Forum Discussion
Sumanta_88744
Jun 09, 2016Cirrus
Persistence profile - How will I use source address affinity based load balancing?
Hi Experts
How will I use source address affinity based persistence profile across different pools having different IP but same port? For example there are two virtual server 1.1.1.1:80 and 2.2.2.2...
- Jun 11, 2016
Don't worry, it's a common scenario for me.
Just pay attention that the upstream proxy insert the "X-Forwarded-For" header, or maybe another one "True-Client-IP" or even "X-Client-IP".
If you are just nating using a firewall, I think that the header is not inserted.
I add this peace of code in the example :
set clientip [IP::client_addr]
because you may have situation where there is no "X-Forwarded-For" in the request, so that we can persist also in this scenario.
Yann_Desmarest_
Nacreous
Yes that's possible. Below an example that you may need to adapt to fit your needs :
when HTTP_RESPONSE {
persist add uie $clientip
}
when HTTP_REQUEST {
set clientip ""
if { [HTTP::header exists "X-Forwarded-For"] } {
set clientip [HTTP::header "X-Forwarded-For"]
} else {
set clientip [IP::client_addr]
}
persist uie $clientip
}
Sumanta_88744
Jun 11, 2016Cirrus
Hi Yann
Thanks for your help on this. Please note that in my case, client IP in incoming session traffic to F5, represents a single IP NAT-ed to different source IPs. For example, different PCs using DHCP enabled IP addresses behind a firewall, but with single public IP, from the firewall.
So, the IP header has single IP, but the http XFF header will have different client IPs. Will this at all work? I haven't come across such a complex scenario before.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects