how to realized some clients persistence acording to source ip, but their src ip are not in one subnet?

anybody can answer me? if we resolve the problem, f5 will get a big deal about 500K $, pls give me a help.

First, one alternative: Instead of having everybody connect to the same VIP, could they possibly connect to three different VIPs (i.e. group1 uses a different VIP than group2 which uses a different one from group3)? If so, you can change your virtual server to listen on a network and use destination address affinity.

 

 

If that won't work then it is certainly possible to write an iRule to do custom persistence and group these IPs together as you want. It would not be trivial to write otherwise I'd whip it up for you. Are you a current or potential customer? Where do you live? Definitely contact your F5 systems engineer for help.

If using separate virtual servers isn't an option, you could create a datagroup for each set of client IP addresses. You could then use an if/elseif/else to find which datagroup the client is a part of. You could then use 'persist uie' with an alias for the particular datagroup the client is a part of to use the existing persistence record or have a new record created automatically once a load balancing decision is made.

class group1 {
   host 10.1.1.1
   host 192.168.1.1
   host 172.16.1.1
}

class group1 {
   host 10.1.1.2
   host 192.168.1.2
   host 172.16.1.2
}

class group1 {
   host 10.1.1.3
   host 192.168.1.3
   host 172.16.1.3
}

when CLIENT_ACCEPTED {
    check to see if client IP is in one of the datagroups
   if {[matchclass [IP::client_addr] equals $::group1]}{
       client IP is in first datagroup, use existing persistence record or create a new one
      persist uie "group1"
   } elseif {[matchclass [IP::client_addr] equals $::group2]}{
    check to see if client IP is in the second datagroup
       client IP is in second datagroup, use existing persistence record or create a new one
      persist uie "group2"
   } elseif {[matchclass [IP::client_addr] equals $::group3]}{
    check to see if client IP is in the second datagroup
       client IP is in third datagroup, use existing persistence record or create a new one
      persist uie "group3"
   } else {
       client IP is not defined in any datagroup, so take some default action
       or perhaps just use source address persistence?
   }
}

If you have more than a few datagroups, you could replace the if/elseif/else with a loop to go through each datagroup by name.

Note that I didn't test this rule but hopefully it gives you some direction.

Aaron

[edited the rule description...]

Nice job, hoolio. Very creative use of univeral persistence.

If the match will always be on single IPs rather than subnet ranges, a slight refinement might offer better performance & scalability:

when CLIENT_ACCEPTED {
    check to see if client IP is in one of the datagroups
   set group [findclass [IP::client_addr] $::groups]
   if { $group != "" }{
       you can either specify the timeout value here or apply the iRule
       under a universal persistence profile and specify timeout there
      persist uie $group 500
   } else {
       client IP is not defined in any group, so take some default action
       or perhaps just use source address persistence?
   }
}

class groups {
   10.1.1.3 group1
   192.168.1.3 group1
   172.16.1.3 group1
   10.1.1.2 group2
   192.168.1.2 group2
   172.16.1.2 group2
   10.1.1.3 group3
   192.168.1.3 group3
   172.16.1.3 group3
}

Regardless of which version you use, you'll also either want to add a timeout to the "persist uie" command or be sure this rule is applied under a persistence profile of type "universal" to make sure stale persistence entries are reaped, otherwise you run the risk of memory exhuastion over time.

/deb