Forum Discussion
Masaru_Takahash
Nimbostratus
NimbostratusCan the function of Across Virtual Servers do kick in the rule?
I want to use persistence between different Virtual Server together with the rule.
Can the function of Across Virtual Servers do kick in the rule?
I related rule and persistence profile to VIP-A and VIP-B respectively as follows.
However, Across Virtual Servers did not work.
Please teach something a good solution.
VIP-A: 192.168.100.100(80) with following iRule
VIP-B: 192.168.100.110(8080) with following iRule
Pool-A: 192.168.200.10(80) and 192.168.200.11(80)
Pool-B: 192.168.200.10(8080) and 192.168.200.11(8080)
192.168.200.10 response JSESSIONID=123456789
192.168.200.11 response JSESSIONID=ABCDEFGHI
----------------------------------------------------------------
profile persist jsessionid_uie {
defaults from universal
mode universal
timeout 50
across virtuals enable
rule none
when HTTP_REQUEST {
set jsess_id [ string range [ HTTP::cookie "JSESSIONID" ] 0 61]
if { [HTTP::cookie exists "JSESSIONID"] } {
if { $jsess_id ne "" } {
persist uie $jsess_id 900
}
}
}
when HTTP_RESPONSE {
set jsess_id [ string range [ HTTP::cookie "JSESSIONID" ] 0 61]
if { $jsess_id ne "" } {
persist add uie $jsess_id
}
}
Result)
PERSISTENT CONNECTIONS --
Mode: universal Value: 123456789
Virtual: 192.168.100.112:http Node: 192.168.200.222:webcache Age: 16sec
Mode: universal Value: ABCDEFGHI
Virtual: 192.168.100.111:http Node: 192.168.200.202:http Age: 28sec
- That's because you are also using different pools. You probably want to also turn on Across Services since your virtuals are on different ports and your pool members are also on different ports.
Masaru_TakahashIn this case, will you use Across Virtual Servers because it should do persistence of different Virtual and Service Port?
STEP1)
Client-A -> VIP-A(80) -> Node-A(80)
STEP2)
Client-A <- VIP-A(80) <- Node-A(80)
create persistence table
Node-A jsessionid=123456789
STEP3)
Client-A -> VIP-B(8080) -> Node-A(8080)
Refer to the persistence table
Node-A jsessionid=123456789
I hope for the thing that the same client does persistence to the same server to communicate.
The operation that I want to achieve becomes this pattern.
Cannot the Match Across Virtual Server&Servie command be used from the rule?
persist uie ???????
~~~~~~~~~~~~~~~~~~~
The operation that I want to achieve becomes this pattern.
Cannot the Match Across Virtual Server&Servie command be used from the rule?
persist uie ???????- Sorry, but you can currently only configure the Across Virtuals, Across Services, and Across Pools capabilities on the persist profile.
- i ever did a rule to make the persistence to across rtsp and UDP, just for your reference.
rule select_pool { when HTTP_REQUEST { if { [HTTP::host] contains "vendor1.real.com" } { pool realserver_pool1 } else { pool realserver_pool2 } } when HTTP_RESPONSE { set sss [IP::client_addr] set lll [list $sss any] log local0. "response from [IP::remote_addr] to $sss" set aaa [lindex [session lookup uie $lll] 0] if { $aaa != [IP::remote_addr] } { session delete uie $lll log local0. "session table lete $aaa" session add uie $lll [format "%s" [IP::remote_addr] ] } } } rule search_session_table { when CLIENT_ACCEPTED { set jsess [IP::client_addr] if { $jsess != "" } { set lll [list $jsess any] log local0. "request include $jsess" set ppp [session lookup uie $lll] log local0. "request include $jsess --pool$ppp---" node [session lookup uie $lll] } else { log local0. "without jession" pool realserver_pool_all } } }virtual vip_rtsp { destination 10.10.3.99:rtsp ip protocol tcp profile http tcp persist uie_persist_srcip pool realserver_pool_all rule select_pool } virtual real_vip { destination 10.10.3.99:any ip protocol udp pool realserver_pool_all rule search_session_table } - I try above irule but it look like session persist work only if two difference VIP point to same IP address. I setup two difference VIP and it does not work. Second VIP can not retrive session persist record which create by first VIP. I already turn on match across virtual server option. Any comment?
William_Them_99Before I get too excited and go down this path, a question:
All of our virtual servers have client SSL profiles that require client certificates. We've had a request to make it so that when you switch between virtual servers, you aren't re-prompted for a client certificate (it is thought that this will annoy users). Is it possible to use this Across Virtual Servers stuff combined with an iRule to accomplish this, or not?
Thanks very much.
-Bill- To quote Unruley:
Sorry, but you can currently only configure the Across Virtuals, Across Services, and Across Pools capabilities on the persist profile.
So I don't think it's going to work with SSL profiles just yet.
-Colin - William_Them_99Ok - thanks for your response.
- Sure thing.
-Colin
