Forum Discussion
Brian_Kinsey_10
Nimbostratus
NimbostratusCookie Persist on Pool Member in iRule?
I have an iRule that looks for a string in a URI and sends a client to one of five pools depending on that string. The issue is that after the first connection (where the client logs in), any links that the client clicks no longer contains that string. Because of this, I need the client to persist to the origional pool member for the duration of the session, but no longer (in case the client uses a different URI that should go to a different pool than the first). They can't just go to the same pool during the session because the server they log in to does not pass that login information to the other pool members. The client must go to the same pool member.
I have tried setting cookie persistence on the Virtual Server, but that does not work. It appears that the rule is reprocessed when the client clicks a link and is sent to a different pool (Pool_all in my example below) because the URI does not contain the string I am looking for. If I set source_address persistence on the Virtual Server, the client always connects to the same server, so the app works, but they have to wait for the persistence record to timeout on the LTM before accessing another URI that would go to a different pool.
It looks like what I need to do is add cookie persistence to the rule and make sure that it persists on the pool member. Any tips?
This is what my current rule looks like:
when HTTP_REQUEST {
if { ([string tolower [HTTP::uri]] contains "string1") or
([string tolower [HTTP::uri]] contains "string2")
} {
if { [active_members Pool_1] >= 1 } {
pool Pool_1
}
else { HTTP::redirect http://maintenance.domain.com }
}
elseif {
([string tolower [HTTP::uri]] contains "string3") or
([string tolower [HTTP::uri]] contains "string4")
} {
if { [active_members Pool_2] >= 1 } {
pool Pool_2
}
else { HTTP::redirect http://maintenance.domain.com }
}
elseif {
([string tolower [HTTP::uri]] contains "string5") or
([string tolower [HTTP::uri]] contains "string6")
} {
if { [active_members Pool_3] >= 1 } {
pool Pool_3
}
else { HTTP::redirect http://maintenance.domain.com }
}
elseif {
([string tolower [HTTP::uri]] contains "string7") or
([string tolower [HTTP::uri]] contains "string8")
} {
if { [active_members Pool_4] >= 1 } {
pool Pool_4
}
else { HTTP::redirect http://maintenance.domain.com }
}
else {
if { [active_members Pool_all] >= 1 } {
pool Pool_all
}
else { HTTP::redirect http://maintenance.domain.com }
}
}
Also, I am looking for about 600 different strings so this rule is very long. If anyone has any tips on rewriting this rule to make it more efficient, that would be appreciated as well.
Brian_Kinsey_10I have found that if I set the Virtual Server to use cookie persistence and set an expiration instead of using a session cookie, this also works. This works better than source_address because we can just delete the cookie when we have to move between pools instead of having to wait for the persistence record to time out on the F5, although it is still not as clean as a session cookie would be.
Why would a cookie with an expiration work but not a session cookie?- To optimize, you can use the tcl "switch" command with the "-glob" option to do wildcard matches against the URI:
when HTTP_REQUEST { persist cookie insert switch -glob [string tolower [HTTP::uri]] { "*string1*" - "*string2*" { if { [active_members Pool_1] >= 1 } { pool Pool_1 } else { HTTP::redirect http://maintenance.domain.com } } "*string3*" - "*string4*" { if { [active_members Pool_2] >= 1 } { pool Pool_2 } else { HTTP::redirect http://maintenance.domain.com } } ... default { if { [active_members Pool_all] >= 1 } { pool Pool_all } else { HTTP::redirect http://maintenance.domain.com } } } }
Enabling a OneConnect profile on the virtual server should allow smoother transition between pools. Not sure why a session cookie wasn't working as well as a timed cookie, though.
HTH
/deb
