CISCO load balancer setup

**Viktor** · 26 April 2006, 13:44

http://www.cisco.com/univercd/home/home.htm

hope this helps...

**threaded** · 27 April 2006, 07:23

Thanks for that.

**threaded** · 28 April 2006, 10:11

Still stuck, I can make it sticky for 80 and 443, but I want any particular client to got back to the same webserver for both 80 and 443.

this is what I have:

content web-servers
vip address xxx.xxx.xxx.xxx
add service www-server1
add service www-server2
protocol tcp
port 80
advanced-balance sticky-srcip
sticky-inact-timeout 60
active

content web-servers-https
vip address xxx.xxx.xxx.xxx
add service www-server1
add service www-server2
protocol tcp
port 443
advanced-balance sticky-srcip
sticky-inact-timeout 60
active

**threaded** · 1 May 2006, 09:02

Would arrowpoint-cookies help me in this quest?

**PropertyCrashUK** · 2 May 2006, 09:19

IMPO Cisco manuals are pretty poor - here speaks a man who was with them for several years.

I personally find the Syngress book range on Cisco products to be good - perhaps you should consider them?

**monkeyboy** · 5 May 2006, 09:23

With the CSS you can within the content rule not supply a port so it will be valid for all ports and use source ip sticky. If behind a firewall not a real problem. This does present the problem of health checks as you can only supply the 2 real servers once.

Unfortunately there is no way to link these rules together.

Setting the servers to dish out cookies is the prefered method. This allows the content rule to take advantage of the advanced-balance methods of cookies and cookies-URL. (Cookies-URL will first look in the Hyper-Text Transfer Protocol (HTTP) GET of the packet for the cookie. If it does not find it there, it will look for it in the URL after a question mark.) Some customers are unaware of how to do this or do not have access to the servers to configure this.

SSL is used explicitly for encrypted traffic. It uses a different port than HTTP, and should be considered a different protocol. It is only mentioned in this document because it is a form of sticky.

This means that you can't link the http session to the https session except when doing the above.

CISCO load balancer setup