Forum Discussion
NimbostratusPersist connection or session on F5 (where client /server both do not have cookies or session management
hi our client and Server both don't have session management or cookies , but we want to have permit between then. our traffic load can be 5000 Transection /sec
plz find below the request / response sample common text is the (SS1_3011813101)
Reserve:
tel:xxxxxxxxxxx 310 50,31763/21,,31763,3,-2,,crm_instance,,,,SS1_3011813101,1,SLC,,SPI-Timebased-5050-1-Continuous donation
corresponding Charge:
SS1_3011813101 310 50,31763/21,,31763,3,-2,,crm_instance,,,,SS1_3011813101,1,SLC,,SPI-Timebased-5050-1-Continuous donation SS1_3011813101
or corresponding Release:
SS1_3011813101
4 Replies
Hi Sosa. It is difficult to tell if BIG-IP can persist connections for your application or not.
The BIG-IP does have a Universal Persistence option, which is a persist table entry based on user defined values in the payload data. Here is an overview of the Universal Persistence:
http://support.f5.com/kb/en-us/solutions/public/7000/300/sol7392.html?sr=37123366
The best way to use this, is to find a unique value in the client side or server side data stream for EACH tcp connection as it is created on the BIG-IP. I see from your request/response examples, that it appears there might be some unique client/server pairs of data in the "SSI" values. However, without a complete packet trace, it is impossible to tell from your posting.
You also have to be mindful, that persist will only help you on BIG-IP if your application can run multiple transactions down the same TCP connection to the same server ( which is the whole point of persistence ). If the tcp connection is torn down after each transaction, you don't even need persistence because it won't be used after the first transaction.
If you can provide additional client>big-ip>server traffic details, both at the tcp and application levels, then perhaps we can look at the payloads and see if we can find a unique value to persist on.
Thanx,
Chris.
sosabsd_111766hi thanks for reply , plz find below the complete details of our CASE. you can download the file:https://www.dropbox.com/s/i7nh4znfedzz57l/F5-Data-01.rar
- nitass
Employee
if session id always presents in a request and format is fixed, may we collect payload, extract the session id and persist on it?
e.g.
config root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 41 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when HTTP_REQUEST { if {[HTTP::method] eq "POST"}{ if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } if { $content_length > 0} { HTTP::collect $content_length } } } when HTTP_REQUEST_DATA { set sessionid [findstr [HTTP::payload] CE_ 0 15] persist uie $sessionid } } test [root@ve11a:Active:In Sync] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.24.1(44802) <-> 172.28.24.10(80) 1402233272.6457 (0.0038) C>S --------------------------------------------------------------- POST / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.24.10 Accept: */* Content-Length: 33 Content-Type: application/x-www-form-urlencoded bhabhabhaCE_101253524257bhabhabha--------------------------------------------------------------- New TCP connection 2: 200.200.200.14(44802) <-> 200.200.200.101(80) 1402233272.6744 (0.0271) C>S --------------------------------------------------------------- POST / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.24.10 Accept: */* Content-Length: 33 Content-Type: application/x-www-form-urlencoded bhabhabhaCE_101253524257bhabhabha--------------------------------------------------------------- root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records all-properties Sys::Persistent Connections universal - 172.28.24.10:80 - 200.200.200.101:80 ------------------------------------------------ TMM 1 Mode universal Value CE_101253524257 Age (sec.) 8 Virtual Name /Common/bar Virtual Addr 172.28.24.10:80 Node Addr 200.200.200.101:80 Pool Name /Common/foo Client Addr 172.28.24.1 Owner entry Total records returned: 1by the way, initially i was thinking to use stream profile/irule but it seems persist uie command does not work in STREAM_MATCHED.
Hi Sosa, now that I have looked at your capture, I see these are XML/Soap calls. There is already a DevCentral post with some ideas on how to do this, here:
https://devcentral.f5.com/questions/soap-sessions
Unfortunately, there is not an actual example iRule in the post, but the links to the Support article do. I think if you mix the XML parsing with the Persist command in an iRule, you should be able to accomplish what you are looking for with the universal persistence records.
I'll also comment, if I may, that it appears that you have the user phone number in one XML element, and the user session key in another element. I would suggest that for future development ( and traffic management ) simplicity, you consider moving/adding user-specific data to HTTP headers, which are much more easily accessible to other systems ( that don't have XML parsing ). If this data is sensitive, you could always encrypt it with SSL. Just an idea for your dev team :-)
Hope this is helpful and good luck !
-Chris.
