, url, or cookieurl, complete Steps 3 and 4.
3.
To use an exact string match:
a.
b.
For example, you have three servers and you want the string matching to be serverid111 for service1, serverid112 for service2, and serverid113 for service3. Configure the Web server applications to use these strings when they set cookies or pass parameters.
For information on the string operation match-service-cookie command, see the "Specifying a String Operation" section later in this chapter.
To use the hash algorithm:
a.
b.
Cisco TAC recommends using either hash-xor or hash-crc32, depending on your string possibilities. If the strings are completely dissimilar, use hash-xor. If the strings are similar, use hash-crc32. For example, if your string values are abc1, abc2, and abc3, the hash-xor method cannot provide you with enough variance in the hash values (that is, abc1 and abc2 may end up on the same server because they may hash to the same value).
For information on the string operation hash options, see the "Specifying a String Operation" section later in this chapter.
4.
•
•
•
•
•
For example, if you are using ipaddr=192.168.3.6&, then use the string prefix "ipaddr=" and the string eos-char "&" because the IP addresses vary in length.
For example, if you are using server ID=server111, then use the string prefix "server ID=" and a string process-length of 8 because the string length does not vary in length.
Table 4-1 describes sticky rules and how they apply to content rules.
Note
Specifying an Advanced Load-Balancing Method for Sticky Content
Use the advanced-balance command to specify an advanced load-balancing method for a content rule that includes stickiness. A content rule is "sticky" when additional sessions from the same user or client are sent to the same service as the first connection, overriding normal load balancing. By default, the advanced balancing method is disabled.
The advanced-balance command options cookies, cookieurl, and url use strings for sticking clients to servers. These options are beneficial when the sticky table limit is too small for your application requirements because the string methods do not use the sticky table.
The syntax and options for this content mode command are:
•
Note
•
When a client makes an initial request, they do not have a cookie. But once they go to a server that is capable of setting cookies, they receive the cookie from the server. Each subsequent request contains the cookie until the cookie expires. A string in a cookie can be used to stick a client to a server. The service mode string command enables you to specify where the CSS should locate the string within the cookie.
The CSS processes the cookie using:
–
–
•
This option is useful if a Microsoft IIS web server is used with Cookie Munger, which dynamically places the session state information in the cookie header or URL extension, depending on whether the client can accept cookies.
Some client applications do not accept cookies. When a site depends upon the information in the cookie, administrators sometimes modify the server application so that it appends the cookie data to the parameters section of the URL. The parameters typically follow a "?" at the end of the main data section of the URL.
The advanced-balance cookieurl command sticks a client to a server based on locating the configured string in the:
–
–
The string can either be an exact match or be hashed.
•
•
•
•
SIP is an application-layer control protocol that functions as a signaling mechanism between user devices and media servers. SIP is a peer-to-peer protocol where end-devices (the User Agent Client) initiate interactive communications sessions with SIP servers. These sessions can include Internet multimedia conferences, Internet telephone calls (voice-over-IP), and multimedia distribution.
The session Call-ID is a unique call identifier that is contained in the SIP messages sent from the client to the SIP server. Stickiness by Call-ID is particularly important for call stateful services that use the Call-ID to identify current SIP sessions and make decisions based on the content of the message. If the CSS finds the SIP Call-ID in the SIP messages sent from the client to the SIP server, the CSS generates a key (hash value) based on the SIP Call-ID. The CSS uses the key to look up an entry in the sticky table. If the entry exists, the CSS sends the client to the sticky server indicated by the table entry. If the entry does not exist, the CSS creates a new sticky entry, hashes the SIP Call-ID value into a key, and saves the key in the entry.
•
Sites where encryption is required for security purposes often use SSL. SSL contains session IDs, and the CSS can use these session IDs to stick the client to a server. For the CSS to successfully provide SSL stickiness, the application must be using SSL version 3 session IDs. Sticky SSL uses the sticky table. If you are concerned about the number of concurrent sessions, and not concerned about security, you should consider using the cookies, cookieurl, or url options.
Note
Do not issue the ssl-l4-fallback disable command if SSL version 2 is in use on the network.•
The advanced-balance url command is similar to the advanced-balance cookies command. It can may use either an exact match method or a hash algorithm. The string can exist anywhere in the URL.
•
If the MSISDN header is present in an HTTP request, the CSS generates a hash value (key) based on the value in the MSISDN header field. The CSS uses the key to look up an entry in the sticky table. If an entry exists in the sticky table, the CSS sends the client to the sticky server indicated by the table entry. If an entry does not exist in the sticky table, the CSS:
a.
b.
c.
The CSS looks up the same table entry and sends the client to the same server for subsequent requests from the same client.
If the MSISDN header field is not present in an HTTP request, the CSS load-balances the client request based on the configured balance method. The default load-balancing method is roundrobin.
In the following example, TCP port 80 traffic destined for 192.168.128.151 is stuck to either server1 or server2 based on the contents of the MSISDN HTTP header field.
owner arrowpointcontent ruleWapStickyvip address 192.168.128.151protocol tcpport 80url "/*"add service server1add service server2advanced-balance wap-msisdnactiveFor example, to specify advanced-balance wap-msisdn for content rule rule1, enter:
(config-owner-content[arrowpoint-rule1])# advanced-balance wap-msisdn
Note
To disable the advanced load-balancing method, enter:
(config-owner-content[arrowpoint-rule1])# advanced-balance noneConfiguring SSL-Layer 4 Fallback
Use the ssl-l4-fallback disable command when you want to prevent the CSS from inserting the Layer 4 hash value, based on the source IP address and destination address pair, into the sticky table (the default CSS operation). Insertion of the Layer 4 hash value into the sticky table occurs when more than three frames are transmitted in either direction (client-to-server, server-to-client) or if SSL version 2 is in use on the network. If either condition occurs, the CSS inserts the Layer 4 hash value into the sticky table, overriding the further use of the SSL version 3 session ID.
The ssl-l4-fallback command is applicable only when the advanced-balance ssl method is specified for a content rule, which forces the content rule to stick to a server based on SSL version 3 session ID. The use of the ssl-l4-fallback command may be necessary in a lab environment when testing SSL with a small number of clients and servers, where some retransmissions might occur. In this case, you would not want to use the Layer 4 hash value because it will skew the test results.
Note
The options for this global configuration mode command include:
•
•
Note
For example, to disable the CSS from inserting the Layer 4 hash value into the sticky table, enter:
(config)# ssl-l4-fallback disableTo reset the CSS back the default action of inserting a Layer 4 hash value into the sticky table, enter:
(config)# ssl-l4-fallback enableConfiguring Sticky Serverdown Failover
Use the sticky-serverdown-failover command to define what will happen if a sticky string is found but the associated service has failed or is suspended. The sticky failover default method is for the CSS to use the configured load-balancing method.
Note
The syntax and options for this content mode command are:
•
•
•
•
•
For example, to set the sticky failover method to sticky-srcip, enter:
(config-owner-content[arrowpoint-rule1])sticky-serverdown-failover sticky-srcipTo set the sticky failover method to its default setting of using the configured load-balancing method, enter:
(config-owner-content[arrowpoint-rule1])# no sticky-serverdown-failoverConfiguring Sticky Mask
A client IP address uniquely identifies the client to the CSS. During normal client-server sessions, the IP address is maintained throughout the connection. However, if the connection is lost (for example, due to a dense proxy failover) and the client reconnects with a different IP address, the CSS needs to reconnect the client to the same server that is preserving the client information (for example, information from a shopping cart or financial session).
Use the sticky-mask command to mask a group of client IP addresses in order to preserve the client connection state when the client's source IP address changes. The sticky mask specifies which portion of the client IP address the CSS will mask. The default sticky subnet mask is 255.255.255.255.
For example, enter:
(config-owner-content[arrowpoint-rule1])# sticky-mask 255.255.255.0To restore the sticky subnet mask to the default of 255.255.255.255, enter:
(config-owner-content[arrowpoint-rule1])# no sticky-maskConfiguring Sticky Inactive Timeout
Use the sticky-inact-timeout command to specify the inactivity timeout period on a sticky connection for a content rule before the CSS removes the sticky entry from the sticky table. When you configure this period, the CSS keeps the sticky entry in the sticky table for the specified amount of time. The CSS does not reuse this entry until the time expires. If the sticky table is full and none of the entries has expired, the CSS rejects the new sticky request. If the sticky-inact-timeout command is specified for a Layer 5 content rule using SSL sticky, the SSL sessions continue even if the sticky table is full; however, the CSS does not maintain stickiness on the new sessions.
When the sticky connection expires, the CSS uses the configured load-balancing method to choose an available server for the request.
When this feature is disabled, the new sticky connection uses the oldest used sticky entry. A sticky association could exist for a time depending on the sticky traffic load on the CSS.
The syntax for this command is:
sticky-inact-timeout minutes
Enter the number of minutes of inactivity, from 0 to 65535. The default value is 0, which means this feature is disabled. For example, enter:
(config-owner-content[arrowpoint-rule1])# sticky-inact-timeout 9To disable the sticky connection inactivity timeout feature, enter:
(config-owner-content[arrowpoint-rule1])# no sticky-inact-timeoutConfiguring Sticky Content for SSL
To use stickiness based on SSL version 3 session ID, configure a specific SSL Layer 5 rule for a service. To configure an SSL Layer 5 rule for a service:
•
•
•
Note
For example, the following owner portion of a startup-config shows a content rule configured for SSL.
!*************************** OWNER ***************************!owner arrowpointcontent L5sslstickyvip address 192.3.6.58add service server87add service server88balance acaprotocol tcpport 443advanced-balance sslapplication sslactiveConfiguring String Range
Use the string-range command to specify the starting and ending byte positions within a cookie, URL, or URL extension that the CSS uses to search for the specified string. By specifying this range of bytes, the CSS processes the information located only within this range. This limits the amount of information that the CSS has to process when examining each cookie, URL, or URL extension, enhancing its performance. By default, the string range is the first 100 bytes of the cookie, URL, or parameters in the URL.
Note
Enter the start_byte variable as the starting byte position of the cookie, URL, or URL extension after the header. Enter an integer from 1 to 1999. The default is 1. Ensure that the starting byte position is less than the end byte.
Enter the end_byte variable as the ending byte position of the cookie, URL, or URL extension. Enter an integer from 2 to 2000. The default is 100. Ensure that the ending byte position is more than the start byte position.
If you are using advanced-balance:
•
•
•
For example, enter:
(config-owner-content[arrowpoint-rule1])# string-range 35 to 55To restore the string range to the default of 1 to 100, enter:
(config-owner-content[arrowpoint-rule1])# no string-rangeSpecifying a String Operation
Use the string operation command to determine the method to choose a destination server for a string result. The CSS derives the string result from the settings of the string criteria commands within the string range. You can choose a server by using the configured balance method or by using the hash key generated by the specified sticky hash type. If the Web servers:
•
•
Note
Comparing Hash Method with Match Method
When an application uses the exact match method, once a client makes a request to a particular server, the server is responsible for providing the client with a string unique to the server to use for future requests. Typically, if a server receives a string in a request that was set by another server, that string causes an error. In an exact match, the CSS looks for the unique string. If it finds an exact match, then the server is used. If no match is found, the CSS uses the configured load-balancing method to select a server for the client.
When an application uses one of the hash algorithms, all of the servers are capable of accepting any strings set by other servers. The model was designed so you could set up a site where the initial login would send a client to a Web server that assigns cookies to clients. When the CSS receives the first request from a client with the cookie string, it performs the hash operation on the string and chooses a server accordingly. The hash algorithm ensures that a particular string is always sent to a specific server, but it does not have to be a predefined server, as with an exact match.
Using the string operation hash algorithms may allow the Web server application to be used without being modified. When you use the string operation match-service-cookie method, you must modify the Web server application so that each server generates a unique string. The hash algorithms may be able to take advantage of strings already generated by the servers.
The syntax and options for this content mode command are:
•
•
–
–
–
If the selected server is out of service, the CSS performs a rehash to choose another server.
TAC recommends using either hash-xor or hash-crc32 depending on your string possibilities. If the strings are completely dissimilar, use hash-xor. If the strings are similar, use hash-crc32. For example, if your string values are abc1, abc2, and abc3, the hash-xor method cannot provide you with enough variance in the hash values (that is, abc1 and abc2 may end up on the same server because they may hash to the same value).
For example, to set the string operation to choose a server by using the string operation hash-crc32 algorithm, enter:
(config-owner-content[arrowpoint-rule1])# string operation hash-crc32To reset the string operation to its default setting of choosing a server by matching a service cookie in the sticky string, enter:
(config-owner-content[arrowpoint-rule1])# no string operationThe CSS derives a string result from the following string criteria commands:
•
•
•
•
•
Enabling or Disabling String ASCII Conversion
Use the string ascii-conversion command to enable or disable the ASCII conversion of escaped special characters within the specified sticky string range before applying any processing to the string. By default, ASCII conversion is enabled.
For example, to disable ASCII conversion of escaped special characters, enter:
(config-owner-content[arrowpoint-rule1])# string ascii-conversion disableTo reenable the ASCII conversion of escaped special characters to its default setting, use the no form of the command or the enable option. For example, enter:
(config-owner-content[arrowpoint-rule1])# no string ascii-conversion(config-owner-content[arrowpoint-rule1])# string ascii-conversion enableSpecifying End-of-String Characters
Use the string eos-char command to specify up to three ASCII characters as the delimiters for the sticky string within the string range. For example, in a cookie header, a semicolon (;) is usually used as a delimiter; in a URL extension, an ampersand (&) is often used as a delimiter.
The CSS uses the string eos-char value if the (config-owner-content) string process-length command is not configured. The (config-owner-content) string process-length command has higher precedence. If neither command is configured, the CSS uses the maximum of 100 bytes for the final string length. Enter the sticky string end-of-string characters as a quoted text string with a maximum of three characters.
For example, enter:
(config-owner-content[arrowpoint-rule1])# string eos-char ";"To clear the end of string characters, enter:
(config-owner-content[arrowpoint-rule1])# no string eos-charSpecifying a String Prefix
Use the string prefix command to specify the string prefix located in the string range. If you do not configure the string prefix, the string functions start from the beginning of the string range for the cookie, URL, or URL extension, depending on the sticky type. By default, the string range is the first 100 bytes of the cookie, URL, or parameters in the URL. If the string prefix is configured but is not found in the string range, the CSS uses the load-balancing method you defined in the sticky-serverdown-failover command.
Enter the string prefix as a quoted text string with a maximum of 30 characters. The default is no prefix ("").
For example, enter:
(config-owner-content[arrowpoint-rule1])# string prefix "UID="To clear the string prefix, enter:
(config-owner-content[arrowpoint-rule1])# no string prefixSpecifying a String Process Length
Use the string process-length command to specify how many bytes, after the end of the prefix within the string range designated by the string prefix command and skipping the bytes designated by the string skip-length command, the string action will use. This command has higher precedence than the string eos-char command. If neither command is configured, the CSS uses the maximum of 100 bytes for the final string action. Enter the number of bytes from 0 to 64. The default is 0.
For example, enter:
(config-owner-content[arrowpoint-rule1])# string process-length 16To set the number of bytes to its default setting of 0, enter:
(config-owner-content[arrowpoint-rule1])# no string process-lengthSpecifying a String Skip Length
Use the string skip-length command to specify how many bytes to skip after the end of prefix within the string range to find the string result. Enter the number of bytes from 0 to 64. The default is 0. For example, enter:
(config-owner-content[arrowpoint-rule1])# string skip-length 3To set the number of bytes to its default setting of 0, enter:
(config-owner-content[arrowpoint-rule1])# no string skip-lengthConfiguring Sticky-No-Cookie-Found-Action
Note
Use the sticky-no-cookie-found-action command to specify the action the CSS should take for a sticky cookie content rule when it cannot locate the cookie header or the specified cookie string in the sticky-no-cookie-found-action command.
The options for the sticky-no-cookie-found-action command are:
•
•
•
•
For example, enter:
(config-owner-content[arrowpoint-rule1])# sticky-no-cookie-found-action redirect "http://www.lml.com/nocookie.html"To reset sticky-no-cookie-found-action to the default of loadbalance, enter:
(config-owner-content[arrowpoint-rule1])# no sticky-no-cookie-found-actionConfiguring Sticky Parameters for E-Commerce Applications
By configuring sticky parameters for e-commerce applications, you can instruct the CSS how to process client requests that do not contain cookies when the requests are destined to a content rule that is sticking based on a string within a cookie. You can also instruct the CSS how to process wireless users by integrating HTTP header load balancing with the advanced-balance wap-msisdn command. For applications that use the CSS sticky table, you can remove a sticky table entry after a defined period of activity.
The following sections describe how to configure sticky parameters for e-commerce applications:
•
•
•
•
Configuring an Advanced Balance ArrowPoint Cookie
Note
Use the advanced-balance arrowpoint-cookie command to enable the content rule to stick the client to the server based on the unique service identifier of the selected server in the ArrowPoint-generated cookie. Configure the service identifier by using the (config-service) string command. You do not need to configure string match criteria. For information on configuring the ArrowPoint-generated cookie, see the "Configuring an ArrowPoint Cookie" section. You can use this option with any Layer 5 content rule.
For example, to specify advanced-balance arrowpoint-cookie for content rule1, enter:
(config-owner-content[arrowpoint-rule1])# advanced-balance arrowpoint-cookieTo disable the advanced load-balancing method, enter:
(config-owner-content[arrowpoint-rule1])# no advanced-balanceConfiguring an ArrowPoint Cookie
Use the arrowpoint-cookie command to configure the ArrowPoint cookie name, path, and expiration time. The CSS generates the ArrowPoint cookie transparently for a client, the client stores it and returns it in subsequent requests, and the CSS later uses it to maintain the client-server stickiness. This cookie contains the sticky information itself and does not refer to a sticky table.
If you configure the arrowpoint-cookie method in a content rule, the CSS always checks for the existence of the ArrowPoint cookie when it receives a client request. If this cookie does not exist, the CSS performs server load balancing and generates an ArrowPoint cookie.
When the CSS finds the cookie in the client request, it unscrambles the cookie data and then validates it. Then, the CSS checks the cookie expiration time. If the cookie has expired, the CSS sends a new cookie containing the information about the server where the client was stuck. This appears as an uninterrupted connection.
If the cookie format is valid, the CSS ensures the consistency between the cookie and the CSS configuration. When all the validations are passed, the CSS forwards the client request to the server indicated by the server identifier. Otherwise, the CSS treats this request as an initial request.
The options for this content mode command are:
•
•
•
•
•
•
Configuring an ArrowPoint Cookie Name
Use the arrowpoint-cookie name command to configure a unique cookie identifier with a maximum of four alphanumeric characters. With this option, you can configure multiple CSSs to inject cookies without the potential of one CSS overwriting another CSS cookie. Enter a unique string consisting of 1 to 4 alphanumeric characters for the name variable. The default is ARPT.
Caution
For example:
(config-owner-content[arrowpoint-rule1])# arrowpoint-cookie name abc5The cookie resulting from this command would appear as:
abc5=000000SservicenameT0x_0xC1234To reset the Arrowpoint cookie name to the default of ARPT, enter:
(config-owner-content[arrowpoint-rule1])# no arrowpoint-cookie nameConfiguring an Arrowpoint Cookie Path
Use the arrowpoint-cookie path command to set the ArrowPoint cookie path to a configured path. Otherwise, the CSS sets the default path attribute of the cookie to a slash (/). The syntax of this owner-content configuration mode command is:
arrowpoint-cookie path "path_name"
Enter the path_name where you want to send the cookie. Enter a quoted text string with a maximum of 99 characters. The default path of the cookie is "/".
For example, enter:
(config-owner-content[arrowpoint-rule1])# arrowpoint-cookie path "/cgi-bin/"To reset the cookie path to its default of "/", enter:
(config-owner-content[arrowpoint-rule1])# no arrowpoint-cookie pathConfiguring an ArrowPoint-Cookie Expiration Time
Use the arrowpoint-cookie expiration command to set an expiration time, which the CSS compares with the time associated with the ArrowPoint cookie. If the cookie has expired, the CSS sends a new cookie that includes the server where the client was stuck. The sending of the new cookie allows for the appearance of an uninterrupted connection. If you do not set an expiration time, the cookie expires when the client exits the browser.
The syntax of this owner-content mode configuration command is:
arrowpoint-cookie expiration dd:hh:mm:ss
The variables are:
•
•
•
•
Note
For example, enter:
(config-owner-content[arrowpoint-rule1])# arrowpoint-cookie expiration 08:04:03:06To reset the expiration time to when the client exits the browser, enter:
(config-owner-content[arrowpoint-rule1])# no arrowpoint-cookie expirationUse the arrowpoint-cookie rfc2822-compliant command in global configuration mode if you want to configure the arrowpoint-cookie expiration time syntax to be RFC 2822-compliant. This command causes the arrowpoint-cookie expiration time syntax to be only three-character days of the week (for example, "Tue" rather than "Tues") and to capitalize only the first character of the month (for example, "Jan" rather than "JAN"). When enabled, the CSS applies the RFC 2822-compliant format to all ArrowPoint cookies. The default is disabled.
With the RFC 2822-compliant format disabled, the arrowpoint-cookie expiration time syntax appears as follows:
day: Mon, Tues, Wed, Thu, Fri, Sat, Sun
month: JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC
When you enable the arrowpoint-cookie rfc2822-compliant command, the RFC 2822-compliant format appears as follows:
day: Mon, Tue, Wed, Thu, Fri, Sat, Sun
month: Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec
For example:
(config)# arrowpoint-cookie rfc2822-compliantTo disable the RFC 2822-compliant format, enter:
(config)# no arrowpoint-cookie rfc2822-compliantConfiguring ArrowPoint-Cookie Browser Expire
Use the arrowpoint-cookie browser-expire command to allow the browser to expire the ArrowPoint cookie based on the expiration time. To configure the expiration time, see the previous section. The syntax of this owner-content configuration mode command is:
arrowpoint-cookie browser-expire
For example, enter:
(config-owner-content[arrowpoint-rule1])# arrowpoint-cookie browser-expireTo allow the CSS to expire the cookie, enter:
(config-owner-content[arrowpoint-rule1])# no arrowpoint-cookie browser-expire
Note
Configuring ArrowPoint-Cookie Expire Services
Use the arrowpoint-cookie expire-services command to expire service information when the cookie expires before sending a new cookie. By default, when the cookie expires, the CSS sends a new cookie with the server information from the expired cookie. The syntax of this owner-content configuration mode command is:
arrowpoint-cookie expire-services
For example, enter:
(config-owner-content[arrowpoint-rule1])# arrowpoint-cookie expire-servicesTo reset the default behavior, enter:
(config-owner-content[arrowpoint-rule1])# no arrowpoint-cookie expire-servicesImproving CSS Performance with ArrowPoint Cookies
Use the arrowpoint-cookie advanced command to improve performance with ArrowPoint cookies where large amounts of data (for example, graphics) are returned from the server by mapping the ArrowPoint cookie flows in the fastpath (hardware).
Use this command only if the CSS is experiencing performance delays with ArrowPoint cookies. This command is disabled by default. The syntax of this owner-content configuration mode command is:
arrowpoint-cookie advanced
For example, enter:
(config-owner-content[arrowpoint-rule1])# arrowpoint-cookie advancedTo reset the default behavior, enter:
(config-owner-content[arrowpoint-rule1])# no arrowpoint-cookie advancedConfiguring an ArrowPoint Cookie Domain
Use the cookie-domain command to configure a domain name for the ArrowPoint cookie. For details, see the "Configuring a Domain Name for the Location Cookie" section later in this chapter.
Configuring a Location Cookie
Occasionally, when a client is stuck to a particular CSS and server in a multisite network configuration, a subsequent DNS request may resolve to a different IP address, which sends the client to a different CSS and server. This different resolution can be a problem in an e-commerce application, especially when a client already has items in a shopping cart. To ensure that a CSS returns the client to the original CSS in a multisite environment, configure a Location Cookie.
Overview
Location Cookie injects a user-defined NAME=VALUE cookie pair string (configured on the CSS specific to a site) into the response packet from the server. On subsequent connections after cookie injection, if a new DNS resolution sends the client to a different CSS, the new CSS attempts to match the NAME=VALUE pair to the values in a configured content rule. If the CSS cannot match the NAME=VALUE pair, the CSS compares the VALUE portion of the cookie to information in location services configured in a content rule. The CSS uses the information in the location services to return the client to the original site.
There are two methods that a CSS can use to return a client to the original site, depending on the type of location service that you configured on the CSS. The first method uses a standard service (pass-through service) to pass all traffic through the current CSS, then back to the original CSS. You must configure this same service as a destination service in a source group to ensure that all return traffic from the original CSS is NATed through the current CSS before going to the client.
The second method uses a redirect service to send a 302 redirect to the client, thereby forcing the client back to the original site. Note that a 302 redirect changes all HTTP methods to HTTP GETs. For example, if a client is performing a POST operation and the current CSS redirects the client to the original site, the client will lose all data in the POST method.
Note
Location Cookie Quick Start
Table 4-2, Table 4-3, and Table 4-4 provide a quick overview of the steps required to configure the Location Cookie feature on each CSS in a multisite configuration. This section includes quick start procedures for three sample sites. Each step includes the CLI command required to complete the task. For a complete description of each feature and all the options associated with the CLI commands, see the sections following the tables.
Table 4-2 Location Cookie Configuration Quick Start for Site1
1.
# config (config)#2.
(config)# service localServ1(config-service[localServ1])# ip address 192.168.2.3(config-service[localServ1])# active(config-service[localServ1])# service localServ2(config-service[localServ2])# ip address 192.168.2.4(config-service[localServ2])# active3.
(config-service[localServ2])# service site2(config-service[site2])# ip address 192.158.128.209(config-service[site2])# string site2(config-service[site2])# type redirect(config-service[site2])# active4.
(config-service[site2])# service site3(config-service[site3])# ip address 192.148.128.209(config-service[site3])# string site3(config-service[site3])# active5.
(config)# owner ArrowPoint(config-owner[ArrowPoint])#6.
(config-owner[ArrowPoint])# content locCookie(config-owner-content[ArrowPoint-locCookie])#7.
(config-owner-content[ArrowPoint-locCookie])# vip address 192.168.128.209(config-owner-content[ArrowPoint-locCookie])# add service localServ1(config-owner-content[ArrowPoint-locCookie])# add service localServ2(config-owner-content[ArrowPoint-locCookie])# protocol tcp(config-owner-content[ArrowPoint-locCookie])# port 80(config-owner-content[ArrowPoint-locCookie])# url "/*"(config-owner-content[ArrowPoint-locCookie])# location-cookie name work value site1(config-owner-content[ArrowPoint-locCookie])# cookie-domain ".work.com"(config-owner-content[ArrowPoint-locCookie])# add location-service site2(config-owner-content[ArrowPoint-locCookie])# add location-service site3(config-owner-content[ArrowPoint-locCookie])# active8.
(config)# group site1(config-group[site1])# add destination service site3(config-group[site1])# vip address 192.168.128.210(config-group[site1])# active
Configuring location-cookie
Use the location-cookie command to configure the NAME=VALUE cookie string and expiration time for the local site. A CSS injects this cookie string into responses from a server.
Note
The syntax for this owner-content configuration mode command is:
location-cookie name text value text {expiration dd:hh:mm:ss}
The options and variables for this command are:
•
•
•
–
–
–
–
For example:
(config-owner-content[ArrowPoint-rule1])# location-cookie name work value site1 00:02:30:00To remove the location cookie, enter:
(config-owner-content[ArrowPoint-rule1])# no location-cookieConfiguring a Domain Name for the Location Cookie
Use the cookie-domain command to configure a domain name for the Location Cookie. The cookie domain name allows your browser to send the cookie back to any site that ends with the domain name that you specify. For example, if you specify a cookie domain name of .work.com, the browser will send back the Location Cookie to all sites that end with .work.com, including site1.work.com, site2.work.com, and site3.work.com.
The syntax for this owner-content configuration mode command is:
cookie-domain name
The name variable specifies the name of the domain for the Location Cookie. Enter a quoted text string from 1 to 64 characters.
For example:
(config-owner-content[ArrowPoint-rule1)# cookie-domain ".work.com"To remove the cookie domain name, enter:
(config-owner-content[ArrowPoint-rule1)# no cookie-domainConfiguring Location Services
Use the add location-service command to add services to the content rule that the CSS uses to locate the site where the client was originally stuck.
The syntax for this owner-content configuration mode command is:
add location-service service_name
The name variable specifies the name of a standard service or redirect service that you want to add to the content rule for Location Cookie matching. Enter a name from 1 to 31 characters.
For example, enter:
(config-owner-content[ArrowPoint-rule1)# add location-service site1To remove the site1 location service, enter:
(config-owner-content[ArrowPoint-rule1)# remove location-service site1You can configure a maximum of 10 location services; either standard services or redirect services. These services do not count toward the 64-service maximum per content rule and do not participate in the load-balancing algorithm of the content rule.
A redirect service configured as a location service must have an IP address that is the same as the VIP address of the location cookie content rule configured on the redirected site. You must also define a string on any service used as a location service. This string must match the VALUE portion of the Location Cookie. For information on configuring a string on a service, see the "Configuring an Advanced Load-Balancing String" section.
Also, you must configure as a destination service in a source group any standard service that you configure as a location service in the content rule, as shown in the "Location Cookie Quick Start" section.
Examples of Location Cookie Flow
The following examples illustrate the two mechanisms that a CSS uses to return a client to the CSS and server that serviced the original request. See the "Location Cookie Quick Start" section for specific CSS site configuration information.
Example 1 - Returning a client to the original site using a location service (pass-through method)
1.
2.
3.
4.
5.
6.
7.
8.
9.
Example 2 - Returning a client to the original site using a redirect service
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
Displaying Location Cookie Information
To display location cookie information, use the show rule sticky command. For details, see the "Showing Sticky Attributes" section.
Configuring Wireless Users for E-Commerce Applications
Use the advanced-balance wap-msisdn command with the MSISDN header field to configure wireless users for e-commerce applications. For details on the advanced-balance wap-msisdn command, see the "Specifying an Advanced Load-Balancing Method for Sticky Content" section earlier in this chapter. For details on the MSISDN header field, see the "Configuring a Header Field Entry" section in Chapter 6, Configuring HTTP Header Load Balancing.
Wireless clients use the Wireless Application Protocol (WAP) to access Internet content. When a wireless client sends a request for content, the WAP protocol gateway (a device that translates requests from the WAP protocol stack to the WWW protocol stack) generates the MSISDN field and adds it to the HTTP header.
In the following example, TCP port 80 traffic destined for VIP 192.168.128.151 that contains the string "012" in the MSISDN HTTP header field will match content rule rule012. The CSS will stick this traffic to either server1 or server2 based on the entire contents of the MSISDN field.
TCP port 80 traffic destined for 192.168.128.151 that does not contain the string "012" in the MSISDN HTTP header field, but has the field in the header, will match content rule ruleNo012. The CSS will use roundrobin to load balance the traffic across server21 and server22.
TCP port 80 traffic destined for 192.168.128.151 that does not contain the MSISDN HTTP header field will match content rule ruleNoWap. The CSS will use roundrobin to load balance the traffic across server31 and server32.
header-field-group wap012header-field 1 wap-msisdn contain "012"header-field-group wapNo012header-field 1 wap-msisdn not-contain "012"owner arrowpointcontent rule012vip address 192.168.128.151protocol tcpport 80url "/*"add service server1add service server2header-field-rule wap012advanced-balance wap-msisdnactivecontent ruleNo012vip address 192.168.128.151protocol tcpport 80url "/*"add service server21add service server22header-field-rule wapNo012activecontent ruleNoWapvip address 192.168.128.151protocol tcpport 80url "/*"add service server31add service server32activeShowing Sticky Attributes
The show rule sticky command displays the sticky attributes for a content rule.
Note
For example, enter:
(config-owner-content[arrowpoint-rule1])# show rule owner content_rule stickyTable 4-5 describes the fields in the show rule sticky command output.
Showing Sticky Table Configurations
The show sticky-table command displays the contents of the CSS sticky table based on the advanced load-balancing method for a content rule. Use the following show sticky-table commands from any mode to display the sticky information contained in the CSS sticky table:
•
•
•
•
•
•
To display sticky configurations for content, use the show rule sticky command in content mode. For details on the show rule sticky command, see the "Showing Sticky Attributes" section.
To display all sticky entries contained in the CSS sticky table, enter:
(config)# show sticky-table all-stickyTable 4-6 describes all of the fields in the show sticky-table all-sticky command output.
Showing Layer 3 Sticky Table Information
Use the show sticky-table l3-sticky command to display the Layer 3 sticky entries contained in the CSS sticky table. Layer 3 sticks a user to a server based on the source IP address.
The syntax for this global configuration mode command is:
show sticky-table l3-sticky [page {value}|ipaddress {ip_address sticky_mask}]
The show sticky-table l3-sticky command supports the following options and variables:
•
•
For example, to display Layer 3 sticky entries from page 60 in the sticky table, enter:
(config)# show sticky-table l3-sticky page 60For example, to display Layer 3 sticky entries from a specific IP address and sticky mask in the sticky table, enter:
(config)# show sticky-table l3-sticky ipaddress 192.168.2.5 255.255.255.255See Table 4-6 for a description of the fields in the show sticky-table l3-sticky command output.
Showing Layer 4 Sticky Table Information
Use the show sticky-table l4-sticky command to display the Layer 4 sticky entries contained in the CSS sticky table. Layer 4 sticky functions identically to Layer 3 sticky, except that it sticks a user to a server based on a combination of source IP address and destination port.
The syntax for this global configuration mode command is:
show sticky-table l4-sticky [page {value}|ipaddress {ip_address sticky_mask} {port}]
The show sticky-table l4-sticky command supports the following options and variables:
•
•
•
For example, to display Layer 4 sticky entries from a specific IP address and sticky mask in the sticky table for destination port 80, enter:
(config)# show sticky-table l4-sticky ipaddress 192.168.2.5 255.255.255.255 80See Table 4-6 for a description of the fields in the show sticky-table l4-sticky command output.
Showing SIP Call-ID Sticky Table Information
Use the show sticky-table sip-callid-sticky command to display the entries contained in the sticky table based on session Call-ID. Call-ID is a unique call identifier contained in the SIP messages sent from the client to the SIP server.
The syntax for this global configuration mode command is:
show sticky-table sip-callid-sticky [page {value}|Call-ID {sip_callid}]
The show sticky-table sip-callid-sticky command supports the following options and variables:
•
•
For example, to display sticky entries for a specific Call-ID in the sticky table, enter:
(config)# show sticky-table sip-calliD-sticky 12345600@here.comSee Table 4-6 for a description of the fields in the show sticky-table sip-callid-sticky command output.
Showing SSL Sticky Table Information
Use the show sticky-table ssl-sticky command to display the SSL entries contained in the sticky table.
The syntax for this global configuration mode command is:
show sticky-table ssl-sticky [rule {index}{page {value}}|time {number} {page {value}}|sid {text}|collision|page {value}]
The show sticky-table ssl-sticky command supports the following options and variables:
•
•
•
•
•
For example, to show SSL entries in the sticky table based on content rule index number and page number in the sticky table, enter:
(config)# show sticky-table ssl-sticky rule 4 page 33See Table 4-6 for a description of the fields in the show sticky-table ssl-sticky command output.
Showing WAP Sticky Table Information
Use the show sticky-table wap-sticky command to display the entries contained in the sticky table based on the MSISDN header field. MSISDN is the header field for wireless clients using the Wireless Application Protocol (WAP).
The syntax for this global configuration mode command is:
show sticky-table wap-sticky [page {value}|msisdn {msisdn_header}]
The show sticky-table wap-sticky command supports the following options and variables:
•
•
For example, to show MSISDN sticky entries in the sticky table based on MSISDN header, enter:
(config)# show sticky-table wap-sticky msisdn 6079979410See Table 4-6 for a description of the fields in the show sticky-table wap-sticky command output.
Showing Sticky Connection Statistics
The show sticky-stats command displays a summary of sticky connection statistics for the CSS.
To display sticky configurations for content, you can also use the show rule sticky command in content mode. For details on the show rule sticky command, see the "Showing Sticky Attributes" section.
For example:
(config-owner-content[arrowpoint-rule1])# show sticky-statsTable 4-7 describes the fields in the show sticky-stats command output.
Where to Go Next
You can configure source groups, access control lists (ACLs), extension qualifier lists (EQLs), Uniform Resource Locator qualifier lists (URQLs), network qualifier lists (NQLs), and domain qualifier lists (DQLs). For information, see Chapter 5, Configuring Source Groups, ACLs, EQLs, URQLs, NQLs, and DQLs.
