Persistence and loadbalancing

You'd have to show us the config of the virtual servers, but have you got http and oneconnect enabled on the virtual server on F51?

no i havent

If I understand you correctly, you have the following configuration:

client - F5 - web tier - F5 - app tier

And that these are separate physical F5s, and that you need to maintain some form of persistence at the app tier, correct? If so, the trick to this is to have something that permeates the first layer to reach the second. This could be something consistent in the payload from the web tier to the app tier (ex. a JSESSIONID), or you could potentially turn off SNAT on the external F5 and use client source address for persistence on the inner tier.

Perhaps if you can explain more, like what kind of persistence you are trying to use at each level, we could help more. Just note - if you want to use any L7 persistence like cookie, you must have http/oneconnect enabled.

@Kevin Stewart : you are right this is the scenario client - F5 - web tier - F5 - app tier I tried the cookie and src persistence in the applica layer with and without persistence in web layer

I think we dont need to persist in web tier , but i tried it , the problem is in all the scenarios we hit the application through the web tier , the session drops while the user browsing the website , sometimes the user been drop while entering the login info and sometimes been droped when he enters the site and try do browse internal links

Test

This is different from our setup where our tier 1 (web) tier is stateful and our tier 2 (web) is stateless, so we don't have this problem, however if you are trying to achieve persistence between the client and the app tier, then unless your web tier is a proxy (in which case it returns cookies from the app tier to the client), then you will need persistence between both client/web and web/app tiers.

FYI if when you say above "I tried the cookie and src persistence in the applica layer", you mean that you have cookie (insert) persistence with source IP fallback persistence, then that means to all intents and purposes that you have source IP persistence (and you nearly always see uneven distribution of load in this case).

sometimes the user been drop while entering the login info and sometimes been droped when he enters the site and try do browse internal links

Are you suspecting this is because of a lack of persistence at the app tier? In any case, it would make sense I think to have persistence at both tiers. The trick is that you have to have some value that comes from the client that gets all the way to the inner F5. So for example, do cookie persistence on the outside, disable SNAT on the outside, and do source address persistence on the inside. This of course assumes that client addresses are stable throughout a session. If that's not the case, then you could potentially create another cookie on the outside F5 and use that in a cookie persistence profile on the inside.

I tried all of these , still , when i use cookie the login fails and in sr persistence

Cookie persistence on the outside VIP will work in terms of keeping you persistent to your web tier. Then, if you need persistence to the app tier, source IP persistence (doesn't matter whether SNAT enabled or not) on the inside VIP will also work (but is not going to necessarily give you even load across the app tier).

If those two combined do not work then it's something outside the F5 that is breaking you. Can't tell you more without more information.

Ideally - your web tier will pass client cookies to the app tier, in which case we can use cookies on both inside/outside which will give you more even traffic distribution.