traffic load balanced to CAS server very unevenly

I'm not familiar with ISA or CAS but to me it looks like Cookie Persistence is failing and it's mostly falling back to Source Address. That being the case, as there are two ISA servers and three CAS servers I'd expect one CAS server to be idle.

 

 

You can hopefully confirm this with the following command: [tmsh] show ltm persistence persist-records

Hi Daniel, for which Exchange service are you seeing uneven persistence? I would expect OWA to work fine, but Outlook Anywhere/ActiveSync/Autodiscover connections don't use cookies, so they would fall back to source IP address. If the TMG is translating the source IP of the client connections to it's own IP, LTM would only see one source address for all connections and you would have clumped connections. You can run this command on the LTM to see the source IP persistence records:

 

 

(tmos): show ltm persistence persistence-records

 

 

This command will not show you cookie persistence records.

 

thanks

 

Mike

Thanks for all reply.

 

From the command I can only see this.

 

root@BIGIP01(Active)(tmos) show ltm persistence persist-records

 

Sys::Persistent Connections

 

source-address 10.0.0.40:80 10.0.0.49:80 0

 

source-address 10.0.0.40:80 10.0.0.49:80 1

 

source-address 10.0.0.40:80 10.0.0.49:80 0

 

source-address 10.0.0.40:80 10.0.0.49:80 1

 

Total records returned: 4

 

 

10.0.0.40 is the VS ip address, 10.0.0.49 is the heavy loaded server ip address. I do not see the ISA ip address.

 

 

When I look at the persistence records statistics in WebUI, I found these records.

 

Persistence Value Persistence Mode Virtual Server Pool Pool Member Age

 

10.0.0.29 Source Address Affinity VS_HTTP HTTP_POOL 10.0.0.49:80 0 seconds

 

10.0.0.29 Source Address Affinity VS_HTTP HTTP_POOL 10.0.0.49:80 0 seconds

 

10.0.0.30 Source Address Affinity VS_HTTP HTTP_POOL 10.0.0.49:80 1 seconds

 

10.0.0.30 Source Address Affinity VS_HTTP HTTP_POOL 10.0.0.49:80 0 seconds

 

 

10.0.0.29 and 30 are ip address of ISA servers.

 

However, since similar problem happened before and I made a post here, someone told me that as long as the source address persistence is configured ( although as backup method), the persistence records will still be created even if not used.

I think you're right regarding the persistence records. I'd suggest you do a tcpdump if you can and confirm if the cookie persistence is working by checking if the cookie is passed back and forth.

I used httpfox in firefox to check that I got cookie assigned by LTM. So I presume cookie persistence is working fine.

 

However, I tried many connections in different locations and found that I always got assigned the same backend server (I delete all cookies when I made new attempts).

 

I understand that if using cookie persistence oneconnect profile should be used as well, and oneconnect profile may create the appearence that LTM if not evenly distributing connections. But I don't expect such extreme behavior that 1 server got several connections while another one got hundreds.

 

Anything else I can do to fix this or at least alleviate a bit?

OK, what load balancing method are you using?

 

 

Also, is authentication involved? You might need to use a NTLM profile with the OneConnect profile.