For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Lars1's avatar
Lars1
Icon for Nimbostratus rankNimbostratus
Oct 06, 2023

Cookie persistence with source IP as fallback

Hi, I have an LB with cookie persistence as persistence profile for a HTTPS re-encrypted LB. When viewing some specific PDFs, we have an iRule that disables HTTP for a specific path, because due to ...
application delivery
VGF5's avatar
VGF5
Icon for Cumulonimbus rankCumulonimbus
Oct 09, 2023

You're facing a complex issue where you need to maintain session persistence while dealing with an application bug and limitations of certain persistence methods. I understand your concern about using source IP as a fallback persistence method, as it could indeed result in all connections from the same source IP being sent to the same server.

You might want to consider using Universal Persistence, which allows F5 LTM to maintain persistence based on a variety of factors. Universal persistence uses a user-defined string (which can be part of the header, cookie, payload, etc.) to maintain persistence.

However, the effectiveness of this method would depend on whether there's a suitable parameter in your traffic that can be used for this purpose. Also, you would need to carefully configure the iRule to ensure it only triggers the Universal Persistence for the affected traffic.

Another option could be to use Destination Address Affinity persistence, which maintains persistence based on destination IP and port, rather than the source. However, this would only be suitable if your back-end servers have different IP addresses.