Novell Home

My Favorites

Close

Please to see your favorites.

Login problems to iChain 2.0

(Last modified: 06Nov2001)

This document (10065450) is provided subject to the disclaimer at the end of this document.

goal

Login problems to iChain 2.0

fact

iChain 2.0

Layer 4 switch (or Level 4)

symptom

When attempting to login to the iChain authentication page 403 errors appear or it takes a long time to complete.

cause

Layer 4 switches can be configured in many different ways, depending on brands and software. Common configurations are thread-based sessions and source IP address based sessions.

Many web based applications, and secure communication, require session continuity i.e. the communication must be maintained between the client and the origin server for the full secure session. HTTPS session communication usually requires several threads to be utilized during its establishment. During this establishment, a Layer 4 switch may change origin servers for load balancing; for each SYN SEQ, the Layer 4 switch configured for thread based load balancing, will determine if this new session should be directed to a new origin server. This will cause the client to try and complete the session establishment with a new server that has a different encryption key pair, and fail.

This is true in the case of iChain authentication. Load balancing and fault tolerance can be created using the IP address hashing that Layer 4 switches can perform. To maintain session "stickiness" during the establishment and cookie exchange during an iChain authentication session, the Layer 4 switches must be able to maintain the IP communication from the browser to the iChain server until the cookie and authentication ID has been established. The session broker functionality will then maintain authentication details between all iChain servers.

fix

When using iChain 2.0 with a layer 4 switch and secure sessions, ensure the switch is configured to maintain sessions (also known as Server Load Balancing) based on source IP address not thread based.

Note: http://www.novell.com/info/collateral/docs/4621207.01/4621207.pdf describes the use of Session Broker and layer 4 switching for load balancing and redundancy.

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

  • Document ID:
  • 10065450
  • Solution ID: NOVL61110
  • Creation Date: 18Oct2001
  • Modified Date: 06Nov2001
    • NovellConnectivity Products

Did this document solve your problem? Provide Feedback