Forum Discussion
passive cookie persistence from iRule
Hi,
I am working on a project related to BIG-IP load balancing multiple FirePass using passive cookie persistence. The passive mode requires a special cookie to be put in the server response header that looks like:
Set-Cookie: BIGipServerFP_pool=4261412874.47873.0000; path=/
From bigpipe, I can generate this string with "b makecookie 10.0.0.254:443", but how can I do it from iRule?
Given a host IP string, say, “10.0.0.254”, how can I convert it unsigned long in network order, say, “4261412874”? Given a port string, for example, “443”, I can use [htons $port] to return the unsigned short in network order.
Thanks,
Jonathan
5 Replies
- Here's some code that will provide the equivalent of the 4.x "b makecookie" command
when HTTP_RESPONSE { set addr "10.10.10.10:80" scan $addr "%u.%u.%u.%u:%u" a b c d e set cookie "[expr ($d<<24)|($c<<16)|($b<<8)|$a].[expr 256*$e].0000" HTTP::cookie insert name "BIGipServerFP_pool" value $cookie path "/" }
-Joe - One more try. The expr will result in a signed long and you probably want the unsigned value. Wrapping the expr with a scan should do the trick:
when HTTP_RESPONSE { set addr "10.10.10.10:80" scan $addr "%u.%u.%u.%u:%u" a b c d e set cookie "[scan [expr ($d<<24)|($c<<16)|($b<<8)|$a] %u].[expr 256*$e].0000" HTTP::cookie insert name "BIGipServerFP_pool" value $cookie path "/" }
-Joe - Hmmm, I would have thought format would have done it:
format returns a string representing the number. Scan returns an integer from the string, so with scan you've got two extra integer->string & string->integer conversions going on...when HTTP_RESPONSE { set addr "10.10.10.10:80" scan $addr "%u.%u.%u.%u:%u" a b c d e set cookie "[format %u [expr ($d<<24)|($c<<16)|($b<<8)|$a]].[expr 256*$e].0000" HTTP::cookie insert name "BIGipServerFP_pool" value $cookie path "/" } - JRahm
Admin
How about the reverse? extracting the 4261412874.47873.0000 string from the cookie and storing the value in a IP:port string for logging purposes? 
hoolioCirrostratus
In case anyone finds this thread when looking for decoding the persistence cookie:
SOL6917 - Overview of BIG-IP LTM cookie encoding for the cookie persistence profile
https://support.f5.com/kb/en-us/solutions/public/6000/900/sol6917.html
iRule example to decode the persistence cookie
http://devcentral.f5.com/wiki/default.aspx/iRules/Persistence_Cookie_Logger.html
Aaron
