Forum Discussion
NimbostratusCookie Persistence iRule not working
Hi all,
We have a trouble about persistence created with iRule. For persisting the connections, the 'ASP.NET_SessionId' section in the cookie must be the check-point, but sometimes we see that a couple of connection has been sent to two different nodes though these connections have the same 'ASP.NET_SessionId' in their cookies. The iRule used is below :
when RULE_INIT {
set static::debug 0
}
when HTTP_REQUEST {
set cli [IP::remote_addr]:[TCP::remote_port]
set SessionId [HTTP::cookie ASP.NET_SessionId]
if {$static::debug}{log local0. "Client: $cli Request SessionId: >$SessionId<"}
if { $SessionId != "" } { persist uie $SessionId 3000 }
}
when LB_SELECTED {
if {$static::debug}{log local0. "Client: $cli LB to: [LB::server addr]"}
}
when HTTP_RESPONSE {
set SessionId [HTTP::cookie ASP.NET_SessionId]
if {$static::debug}{log local0. "Client: $cli Response SessionId: >$SessionId<"}
if { $SessionId != "" }{ persist add uie $SessionId 3000 }
}
So is the problem in the iRule we made or the F5 device's persistence mechanisms?
Thank you.
7 Replies
- Philippe_CLOUP
Employee
Hi Noyan, can you send the virtual configuration as well as the persistence config linked to it ?
the following commands should help:
tmsh list ltm virtual XXXXX all-properties tmsh list ltm persistence cookie YYYYY all-propertieswhere XXXXX and YYYYY should be replaced by the VS and persistence profile names.
Noyan_137135app-service none auth none auto-lasthop default clone-pools none cmp-enabled yes connection-limit 0 description Webindex_prod destination 10.xx.xx.xx:http enabled fallback-persistence none gtm-score 0 http-class none ip-protocol tcp last-hop-pool none mask 255.255.255.255 metadata none mirror disabled nat64 disabled partition Common persist { cookie { default yes } } pool Webindex_prod_pool profiles { blingnet_http_profile { context all } tcp { context all } } rate-class none related-rules none rules { cookie_persist } snatpool snat_68 source-port preserve traffic-classes none translate-address enabled translate-port enabled vlans none vlans-disabled }- Noyan_137135
And the persistence config is :
ltm persistence cookie cookie { always-send disabled app-service none cookie-name none defaults-from none description none expiration 0 hash-length 0 hash-offset 0 match-across-pools disabled match-across-services disabled match-across-virtuals disabled method insert mirror disabled override-connection-limit disabled partition Common timeout 180 } 
JPV_131616Cirrus
did you try removing cookie persistence from VIP since you are doing it in an irule and don't need to maintain two sets of persistence records?
- Noyan_137135
We will test it after removing cookie persistence and enabling only irule persistence, then share the results. Thank you.
- Philippe_CLOUP
Hi Noyan, if i check well your config, your cookie used in the iRule is named ASP.NET_SessionId. I assume it is containing the "application" state for the client.
The cookie you use in the resource, is the standard BIGIP-Cookie (with the cookie insert method). So it is named differently (bigip-cookie or something like that). This cookie contains the IP address of the destination pool member for the different connections the client can create for the other HTTP connections.
The issue i see is that if the application change the cookie content, you will never change from one server to another, which is perhaps not an issue for you. But the other issue is that if the BigIP Cookie changes (browser has been closed and then reopened for example), then even if you send your "ASP.NET_SessionId" that has not changed (except if it is also a session cookie that was deleted when the browser was closed), you will land on a different pool member due to the Load Balancing algorithm (no cookie, then LB).
- Noyan_137135
Hi Philou,
Thank you for the replies. I am wondering why the connections have cookies including the same "ASP.NET_SessionId" has been sent to different nodes. I guess, even if the BigIP cookies change, the connection must be able to sent to the same node while "ASP.NET_SessionId" remains the same. Isn't that correct?
