Forum Discussion
sysadmin_2015_2
Nimbostratus
NimbostratusF5 Big-IP - Persistence Profiles
Hello,
We seem to be having an issue with Cookie based persistence profiles. The problem is during a code deploy, we split our traffic between two clusters of web servers, we put them in all in one pool. We use ratio(member) based load balancing, Ratio 25 is set on the new code web servers with 75 set on the old code ones. 25% of production web traffic landing on the new code and the remaining 75% on the old code. We run this way for a couple of days to make sure there is nothing wrong with the new code before we send 100% traffic down it. We also set a persistent profile(cookie - session) on the virtual servers(80 and 443, we do an iRule redirect to 443). We do this because we want users that land on the new code to stay on the new code but they seem to be bouncing around.
What we think might be happening is during the several AJAX calls we make it throws users back out and in and then they have 75% chance landing on the old code? We use a proxy in front for security so we don't believe a source_address profile will work.
Where hoping someone could offer some insight to what the issue might be and how we can solve it?
Thank you for your help,
Is your proxy possibly re-using connections for multiple users? If so, you would need a one connect profile on the virtual server so that it load balances per request instead of per connection.
See https://support.f5.com/kb/en-us/solutions/public/7000/900/sol7964.html for more details
- Are you terminating SSL on the 443 virtual server so any persistence cookie can be properly examined? (You can re-encrypt to the back end servers, if need be.) The cookie persistence profile on the port 80 virtual server is meaningless since the 443 redirect iRule prevents the connection from ever being load balanced in the first place.
sysadmin_2015_2Hello,
Yes, we are terminating SSL on the virtual 443 server.
Thank you,
mimlo_61970Cumulonimbus
Is your proxy possibly re-using connections for multiple users? If so, you would need a one connect profile on the virtual server so that it load balances per request instead of per connection.
See https://support.f5.com/kb/en-us/solutions/public/7000/900/sol7964.html for more details
- sysadmin_2015_2Hello, If OneConnect load balances per request and not connection, wouldn't the several requests made during a HTTP connection have more potential to land on a different server then? We would like uses that initially land on the new code to stay on the new code for the duration of their connection and same for users that initially land on the old code. Thank you,
- mimlo_61970No, it still uses the persistence setting to keep them on the same server. The difference is without OneConnect, an LB decision is made once per TCP session. If the proxy is multiplexing multiple users through a single TCP session, the LB decision for all requests will be based off the first request. With OneConnect, the decision is per request, so if the proxy reuses the TCP connection for multiple users, the LTM will honor the persistence cookie in each request and make sure they land on the resource designated in the cookie.
- sysadmin_2015_2Hello, The OneConnect profile has resolved our issue. Thank you very much for the help! Thank you,