Forum Discussion
http to https cookie persistence
Creating persistence record based on IP address using custom made irule as specified in the link below, Is there any randomness or variance or uniqueness in the persistence record. input to MD5 or SHA 1 is IP address it can be same for two different clients hitting the same node for the first time. Shall we consider to add randomness in the persistence record? or is it ok.
Please comment
https://devcentral.f5.com/wiki/iRul...tence.ashx
Regards
Insitha
- hoolio
Cirrostratus
Hi Thasin,rule cookie_persist_http_plus_s { Check if there is a cookie and use persistence table if the entry does not exist, loadbalance and create record when HTTP_REQUEST { if { [HTTP::cookie value "bIPs"] ne "" } { persist uie [HTTP::cookie value "bIPs"] set need_cookie 0 } else { set need_cookie 1 } } when PERSIST_DOWN { This event will only work in 11.0+. Ask F5 Support for details on BZ225436 for details. Server that UIE peristence pointed to was down set need_cookie 1 } Calculate CRC32 checksum of the server's IP and store it as a cookie and create persistence record when HTTP_RESPONSE { if { $need_cookie } { HTTP::cookie insert name "bIPs" value [crc32 [IP::server_addr]] path "/" persist add uie [HTTP::cookie value "bIPs"] } } }
rule cookie_persist_http_plus_s { Check if there is a cookie and use persistence table if the entry does not exist, loadbalance and create record when HTTP_REQUEST { if { [HTTP::cookie value "bIPs"] ne "" } { persist uie [HTTP::cookie value "bIPs"] } } Calculate CRC32 checksum of the server's IP and store it as a cookie and create persistence record when HTTP_RESPONSE { HTTP::cookie insert name "bIPs" value [crc32 [IP::server_addr]] path "/" persist add uie [HTTP::cookie value "bIPs"] } }
- hoolio
Cirrostratus
Also, you can open a case with F5 Support to request F5 support persistence across virtuals/services/pools for cookie insert persistence referencing BZ273815. - Mario_Almeida_5
Nimbostratus
Hi Aaron,
As per my understanding crc32 [IP::server_addr] will always give same value for a given string/ip.
What if you need to timeout the session after idle timeout of 10 min?
You have 2 members in a pool and 6 users.
Asume that crc32 value for membes is as follows
member 1 value is 3079cfbf
member 2 value is 1b549c7c
user ->
member1 ->
12 ->
23 ->
14 ->
25 ->
16 ->
2As per above users 1, 3 and 5 will go to member 1 and users 2, 4 and 6 will go to member 2. With respect to this, user 1, 2 and 3 will get their cookie value as 3079cfbf and user 2, 4 and 6 will get 1b549c7c.
As of start all the usres are accessing the site, after a while user 1 having session id as 3079cfbf stops accessing but leaves the browser open. mean while user 3 and 5 having session id as 3079cfbf keep accessing the site. After 15 min user 1 retruns back. In this case having the browser open the session remains same so it will not timeout.
How to handle such a situation?
Mairo
- Michael_Yates
Nimbostratus
Hi Mario, - hoolio
Cirrostratus
This is just for persistence. You want to ensure the persistence record is maintained for at least as long as the user's session. But there shouldn't be any downside to having the persistence record there for longer than a user's session. As you only have one persistence record per pool member, they could stay in the persistence table indefinitely with almost no impact on BIG-IP memory. - Mario_Almeida_5
Nimbostratus
Hi Arron,I have modified the iRule for our application timeout.
====================================================================
when HTTP_REQUEST {
This logs information about the TCP connections on *both* sides of the full proxyset client_remote "[IP::client_addr]:[TCP::client_port]"set client_local "[IP::local_addr clientside]:[TCP::local_port clientside]"Log details for the requestlog local0. "| REQ | $client_remote | $client_local | server_local | server_remote | [HTTP::cookie value ISASESSIONID] | [HTTP::uri]"if { [HTTP::cookie exists "ISASESSIONID"] } {persist uie [HTTP::cookie value "ISASESSIONID"]}}
when HTTP_RESPONSE {
set server_remote "[IP::server_addr]:[TCP::server_port]"set server_local "[IP::local_addr serverside]:[TCP::local_port serverside]"if { ![HTTP::cookie exists "ISASESSIONID"] } {if { [HTTP::cookie "JSESSIONID"] ne "" } {set newCookie [HTTP::cookie value JSESSIONID]HTTP::cookie insert name "ISASESSIONID" value $newCookie path /persist add uie [HTTP::cookie value "ISASESSIONID"]}}log local0. "| RES | $client_remote | $client_local | $server_local | $server_remote | [HTTP::cookie value ISASESSIONID]"}
====================================================================
I use the original weblogin irule from devcentral for jsessionid but it dint work when maintaining persistence from http to https switch.
Actually I am new to iRule. If you can help me to optimise the above irule except the log entry will be great.
- hoolio
Cirrostratus
Hi Mario,
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com