Forum Discussion
CirrusPersistence using source IP and source port
The end-user is coming from internet and get terminate in TMG. Then the TMG will initiate a new connection to internal loadbalancer. There are 3 TMG(external) and 10 CAS servers internally.
Due to source IP based stickiness the load is not getting redistributed equally in internal loadbalancer.
Is there is any possibility(using irule) to do persistence based on source IP and source port?
Appreciate your help on this.
Note: SSL offloading is feasible & persistance based on SSL ID is not working as expected.
2 Replies
Source ports are not suitable for connection stickyness because clients will create many connections, each with a different port. SSL session IDs, same thing, the client will create many.
Source address should be used. You will see some imbalance, especially with a small number of connections but overall the problem should be negligible. The actual trouble may be that the downstram load balancer is confused by a source NAT. try disabling source NAT on both devices.
Kannan_Thalaia1Hello Thompson,
Eventhough if we use NO SNAT since 2nd connection initiated by TMG, the internal loadbalancer only see the TMG server IP and not Internet client IPs.
The communication flow is like below.
Ist connection:(https) Internet (office365) --> External VIP --> Cisco ACE --> TMG server pool with 4 servers (external Interface).
2nd Connection:(https) 4 TMG servers (internal interface) --> Internal VIP -->F5 LTM --> CAS server pool with 10 servers.
If we use persistence only with source IP, only 4 CAS server will get most of connection (due to 4 TMG servers).
SSl offload & Session based cookie is not recommended solution for office365.
Is it possible to use a irule which take source IP and source port and do the persistence?
Thanks in advance.
