Disable Persistence for Fallback Hosts

when LB_SELECTED {
if { [IP::addr [LB::server addr] equals x.x.x.x or y.y.y.y] } {
persist none }
else { 
   persist blah blah blah or it should use the default profile, others will advise }
}

something like that?

Thanks Chris!

Would it also be ok the let source_addr be the default persistence setting, and add something like that?

when LB_SELECTED {
   if { [LB::server priority] < 2 } {
      persist none
   }
}

Chris and Aaron, thanks for your valuable support! :-)

 

 

Aaron, I think I didn't fully understand your suggestion. Why do you think I should set the persistence mode in the iRule as well? Is it just because an if-statement always needs an else-case, as Chris recommended?

 

 

IMHO, if the if-case in my iRule doesn't match, the default persistence setting I've set in the VS will take effect, won't it?

 

 

Regards

 

Marc

 

Hi Marc,

It's not exactly that you always need an else clause. When you call 'persist none' LTM disables persistence for the rest of the connection or until manually re-enabled using the persist command again. So with the existing iRule, if a client makes one HTTP request and gets sent to the lower priority pool members because all of the higher priority servers are done, persistence will be disabled for the rest of the connection. If they make a subsequent HTTP request on the same TCP connection and the higher priority pool members are again available, the client will be load balanced to the new pool member, but no persistence would be used to ensure they get back to the same pool member on subsequent requests.

Here is an example iRule which demonstrates selectively disabling and re-enabling persistence. I'm using curl to send three HTTP requests on the same TCP connection ('curl -v http://10.10.10.10/test[0-1]' to make requests to /test0, /test1 and /test2). The iRule disables persistence if for the second HTTP request on the TCP connection. For all other requests, it explicitly enables source address persistence.

when HTTP_REQUEST {

    Log the URI and the count of HTTP requests on this TCP connection
   log local0. " "
   log local0. " [IP::client_addr]:[TCP::client_port]: URI: [HTTP::uri], Request: [HTTP::request_num]"
   log local0. " [IP::client_addr]:[TCP::client_port]: persist lookup: \"[persist lookup source_addr [IP::client_addr]]\""

    Check if this is the second HTTP request on the same TCP connection
   if {[HTTP::request_num] == 2}{

       Disable persistence for the second HTTP request
      log local0. " [IP::client_addr]:[TCP::client_port]: disabling persistence"
      persist none
   } else {
       Enable persistence for all other HTTP requests
      log local0. " [IP::client_addr]:[TCP::client_port]: enabling source_addr persistence"
      persist source_addr 255.255.255.255 10
   }
}
when LB_SELECTED {
    Log the selected server.  This could differ from the persistence record if we've disables persistence
   log local0. "  [IP::client_addr]:[TCP::client_port]: selected: [LB::server]"
}

HTTP_REQUEST>:
HTTP_REQUEST>:  10.21.2.2:51912: URI: /test0, Request: 1
HTTP_REQUEST>:  10.21.2.2:51912: persist lookup: ""
HTTP_REQUEST>:  10.21.2.2:51912: enabling source_addr persistence
LB_SELECTED>:   10.21.2.2:51912: selected: hooleya_www1_http_pool 1.1.1.1 80
HTTP_REQUEST>:
HTTP_REQUEST>:  10.21.2.2:51912: URI: /test1, Request: 2
HTTP_REQUEST>:  10.21.2.2:51912: persist lookup: "hooleya_www1_http_pool 1.1.1.1 80"
HTTP_REQUEST>:  10.21.2.2:51912: disabling persistence
LB_SELECTED>:   10.21.2.2:51912: selected: hooleya_www1_http_pool 2.2.2.2 80
HTTP_REQUEST>:
HTTP_REQUEST>:  10.21.2.2:51912: URI: /test2, Request: 3
HTTP_REQUEST>:  10.21.2.2:51912: persist lookup: "hooleya_www1_http_pool 1.1.1.1 80"
HTTP_REQUEST>:  10.21.2.2:51912: enabling source_addr persistence
LB_SELECTED>:   10.21.2.2:51912: selected: hooleya_www1_http_pool 1.1.1.1 80

Also note that I needed to add a OneConnect profile to the VS to get this to work. Wihtout OneConnect, all requests went to the first selected server.

You'll probably want to add a OneConnect profile to the VS to ensure that a load balancing/persistence decision is honored for each HTTP request instead of once per clientside TCP connect. If you're using SNAT you can use the default 0.0.0.0 source mask OneConnect profile. If you're not using SNAT, you should create a custom 255.255.255.255 source mask OneConnect profile to keep the source IP address accurate on serverside connections. See these OneConnect articles for details:

OneConnect wiki page

http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/oneconnect.html

OneConnect? For my iRule?

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=114

Aaron

Aaron, I have some more questions regarding this:

 

 

-Would you agree that the only possibility to ensure that clients don't get stuck on fallback servers (lower priority group) because of their persistence entry is to solve this with an iRule? Or are there any other ways?

 

 

I'm looking for a general solution to this issue because it's very common in my environment. We have 2 master servers, and if they're not available, we'd like to forward the clients to 1 or 2 fallback servers displaying an outage notice. The problem is if we use persistence for this VS (typically source address persistence), persistent clients still connect to the fallback server although the master servers are available again. Because we often use HTTPS, we cannot use http profiles with fallback urls for that. So I just want the LTM to make sure, that if higher priority servers are available, NO client is forwarded to a low priority server, even if persistence would say something different.

 

 

But I'm really unsure how this is done the most suitable way.

 

 

Hope you can help me once again :-)

 

 

Thanks and regards

 

Marc

 

 

Hi Marc,

 

 

If you want to use lower priority members and only persist when the higher priority member is selected, you'd need an iRule to configure the persistence.

 

 

However, you could create a separate HTTP profile for HTTPS VS's with the fallback host set for https:// and one for HTTP VS's with the host set to http://. That might avoid the need for different priority members and an iRule.

 

 

Aaron