Switching between servers before login completion

Question

Hello, 
&nbsp;  
&nbsp;   We have a Bi-IP load balancer in front of two JBoss instances, which I will call 96 and 97.    Failover between the instances occurs flawlessly. 
&nbsp;  
&nbsp;  
&nbsp;   We have a frequent problem with HTTP 408 errors on login, and, based on our analysis, here's the sequence of events: 
&nbsp;  
&nbsp; 1) User requests login page. 
&nbsp; 2) LB sends user to 96 or 97 
&nbsp; 3) User fills in login credentials &amp; submits 
&nbsp; 4) LB sends the POST to the _other_ server (i.e. 97 or 96) 
&nbsp; 5) 408 Timeout  
&nbsp;  
&nbsp; I'm also trying to chase this problem down from the JBoss side, but I thought I would also check here - can we get the LB to be more rigorous about sending users to the same server? 
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp;

the_bhattman · Answer

What kind of persistance are you using?  Do the client's appear to be behind a proxy or behind a PAT? 
&nbsp;  
&nbsp; CB &nbsp;

johnbr_45658 · Answer

The two JBoss servers have their own IP addresses, and they both listen on port 80, and the domain name(s) we use map to the Load Balancer.   
&nbsp;  
&nbsp; I assume that means Proxy instead of PAT. 
&nbsp;  
&nbsp; Thanks for the reply! 
&nbsp;  &nbsp;

the_bhattman · Answer

Understood.  But if you do not use persistance then there is a chance requests would jump between the 2 JBOSS servers.    PAT standds for Point Address translations which can when users use a proxy to access JBOSS or through a firewall which translatest the clients address into one address. 
&nbsp;  &nbsp;

johnbr_45658 · Answer

Thanks.  
&nbsp; Once the user is logged in, we see them always go to the same server - "Sticky Sessions" I believe they called it. The problem appears to be from when they visit the login page until they log in. 
&nbsp;  
&nbsp; I'm presuming the LB doesn't particularly care about whether the user is logged in or not.  Is there some volatility during the initial client tunnel setup? 
&nbsp;  
&nbsp;  
&nbsp; Oh, and we switch them from HTTP to HTTPS during this process as well.  Don't know if that's a factor.

hooleylist · Answer

As cmbhatt was suggesting, you need to enable some mode of persistence in order to instruct LTM to try to persist a client to the same pool member over multiple TCP connections.  If you have an HTTP and HTTPS virtual server set up, you can start with source address persistence on both virtual servers.  Take a look at SOL5837 for related info (Click here).  If that solves the problem, then you can look at more complex persistence options like cookie insert persistence. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Switching between servers before login completion

5 Replies

Recent Discussions

Viprion files on blades.

redirect not working

active/active Support Declarative Onboarding

Reliable resources for identifying IP addresses

minimum tmos software version for connect CIS (openshift)

Related Content

A complete Multi-Cloud Networking walkthrough with F5 Distributed Cloud

Trust your CDN, but not completely

Complete F5 Automated Backup Solution

Help with irule using switch

Need to redirect complete URL into redirected uri