For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

navgup_66025's avatar
navgup_66025
Icon for Nimbostratus rankNimbostratus
Aug 08, 2013

Auth_Status and Persist

1) I have PoolK and PoolF and default pool has to be PoolK   2) first client request always go to PoolK   3) Check if client has been authenticated to PoolK using Auth_status command, if YES pe...
application delivery
dev
devops
iRules
navgup_66025's avatar
navgup_66025
Icon for Nimbostratus rankNimbostratus
Aug 12, 2013

Yes, /nad is an arbitrary client side trigger and not exist on the server. The challenge with "PD-S-SESSION-ID-PROD2" cookie is, it is common between both pools (i.e poolK and poolF) because it is sent by the backend servers (all nodes). I also noticed in the fiddler data i sent you, there multiple 401 response we get. Like you said, it is good to check on each request but when i check for cookie BIGipServerpoolK, it works more consistently.

 

But, here is something about persistence that i want to clarify. I have cookie peristence as primary and source_addr persistence as fallback in the VIP configuration. If i reverse it, meaning make source_addr primary and cookie as fallback, Will i still get the desired results? When does fallback takes effect?

 

[admin@u12:Active] tmp b virtual vpool list virtual vpool { snat automap pool poolF fallback persist webs_persist destination 10.3.8.195:https ip protocol tcp persist cookie-sso1 irule sso1 profiles { clientssl { clientside } jhttp {} serverssl-insecure-compatible { serverside } tcp-cell-optimized {} } }