Forum Discussion
scarpozzi_82104
Dec 02, 2010Nimbostratus
F5 LTM Sticky Sessions between 80/443
I'm new to F5. We bought 2 1600s, but couldn't afford training so I'm winging it. I used to use another load balancer product and am having to figure this out as I go. I need some major help with what may be a simple problem.
I've got 3 portal servers that have authentication pages on them. The portal is poorly written and does a number of redirects through the login process. You start on port 80...go to 443 for the login page...then get redirected back to 80 after a successful login. I created 2 virtual servers that point at 80 & 443 and set cookie persistance on each.
The problem is, since they're separate virtual servers a client can pull server1 on the first 80 request, server2 for the 443 auth, and server3 after they successfully login. It results in the cookie stating that the user has authenticated, but the final server's session data doesn't match the one they posted their credentials with.
What I want is a way to stick all 80/443 connection to that virtual hostname to one physical server per cleint connection...thus keeping everything working and being as transparent to both the end user/server as possible. Not sure if this would be an iRule or creating a new persistance profile. I've never done either, so I don't know where to start. Any help would be most appreciated.
Thanks.
- hoolioCirrostratusHi Scarpozzi,
- scarpozzi_82104NimbostratusBoth Virtual servers are using the same out of the box 'cookie' persistance.
- hoolioCirrostratusThat makes sense. The simplest option then if the pool members are on the same IP address but different ports would be to use a single custom source address persistence profile with match across services enabled on both virtual servers.
- scarpozzi_82104NimbostratusThat sounds like what I need. I checked the options in source address affinity and it looks like the match pools option will do it.
- scarpozzi_82104NimbostratusI think I spoke too soon. I'm still seeing issues. The source address affinity appeared to be helping, but then looking at results in jmeter showed differently until the portal no longer accepted logins. I switched back to the original cookie profile and it started working again, but throwing errors occasionally.
- hoolioCirrostratusGlad you got it working. If you did want to use "cookie insert"-like persistence you could use an iRule from Kirk Bauer:
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects