From: Daniel Peterson (pdiddy_saIZZATyahoo.com)
Date: Tue Oct 01 2002 - 15:23:09 EDT
Does the Foundry support a sticky IP mask? On CSSs
you can specify to ignore 'X' amount of bits. Most
megaproxies fall in the same /27. I've done this on
about 30 different load balancers now and have had no
problem with the AOL clients.
The only down side to this solution is when a site
load balances their web connectivity over 3 different
proxies in 3 different class A ranges.
Good Luck,
Dan
--- Philip Goldie <pgoldieIZZATnortelnetworks.com> wrote:
> Luis,
>
> The problem is with the AOL Mega Proxies, not the
> browsers. Basically all
> AOL users (and those from
> other ISPs) are proxied behind farms of Caches which
> results in changes in
> Source IP addresses over time.
> This is why the IP Hashing model you're using is
> breaking.
>
> Forcing the web server to re-negotiate the SSL ID is
> not an answer as the
> switch still has no way of tracking
> the changing ID as far as I'm aware.
>
> The only answer is Cookies, although in an SSL
> environment, there is no way
> for a switch to read and parse
> the cookie values unless it (or a tertiory device)
> is terminating the SSL
> Session. In Alteon world we have an
> SSL Accelerator (the Nortel ASA-310 and ASA-310) to
> do this. Not sure how
> Foundry solves this issue. - anyone ?
>
> Phil.
>
> -----Original Message-----
> From: Cisco [mailto:ciscoIZZATnetsyssupport.com]
> Sent: 01 October 2002 18:43
> To: lb-lIZZATvegan.net
> Subject: Re: [load balancing] FOUNDRY SERVERIRON XL
> FAILED IP STICK
>
>
> Thanks Phil for your posting.
>
> Definitely I'm not in control of the user DESKTOPs
> and still I don't
> understand why I'm getting problems only with AOL.
> From what you said I'm
> assuming that my problem is the AOL browser
> renegotiating the SSL session to
> fast. If that would be the case I heard you can
> force the WEB server to re
> negotiate the SSL session before the browser does
> and maybe that will fix
> the problem. Are you aware of this or anyone have
> tried it before ????
>
> Foundry supports SSL SESSION ID and COOKIE
> SWITCHING. Can I use the latter
> to maintain sessions accross my servers ???
>
> Thanks
>
> Luis
>
>
> ----- Original Message -----
> From: Philip Goldie
> <mailto:pgoldieIZZATnortelnetworks.com>
> To: lb-lIZZATvegan.net <mailto:lb-lIZZATvegan.net>
> Sent: Tuesday, October 01, 2002 11:42 AM
> Subject: RE: [load balancing] FOUNDRY SERVERIRON XL
> FAILED IP STICK
>
> Luis,
>
> The only real model for dealing with persistence
> either in SSL environments
> or plain HTTP is cookies. This is
> not a Foundry limitation, just the nature of the
> protocols, applications and
> infrastuctures which make up the
> Internet :-(
>
> One alternative is to use SSL Session ID as a
> persistence mechanism, but
> this is often proved fruitless as
> most browsers renegotiate the SSL ID periodically.
> There is a fix for this,
> but only if you're in control of the
> desktop of the user base, which it sounds like
> you're not.
>
> Phil.
>
> -----Original Message-----
> From: Cisco [mailto:ciscoIZZATnetsyssupport.com]
> Sent: 01 October 2002 15:31
> To: lb-lIZZATvegan.net
> Subject: [load balancing] FOUNDRY SERVERIRON XL
> FAILED IP STICK
>
>
> I recently setup our Foundry ServerIron XL for
> SERVER LOAD BALANCING. This
> is the configuration we have
>
> server real test1 65.165.34.11
> port http
>
> port http keepalive
>
> port http url "HEAD /"
>
> port ssl
>
> port ssl keepalive
>
> !
>
> server real test2 65.165.34.12
>
> port http
>
> port http keepalive
>
> port http url "HEAD /"
>
> port ssl
>
> port ssl keepalive
> !
> server virtual test 65.165.34.10
> port http sticky
> port ssl sticky
> track-group http 443
> bind http test1 http test2 http
> bind ssl test1 ssl test2 ssl
>
> The load balancing works great but I'm having a lot
> of problems with HTTP
> and SSL sessions maintained to the same real server
> (STICKYNESS). It seems
> to work fine with most of the websites but I'm
> having problems with users
> coming from AOL. Now I heard of those problems
> before and I don't know if it
> is due to the AOL mega proxy or the AOL browser.
> Does anyone know what could
> it be happening. It seems that the IP stickyness
> doesn't works for these
> site. Does anyone knows if Foundry supports another
> type of sticky feature
> not based in IP address to maintain real server
> sessions ?
> ANY HELP WILL BE GREATLY APRECIATED.
>
> Luis Vazquez
> ciscoIZZATnetsyssupport.com
> <mailto:ciscoIZZATnetsyssupport.com>
>
>
>
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
This archive was generated by hypermail 2.1.4 : Tue Oct 01 2002 - 15:28:26 EDT