Forum Discussion
Piotr_Lewandows
Apr 20, 2015Altostratus
Cookie persistence and source address fallback
I wonder what will be result of such setup:
- LB set to Round Robin
- Default Persistence Profile: Cookie (Cookie Insert)
- Fallback Persistence Profile: Source Address
- Source IP same for all requests (SNATed)
My assumption is:
- First new TCP connection established, no cookie present
- Fallback Persistence used, no Persistence Record (PR) found
- No persistence is applied because none exist so connection will be directed to first member
- What will happen then? Persistence Record for source IP will be created pointing to first server?
- In HTTP response cookie is inserted pointing to first pool member
- Then second connection from the same IP comes, assuming that PR was created and did not time out then LB will be ignored and connection will be directed to first server
- In HTTP response again cookie pointing to first server will be inserted
- Then all returning connections (with cookies set) will be directed to first server, LB in fact will not be used, except for situation when there is enough period of inactivity between connections to allow PR to expire, but will then new connection be send to second server according to RR or not necessarily?
Is above correct?
Piotr
You are correct when putting Cookie and Source Persist together. If there is a persist record it will go to that server and cluster all the clients that share the same IP to the same server.
- Richard__HarlanHistoric F5 Account
You are correct when putting Cookie and Source Persist together. If there is a persist record it will go to that server and cluster all the clients that share the same IP to the same server.
- dragonflymrCirrostratusThanks, good to have confirmation from experienced F5'ers Piotr
- gsharriAltostratusPiotr, If the clients have a persistence cookie then the source address records will not be used. LTM will attempt to match clients with no cookie with a source address persistence record and then insert a cookie into the response. Note that the source addr persistence record will be created using the client-side source address not the server-side snat source addr.
- keshav_163381NimbostratusYes....Because Persistence table check first before doing the SNAT on egress interface
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects