NLB and session expiration when mobile devices changes IP address.

PiotrIr

Could you help me sort following problem please?

We have system which is based on two IISes 7.0 and Windows 2008 servers working in NLB cluster. Unfortunately recently we started having some problems with users which log in using mobile devices like phones.

System works well when user uses standard broadband. However on mobile devices IP address changes quite often and after it happens, session expires – obviously because user connects to another node.

I have Affinity settings configured to Single but unfortunately it is working fine when IP address hasn’t been changed.

Could you advise what can I do to sort this problem?

bertieb

I don't think you can easily overcome this from the NLB side as the affinity settings are limited to IP address (single, class C etc). Obviously if this frequently changes and the IP addressing changes outside of a /24 subnet you'll need to look elsewhere.

Is it possible for the application to be changed to use an out of process session state (such as a back end SQL database) instead? Admittedly this could be very time consuming (and expensive).

PiotrIr

Thank you for your reply.

Is it difficult to change application to use out of process session state? Devs may be not happy if I will tell them bout this.

I also thought about “Filtering mode” – “Single” host but not quite sure this will do for me. Have you any experience with this?

I believe problem which I have should be quite common as many people are using mobile devices now.

bertieb

The "filtering mode - single" - will get round the issue at the expense of loadbalancing. Essentially, you'll turn your NLB cluster into a fault tolerant 'active/standby' arrangement where one host deals with all the traffic for whichever port rule you specify (unless there is a failure of the node with the higher priority, then the node with the lower handling priority will 'take over').

So one host will be doing all the work and the other will be 'standby'. I dare say if the load is high then it could be too much for one server to handle and it defeats the point of having multiple nodes sharing the load.

PiotrIr

Do you have any expiriency how it works in practice? To be honest I don't need load balancing.

bertieb

Yes, and it does what it says on the tin. As long as you set the port/filter rules correctly all traffic will be dealt with by one host (with the highest priority) during normal operation. I personally never had any issues using it.

PiotrIr

Thank you for your help.

Heero

haha. loadbalancing an application that is used by mobile devices with ssl has been a pain for us. I had to do some research (we have hardware load balancers).

ssl_session id affinities arent reliable because ssl_session id changes too often, depending on the browser implementation.

Source IP obviously doesnt work (IPs change with mobile devices).

The best option for us was cookie tracking, but that means terminating ssl on the hardware loadbalancers (aka ssl offloading). Doing this is the only way to view the cookie within the encrypted ssl data. The load balancers are capable of that, but some others are hesitant of using that feature because we currently don't do it.

It is a very interesting dilemma, and much better served by using active backup if possible.

PiotrIr

I'm going to use Active/Pasive NLB because it is easier for configureation but if somebody is interesting in, seems I've got right answer how to do this with Active/Active:

HTTP Load Balancing using Application Request Routing : Application Request Routing Module : Installing and Configuring IIS 7 : The Official Microsoft IIS Site

Step 3 explains how it works.