Forum Discussion
Adam1g_232101
Nimbostratus
NimbostratusSession Persistence with more IP addresses
Hi,
We have configured client persistence based on X-Forwarded-For header (to support WAF which forwards data to F5), and it works pretty well, but in persistence entries I see that some of them are with more than one IP address:
universal 192.168.xx.xx, 83.15.xx.xx, 128.xx.xx.xx 10.1.xx.xx:80 10.1.xx.xx:80 (tmm: 1)
It seems like WAF add more than one IP address to XFF header. Somebody knows which address F5 uses to persist session in such example?
We have BIG-IP 11.5.0
3 Replies
Dvirus_297774Altocumulus
I think this is the solution for you:
 
https://devcentral.f5.com/s/articles/xff-universal-persistence-irule
 
Summary:
 
you should create universal persistence profile -> config it with this iRule will take the first IP in case there is multiple IPs:
 
Name: persist_xff_uie To be used with UIE Persistence Profile Checks HTTP Request for 'X-Forwarded-For' header and if exists takes the first 'X-Forwarded-For' IP address as sets as Persist identifier. If the 'X-Forwarded-For' header does not exist then the client IP address is set as Persist identifier. when HTTP_REQUEST { if {[HTTP::header X-Forwarded-For] != ""} then { persist uie [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0] } else { persist uie [IP::client_addr] } }Good luck!
 
Adam1g_232101This is much about what we have done. And it works.
But my question was: if somebody knows how F5 treat more than one IP address in case of session persistence? Example:
universal 192.168.xx.xx, 83.15.xx.xx, 128.xx.xx.xx 10.1.xx.xx:80 10.1.xx.xx:80 (tmm: 1)- Stanislas_Piro2
Cumulonimbus
Hi,
in case of universal persistence,
is a string, not IP address. so if this is the same string on next request, it will use the same pool member, else, it will load balance to new member.192.168.xx.xx, 83.15.xx.xx, 128.xx.xx.xx
