Forum Discussion
Ron79_145050
Nimbostratus
NimbostratusHASH Carp Persistence
Hi guys,
I've just configured HASH persistence using CARP Algorithm, as describe in this document:
http://support.f5.com/kb/en-us/solutions/public/11000/300/sol11362.html
I've defined a persistence profile with this options:
Hash Algorithm: CARP
iRule: Select the iRule you created which contains the persist hash command.
Timeout: 0 seconds
This is the iRule:
when CLIENT_ACCEPTED { persist carp [IP::client_addr] }
This Persistence Profile has been applied in a Virtual Server type "Performance Layer (L4)" port UDP.
I've noticed something strange, active connections has increased around 35-40%, is this normal?, using this algorithm active connections have to be higher?
Thanks for your help, Ron
nitassEmployee
And idea where the Hash value is stored is it part of the TCP header, will i be able to see it in a tcpdump?
carp hash is calculated on the fly. it is not kept inside a packet.
AneshCirrostratus
And idea where the Hash value is stored is it part of the TCP header, will i be able to see it in a tcpdump?
- nitass
but my question is when we use HASH CARP where will be the record stored if not in the persistence table?
i understand key (e.g. source ip) and pool member information (e.g. pool member ip and port) are included in the algorithm. if key is same, it will end up to the same pool member. so, it does not utilize persistence table.
- Anesh
Since SSL offloading is not an option for me, i am using Source ip for persistence, but my question is when we use HASH CARP where will be the record stored if not in the persistence table?
- nitass
So i will be able to support an SSL passthrough application which is required to be persisted to a server through a duration of a session with the below config paramteres
i think you had better find what information you want to persist on first. then you find how to configure it.
- Anesh
So i will be able to support an SSL passthrough application which is required to be persisted to a server through a duration of a session with the below config paramteres
- Fast l4 profile, with RST on timeout disabled and loose intiation enabled
- Using HASH CARP persistance.
- nitass
is loose initiation feature availabe on a standard tcp profile?
no, it is only available on fastl4 profile.
- Anesh
is loose initiation feature availabe on a standard tcp profile? and with regard to viprions i think fastl4 profile has a bug
http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14187
- nitass
But if this setting is disabled, will the user face any impact, since a RST packet is not sent?
if reset on timeout is disabled, tcp reset won't be sent but connection entry is still removed from connection table. so, subsequent packet will be reset anyway (since no entry in connection table) unless loose initiation is enabled.
Enabling the Loose Initiation option allows the system to initialize a connection when it receives any TCP packet, rather than requiring a SYN packet for connection initiation.sol7595: Overview of IP forwarding virtual servers
http://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html - Anesh
WOW!!, Thanks for the quick turnaround , Nitass
So if RST on timeout is enabled, The connection will be reset and hence the session will be terminated. But if this setting is disabled, will the user face any impact, since a RST packet is not sent?