Session Persistence Using Cookie Insert on the Cisco Application Control Engine Configuration Example
From DocWiki
(→ACE configured with “cookie insert browser-expire”) |
|||
Line 148: | Line 148: | ||
This is because the sticky-entry is a hash of the cookie value. In order to determine the server a client is hitting one must mark the server such that it can be distinguished, possibly using a HTTP Header in the server response, or by determining the cookie value ACE uses for each server. The cookie value is a number based on the serverfarm name, rserver name, and rserver port. The following script can be used to determine the values associated with each rserver. | This is because the sticky-entry is a hash of the cookie value. In order to determine the server a client is hitting one must mark the server such that it can be distinguished, possibly using a HTTP Header in the server response, or by determining the cookie value ACE uses for each server. The cookie value is a number based on the serverfarm name, rserver name, and rserver port. The following script can be used to determine the values associated with each rserver. | ||
+ | |||
+ | ===TCL Script for calculating Cookie Values=== | ||
+ | Note: This script works for 32-bit OS only. If you are using this on a 64-bit OS, you will need to modify it to produce a 32-bit unsigned integer. | ||
<pre>[root@host cookie]# ./ace-cookie-value.tcl webfarm lnx1 0 | <pre>[root@host cookie]# ./ace-cookie-value.tcl webfarm lnx1 0 | ||
Line 188: | Line 191: | ||
puts [format "Value: R%u" $hashValue]</pre> | puts [format "Value: R%u" $hashValue]</pre> | ||
+ | |||
+ | ===VBA Script for calculating Cookie Values=== | ||
+ | The following script was created by an ACE customer and shared for the convenience of all ACE users. We would like to thank Nerve Benattar for his contribution to the ACE Doc Wiki! | ||
+ | |||
+ | <pre> | ||
+ | Dim Result_Cookie As String | ||
+ | |||
+ | |||
+ | Function Calculating_Cookie_Name(ByVal CHAINE1 As String) | ||
+ | |||
+ | ' For this script, we need to work with 32 bits unsigned integer. | ||
+ | ' VBA does not support unsigned int of 32 bits. An integer is only 16 bits | ||
+ | ' and a Long var is 32 bits signed. To simulate a 32 bits unsigned integer, | ||
+ | ' we use an double and subtract all numbers with the tops from the 32th bit | ||
+ | ' Thanks for Derek Huckaby and Paul Zimmerman from Cisco for their helps | ||
+ | ' Herve Benattar AXA TECH GNSD | ||
+ | |||
+ | Dim Dbl_64bits_Tmp1, Dbl_64bits_Tmp2, hashValue, hashMultiplier As Double | ||
+ | Dim ix As Integer | ||
+ | |||
+ | hashValue = 5381 | ||
+ | hashMultiplier = 32 | ||
+ | ix = 0 | ||
+ | |||
+ | Lng_Chaine = Len(CHAINE1) | ||
+ | |||
+ | For ix = 0 To (Lng_Chaine - 1) Step 1 | ||
+ | 'MAX Value 4294967295*32+5381 = 137438958821 | ||
+ | Dbl_64bits_Tmp2 = hashValue * hashMultiplier + hashValue | ||
+ | 'MAX value 127 or 255 with Extended ASCII Codes | ||
+ | Dbl_64bits_Tmp1 = CDbl(Asc(Mid(CHAINE1, ix + 1, 1))) | ||
+ | 'MAX 137438958821+255 = 137438959076 = 100000 00000000000000000001010111100100(2) | ||
+ | hashValue = Dbl_64bits_Tmp2 + Dbl_64bits_Tmp1 | ||
+ | |||
+ | Try_Again: | ||
+ | Select Case hashValue | ||
+ | '39th bits to 1 (Normaly none use with MAX) | ||
+ | Case Is >= 545460846592# | ||
+ | hashValue = hashValue - 545460846592# | ||
+ | GoTo Try_Again | ||
+ | '38th bits to 1 | ||
+ | Case Is >= 270582939648# | ||
+ | hashValue = hashValue - 270582939648# | ||
+ | GoTo Try_Again | ||
+ | '37th bits to 1 | ||
+ | Case Is >= 133143986176# | ||
+ | hashValue = hashValue - 133143986176# | ||
+ | GoTo Try_Again | ||
+ | '36th bits to 1 | ||
+ | Case Is >= 64424509440# | ||
+ | hashValue = hashValue - 64424509440# | ||
+ | GoTo Try_Again | ||
+ | '35th bits to 1 | ||
+ | Case Is >= 30064771072# | ||
+ | hashValue = hashValue - 30064771072# | ||
+ | GoTo Try_Again | ||
+ | '34eme bits to 1 | ||
+ | Case Is >= 12884901888# | ||
+ | hashValue = hashValue - 12884901888# | ||
+ | GoTo Try_Again | ||
+ | '33eme bits to 1 | ||
+ | Case Is >= 4294967296# | ||
+ | hashValue = hashValue - 4294967296# | ||
+ | GoTo Try_Again | ||
+ | End Select | ||
+ | |||
+ | 'MsgBox "Value: R" & hashValue | ||
+ | |||
+ | Next | ||
+ | |||
+ | Result_Cookie = "R" & hashValue | ||
+ | |||
+ | End Function | ||
+ | |||
+ | Private Sub CommandButton1_Click() | ||
+ | |||
+ | ActiveSheet.Range("A2").Select | ||
+ | |||
+ | While (Not IsEmpty(ActiveCell.Value)) | ||
+ | serverFarmName = ActiveCell.Value | ||
+ | realServerName = ActiveCell.Offset(0, 1).Value | ||
+ | port = ActiveCell.Offset(0, 2).Value | ||
+ | |||
+ | cookieInsertStr = serverFarmName & ":" & realServerName & ":" & port | ||
+ | |||
+ | Calculating_Cookie_Name (cookieInsertStr) | ||
+ | ActiveCell.Offset(0, 3) = Result_Cookie | ||
+ | ActiveCell.Offset(1, 0).Select | ||
+ | Wend | ||
+ | |||
+ | End Sub | ||
+ | </pre> | ||
==show running-config == | ==show running-config == | ||
Line 264: | Line 359: | ||
==Related Information== | ==Related Information== | ||
[http://www.cisco.com/web/psa/products/index.html Technical Support & Documentation - Cisco Systems] | [http://www.cisco.com/web/psa/products/index.html Technical Support & Documentation - Cisco Systems] | ||
+ | |||
+ | ===Hash output Examples=== | ||
+ | For the developer we have provided the following outputs as the hash is being calculated to all you to check your code against a working example. | ||
+ | |||
+ | <pre> | ||
+ | [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl zzzzzzz zzzzzz 65535 | ||
+ | Value: R177695 | ||
+ | Value: R5864057 | ||
+ | Value: R193514003 | ||
+ | Value: R2090994925 | ||
+ | Value: R283355911 | ||
+ | Value: R760810593 | ||
+ | Value: R3631913211 | ||
+ | Value: R3889019029 | ||
+ | Value: R3783576495 | ||
+ | Value: R303972873 | ||
+ | Value: R1441170339 | ||
+ | Value: R313981053 | ||
+ | Value: R1771440279 | ||
+ | Value: R2622954481 | ||
+ | Value: R658152011 | ||
+ | Value: R244179937 | ||
+ | Value: R3762970678 | ||
+ | Value: R3918948139 | ||
+ | Value: R476269758 | ||
+ | Value: R2832000179 | ||
+ | Final Value: R2832000179 | ||
+ | |||
+ | |||
+ | [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-SIEBEL-INTEGR ppclsrobj | ||
+ | web1 80 | ||
+ | Value: R177643 | ||
+ | Value: R5862284 | ||
+ | Value: R193455454 | ||
+ | Value: R2089062763 | ||
+ | Value: R219594488 | ||
+ | Value: R2951650891 | ||
+ | Value: R2915198964 | ||
+ | Value: R1712285369 | ||
+ | Value: R670842395 | ||
+ | Value: R662962624 | ||
+ | Value: R402930188 | ||
+ | Value: R411794361 | ||
+ | Value: R704312098 | ||
+ | Value: R1767462832 | ||
+ | Value: R2491698692 | ||
+ | Value: R621678281 | ||
+ | Value: R3335514160 | ||
+ | Value: R2697784962 | ||
+ | Value: R3127557884 | ||
+ | Value: R130195180 | ||
+ | Value: R1473756 | ||
+ | Value: R48634047 | ||
+ | Value: R1604923659 | ||
+ | Value: R1422873310 | ||
+ | Value: R4005146384 | ||
+ | Value: R3320811903 | ||
+ | Value: R2212610497 | ||
+ | Value: R1702475 | ||
+ | Value: R56181794 | ||
+ | Value: R1853999303 | ||
+ | Value: R1052434953 | ||
+ | Value: R370615130 | ||
+ | Value: R3640364756 | ||
+ | Value: R4167920012 | ||
+ | Value: R102406972 | ||
+ | Final Value: R102406972 | ||
+ | |||
+ | |||
+ | [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-SIEBEL-INTEGR ppclsrobj | ||
+ | web2 80 | ||
+ | Value: R177643 | ||
+ | Value: R5862284 | ||
+ | Value: R193455454 | ||
+ | Value: R2089062763 | ||
+ | Value: R219594488 | ||
+ | Value: R2951650891 | ||
+ | Value: R2915198964 | ||
+ | Value: R1712285369 | ||
+ | Value: R670842395 | ||
+ | Value: R662962624 | ||
+ | Value: R402930188 | ||
+ | Value: R411794361 | ||
+ | Value: R704312098 | ||
+ | Value: R1767462832 | ||
+ | Value: R2491698692 | ||
+ | Value: R621678281 | ||
+ | Value: R3335514160 | ||
+ | Value: R2697784962 | ||
+ | Value: R3127557884 | ||
+ | Value: R130195180 | ||
+ | Value: R1473756 | ||
+ | Value: R48634047 | ||
+ | Value: R1604923659 | ||
+ | Value: R1422873310 | ||
+ | Value: R4005146384 | ||
+ | Value: R3320811903 | ||
+ | Value: R2212610497 | ||
+ | Value: R1702475 | ||
+ | Value: R56181794 | ||
+ | Value: R1853999303 | ||
+ | Value: R1052434953 | ||
+ | Value: R370615131 | ||
+ | Value: R3640364789 | ||
+ | Value: R4167921101 | ||
+ | Value: R102442909 | ||
+ | Final Value: R102442909 | ||
+ | |||
+ | |||
+ | [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-DAISY-METIER_80 INDAMET | ||
+ | 01 80 | ||
+ | Value: R177643 | ||
+ | Value: R5862284 | ||
+ | Value: R193455454 | ||
+ | Value: R2089062763 | ||
+ | Value: R219594488 | ||
+ | Value: R2951650876 | ||
+ | Value: R2915198461 | ||
+ | Value: R1712268774 | ||
+ | Value: R670294777 | ||
+ | Value: R644891250 | ||
+ | Value: R4101542111 | ||
+ | Value: R2206903564 | ||
+ | Value: R4108340945 | ||
+ | Value: R2431265093 | ||
+ | Value: R2922336814 | ||
+ | Value: R1947834419 | ||
+ | Value: R4148993765 | ||
+ | Value: R3772808164 | ||
+ | Value: R4243585180 | ||
+ | Value: R2599357516 | ||
+ | Value: R4174419462 | ||
+ | Value: R316888847 | ||
+ | Value: R1867397437 | ||
+ | Value: R1494573345 | ||
+ | Value: R2076280194 | ||
+ | Value: R4092737039 | ||
+ | Value: R1916336180 | ||
+ | Value: R3109551880 | ||
+ | Value: R3830964280 | ||
+ | Value: R1867769705 | ||
+ | Value: R1506858179 | ||
+ | Value: R2481679707 | ||
+ | Value: R291051755 | ||
+ | Final Value: R291051755 | ||
+ | |||
+ | |||
+ | [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-DAISY-METIER_80 INDAMET | ||
+ | 02 80 | ||
+ | Value: R177643 | ||
+ | Value: R5862284 | ||
+ | Value: R193455454 | ||
+ | Value: R2089062763 | ||
+ | Value: R219594488 | ||
+ | Value: R2951650876 | ||
+ | Value: R2915198461 | ||
+ | Value: R1712268774 | ||
+ | Value: R670294777 | ||
+ | Value: R644891250 | ||
+ | Value: R4101542111 | ||
+ | Value: R2206903564 | ||
+ | Value: R4108340945 | ||
+ | Value: R2431265093 | ||
+ | Value: R2922336814 | ||
+ | Value: R1947834419 | ||
+ | Value: R4148993765 | ||
+ | Value: R3772808164 | ||
+ | Value: R4243585180 | ||
+ | Value: R2599357516 | ||
+ | Value: R4174419462 | ||
+ | Value: R316888847 | ||
+ | Value: R1867397437 | ||
+ | Value: R1494573345 | ||
+ | Value: R2076280194 | ||
+ | Value: R4092737039 | ||
+ | Value: R1916336180 | ||
+ | Value: R3109551880 | ||
+ | Value: R3830964280 | ||
+ | Value: R1867769706 | ||
+ | Value: R1506858212 | ||
+ | Value: R2481680796 | ||
+ | Value: R291087692 | ||
+ | Final Value: R291087692 | ||
+ | |||
+ | |||
+ | [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-DAISY-METIER_80 INDAMET | ||
+ | 03 80 | ||
+ | Value: R177643 | ||
+ | Value: R5862284 | ||
+ | Value: R193455454 | ||
+ | Value: R2089062763 | ||
+ | Value: R219594488 | ||
+ | Value: R2951650876 | ||
+ | Value: R2915198461 | ||
+ | Value: R1712268774 | ||
+ | Value: R670294777 | ||
+ | Value: R644891250 | ||
+ | Value: R4101542111 | ||
+ | Value: R2206903564 | ||
+ | Value: R4108340945 | ||
+ | Value: R2431265093 | ||
+ | Value: R2922336814 | ||
+ | Value: R1947834419 | ||
+ | Value: R4148993765 | ||
+ | Value: R3772808164 | ||
+ | Value: R4243585180 | ||
+ | Value: R2599357516 | ||
+ | Value: R4174419462 | ||
+ | Value: R316888847 | ||
+ | Value: R1867397437 | ||
+ | Value: R1494573345 | ||
+ | Value: R2076280194 | ||
+ | Value: R4092737039 | ||
+ | Value: R1916336180 | ||
+ | Value: R3109551880 | ||
+ | Value: R3830964280 | ||
+ | Value: R1867769707 | ||
+ | Value: R1506858245 | ||
+ | Value: R2481681885 | ||
+ | Value: R291123629 | ||
+ | Final Value: R291123629 | ||
+ | |||
+ | |||
+ | [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-DAISY-METIER_80 INDAMET | ||
+ | 04 80 | ||
+ | Value: R177643 | ||
+ | Value: R5862284 | ||
+ | Value: R193455454 | ||
+ | Value: R2089062763 | ||
+ | Value: R219594488 | ||
+ | Value: R2951650876 | ||
+ | Value: R2915198461 | ||
+ | Value: R1712268774 | ||
+ | Value: R670294777 | ||
+ | Value: R644891250 | ||
+ | Value: R4101542111 | ||
+ | Value: R2206903564 | ||
+ | Value: R4108340945 | ||
+ | Value: R2431265093 | ||
+ | Value: R2922336814 | ||
+ | Value: R1947834419 | ||
+ | Value: R4148993765 | ||
+ | Value: R3772808164 | ||
+ | Value: R4243585180 | ||
+ | Value: R2599357516 | ||
+ | Value: R4174419462 | ||
+ | Value: R316888847 | ||
+ | Value: R1867397437 | ||
+ | Value: R1494573345 | ||
+ | Value: R2076280194 | ||
+ | Value: R4092737039 | ||
+ | Value: R1916336180 | ||
+ | Value: R3109551880 | ||
+ | Value: R3830964280 | ||
+ | Value: R1867769708 | ||
+ | Value: R1506858278 | ||
+ | Value: R2481682974 | ||
+ | Value: R291159566 | ||
+ | Final Value: R291159566 | ||
+ | |||
+ | |||
+ | [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-DAISY-METIER_80 INDAMET | ||
+ | 05 80 | ||
+ | Value: R177643 | ||
+ | Value: R5862284 | ||
+ | Value: R193455454 | ||
+ | Value: R2089062763 | ||
+ | Value: R219594488 | ||
+ | Value: R2951650876 | ||
+ | Value: R2915198461 | ||
+ | Value: R1712268774 | ||
+ | Value: R670294777 | ||
+ | Value: R644891250 | ||
+ | Value: R4101542111 | ||
+ | Value: R2206903564 | ||
+ | Value: R4108340945 | ||
+ | Value: R2431265093 | ||
+ | Value: R2922336814 | ||
+ | Value: R1947834419 | ||
+ | Value: R4148993765 | ||
+ | Value: R3772808164 | ||
+ | Value: R4243585180 | ||
+ | Value: R2599357516 | ||
+ | Value: R4174419462 | ||
+ | Value: R316888847 | ||
+ | Value: R1867397437 | ||
+ | Value: R1494573345 | ||
+ | Value: R2076280194 | ||
+ | Value: R4092737039 | ||
+ | Value: R1916336180 | ||
+ | Value: R3109551880 | ||
+ | Value: R3830964280 | ||
+ | Value: R1867769709 | ||
+ | Value: R1506858311 | ||
+ | Value: R2481684063 | ||
+ | Value: R291195503 | ||
+ | Final Value: R291195503 | ||
+ | </pre> | ||
+ | |||
Revision as of 14:46, 4 March 2011
Contents |
Goal
Configure basic load balancing with cookie insert where client traffic enters on one network and is directed to servers residing on a second network. Once the client has entered the site they will remain stuck to a given server based on a HTTP Cookie inserted by ACE.
Design
Clients will send application requests through the multilayer switch feature card (MSFC), which routes them to a virtual IP address (VIP) within the Cisco® Application Control Engine (ACE). The VIP used in this example resides in an ACE context, which is configured with a client VLAN and a server VLAN (see figure below). Client requests will arrive at the VIP, and the ACE will check the request to see if it contains a cookie. If it does, the sticky table will be checked to see which server should receive the request. If the cookie entry has expired, or if the client does not have a cookie the ACE will pick the appropriate server to receive the request based on the requested URL. When the server responds ACE will insert a cookie into the HTTP Response to so that upon future requests client persistence to the server will be maintained.
Within the Cisco ACE sticky resources are finite and are controlled via resource allocation. Before a context can apply session persistence using sticky groups, the context must first be given a sticky allocation. Once this is done, a sticky group is created to define parameters and the serverfarm where client requests will be sent. Recall, the load balancing action tells ACE how to handle traffic which has hit a VIP. Thus the sticky group on ACE is applied within the load balance policy-map. To enable server load-balancing with session persistence based on cookies ACE inserts you need to do the following:
- Allocate sticky resources to the context
- Enable ACLs to allow data traffic through the ACE device, as it is denied by default.
- Configure the IPs of the servers (define rservers)
- Group the real servers (create a serverfarm)
- Create a sticky group
- Define the virtual IP address (VIP)
- Define how traffic is to be handled as it is received (create a policy map for load balancing)
- Apply the sticky group to the load balancing policy
- Associate a VIP to a handling action (create a multimatch policy map [a service policy])
- Create client- and server-facing interfaces
- Apply the VIP and ACL permitting client connections to the interface (apply access group and service policy to interface)
To begin the configuration, allocate sticky resources to the context you will be using In this example a context “routed” has already been defined. Create a resource class, allocate the desired amount of sticky entries, and apply them to the “routed” context.
ACE-1/Admin# show run | begin routed context routed allocate-interface vlan 10 allocate-interface vlan 20 allocate-interface vlan 40 ACE-1/Admin(config)# resource-class sticky ACE-1/Admin(config-resource)# limit-resource all minimum 0.00 maximum unlimited ACE-1/Admin(config-resource)# limit-resource sticky minimum 10.00 maximum equal-to-min ACE-1/Admin(config)# context routed ACE-1/Admin(config-context)# member sticky
Once the resources have been allocated a sticky group can be defined. The Cisco ACE can be configured in various ways to apply session persistence using cookies. For this example cookie insert will be used. The cookie name ACE will insert is supplied when the sticky group is created. By default ACE inserts permanent cookies which have a timeout of 24 hours. Using the configuration below ACE will insert a cookie with the name “ACE-Insert”, it will have a timeout of 5 minutes, and use a pre-existing serverfarm named “webfarm”.
ACE-1/routed(config)# sticky http-cookie ACE-Insert web-sticky ACE-1/routed(config-sticky-cookie)# cookie insert ACE-1/routed(config-sticky-cookie)# timeout 5 ACE-1/routed(config-sticky-cookie)# serverfarm webfarm
![]() | Note: | If session cookies (cookies that are removed when the client closes the browser) are preferred then “cookie insert browser-expire” can be configured. |
The serverfarm within the load balancing policy map must be swapped with the sticky group to apply cookie-insert sticky to new client requests. Based on this example configuration there are two possible actions for handling new client requests. Any requests for images will be sent to the “imagefarm” serverfarm, which does not require persistence. All other requests will be sent to the web servers in the “webfarm” where the clients will use session persistence.
ACE-1/routed(config)# policy-map type loadbalance http first-match slb-logic ACE-1/routed(config-pmap-lb-c)# class class-default ACE-1/routed(config-pmap-lb-c)# no serverfarm webfarm ACE-1/routed(config-pmap-lb-c)# sticky-serverfarm web-sticky
When cookie insert is applied permanent entries are inserted into the static sticky database for each real server defined in the serverfarm. In this example there are two entries created.
ACE-1/routed(config-pmap-lb-c)# do show sticky database static sticky group : web-sticky type : HTTP-COOKIE timeout : 5 timeout-activeconns : FALSE sticky-entry rserver-instance time-to-expire flags ---------------------+----------------------+--------------+-------+ 16820511103801384579 lnx1:0 never - sticky group : web-sticky type : HTTP-COOKIE timeout : 5 timeout-activeconns : FALSE sticky-entry rserver-instance time-to-expire flags ---------------------+----------------------+--------------+-------+ 3347854103021350619 lnx2:0 never -
When a client connects to the VIP they download index.html page from the web servers. At this point the client will get a cookie for the selected server to ensure all future requests will continue to use the same server. While there is no way to see how many clients have a cookie for a given server the common show commands will provide details on the incoming requests and responses and other data stats.
Recall, the Cisco ACE inserts a static entry for each server in a server farm in the sticky group. In this case there is only one sticky group and it uses cookie-insert and the serverfarm contains 2 real servers. Thus the output of the show stats sticky command displays 2 entries, despite the number of clients using the VIP.
ACE-1/routed# show stats sticky +------------------------------------------+ +----------- Sticky statistics ------------+ +------------------------------------------+ Total sticky entries reused : 0 prior to expiry Total active sticky entries : 2 Total active sticky conns : 0 Total static sticky entries : 2
Related show commands
This section provides information you can use to confirm your configuration is working properly.
Certain show commands are supported by the Output Interpreter Tool (registered customers only), which allows you to view an analysis of show command output.
ACE-1/routed #show sticky database static ACE-1/routed #show service-policy client-vips ACE-1/routed #show service-policy client-vips detail ACE-1/routed #show serverfarm ACE-1/routed #show rserver ACE-1/routed #show stats
Comments
The type of cookie ACE will insert depends on if cookie-insert is configured or cookie-insert browser-expire is configured. The sniffer traces below show the difference between the types of cookies ACE will insert.
ACE configured with “cookie insert”
Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n Set-Cookie: ACE-Insert=R1005880048; path=/; expires=Thu, 16-Oct-2008 00:08:55 GMT\r\n Date: Fri, 29 Aug 2008 19:17:35 GMT\r\n Server: Apache/2.0.52 (Red Hat)\r\n Accept-Ranges: bytes\r\n Content-Length: 1112\r\n VirtualHost: 192.168.1.12\r\n Connection: close\r\n Content-Type: text/html; charset=UTF-8\r\n \r\n
ACE configured with “cookie insert browser-expire”
Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n Set-Cookie: ACE-Insert=R1005881137; path=/\r\n Date: Fri, 29 Aug 2008 19:31:58 GMT\r\n Server: Apache/2.0.52 (Red Hat)\r\n Accept-Ranges: bytes\r\n Content-Length: 353\r\n VirtualHost: 192.168.1.11\r\n Connection: close\r\n Content-Type: text/html; charset=UTF-8\r\n \r\n
Notice the two cookie values do not appear to be related to the sticky-value in the show sticky database static output, displayed below:
sticky-entry rserver-instance time-to-expire flags ---------------------+----------------------+--------------+-------+ 16820511103801384579 lnx1:0 never - <…snip…> 3347854103021350619 lnx2:0 never -
This is because the sticky-entry is a hash of the cookie value. In order to determine the server a client is hitting one must mark the server such that it can be distinguished, possibly using a HTTP Header in the server response, or by determining the cookie value ACE uses for each server. The cookie value is a number based on the serverfarm name, rserver name, and rserver port. The following script can be used to determine the values associated with each rserver.
TCL Script for calculating Cookie Values
Note: This script works for 32-bit OS only. If you are using this on a 64-bit OS, you will need to modify it to produce a 32-bit unsigned integer.
[root@host cookie]# ./ace-cookie-value.tcl webfarm lnx1 0 Value: R1005880048 [root@host cookie]# ./ace-cookie-value.tcl webfarm lnx2 0 Value: R1005881137 #!/usr/bin/tclsh ####################################################################### # # # Name: ace-cookie-value.tcl # # # # This script takes the serverfarm name, the real server name and the # # port number used by ACE and returns the generated hash that will be # # used for cookie insertion. # # # ####################################################################### if { $argc != 3 } { puts "[info script] <serverfarm> <realname> <port>" exit 0 } set serverFarmName [lindex $argv 0] set realServerName [lindex $argv 1] set port [lindex $argv 2] set hashValue 5381 set hashMultiplier 32 set cookieInsertStr "$serverFarmName:$realServerName:$port" set len [ string length $cookieInsertStr ] for { set ix 0 } { $ix < $len } { incr ix } { set hashValue [expr (($hashValue * $hashMultiplier) + $hashValue) \ + [scan [string index $cookieInsertStr $ix] %c]] } puts [format "Value: R%u" $hashValue]
VBA Script for calculating Cookie Values
The following script was created by an ACE customer and shared for the convenience of all ACE users. We would like to thank Nerve Benattar for his contribution to the ACE Doc Wiki!
Dim Result_Cookie As String Function Calculating_Cookie_Name(ByVal CHAINE1 As String) ' For this script, we need to work with 32 bits unsigned integer. ' VBA does not support unsigned int of 32 bits. An integer is only 16 bits ' and a Long var is 32 bits signed. To simulate a 32 bits unsigned integer, ' we use an double and subtract all numbers with the tops from the 32th bit ' Thanks for Derek Huckaby and Paul Zimmerman from Cisco for their helps ' Herve Benattar AXA TECH GNSD Dim Dbl_64bits_Tmp1, Dbl_64bits_Tmp2, hashValue, hashMultiplier As Double Dim ix As Integer hashValue = 5381 hashMultiplier = 32 ix = 0 Lng_Chaine = Len(CHAINE1) For ix = 0 To (Lng_Chaine - 1) Step 1 'MAX Value 4294967295*32+5381 = 137438958821 Dbl_64bits_Tmp2 = hashValue * hashMultiplier + hashValue 'MAX value 127 or 255 with Extended ASCII Codes Dbl_64bits_Tmp1 = CDbl(Asc(Mid(CHAINE1, ix + 1, 1))) 'MAX 137438958821+255 = 137438959076 = 100000 00000000000000000001010111100100(2) hashValue = Dbl_64bits_Tmp2 + Dbl_64bits_Tmp1 Try_Again: Select Case hashValue '39th bits to 1 (Normaly none use with MAX) Case Is >= 545460846592# hashValue = hashValue - 545460846592# GoTo Try_Again '38th bits to 1 Case Is >= 270582939648# hashValue = hashValue - 270582939648# GoTo Try_Again '37th bits to 1 Case Is >= 133143986176# hashValue = hashValue - 133143986176# GoTo Try_Again '36th bits to 1 Case Is >= 64424509440# hashValue = hashValue - 64424509440# GoTo Try_Again '35th bits to 1 Case Is >= 30064771072# hashValue = hashValue - 30064771072# GoTo Try_Again '34eme bits to 1 Case Is >= 12884901888# hashValue = hashValue - 12884901888# GoTo Try_Again '33eme bits to 1 Case Is >= 4294967296# hashValue = hashValue - 4294967296# GoTo Try_Again End Select 'MsgBox "Value: R" & hashValue Next Result_Cookie = "R" & hashValue End Function Private Sub CommandButton1_Click() ActiveSheet.Range("A2").Select While (Not IsEmpty(ActiveCell.Value)) serverFarmName = ActiveCell.Value realServerName = ActiveCell.Offset(0, 1).Value port = ActiveCell.Offset(0, 2).Value cookieInsertStr = serverFarmName & ":" & realServerName & ":" & port Calculating_Cookie_Name (cookieInsertStr) ActiveCell.Offset(0, 3) = Result_Cookie ActiveCell.Offset(1, 0).Select Wend End Sub
show running-config
ACE-1/routed# show run Generating configuration.... access-list everyone line 8 extended permit ip any any access-list everyone line 16 extended permit icmp any any rserver host lnx1 ip address 192.168.1.11 inservice rserver host lnx2 ip address 192.168.1.12 inservice rserver host lnx3 ip address 192.168.1.13 inservice rserver host lnx4 ip address 192.168.1.14 inservice serverfarm host imagefarm rserver lnx3 inservice rserver lnx4 inservice serverfarm host webfarm rserver lnx1 inservice rserver lnx2 inservice sticky http-cookie ACE-Insert web-sticky cookie insert browser-expire timeout 5 serverfarm webfarm class-map type http loadbalance match-all images 2 match http url /images/.* class-map match-all slb-vip 2 match virtual-address 172.16.1.101 any policy-map type management first-match remote-access class class-default permit policy-map type loadbalance http first-match slb class images serverfarm imagefarm class class-default sticky-serverfarm web-sticky policy-map multi-match client-vips class slb-vip loadbalance vip inservice loadbalance policy slb interface vlan 20 description "Client Side" ip address 172.16.1.5 255.255.255.0 access-group input everyone service-policy input client-vips no shutdown interface vlan 40 description "Default gateway of real servers" ip address 192.168.1.1 255.255.255.0 service-policy input remote-access no shutdown ip route 0.0.0.0 0.0.0.0 172.16.1.1
Related Information
Technical Support & Documentation - Cisco Systems
Hash output Examples
For the developer we have provided the following outputs as the hash is being calculated to all you to check your code against a working example.
[root@atl-tme-linux cookie]# ./ace-cookie-value.tcl zzzzzzz zzzzzz 65535 Value: R177695 Value: R5864057 Value: R193514003 Value: R2090994925 Value: R283355911 Value: R760810593 Value: R3631913211 Value: R3889019029 Value: R3783576495 Value: R303972873 Value: R1441170339 Value: R313981053 Value: R1771440279 Value: R2622954481 Value: R658152011 Value: R244179937 Value: R3762970678 Value: R3918948139 Value: R476269758 Value: R2832000179 Final Value: R2832000179 [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-SIEBEL-INTEGR ppclsrobj web1 80 Value: R177643 Value: R5862284 Value: R193455454 Value: R2089062763 Value: R219594488 Value: R2951650891 Value: R2915198964 Value: R1712285369 Value: R670842395 Value: R662962624 Value: R402930188 Value: R411794361 Value: R704312098 Value: R1767462832 Value: R2491698692 Value: R621678281 Value: R3335514160 Value: R2697784962 Value: R3127557884 Value: R130195180 Value: R1473756 Value: R48634047 Value: R1604923659 Value: R1422873310 Value: R4005146384 Value: R3320811903 Value: R2212610497 Value: R1702475 Value: R56181794 Value: R1853999303 Value: R1052434953 Value: R370615130 Value: R3640364756 Value: R4167920012 Value: R102406972 Final Value: R102406972 [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-SIEBEL-INTEGR ppclsrobj web2 80 Value: R177643 Value: R5862284 Value: R193455454 Value: R2089062763 Value: R219594488 Value: R2951650891 Value: R2915198964 Value: R1712285369 Value: R670842395 Value: R662962624 Value: R402930188 Value: R411794361 Value: R704312098 Value: R1767462832 Value: R2491698692 Value: R621678281 Value: R3335514160 Value: R2697784962 Value: R3127557884 Value: R130195180 Value: R1473756 Value: R48634047 Value: R1604923659 Value: R1422873310 Value: R4005146384 Value: R3320811903 Value: R2212610497 Value: R1702475 Value: R56181794 Value: R1853999303 Value: R1052434953 Value: R370615131 Value: R3640364789 Value: R4167921101 Value: R102442909 Final Value: R102442909 [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-DAISY-METIER_80 INDAMET 01 80 Value: R177643 Value: R5862284 Value: R193455454 Value: R2089062763 Value: R219594488 Value: R2951650876 Value: R2915198461 Value: R1712268774 Value: R670294777 Value: R644891250 Value: R4101542111 Value: R2206903564 Value: R4108340945 Value: R2431265093 Value: R2922336814 Value: R1947834419 Value: R4148993765 Value: R3772808164 Value: R4243585180 Value: R2599357516 Value: R4174419462 Value: R316888847 Value: R1867397437 Value: R1494573345 Value: R2076280194 Value: R4092737039 Value: R1916336180 Value: R3109551880 Value: R3830964280 Value: R1867769705 Value: R1506858179 Value: R2481679707 Value: R291051755 Final Value: R291051755 [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-DAISY-METIER_80 INDAMET 02 80 Value: R177643 Value: R5862284 Value: R193455454 Value: R2089062763 Value: R219594488 Value: R2951650876 Value: R2915198461 Value: R1712268774 Value: R670294777 Value: R644891250 Value: R4101542111 Value: R2206903564 Value: R4108340945 Value: R2431265093 Value: R2922336814 Value: R1947834419 Value: R4148993765 Value: R3772808164 Value: R4243585180 Value: R2599357516 Value: R4174419462 Value: R316888847 Value: R1867397437 Value: R1494573345 Value: R2076280194 Value: R4092737039 Value: R1916336180 Value: R3109551880 Value: R3830964280 Value: R1867769706 Value: R1506858212 Value: R2481680796 Value: R291087692 Final Value: R291087692 [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-DAISY-METIER_80 INDAMET 03 80 Value: R177643 Value: R5862284 Value: R193455454 Value: R2089062763 Value: R219594488 Value: R2951650876 Value: R2915198461 Value: R1712268774 Value: R670294777 Value: R644891250 Value: R4101542111 Value: R2206903564 Value: R4108340945 Value: R2431265093 Value: R2922336814 Value: R1947834419 Value: R4148993765 Value: R3772808164 Value: R4243585180 Value: R2599357516 Value: R4174419462 Value: R316888847 Value: R1867397437 Value: R1494573345 Value: R2076280194 Value: R4092737039 Value: R1916336180 Value: R3109551880 Value: R3830964280 Value: R1867769707 Value: R1506858245 Value: R2481681885 Value: R291123629 Final Value: R291123629 [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-DAISY-METIER_80 INDAMET 04 80 Value: R177643 Value: R5862284 Value: R193455454 Value: R2089062763 Value: R219594488 Value: R2951650876 Value: R2915198461 Value: R1712268774 Value: R670294777 Value: R644891250 Value: R4101542111 Value: R2206903564 Value: R4108340945 Value: R2431265093 Value: R2922336814 Value: R1947834419 Value: R4148993765 Value: R3772808164 Value: R4243585180 Value: R2599357516 Value: R4174419462 Value: R316888847 Value: R1867397437 Value: R1494573345 Value: R2076280194 Value: R4092737039 Value: R1916336180 Value: R3109551880 Value: R3830964280 Value: R1867769708 Value: R1506858278 Value: R2481682974 Value: R291159566 Final Value: R291159566 [root@atl-tme-linux cookie]# ./ace-cookie-value.tcl FARM-DAISY-METIER_80 INDAMET 05 80 Value: R177643 Value: R5862284 Value: R193455454 Value: R2089062763 Value: R219594488 Value: R2951650876 Value: R2915198461 Value: R1712268774 Value: R670294777 Value: R644891250 Value: R4101542111 Value: R2206903564 Value: R4108340945 Value: R2431265093 Value: R2922336814 Value: R1947834419 Value: R4148993765 Value: R3772808164 Value: R4243585180 Value: R2599357516 Value: R4174419462 Value: R316888847 Value: R1867397437 Value: R1494573345 Value: R2076280194 Value: R4092737039 Value: R1916336180 Value: R3109551880 Value: R3830964280 Value: R1867769709 Value: R1506858311 Value: R2481684063 Value: R291195503 Final Value: R291195503