Session Lookup not working?

Are you sure the SSL::sessionid is returning the same value? You may want to add some debugging log statements to confirm that.

Ok, then. Are you sure you have a value in $ssl_cert when you add it to the table? Maybe you should log that next.

 

 

Basically, I do not know of any outstanding issues with the session table not working. Of course, that doesn't mean there isn't a bug, just that it would be kind of rare since nothing has changed in that area for a while now and I know others have been using the session table with no isssues.

Yea, I checked that, there is a value in $ssl_cert.

 

 

Maybe I should tell you that we were in the process of converting this LTM into an Active-Active system, and had an actual F5 guy here onsite. (which we/he never got working.) He installed a debugging module and now, none of the session data is being retained. We have since, changed them back to Stand-alone boxes to see if that would fix it, but no avail.

 

 

Thanks again for the responses!

 

 

Steve

Sounds like you should open a support case as this should be working. We may want to collect some tcpdumps and configuration information for further analysis here to determine why it's not working.

 

 

There shouldn't be any difference when running the debug module as far as rule processing goes. To disable the debug module, switch the /bin/tmm link from tmm.debug back to tmm.default and do a bigstart restart tmm.

 

Oh, I did forget to mention, the session table is currently not mirrored between pairs, so hopefully you are getting both those connections on the same device... I had assumed those log entries where from the same device, but I don't know for sure.

ok, tmm was already linked to tmm.default. By "device" you mean the F5 box itself? or interface? We have the boxes running indpendently now. (no failover cable and no virtual servers on the other box)

Yup, by device I meant the BigIP itself.

Hey I got some more time to research this some more... it seems that the cert is not being retrieved within the CLIENTSSL_CLIENTCERT function itself:

when CLIENTSSL_CLIENTCERT {
  set ssl_cert [SSL::cert 0]
  set id [SSL::sessionid]
  session add ssl $id $ssl_cert 90
  set cert11 [session lookup ssl $id]
  if { $cert11 equals "" } {
    log "AAAGH - no cert in CLIENTSSL-CLIENTCERT!!!"
  }
}

I am terminating SSL at the BIG-IP, and performing non-SSL to the back-end. If I monitor the persistence records (under Statistics) it appears to be making an entry in the SSL table, just no value being inserted.

Any ideas on what could be causing this ?

Thanks,

Steve

Just wanted to let everyone know, that we figured out the problem. Seems as tho a patch Image that was installed on the box by our F5 rep was the cause of the problem above.

 

 

We had to re-install from CD, and everything started working wonderfully again.

 

 

Thanks for all the help!

We have the same problem with the session table ever since we migrated from 9.1.0 to 9.1.1. The iRules that we had in 9.1.0 stopped working and were causing the BigIP to be rebooted/reset. We determined the line causing it was the "add session". We found a problem that seemed to be related (CR57247) on Dev Central. However, even when one of the work-arounds was applied and the add session worked, the lookup always retreived nothing. It seems like the session table isn't even there - maybe the work around is just luck ? (We were thinking there was an overlay on the add causing the reboot.) Is there some setting we need to turn on (maybe we were lucky it worked before) ? Where is the session table documented ? We did not find it in the LTM config guide.

 

 

Thanks for any assistance you can provide.