Persistence Cookie iRule not working as desired

this is mine. is there any different?

[root@iris:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.17.33:http
   ip protocol tcp
   rules myrule
   persist cookie
   profiles {
      http {}
      tcp {}
   }
}
[root@iris:Active] config  b pool foo list
pool foo {
   members 10.10.70.110:http {}
}
[root@iris:Active] config  b profile cookie list
profile persist cookie {
   mode cookie
   mirror disable
   cookie mode insert
   cookie name none
   cookie expiration immediate
   cookie hash offset 0
   cookie hash length 0
   rule none
}
[root@iris:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
        persist cookie insert "cookieirule"
}
}

[root@iris:Active] config  curl -I http://172.28.17.33/
HTTP/1.1 200 OK
Date: Wed, 02 Nov 2011 08:50:42 GMT
Server: Apache/2.0.59 (rPath)
Last-Modified: Sat, 11 Jun 2011 00:31:47 GMT
ETag: "667a-67-cfb682c0"
Accept-Ranges: bytes
Content-Length: 103
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Set-Cookie: cookieirule=1850083850.20480.0000; expires=Wed, 02-Nov-2011 17:43:31 GMT; path=/

nitass- you dot have multiple pools like I have in the iRule. But I understand that you have a default persistence cookie profile which does not have unique name and then you specify a cookie name in iRule. According to my situation you should be seeing 2 cookies, one which has the default cookie name BigipServerpool and the second cookieirule. But you are seeing only one, which is desired.

 

 

Do you see nay explicit error in my iRule?

 

 

I

Hi,

 

 

please try this.

 

 

if { [HTTP::path] equals "/api/v1/sendpinajax" } {

 

pool MM-MEP

 

persist none

 

persist cookie insert "MM-MEP-SENDPIN"

 

}

 

}

 

 

Regards

 

Kurt Knochner

 

 

Do you see nay explicit error in my iRule? i don't see any suspicious in the irule. have you tried Kurt's suggestion? how is it?

 

 

by the way, would it be possible to paste output of curl command?

nitass- this is what I see in curl

 

curl -lv http://172.19.11.73/api/v1/sendpinajax

 

* About to connect() to 172.19.11.73:80

 

* Connected to 172.19.11.73 (172.19.11.73) port 80

 

> GET /api/v1/sendpinajax HTTP/1.1

 

User-Agent: curl/7.10.6 (i386-redhat-linux-gnu) libcurl/7.10.6 OpenSSL/0.9.7a ipv6 zlib/1.1.4

 

Host: 172.19.11.73

 

Pragma: no-cache

 

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

 

 

< HTTP/1.1 404 Not Found

 

< Date: Thu, 03 Nov 2011 14:26:22 GMT

 

< Server: Apache/2.2.3 (CentOS)

 

< Content-Length: 293

 

< Connection: close

 

< Content-Type: text/html; charset=iso-8859-1

 

< Set-Cookie: MM-MEP-SENDPIN=218764204.20480.0000; path=/

 

 

 

404 Not Found

 

 

Not Found

 

The requested URL /api/v1/sendpinajax was not found on this server.

 

 

 

Apache/2.2.3 (CentOS) Server at 172.19.11.73 Port 80

 

 

* Closing connection 0

 

[aladkani@mmusbox-lx01 aladkani]$ curl -lv http://172.19.11.73/api/v1/processrefund

 

* About to connect() to 172.19.11.73:80

 

* Connected to 172.19.11.73 (172.19.11.73) port 80

 

> GET /api/v1/processrefund HTTP/1.1

 

User-Agent: curl/7.10.6 (i386-redhat-linux-gnu) libcurl/7.10.6 OpenSSL/0.9.7a ipv6 zlib/1.1.4

 

Host: 172.19.11.73

 

Pragma: no-cache

 

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

 

 

< HTTP/1.1 400 Bad Request

 

< Content-length: 22

 

< Date: Thu, 03 Nov 2011 14:26:53 GMT

 

* Connection 0 left intact

 

* Closing connection 0

 

 

This looks as desired because curl unlike browser is not keeping the session open. The problem is with browsers.

 

 

Now I was following this article to circumvent this issue,

 

http://support.f5.com/kb/en-us/solutions/public/9000/800/sol9815.html

 

 

So according to this KB if I use default cookie name BIgipServer, this confusion with cookie persistence while pool jumping will not happen.

 

 

BUT, i have one url for which I am doing persist none. I want to know what happens to that in this case. In short user goes to url /blah1 which has persistence gets cookie BigipServerBLAH1, and then if it goes to url /blah2, which has persist none in the profile, what happens there. I do not think persist none will make the browser drop cookies.

 

 

Also I cannot try what Kurt said, doing persist none and then cookie insert because what if the user goes back to the pool where default cookie is used. I am not sure if I am explaining my case properly here.

 

 

I really appreciate the time you guys have put in replying.

 

I do not think persist none will make the browser drop cookies.

 

 

No, that's not possible, but it will tell the LB to ignore any persistency records for that connection.

 

 

BUT, i have one url for which I am doing persist none. I want to know what happens to that in this case. In short user goes to url /blah1 which has persistence gets cookie BigipServerBLAH1, and then if it goes to url /blah2, which has persist none in the profile, what happens there. I do not think persist none will make the browser drop cookies.

 

 

Well, if you set the cookie for /blah2 it will be valid for the whole domain (I'm not sure if the LB will take care of the path argument in a cookie). So, the cookie set for /blah2 will also be sent (by the browser) for /blah1 and the LB will use the persistence information stored in that cookie, EXCEPT you tell it to ignore persistency for /blah1 by using "persist none". I think I misinterpreted your frist request and iRule.

 

 

Also I cannot try what Kurt said, doing persist none and then cookie insert because what if the user goes back to the pool where default cookie is used. I am not sure if I am explaining my case properly here.

 

 

I think the iRule in your first post is not telling the whole story, and I believe we need some examples (URLs) and descriptions what the LB should do in those cases.

 

 

Regards

 

Kurt Knochner

Kurt, this is the current iRule

 

 

when HTTP_REQUEST {

 

if { [HTTP::path] equals "/api/v1/sendpinonceoff" } {

 

HTTP::path /sendpinonceoff

 

pool MM-MEPD

 

}

 

if { [HTTP::path] equals "/api/v1/verifypinonceoff" } {

 

HTTP::path /verifypinonceoff

 

pool MM-MEPD

 

}

 

if { [HTTP::path] equals "/api/v1/processrefund_status" } {

 

HTTP::path /processrefund_status

 

pool MM-MEPD_Deliver

 

}

 

if { [HTTP::path] equals "/api/v1/processrefund" } {

 

HTTP::path /processrefund

 

pool MM-MEPD_Deliver

 

}

 

if { [HTTP::path] equals "/api/v1/sendpinajax" } {

 

log local0. "[IP::client_addr]:[TCP::client_port]: this is the path [HTTP::path] "

 

HTTP::respond 200 content "HTTP path [HTTP::path]\n\n"

 

HTTP::path /sendpinajax

 

pool MM-MEP

 

persist cookie insert "MM-MEP-SENDPIN"

 

}

 

}

 

 

Now this Virtual Server so far has non default persistence profile. And as you see depending on the urls in irule we decide on the pool.

 

 

Now our site will start hosting 2 new API calls which will have specific urls, For thise calls we need persistence. To add persist cookie command in the iRule I need to add a default cookie profile on Virtual server.

 

 

This starts the chaos. After adding default profile I will have to add "persist none" for all urls in this current irule..correct?

 

 

Then for the other 2, I can have the default persistence profile take care of the persistence as they will use same pool to server api call.

 

 

This is the background.

 

 

Thanks again.

In the irule that I have posted above do not consider this part,

 

 

if { [HTTP::path] equals "/api/v1/sendpinajax" } {

 

log local0. "[IP::client_addr]:[TCP::client_port]: this is the path [HTTP::path] "

 

HTTP::respond 200 content "HTTP path [HTTP::path]\n\n"

 

HTTP::path /sendpinajax

 

pool MM-MEP

 

persist cookie insert "MM-MEP-SENDPIN"

 

}

 

 

have not added that yet in production. This is just for testing.

To add persist cookie command in the iRule I need to add a default cookie profile on Virtual server.

 

Not necessarily. You can use "persist cookie" only for those URLs.

 

This starts the chaos. After adding default profile I will have to add "persist none" for all urls in this current irule..correct?

 

 

Not necessarily. See above.

 

Then for the other 2, I can have the default persistence profile take care of the persistence as they will use same pool to server api call. This is the background.

 

Let's do it the other way round. Just use "persist cookie insert xxxxx" for those api urls.

 

 

That "should" work, UNLESS the client uses HTTP 1.1. The reason: persistency works for TCP connections. If a client uses HTTP 1.1 it might use the same TCP connection for several HTTP requests. In your example: one request to the new api, which will be persisted and another request to something, which will be persisted as well, as it's the same TCP connection. In that case a ONECONNECT profile might help, as that will de-multiplex the client request. However I'm not sure if persistency will be handled appropriately with ONECONNECT. Please try that.

 

 

Regards

 

Kurt Knochner

 

Kurt,

 

 

If you add persist cookie in iRule for Virtual Server which does not have a default persistence profile, you get this error

 

 

01070372:3: Persistence mode (Cookie) called out in rule (MEP_rewrite_v2) requires a corresponding persistence profile for virtual server (MM-MEP-HTTP).