Forum Discussion
Persitence via Xfor
Hello, I have a problem with the balancing of some systems. In the diagram below you can see the current balancer configuration.
Internet --> FrontEndF5 --> SecureProxy --> BackEndF5 --> Ohs-Pool --> BackEndF5 --> PortalServer-Pool
What I would like to achieve is to be able to balance the servers in the Ohs-Pool and the servers in the PortalServer-Pool using the Xfor field. From the logs I can see that the HTTP::header field "X-Forwarded-For is valid, but the iRule I created seems not to work and I get an error from the web portal.
My iRule:
when HTTP_RESPONSE {
if { [HTTP::header "X-Forwarded-For"] } {
persist add uie [HTTP::header "X-Forwarded-For"]
}
}
when HTTP_REQUEST {
if { [HTTP::header "X-Forwarded-For"] } {
persist uie [HTTP::header "X-Forwarded-For"]
}
}
Hello,
You seem to be using the article https://support.f5.com/csp/article/K7392 but you have not added the "exists" keyword. Also take a look at https://community.f5.com/t5/technical-forum/enable-source-ip-persistence-based-on-x-forwarded-ip-info/td-p/98748 as many people had the same idea.
I will also suggest if you still see issues to try adding One Connect profile under the VIP as described in https://support.f5.com/csp/article/K7964 and also test CARP persistance if needed https://support.f5.com/csp/article/K11362 .
Hello,
You seem to be using the article https://support.f5.com/csp/article/K7392 but you have not added the "exists" keyword. Also take a look at https://community.f5.com/t5/technical-forum/enable-source-ip-persistence-based-on-x-forwarded-ip-info/td-p/98748 as many people had the same idea.
I will also suggest if you still see issues to try adding One Connect profile under the VIP as described in https://support.f5.com/csp/article/K7964 and also test CARP persistance if needed https://support.f5.com/csp/article/K11362 .
- rosarraAltocumulus
Thank you Nikoolayy for your prompt reply.
I've modified the iRule and now seems to work better. But now I often receive the Page expired message. Could be that I've to enable the OneConnect Profile?
Thank you again.
- JRahmAdmin
The last paragraph in my article on oneconnect in relation to HTTP:
"Without OneConnect on a virtual server with HTTP, you will find that persistence data does not appear to be honored. This is because by default, the BIG-IP system performs load balancing for each tcp connection, not each HTTP request, so further requests on the same client-side connection will follow suit from the original decision. By applying OneConnect to the virtual, you effectively detach the server-side from the client-side connection after each request, forcing a new load balancing decision and using persistence information if it available."
I also have a lightboard lesson on oneconnect, hope this helps...
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com