Forum Discussion

nikworks_369744's avatar
nikworks_369744
Icon for Nimbostratus rankNimbostratus
Aug 14, 2018

F5 session cookie being routed to wrong server node

Hello,

 

I am new to F5 and client has a strange issue. The setup is that we have a custom JNLP based application on client machine and 2 wildfly servers as backend. We require F5 to use sticky cookies via cookie insert method (ie dont rely on JSESSIONID). Expiry against session cookie is ticked.

 

Now when users connect via the jnlp application , the httpRequests seem to hit the wrong server ie authentication happens on node 1 but subsequent requests go to node 2 . This is random behavior and there is no particular trigger. On investigating the server logs , I see that the BigIP cookie that was inserted is present in both nodes , using the cookie decyrpt technique I see that it is intended for node 1 but mysteriously requests with this cookie go to node 2. The version is 11.6.3.2 whereas the same setup in another environment with 11.6.3 works fine. The VIP looks identical. please let me know if I am not clear. Any help appreciated. thanks

 

BIG-IP
devops
LTM
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Aug 14, 2018

    Are you able to share the output of the following:

     tmsh list /ltm virtual vs_name

    ?

  • nikworks_369744's avatar
    nikworks_369744
    Icon for Nimbostratus rankNimbostratus
    Aug 14, 2018

    Hi Jie,

    Thanks for quick response.

    ltm virtual test.CLIENT.com-8080 {
    destination 172.29.4.17:8080
    ip-protocol tcp
    mask 255.255.255.255
    persist {
        testAPP {
            default yes
        }
    }
    pool test.CLIENT.com-8080
    profiles {
        http { }
        tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
    vs-index 95
}

Please note that I had asked them to turn on 'always send cookies' today morning , else the persistence bit is 
persist {
    encryptedcookie {
        default yes
    }
}
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Aug 14, 2018

    And the output of:

     tmsh list /ltm persist cookie testAPP

    ?

  • nikworks_369744's avatar
    nikworks_369744
    Icon for Nimbostratus rankNimbostratus
    Aug 14, 2018

    here

    ltm persistence cookie encryptedcookie {
    app-service none
    cookie-encryption required
    cookie-encryption-passphrase XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    cookie-name encryptedcookie
    defaults-from cookie
}

 tmsh list /ltm persist cookie testAPP
ltm persistence cookie testAPP {
    always-send enabled
    app-service none
    cookie-encryption disabled
    cookie-name none
    defaults-from cookie
    expiration 0
    method insert
    override-connection-limit disabled
}