Forum Discussion
John_Masgalas_4
Nimbostratus
NimbostratusiRule for persistence table entries
We are load balancing 5 terminal servers and using the F5 persistence table to keep track of sessions. We have run into an issue where users that log in from a Linux based rdp client are getting a persistence table entry of username@domain.local. When those same users log in from a Windows rdp client they are getting an entry of just their username. This results in them not always getting sent to the correct server so that they can resume their disconnected session. How could I write an iRule that either strips the domain.local from sessions that have it or adds it to session that do not have it. I would rather strip it from the ones that do. Is this possible and could someone help me out with it? Thanks.
19 Replies
- JRahm
Admin
Sure thing. One note, though. It appears that the cookie only holds 9 characters, so if the username is longer than that, the uniqueness of the user will need to be determined in the first 9 characters. Also, the else wasn't matched to the correct if clause, so I moved it. This should meet both conditions correctly:when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { TCP::collect 25 binary scan [TCP::payload] x11a* msrdp log local0. "Contents after binary scan: $msrdp" if { [string equal -nocase -length 17 $msrdp "cookie: mstshash="] } { set msrdp [string range $msrdp 17 end] set len [string first "\n" $msrdp] if { $len == -1 } { TCP::collect return } if { $msrdp contains "@" } { if { $len > 5 } { incr len -1 log local0. "Data Persisting on: [getfield $msrdp "@" 1]" persist uie [getfield $msrdp "@" 1] } } else { persist uie $msrdp } } TCP::release } 
John_Masgalas_4This works! Thanks elah! Only two questions though. I see that it saves it as universal mode instead of msrdp. Will this affect anything? Also in the persistence settings I have the timeout set for 3 hours. Will this rule affect that? Thanks again!- John_Masgalas_4I verified that it does not hold the persistence for 3 hours. In the original persistence setting I had it set for Mirrored Persistence, 10800 second timeout, and No session directory. How can I set these options in the irule?
- JRahmYes, it will be uie persistence instead of msrdp persistence, but that shouldn't matter. To persist for 3 hours, change the rule to this:
when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { TCP::collect 25 binary scan [TCP::payload] x11a* msrdp log local0. "Contents after binary scan: $msrdp" if { [string equal -nocase -length 17 $msrdp "cookie: mstshash="] } { set msrdp [string range $msrdp 17 end] set len [string first "\n" $msrdp] if { $len == -1 } { TCP::collect return } if { $msrdp contains "@" } { if { $len > 5 } { incr len -1 log local0. "Data Persisting on: [getfield $msrdp "@" 1]" persist uie [getfield $msrdp "@" 1] 10800 } } else { persist uie $msrdp 10800 } } TCP::release } - JRahmOh, and once you get everything working as you like, I'd disable the logging statements if you don't need them for tracking purposes.
- John_Masgalas_4Thanks elah. Will the above rule also set Mirrored Persistence? I think I will leave logging on for a bit just to watch over what happens. Thanks for all your help though. You guys are all great!
- JRahmAs long as you have enabled mirroring on the virtual server configuration you should be fine.
- John_Masgalas_4Thanks you the man!
- JRahmUnRuleY is the man (his code); I just trimmed it up...glad it's working for you.
