For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sosabsd_111766's avatar
sosabsd_111766
Icon for Nimbostratus rankNimbostratus
May 05, 2014

Persist connection or session on F5 (where client /server both do not have cookies or session management

hi our client and Server both don't have session management or cookies , but we want to have permit between then. our traffic load can be 5000 Transection /sec   plz find below the request / res...
application delivery
deployment
devops
iRules
LTM
oracle
nitass's avatar
nitass
Icon for Employee rankEmployee
Jun 08, 2014

if session id always presents in a request and format is fixed, may we collect payload, extract the session id and persist on it?

e.g.

 config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 41
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  if {[HTTP::method] eq "POST"}{
    if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{
      set content_length [HTTP::header "Content-Length"]
    } else {
        set content_length 1048576
    }
    if { $content_length > 0} {
      HTTP::collect $content_length
    }
  }
}
when HTTP_REQUEST_DATA {
  set sessionid [findstr [HTTP::payload] CE_ 0 15]
  persist uie $sessionid
}
}

 test

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(44802) <-> 172.28.24.10(80)
1402233272.6457 (0.0038)  C>S
---------------------------------------------------------------
POST / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
Content-Length: 33
Content-Type: application/x-www-form-urlencoded

bhabhabhaCE_101253524257bhabhabha---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(44802) <-> 200.200.200.101(80)
1402233272.6744 (0.0271)  C>S
---------------------------------------------------------------
POST / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
Content-Length: 33
Content-Type: application/x-www-form-urlencoded

bhabhabhaCE_101253524257bhabhabha---------------------------------------------------------------

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records all-properties
Sys::Persistent Connections
universal - 172.28.24.10:80 - 200.200.200.101:80
------------------------------------------------
  TMM           1
  Mode          universal
  Value         CE_101253524257
  Age (sec.)    8
  Virtual Name  /Common/bar
  Virtual Addr  172.28.24.10:80
  Node Addr     200.200.200.101:80
  Pool Name     /Common/foo
  Client Addr   172.28.24.1
  Owner entry

Total records returned: 1

by the way, initially i was thinking to use stream profile/irule but it seems persist uie command does not work in STREAM_MATCHED.