Troubleshooting Duration-Based Session Stickiness - Eucalyptus Elastic Load Balancer (ELB)

Follow

Eucalyptus Versions: 4.0

Troubleshooting Duration-Based Session Stickiness 

This article demonstrates how to triage duration-based session stickiness when it has been enabled on a given Eucalyptus Elastic Load Balancer (ELB). 

Prerequisites 

The following is needed to use the technique mentioned in this article:

For more information regarding setting up these resources, please reference the following materials:

Setting Up the Resources and Triage

Before we can get to the triage, we need resources to triage.  To get the resources set up, following the steps below:

1.  Create the Elastic Load Balancer (ELB):

# eulb-create-lb MyLoadBalancer --availability-zones AcmeAvailabilityZone --listener "lb-port=80, protocol=HTTP, instance-port=80, instance-protocol=HTTP"
DNS_NAME  MyLoadBalancer-408396244283.elb.acme.eucalyptus-systems.com

2.  Create security group for instances:

# euca-create-group webservers -d "Security Group for Web Servers"

3.  Authorize security group to allow communication between ELB and instances, similar as to what is recommend by AWS [1]:

# eulb-describe-lbs MyLoadBalancer --show-long
LOAD_BALANCER MyLoadBalancer MyBalancer-408396244283.elb.acme.eucalyptus-systems.com {interval=30,target=TCP:80,timeout=5,healthy-threshold=3,unhealthy-threshold=2} AcmeAvailabilityZone {protocol=HTTP,lb-port=80,instance-protocol=HTTP,instance-port=80} {owner-alias=944786667073,group-name=euca-internal-408396244283-MyLoadBalancer} 2014-05-31T02:18:44.629Z
# euca-authorize webservers -u 944786667073 -o euca-internal-408396244283-MyLoadBalancer -p -1

4.  Launch instances in the security group.  In this example, nginx-cloudinit.config bootstraps the instance to create an nginx web server:

# euca-describe-images --filter "image-type=machine" --filter "root-device-type=instance-store"
IMAGE emi-50783D25 utopic-server-hvm/utopic-server-cloudimg-amd64-disk1.raw.manifest.xml 408396244283 available private x86_64 machine instance-store hvm
# euca-run-instances --key account1-user01 --group webservers --instance-type m1.medium emi-50783D25 --user-data-file nginx-cloudinit.config --instance-count 2
RESERVATION r-2F4B6AD2 408396244283 webservers
INSTANCE i-10910C65 emi-50783D25 pending account1-user01 0 m1.medium 2014-05-30T15:39:58.150Z AcmeAvailabilityZone monitoring-disabled 0.0.0.0 0.0.0.0 instance-store hvm sg-5F6ACB71
INSTANCE i-5518F41F emi-50783D25 pending account1-user01 1 m1.medium 2014-05-30T15:39:58.186Z AcmeAvailabilityZone monitoring-disabled 0.0.0.0 0.0.0.0 instance-store

5.  Register instances with ELB:

# eulb-register-instances-with-lb MyLoadBalancer --instances i-10910C65,i-5518F41F 
INSTANCE i-5518F41F
INSTANCE i-10910C65

6.  Confirm instances are registered successfully with ELB.  (This may take a few minutes):

# eulb-describe-instance-health MyLoadBalancer --show-long
INSTANCE i-5518F41F InService
INSTANCE i-10910C65 InService

7.  Create a duration-based sticky session for the ELB:

# eulb-create-lb-cookie-stickiness-policy MyLoadBalancer --policy-name MyLoadBalancerPolicy --expiration-period 60
# eulb-set-lb-policies-of-listener MyLoadBalancer --lb-port 80 --policy-names MyLoadBalancerPolicy
# eulb-describe-lb-policies MyLoadBalancer --show-long
POLICY MyLoadBalancerPolicy LBCookieStickinessPolicyType {name=CookieExpirationPeriod,value=60}

8. Determine the public IP of the ELB:

# host MyLoadBalancer-408396244283.elb.acme.eucalyptus-systems.com
MyLoadBalancer-408396244283.elb.acme.eucalyptus-systems.com has address 10.104.6.236

9.  SSH into one of the instances associated with the ELB, and use tcpdump [2] to monitor communication from the ELB to the instance:

$ sudo tcpdump -i eth0 -s 1024 -Aln port http and src 10.104.6.236

10. Open up a web browser and go to the DNS name of the load balancer - http://myloadbalancer-408396244283.elb.acme.eucalyptus-systems.com

Once the page is displayed showing the default nginx landing page (the page should be titled "Welcome to nginx!"), refresh the web page on a time scale thats half the value set for the expiration period.  There will be HTTP traffic that will eventually show up.  Here is an example:

 

00:52:54.211942 IP 10.104.6.236.60396 > 172.18.245.22.80: Flags [P.], seq 0:596, ack 1, win 229, options [nop,nop,TS val 30410570 ecr 8216191], length 596
E...2U@.?.T.
h.........P..5..(.3....V......
...J.}^.GET / HTTP/1.1
Host: acme-secure.dev.eucalyptus-systems.com
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: _at_id.eucalyptus.www.1ab9=fb9cb8bd2c1d460a.1384993403.1.1384993403.1384993403.0.0; _mkto_trk=id:729-HPK-685&token:_mch-eucalyptus-systems.com-1396993034631-58388
X-Forwarded-For: 10.12.0.6
Connection: close
00:52:54.213161 IP 10.104.6.236.60396 > 172.18.245.22.80: Flags [.], ack 625, win 248, options [nop,nop,TS val 30410571 ecr 8216191], length 0
E..42V@.?.V.
h.........P..7o.(.............

 

Using tools similar to tcpdump will help confirm if the duration-based session stickiness is being honored by the instances associated with the ELB.

References

[1]   AWS Elastic Load Balancing Developer Guide - Manage Security Groups in Amazon E2-Classic
[2]  Manpage of tcpdump

 

Have more questions? Submit a request

Comments

Powered by Zendesk