Best Practices and Configuration of COOKIEINSERT Persistence on NetScaler

Best Practices and Configuration of COOKIEINSERT Persistence on NetScaler

book

Article ID: CTX124630

calendar_today

Updated On:

Description

This article describes the best practices for configuring the COOKIEINSERT persistence method on a load balancing virtual server on NetScaler.

Background

Choosing COOKIEINSERT as the persistence method causes the NetScaler to insert a cookie into client requests, which it uses to track which server the connection belongs to. When inserting the cookie, you have the option of using version 0 or version 1 cookies. The distinction between the two is that version 0 cookies present the expiry as an absolute GMT time. This also means that the NetScaler calculates the expiry time. Version 1 cookies present the expiry as a relative time, calculated by the client software. By default, HTTP cookie version 0 is used.

Additionally, when configuring COOKIEINSERT persistence, you can also choose the expiry time. A value of 0 means no expiry, which is referred to as a session cookie which expires when the browser session is closed. Alternately, you can specify a timeout period which is presented in accordance with the cookie version selected. One benefit of using a session cookie is that there is no chance that the NetScaler clock being off will affect the expiry time of a cookie (for instance causing it to expire in the past).

In most cases, it is most desirable to set the timeout to 0 and allow the cookie to be a session cookie.

The primary benefit of using the COOKIEINSERT persistence method is that it uses little or no resources on the NetScaler.
Note: If the client is not allowed to store the HTTP cookie, the subsequent requests do not have the HTTP cookie and persistence is not used. If these clients are expected, configure an appropriate backup persistence method.

Configure COOKIEINSERT Persistence

From the NetScaler CLI, issue the following command:
set lb vserver <vserver name> -persistenceType COOKIEINSERT -timeout 0

OR

From the NetScaler GUI, complete the following steps:

  1. Select and expand the Load Balancing node.   

  2. Select Virtual Servers.

  3. Select the virtual server to be configured and click Open.

  4. Select the Methods and Persistence tab.

  5. From Persistence drop-down select COOKIEINSERT.

  6. Set the Time-out value to 0 (the default value of cookie persistence is 2).

    User-added image

From the NetScaler 10.5 onwards, complete the following steps:

  1. For NetScaler 10.5 onwards the Load Balancing feature is present under Traffic Management node.
    Expand the Traffic Management then Load Balancing node and click Virtual Servers.

    User-added image

  2. Create a virtual server as required and then click the Persistence option available on the right side as shown in the following screen shot:

    User-added image

  3. From Persistence drop-down select COOKIEINSERT and set the Time-out value to 0 (the default value of cookie persistence is 2).

    User-added image

Verify COOKIEINSERT Persistence

Persistence configured on a virtual server can be determined using the following command:
> sh lb vserver test

   test (10.10.x.x:80) - HTTP    Type: ADDRESS 
    State: DOWN
    Last state change was at Mon Nov  2 02:39:21 2015
    Time since last state change: 0 days, 00:02:15.330
    Effective State: DOWN
    Client Idle Timeout: 180 sec
    Down state flush: ENABLED
    Disable Primary Vserver On Down : DISABLED
    Appflow logging: ENABLED
    Port Rewrite : DISABLED
    No. of Bound Services :  0 (Total)      0 (Active)
    Configured Method: LEASTCONNECTION
    Mode: IP
    Persistence: COOKIEINSERT (version 0)    Persistence Timeout: 0 min

NetScaler Persistence Cookie Format

NetScaler inserts persistence cookie in the following format:
<NSC_XXXX>= <ServiceIP> <ServicePort>

where:
<NSC_XXXX> is the virtual server ID that is derived from the virtual server name.
<ServiceIP> is the hexadecimal value of the IP address of the service.
<ServicePort> is the hexadecimal value of the port of the service.

Notes

  • If persistence is configured, this setting overrides the server selection made by load balancing methods.

  • If you set the timeout value to 0, the NetScaler does not specify the expiration time, regardless of the HTTP cookie version used. The expiration time then depends on the client software, and such cookies are not valid if that software is shut down. This persistence type does not consume any system resources. Therefore, it can accommodate an unlimited number of persistent clients.

Encrypting the Cookie

From NetScaler release 10.5 build 55.8, you can encrypt the cookie in addition to any SSL encryption.

To encrypt the cookie by using the command line interface, at the command prompt, type:
set lb parameter -useSecuredPersistenceCookie ENABLED -cookiePassphrase test

To encrypt the cookie by using the configuration utility, navigate to Traffic Management >Load Balancing> Change Load Balancing Parameters, and select Encode Persistence Cookie Values(12.0)/Hash persistence cookie value(11.0/11.1) and Cookie Passphrase and enter a passphrase.
User-added image
User-added image

Issue/Introduction

This article describes the best practices for configuring the COOKIEINSERT persistence method on a load balancing virtual server on NetScaler.

Additional Information

Citrix Documentation - Choosing and Configuring Persistence Settings

Powered by Wolken Software