Forum Discussion
smp_86112
May 07, 2012Cirrostratus
LTM honoring Session Cookie set by another LTM
We have an application which is GTM-enabled, and has virtual servers in two different data centers on two independent LTM pairs (10.2.0). The virtuals are being load-balanced by the GTM with Round Robin. Now the application requires Cookie Persistence to be maintained across LTMs. Both virtuals use Session cookies with the "HTTP Cookie Insert" method.
Based on our testing, it seems that one LTM will honor the session cookie set by another LTM. This makes sense after I decoded the cookie and found that the value of the cookie is simply the address and port of the pool member. We have successfully combined this Cookie behavior with some Priority Activation trickery in an iRule to selectively enable SNAT when a pool member is not local to the LTM.
The question we are asking ourselves is whether or not this supported behavior, is it more of a coincidence that we can take advantage of, or is it something that we are cautioned against using?
- hoolioCirrostratusHi SMP,
- L4L7_53191NimbostratusSMP: this is by design, and is one of the reasons why I love using this method for persistence. It's essentially offloading the persistence record to the client, which means that it's now portable across setups exactly like yours.
- smp_86112CirrostratusL4L7 - long time no speak. Nice to hear from you again.
When a client connection with a cookie referencing a remote pool member comes in, it seems to fire the LB_SELECTED event. So we look at the priority and only SNAT when the member is in the remote data center (i.e. has the lowest priority). We can then use GTM Round Robin load-balancing which gives us the best load distribution, without losing client Persistence.when LB_SELECTED { if { [LB::server priority] == 0} { snat automap } }
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects