For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

U_franco_117956's avatar
U_franco_117956
Icon for Nimbostratus rankNimbostratus
Jan 22, 2014

LTM tries to persist to pool member down

Hi. We need help to troubleshoot this curious behavior in our ltm guest on Viprion 2400. We are noticing high cpu utilization on ltm guest when web administrators deactivate HTTP service in one of ...
application delivery
devops
iRules
persistence
U_franco_117956's avatar
U_franco_117956
Icon for Nimbostratus rankNimbostratus
Jan 22, 2014

Hi.

 

Thanks a lot for your responses.

 

We can´t ditch the irule because we need it to maintain HTTP-to-HTTPS persistece. Built-in persistence doesn´t implement match across services option, that is the reason we use this irule.

 

Our monitor is not aggresive. It is an HTTP monitor testing in 15 sec. steps

 

Action on service down option is configured with default value none. Perhaps we had to try with Reselect, Am I wrong??

 

Thanks

 

  • BinaryCanary_19's avatar
    BinaryCanary_19
    Historic F5 Account
    Jan 23, 2014
    Correct me if I'm wrong. [thought adventure] Cookie persistence encodes the selected pool member into the cookie value. The client presents this cookie to the server each time it makes a request, the Bigip decodes this and sends the request to the pool member found. Browsers send this cookie whenever they are making a request to a site with the same domain name. https only modifies the scheme, not the domain name. ------- I would be very surprised if cookie persistence needed any "modification" in order to match across services. I think it should, as long as the domain name remains the same. But I'd have to test to know for sure.
  • U_franco_117956's avatar
    U_franco_117956
    Icon for Nimbostratus rankNimbostratus
    Jan 23, 2014
    Hi again. Thanks for your response. "Cookie persistence encodes the selected pool member into the cookie value. The client presents this cookie to the server each time it makes a request, the Bigip decodes this and sends the request to the pool member found. Browsers send this cookie whenever they are making a request to a site with the same domain name." Yes, you are right, this is what we were looking for, and irule is working fine. Cookie persistence encodes selected pool member in cookie value. by this way the same pool member is selected when we change from HTTP to HTTPS (HTTP and HTTPS vservers has the same virtual IP and the same nodes) You don´t bear in mind domain name info, We are thinking to remove it. "https only modifies the scheme, not the domain name" I´m not sure about what do want to say to me about it, but domain never is modified. Perhaps our issue is related with this sol10386 http://support.f5.com/kb/en-us/solutions/public/10000/300/sol10386.html We are trying to verify it using propossed workaround. What do you think?? B.R.
  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Jan 23, 2014
    What aFanen01 is trying to say is it does not matter if you call the site using http or https it will persist across services naturally so the iRule is not required. Cookie persistence is independent of protocol in this case. HTTP or HTTPS does not matter, as long as the destination uses the same pool name then the built in cookie persistence will do what you want.
  • U_franco_117956's avatar
    U_franco_117956
    Icon for Nimbostratus rankNimbostratus
    Jan 23, 2014
    Hi Kevin. Perhaps I'm not explaining correctly our config. The question is we configure two virtual servers with te same virtual ip, one of them to terminate HTTP traffic and the other one to terminate HTTPS traffic. Each vserver has a diferent pool, nodes ip addreses are the same, but pool members in each pool are diferent because we have to do backend encryption for HTTPS traffic. So we are not using the same pool for http and https vservers.