Persistence within iRules

Thanks. I'm checking other posts regarding cookie persistence and changing headers.

You should be able to enforce persistence outside the rule by creating a persistence profile of type "cookie" using cookie insert mode and applying it to the virtual server: Click here

 

 

HTH

 

/deb

(Edited previous post to remove warning about OneConnect, it works fine with cookie persistence now...)

 

 

/d

and by now you mean what versions? 9.1.x / 9.2.x ?? Thanks. Good timing on this thread, I'm about to test oneconnect with cookie insert.

I'm glad you asked. I've been doing some poking around on a similar question & have a few more details:

 

 

The way OneConnect works in v9 is somewhat different from v4, and in the earliest implementation (v9.0) we saw some unexpected behavior when combined w/cookie persistence, most of which seems to have been strightened out by the time 9.1 was released.

 

 

Cookie persistence works fine in 9.1 / 9.2, but apparently you MUST have OneConnect enabled to get cookie persistence to work properly /outside/ the context of iRules if connections will be kept alive by either LTM or the client.

 

 

If OneConnect is NOT enabled, the behaviour matches the v4 setting "web aggregate port, web parse first" which means aggregate only for same IP/port combination, and look at only the first request for persistence info. With that configuration, if subsequent requests from the same source submit different persistence cookies, they will be ignored, breaking cookie persistence.

 

 

CR62806 will be incorporated into a future release so the OneConnect profile is not required to use built-in cookie persistence with keepalive connections.

 

 

HTH

 

/deb

THanks for the feedback. We begin adding apps to our testing next week, so I'll watch out for this behavior. We haven't used oneconnect yet.

 

CR62806 will be incorporated into a future release so the OneConnect profile is not required to use built-in cookie persistence with keepalive connections.

 

 

 

Is this referenced to some other CR? It isn't mentioned as open or fixed in the 9.1.2 release notes.

 

 

We are getting random errors where the requests from

 

 

Apache -> F5 -> Application Server

 

 

are received by the F5 but not sent on to the application with oneconnect enabled, and have so far been unable to reproduce with oneconnect off.

Hey citizen,

 

 

I'm not sure about the errors you're seeing with OneConnect enabled, but...

 

 

Here is a bit more detail on the issue/request:

 

 

---------------------

 

You must use a OneConnect profile or an iRule to do "cookie persistence" for each cookie in a keep-alive session. If OneConnect or a iRule is not used, the keep-alive request is persisted to the node that was specified by the cookie in the first HTTP request in the keep-alive session. Any subsequent cookies are ignored.

 

 

Request: The customer would like to have this feature be included in the cookie persist profile. They do not want to enable OneConnect or use an iRule to achieve the per request cookie persistence.

 

---------------------

 

 

It doesn't look like CR62806 will make it into 9.4 (or any prior version) according to the notes in the CR.

 

 

If it's a fix you'd like to see included sooner or you want more detail on the issue, I'd contact support and ask to have them attach your case to the CR.

 

 

Aaron

so as long as I am only inserting one cookie per virtual, I'm ok without oneconnect?

Hey citizen, I just saw your question upon looking at this post again.

 

 

If you you're still wondering, the scenario in CR62806 is that requests from multiple clients are coming over the same TCP connection (as when a proxy opens a single TCP connection to a VIP). So a OneConnect profile is needed in order for the same persistence cookie to be parsed looking for different values (from user1 versus user2 for example).

 

 

Aaron