Achieving active active deployments of stateful applications (Websphere example)

Question

I am exploring how we could solution active/active deployments across two data centers for stateful applications.  The key limiting factor to date has been a viable persistent routing solution using our F5 LTM and GTM network load balancers.  As a result, our configurations are mostly active/standby meaning assets in the standby center typically sit idle unless there is a DR scenario.&nbsp;
Typically here is how a routing approach would work for a J2EE Websphere application:&nbsp;
Client looks up an application's IP using a GTM Alias DNS name.GTM returns the LTM VIP for the application.  (for active standby deployment, the LTM VIP for the active center is returned)Client sends request to the LTM VIP (virtual IP).LTM routes the request to an IBM HTTP Server (IHS) sitting in front of WebSphere.IHS Websphere plugin routes request to a Websphere JVM.Websphere generates a JSESSION cookie and returns it to the client on the response.  Encoded in the JSESSION cookie is the Websphere server name which satisfied the request and a session identifier.On subsequent requests the following steps occur:  i) If the DNS lookup TTL has expired, the same LTM VIP is always returned because only one LTM VIP is active at a time; the other LTM VIP is only returned if the original LTM VIP is unhealthy (in this case session state cannot be recovered - reasonable limitation)
 ii) the JSESSION cookie is passed by the client (on Step 3), iii) IHS decodes the JSESSION cookie (on Step 5) and iv) IHS routes the request to the same WebSphere server as the original request
  v) The Websphere server looks up the state information for the user based on the session identifier in the JSESSION cookie
The above configuration works for active/standby configuration across 2 data centers.  However, I'm trying to understand an approach that could work for an active/active configuration across 2 data centers.  ie: I would want the routing to work like this:&nbsp;
Client looks up an application's IP using a non data center specific alias.Lookup returns the center specific LTM VIP for the application.  (for active active deployment, the LTM VIP from either center could be returned)
Client sends request to the LTM VIP.LTM routes the request to an IBM HTTP Server (IHS) sitting in front of WebSphere.IHS Webshere plugin routes request to a Websphere JVM.Websphere generates a JSESSION cookie and returns it to the client on the response.  Encoded in the JSESSION cookie is the Websphere server name which satisfied the request.On subsequent requests substep i) is the key differentiator:
 i)  the client sends the request back to the LTM VIP originally returned in Step 2, since routing to the other center would result in loss of session (eg: if a round robin global traffic routing approach was used)
 ii) the JSESSION cookie is passed by the client (on Step 3), iii) IHS decodes the JSESSION cookie (on Step 5) and iv) IHS routes the request to the same WebSphere server as the original request
  v) The Websphere server looks up the state information for the user based on the session identifier in the JSESSION cookie
Here are solutions we've considered&nbsp;
1) Long TTL of the DNS lookup in Step 1, not viable because
    i) TTL would need to be very long and if the LTM VIP goes down, then the client would not be able to perform another DNS lookup until the TTL has expired, or the local DNS cache is flushed (no viable mechanism to achieve this)
    ii) DNS lookup may be performed by a gateway device (eg: such as a reverse proxy), which would result in all traffic from that device being distributed to a single center for the TTL period&nbsp;
2) Use geo-affinity for routing... this has not been explored in detail, but there are concerns about how complex this may be to setup and it may not provide a reliable solution given that we want equal distribution of traffic, and the amount of activity from different regions could vary throughout the day (as business hours shift from east coast to west coast)&nbsp;
3) Replicate session across both data centers for the application in question - this would kill performance for applications of our scale.  We do not even do this within a data center.&nbsp;
4) Have IHS route the traffic to Websphere in either data center.  This requires a Websphere deployment topology that is not recommended by IBM (ie: a single cell spanning two data centers).&nbsp;
Sorry for a long post, but I hope it describes the problem and I'd be interested in any potential solutions.&nbsp;
Thanks
Steve&nbsp;

the_bhattman · Answer

Hi Steve,
  This is one of those scenarios I have encountered before.    So what we did is replicate the database and Authentication and then cross pollinated the pools via isessions tunnel on v10 at the time.  Specifically VIP In Datacenter A had a mixture of pools in Datacenter A and Datacenter B and VIP in Datecenter B had a mixture of pools in Datacenter A.  This is how we achieved it.  Not sure if this would solve your problem - just wanted to share with you an approach I took.&nbsp;
I hope this helps,&nbsp;
-=Bhattman=-&nbsp;

Forum Discussion

Achieving active active deployments of stateful applications (Websphere example)

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Re: Adaptive Applications: Automating NGINX Solution Deployments and API Publication - Solution Demo

Automating Application Deployment with BIG-IQ

Lightboard Lessons: Zero Touch Application Deployments with Terraform, Consul, and AS3

Application Programming Interface (API) Authentication types simplified

Using CryptoNice as a Sanity-Checking Tool for Automated Application Deployments with Ansible