RE: [load balancing] FOUNDRY SERVERIRON XL FAILED IP STICK

From: Daniel Peterson (pdiddy_saIZZATyahoo.com)
Date: Tue Oct 01 2002 - 15:23:09 EDT

  • Next message: Cisco: "Re: [load balancing] FOUNDRY SERVERIRON XL FAILED IP STICK"

    Does the Foundry support a sticky IP mask? On CSSs
    you can specify to ignore 'X' amount of bits. Most
    megaproxies fall in the same /27. I've done this on
    about 30 different load balancers now and have had no
    problem with the AOL clients.

    The only down side to this solution is when a site
    load balances their web connectivity over 3 different
    proxies in 3 different class A ranges.

    Good Luck,

    Dan
    --- Philip Goldie <pgoldieIZZATnortelnetworks.com> wrote:
    > Luis,
    >
    > The problem is with the AOL Mega Proxies, not the
    > browsers. Basically all
    > AOL users (and those from
    > other ISPs) are proxied behind farms of Caches which
    > results in changes in
    > Source IP addresses over time.
    > This is why the IP Hashing model you're using is
    > breaking.
    >
    > Forcing the web server to re-negotiate the SSL ID is
    > not an answer as the
    > switch still has no way of tracking
    > the changing ID as far as I'm aware.
    >
    > The only answer is Cookies, although in an SSL
    > environment, there is no way
    > for a switch to read and parse
    > the cookie values unless it (or a tertiory device)
    > is terminating the SSL
    > Session. In Alteon world we have an
    > SSL Accelerator (the Nortel ASA-310 and ASA-310) to
    > do this. Not sure how
    > Foundry solves this issue. - anyone ?
    >
    > Phil.
    >
    > -----Original Message-----
    > From: Cisco [mailto:ciscoIZZATnetsyssupport.com]
    > Sent: 01 October 2002 18:43
    > To: lb-lIZZATvegan.net
    > Subject: Re: [load balancing] FOUNDRY SERVERIRON XL
    > FAILED IP STICK
    >
    >
    > Thanks Phil for your posting.
    >
    > Definitely I'm not in control of the user DESKTOPs
    > and still I don't
    > understand why I'm getting problems only with AOL.
    > From what you said I'm
    > assuming that my problem is the AOL browser
    > renegotiating the SSL session to
    > fast. If that would be the case I heard you can
    > force the WEB server to re
    > negotiate the SSL session before the browser does
    > and maybe that will fix
    > the problem. Are you aware of this or anyone have
    > tried it before ????
    >
    > Foundry supports SSL SESSION ID and COOKIE
    > SWITCHING. Can I use the latter
    > to maintain sessions accross my servers ???
    >
    > Thanks
    >
    > Luis
    >
    >
    > ----- Original Message -----
    > From: Philip Goldie
    > <mailto:pgoldieIZZATnortelnetworks.com>
    > To: lb-lIZZATvegan.net <mailto:lb-lIZZATvegan.net>
    > Sent: Tuesday, October 01, 2002 11:42 AM
    > Subject: RE: [load balancing] FOUNDRY SERVERIRON XL
    > FAILED IP STICK
    >
    > Luis,
    >
    > The only real model for dealing with persistence
    > either in SSL environments
    > or plain HTTP is cookies. This is
    > not a Foundry limitation, just the nature of the
    > protocols, applications and
    > infrastuctures which make up the
    > Internet :-(
    >
    > One alternative is to use SSL Session ID as a
    > persistence mechanism, but
    > this is often proved fruitless as
    > most browsers renegotiate the SSL ID periodically.
    > There is a fix for this,
    > but only if you're in control of the
    > desktop of the user base, which it sounds like
    > you're not.
    >
    > Phil.
    >
    > -----Original Message-----
    > From: Cisco [mailto:ciscoIZZATnetsyssupport.com]
    > Sent: 01 October 2002 15:31
    > To: lb-lIZZATvegan.net
    > Subject: [load balancing] FOUNDRY SERVERIRON XL
    > FAILED IP STICK
    >
    >
    > I recently setup our Foundry ServerIron XL for
    > SERVER LOAD BALANCING. This
    > is the configuration we have
    >
    > server real test1 65.165.34.11
    > port http
    >
    > port http keepalive
    >
    > port http url "HEAD /"
    >
    > port ssl
    >
    > port ssl keepalive
    >
    > !
    >
    > server real test2 65.165.34.12
    >
    > port http
    >
    > port http keepalive
    >
    > port http url "HEAD /"
    >
    > port ssl
    >
    > port ssl keepalive
    > !
    > server virtual test 65.165.34.10
    > port http sticky
    > port ssl sticky
    > track-group http 443
    > bind http test1 http test2 http
    > bind ssl test1 ssl test2 ssl
    >
    > The load balancing works great but I'm having a lot
    > of problems with HTTP
    > and SSL sessions maintained to the same real server
    > (STICKYNESS). It seems
    > to work fine with most of the websites but I'm
    > having problems with users
    > coming from AOL. Now I heard of those problems
    > before and I don't know if it
    > is due to the AOL mega proxy or the AOL browser.
    > Does anyone know what could
    > it be happening. It seems that the IP stickyness
    > doesn't works for these
    > site. Does anyone knows if Foundry supports another
    > type of sticky feature
    > not based in IP address to maintain real server
    > sessions ?
    > ANY HELP WILL BE GREATLY APRECIATED.
    >
    > Luis Vazquez
    > ciscoIZZATnetsyssupport.com
    > <mailto:ciscoIZZATnetsyssupport.com>
    >
    >
    >

    __________________________________________________
    Do you Yahoo!?
    New DSL Internet Access from SBC & Yahoo!
    http://sbc.yahoo.com
    ____________________
    The Load Balancing Mailing List
    Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
    Archive: http://vegan.net/lb/archive
    LBDigest: http://lbdigest.com
    MRTG with SLB: http://vegan.net/MRTG
    Hosted by: http://www.tokkisystems.com



    This archive was generated by hypermail 2.1.4 : Tue Oct 01 2002 - 15:28:26 EDT