nathe
Feb 24, 2012Cirrocumulus
Override default persistence for certain clients
Afternoon all (sorry for the long post).
Background: One RDP VS and associated pool. Two client groups accessing this VS, one from a NATed device, the other one is non-NATed. Default Persistence is msrdp (no session directory so using mstshash cookie).
What's happening: msrdp persistence works fine for the NATed group as the f5 can see the mstshash cookie. For the non-NATed group, because they load the mstsc differently the f5 doesn't see this cookie so cannot persist on this. This is ok as I can't affect this group of clients to make them enter in the credentials in the RDP properties to get round this. I added a Fallback Persistence of Source Address to pick up these clients (as I see their real addresses). Again, this works. However, once I added this Fallback Persistence it affected the msrdp persistence as then all the NATed clients go to the same pool member (cancelling out the Least Members load balancing). b persist pool mypool show all command shows the NATed address as a source addr entry (which I know it does my design so it can be used) but it also shows the msrdp entries too (just that they now all go to the same pool member). This shows that the f5 is still seeing the mstshash cookie.
Requirements: I thought the best step here would be to remove the Fallback Persistence, whilst leaving the Default Persistence as msrdp. I would then create an iRule to deal specifically with the non-NATed clients (who'll have an ip address from a specific subnet), but leaving the NATed ones to the Default Persistence. I also thought it best to check if there's any existing persistence per IP address to make sure this is still persisted correctly.
Overall I think it's a simple requirement and I've checked other posts and come up with a proposed iRule. Would be glad of any advice on whether this is the cleanest iRule or any improvements. I've left the logging in place from other iRules.
when CLIENT_ACCEPTED {
check for existing persistence record
if it exists, directly select node by address:port
set persist "[IP::client_addr]"
log local0. "\$persist = $persist"
set server [session lookup source_addr [list $persist]]
log local0. "\$server =$server"
if {($server != "") && ($port != "")}{
node $server $port
log local0. "persisting [IP::client_addr]:[TCP::client_port] to $server:$port"
} else {
log local0. "no existing source address persistence connection"
}
Check if client IP is in the Network Connect subnet
Log if not
if { [IP::addr [IP::client_addr] not equals xxx.xxx.xxx.0/22] } then {
log local0. "Not a Network Connect IP address"
} elseif { [IP::addr [IP::client_addr] equals xxx.xxx.xxx.0/22] } {
persist source_addr 14400
}
}
Thanks in advance,
N