Persistence using Source IP and PORT

Question

I have a requirement where clients log into a terminal server farm and initiate https requests to VIP on BIG-IP, and need to persist users based on their source IP and PORT.  Currently, it is not possible to off load SSL to BIG-IP and using the Source IP option, there is a fare amount of "clumping".  &nbsp;
&nbsp;Is there any plan to add SourcePort (with SourceIP) as a parameter to persistence method, or would it be possible by parsing IP header? (using Universal Persistence)&nbsp;
&nbsp;Thanks.&nbsp;
&nbsp;John

kai_wilke · Answer

Hi Joey,
since v10, I wouldn't recommend to use persist UIE "[IP::client_addr]:[TCP::remote_port]" anymore. 
Using a CARP based algorythm for this specific scenario would be far more elegant now, since CARP doesn't need to store a session table record for each single client_ip:port combination and doesn't have to remember any timeouts.
when CLIENT_ACCEPTED {
    persist carp "[IP::client_addr]:[TCP::remote_port]"
    pool xyz_pool
}

Cheers, Kai

Forum Discussion

Persistence using Source IP and PORT

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Requirement for BIG-IQ VM Deployment in AWS

Can't change sync type or failover after tenant upgrade.

Cannot ping external interface

How can k8s CIS CRD VirtualServer reference existing APM Access profile?

F5 asm/awaf

Related Content

F5 XC – Persistence and Resiliency pt. I (persistence)

source address persistence maximum session timeout

Phishing, Malware, Breach and Open-Source Security

SSL Orchestrator Advanced Use Cases: Outbound SNAT Persistence

Persist using a string in an HTTP URI

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS