Forum Discussion
NimbostratusHow can I get a persistance cookie when a pool member is selected by an iRule?
According to F5 support in SOL14052 when a pool member is selected using an iRule, the BigIP will not insert a persistence cookie, and indeed, I noticed this behavior ever since we started using the rule years ago.
The document suggests, as a workaround, to put the "persist cookie insert" command into the HTTP_RESPONSE event of the iRule. However, when I do this, the cookie is not inserted and I find this in the log:
TCL error: /Common/myrule - Operation not allowed. (line 1) (line 1) invoked from within "persist cookie insert"
If on the other hand I issue the the "persist cookie insert" into the iRule that selected the pool member, no log message is issued but the cookie is not inserted either.
This is the iRule that is selecting the pool member:
when HTTP_REQUEST {
if { [HTTP::uri] contains "server=" } {
set rqsnode [findstr [HTTP::uri] "server=" 7 "&"]
if {$rqsnode == "shop1"} {set entry "ipaddress1:80"}
elseif {$rqsnode == "shop2"} {set entry "ipadress2:80"}
else {set entry ""}
if { $entry ne "" } {
pool mypool member $entry
log "attempting to write persistence cookie."
persist cookie insert
} else {
log "Bad server requested: $rqsnode"
reject
}
} else {
pool mypool
}
My question is: How can I get the persistence cookie when an iRule has selected a pool member?
5 Replies
natheCirrocumulus
Ositim, Don't you need to add cookie name and an expiration after "persist cookie insert"?
ositim_135796not according to this: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip9_2_2config/BIG-IP_9_2_2ltm_guide-14-1.htmlwp1204098- nathe
I see it does mention cookie name but not expiration:
persist cookie [insert | rewrite | passive | hash] [
Perhaps expiration comes in a later version
- nathe
https://devcentral.f5.com/wiki/irules.persist.ashx
From this article looks like the arguments are optional. Mentions you need a persistence profile too on the VS.
- Kevin_Stewart
Employee
Here's a framework that may work for you.
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] starts_with "/public2" } { set the desired pool set this_pool "local-pool" send traffic to pool and specific member pool $this_pool member 10.70.0.3 80 if persistence cookie doesn't exist, set a flag to create one if { not ( [HTTP::cookie exists BIGipServer$this_pool] ) } { set insertcookie [list $this_pool "10.70.0.3" "80"] } } } when HTTP_RESPONSE { if { [info exists insertcookie] } { encode the IP scan [lindex $insertcookie 1] %d.%d.%d.%d a b c d set ip1 [format %02x $a] set ip2 [format %02x $b] set ip3 [format %02x $c] set ip4 [format %02x $d] scan $ip4$ip3$ip2$ip1 %x ip encode the port scan [format %04x [lindex $insertcookie 2]] %2s%2s e f scan $f$e %x port insert the cookie HTTP::cookie insert name BIGipServer[string map {"/Common/" ""} [lindex $insertcookie 0]] value "$ip.$port.0000" HTTP::cookie path BIGipServer[string map {"/Common/" ""} [lindex $insertcookie 0]] "/" unset the variable unset insertcookie } }Based on some logic in the HTTP_REQUEST event, I set a flat (insertcookie) that is picked up in the HTTP_RESPONSE event. Using the following documentation:
sol6917: Overview of BIG-IP persistence cookie encoding
the HTTP_RESPONSE event encodes a persistence cookie the same way the cookie persistence profile would do it so that it's natively picked up and used. You'll need to apply the basic cookie (insert) persistence profile to the VIP. Perhaps the most interesting thing about this method is that you don't have to make any provisions on the request side to persist to a given pool member. The cookie name and value allows it to happen automatically. That said, this method isn't really required. You could have just as easily created your own cookie (with any value) in the response event and handled its return in the request event.
