Forum Discussion
Prakin
Cirrus
CirrusF5 LTM cookie persistence encryption issue
folks, what is the default behaviour when cookie encrytion enabled, set to required. we know the client->F5 cookie is encrypted, how about F5->server?. i could see the cookie is decrypted in the cap...
Hi Prakin ,
Cookie persistence encrypt is a way to secure the tampering in the client-side not server side.
have a look here : https://my.f5.com/manage/s/article/K15673279
Prakinis there way that we can re-encrypt the cookie on server side. Because my connection flow, the backend application will hit the same F5 vip again where it sees an unecrypted cookie, but F5 is expecting encrypted cookie so instead it makes new load balancing decision and new cookie is generated and terminated in different server. This makes the connections inconsistencies.
client - > F5 -> webserver(10.10.10.10,20.20.20.20) -> kong -> F5 -> application server(10.10.10.10,20.20.20.20)
here my bothe web and application server are same address.
if i set the cookie to "prefered" i think it will work?. but on the client i would see unencrypted cookie as well. so that's why i am looking for ree-ncrypt the cookie on the server side.
Hi Prakin ,
You can try the prefered option , it means bigip accepts both encrypted and decrypted cookies.
I have another question :
is this virtual server has ( 2 IPs " 10.10.10.10 & 20.20.20.20 " ) you created it by address list ??!
I need more clarification here , you can draw your flow as well and show me.- Prakin
sorry my bad, the flow would as below.
client - > F5 VIP(1.1.1.1) -> webserver (10.10.10.10, 20.20.20.20) -> kong -> F5 VIP(1.1.1.1) -> application server (10.10.10.10, 20.20.20.20).
kong -> F5 VIP(1.1.1.1) : this is where the cookie is seen unencypted and and F5 is expecitng encrypted cookie. so it can't find, thus its treating as new connection and load balanced to new server.