Session Persistence; Sticky Persistence Configuration Considerations - Enterasys Matrix DFE-Gold Series Configuration Manual

Configuring Load Sharing Network Address Translation (LSNAT)
• When different virtual server IPs (VIPs) share the same real server in different server farms,
the persistence level must be set the same.
• In general, in order to edit or delete a virtual server or real server (serverfarm) configuration,
the devices must be first configured "out of service" (no inservice) before the changes will be
allowed.

Session Persistence

Load balancing clients connect to a virtual IP address which, in reality, is redirected to one of
several physical servers in a load balancing server farm group. In many web page display
applications, a client may have its requests redirected to and serviced by different servers in the
group. In certain situations, however, it may be critical that all traffic for the client be directed to
the same physical server for the duration of the session—this is the concept of session persistence.
When the router receives a new session request from a client for a specific virtual address, the
router creates a binding between the client (source) IP address/port socket and the (destination) IP
address/port socket of the load balancing server selected for this client. Subsequent packets from
clients are compared to the list of bindings. If there is a match, the packet is sent to the same server
previously selected for this client. If there is not a match, a new binding is created. How the router
determines the binding match for session persistence is configured with the persistence level
command when the virtual server is created.
There are three configurable levels of session persistence:
• TCP persistence — a binding is determined by the matching the source IP/port address as
well as the virtual destination IP/port address. For example, requests from the client address
of 134.141.176.10:1024 to the virtual destination address 207.135.89.16:80 is considered one
session and would be directed to the same load balancing server (for example, the server with
IP address 10.1.1.1). A request from a different source socket from the same client address to
the same virtual destination address would be considered another session and may be
directed to a different load balancing server (for example, the server with IP address 10.1.1.2).
This is the default level of session persistence.
• SSL persistence — a binding is determined by matching the source IP address and the virtual
destination IP/port address. Note that requests from any source socket with the client IP
address are considered part of the same session. For example, requests from the client IP
address of 134.141.176.10:1024 or 134.141.176.10:1025 to the virtual destination address
207.135.89.16:80 would be considered one session and would be directed to the same load
balancing server (for example, the server with IP address 10.1.1.1).
• Sticky persistence — a binding is determined by matching the source and destination IP
addresses only. This allows all requests from a client to the same virtual address to be directed
to the same load balancing server. For example, both HTTP and HTTPS requests from the
client address 134.141.176.10 to the virtual destination address 207.135.89.16 would be
directed to the same load balancing server (for example, the server with IP address 10.1.1.1).

Sticky Persistence Configuration Considerations

Sticky persistence functionality provides less security but the most flexible capability for users to
load balance all services through a virtual IP address. In addition, this functionality provides
better resource usage by the LSNAT router, as well as better performance for the same clients
trying to reach the same real servers across different services through a virtual server.
For example, with sticky persistence, HTTP, HTTPS, TELNET and SSH requests from a client
(200.1.1.1) to the virtual server address (192.168.1.2) would all be directed to the same real server.
The client always goes to the same real server for all the services provided by that server, and it
19-2 LSNAT Configuration