VMware Cloud Community
ErichMees
Contributor
Contributor
Jump to solution

Load Balancing Web servers via vShield Edge - Lot of questions...

So, the VCNS documentation is extremely vague on this topic, and I was hoping that somebody might be able to shed some light on this.

I have two web servers (VMs) that are currently being load balanced via a vShield Edge device using the least connection algorithm.  On one of the web pages of this site, the dataset (results) of a query are stored in a session variable which needs to persist on page load.  Because this is an ASP.NET site, I have the virtual server load balancer setup with the following settings:

persistence method:  cookie

cookie name:  ASP.NET_SessionID

cookie mode:  APP

APP seems to be the only cookie mode that makes the session persist in this web site.  Can someone explain to me what the differences are between INSERT, PREFIX, and APP?  Also, when is it appropriate to use each?  That is not explained anywhere in the documentation.

If I leave cookie mode set to APP, how do I specify a session timeout?  Say, for example, the load balancer pushes the client to one web server, how do I know that this client won't ALWAYS get dumped on that particular web server server going forward?  I think this is an important question because session timeout period is a feature of HAproxy, a competing load balancer product.  I didn't see this mentioned anywhere in the vShield/VCNS API documentation.

Also, from what I've read the load balancer operates in Layer 7 by default.  If I make the API change to make the load balancer operate in Layer 4 and change the algorithm to IP_HASH, is anything else required to force the LB to layer 4?  I assume then that cookies are a non-issue at this point?

Lastly, can someone tell me how I am supposed to monitor LB statistics?  A product called HAproxy has a nice statistics page that shows where packets are going and what sessions are open.  I think that's very important, otherwise how do I know how effectively the Edge is balancing the load?  I know there is the health monitoring page, but that's more of a "is this working or not" kind of thing.

Any help is appreciated.  Thanks!

Reply
0 Kudos
1 Solution

Accepted Solutions
admin
Immortal
Immortal
Jump to solution

Hi,

    Let's try to tackle your questions one-by-one:

"APP seems to be the only cookie mode that makes the session persist in this web site.  Can someone explain to me what the differences are between INSERT, PREFIX, and APP?"


ANSWER: There are 3 modes of inserting/monitoring cookies used by the Edge Load Balancer:

#1. INSERT: The LB (not the web server) inserts a persistence cookie into the HTTP response from the server on it’s way to the client; subsequent requests from the client’s browser will be directed by the LB to the same web server.

#2. PREFIX: The LB does NOT insert a cookie (the web server does), but the LB does monitor and modify the existing server-issued cookie. In this case, as the HTTP response passes through the LB from the server to the client, the cookie issued by the server is 'prefixed' with the server’s identifier. The prefix will be removed from all subsequent client requests passing through the LB so that the server still finds the original cookie unmodified.

#3. APP: The LB does NOT insert a cookie (like #1) and it does NOT modify an existing cookie (like #2). In this case, the LB will monitor the value in the cookie header and URL parameters. If there’s a match, the LB will store the session “stickiness” in its memory table.

"If I leave cookie mode set to APP, how do I specify a session timeout?  Say, for example, the load balancer pushes the client to one web server, how do I know that this client won't ALWAYS get dumped on that particular web server server going forward?"

ANSWER: You cannot specify a persistence timeout currently in Edge. Based on the explanation above, if you have APP mode configured, as long as the LB finds a match on the cookie value, you will maintain session stickiness.

"Also, from what I've read the load balancer operates in Layer 7 by default. If I make the API change to make the load balancer operate in Layer 4 and change the algorithm to IP_HASH, is anything else required to force the LB to layer 4?  I assume then that cookies are a non-issue at this point?"

ANSWER: The LB can load balance HTTP/HTTPS and TCP traffic simultaneously (just check the appropriate boxes when creating the load balancing pool); it’s not an either/or decision. And yes, when load balancing TCP traffic (or anything non-HTTP) cookies are irrelevant.

Perhaps the following blog may make things clearer: http://blogs.vmware.com/vsphere/2012/11/load-balancing-using-vcloud-networking-and-security-5-1-edge...

Hope this helps....

View solution in original post

Reply
0 Kudos
6 Replies
ErichMees
Contributor
Contributor
Jump to solution

Bump...can anyone comment on the above questions?

Reply
0 Kudos
amatt240
Enthusiast
Enthusiast
Jump to solution

VMware ticket.

Very little is documented on the vShield Edge appliances, so I would highly recommend you open a ticket with VMware and let them bounce it off their engineers for a few days/weeks.

Reply
0 Kudos
TommyFreddy
Enthusiast
Enthusiast
Jump to solution

I think this is programming related problems, So please post it a programming or network blog that might be help.

Take care!

Reply
0 Kudos
admin
Immortal
Immortal
Jump to solution

Hi,

    Let's try to tackle your questions one-by-one:

"APP seems to be the only cookie mode that makes the session persist in this web site.  Can someone explain to me what the differences are between INSERT, PREFIX, and APP?"


ANSWER: There are 3 modes of inserting/monitoring cookies used by the Edge Load Balancer:

#1. INSERT: The LB (not the web server) inserts a persistence cookie into the HTTP response from the server on it’s way to the client; subsequent requests from the client’s browser will be directed by the LB to the same web server.

#2. PREFIX: The LB does NOT insert a cookie (the web server does), but the LB does monitor and modify the existing server-issued cookie. In this case, as the HTTP response passes through the LB from the server to the client, the cookie issued by the server is 'prefixed' with the server’s identifier. The prefix will be removed from all subsequent client requests passing through the LB so that the server still finds the original cookie unmodified.

#3. APP: The LB does NOT insert a cookie (like #1) and it does NOT modify an existing cookie (like #2). In this case, the LB will monitor the value in the cookie header and URL parameters. If there’s a match, the LB will store the session “stickiness” in its memory table.

"If I leave cookie mode set to APP, how do I specify a session timeout?  Say, for example, the load balancer pushes the client to one web server, how do I know that this client won't ALWAYS get dumped on that particular web server server going forward?"

ANSWER: You cannot specify a persistence timeout currently in Edge. Based on the explanation above, if you have APP mode configured, as long as the LB finds a match on the cookie value, you will maintain session stickiness.

"Also, from what I've read the load balancer operates in Layer 7 by default. If I make the API change to make the load balancer operate in Layer 4 and change the algorithm to IP_HASH, is anything else required to force the LB to layer 4?  I assume then that cookies are a non-issue at this point?"

ANSWER: The LB can load balance HTTP/HTTPS and TCP traffic simultaneously (just check the appropriate boxes when creating the load balancing pool); it’s not an either/or decision. And yes, when load balancing TCP traffic (or anything non-HTTP) cookies are irrelevant.

Perhaps the following blog may make things clearer: http://blogs.vmware.com/vsphere/2012/11/load-balancing-using-vcloud-networking-and-security-5-1-edge...

Hope this helps....

Reply
0 Kudos
ErichMees
Contributor
Contributor
Jump to solution

Thank you Maqsoodsiddiqui.  This does give me a better idea about how these features work and where their use is appropriate.

Reply
0 Kudos
Jamiestarr38
Contributor
Contributor
Jump to solution

vShieldEdge_LB.jpg

I read that vShield Edge load balancing blog  I have a configuration question to ask.

 

Ok for example based on the attached image.I have two networks I would like to use.  10.10.21.0/24, GW: 10.10.21.1 and 10.8.20.0/24, GW: 10.8.20.1

 

Successfully deployed the vShield edge appliance.

On the uplink interface I am assigning  3 ip addresses from the 10.10.21.0/24 network:

                10.10.21.30

                10.10.21.31

                10.10.21.32

               

I am configuring to load balance across 3 server pools from the 10.8.20.0 network:

                10.10.21.30   ->   10.8.20.40 and 10.8.20.41

                10.10.21.31   ->   10.8.20.42 and 10.8.20.43

Where I am getting confused is since the servers in the 10.8.20.0/24 network already as a gw of 10.8.20.1

Do you assign 10.8.20.1 to the internal interface and does that one internal interface services each server pool

Or do you require a separate internal interface for each server pool?

Reply
0 Kudos