Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Matt_Breedlove_'s avatar
Matt_Breedlove_
Icon for Nimbostratus rankNimbostratus
Jun 24, 2009

single VS distributing new connections across multiple pools with persistence

We have a single VS in standard mode with 2 pools of servers. Each pool contains different servers. VS has cookie insert persistence with named cookie and a 17min timeout. Goal is to have ...
application delivery
dev
devops
irules
Matt_Breedlove_'s avatar
Matt_Breedlove_
Icon for Nimbostratus rankNimbostratus
Jun 25, 2009
So to clarify, can the rule be simplified even further?

I already have a persistence profile set for HTTP Cookie Insert with cookie name set to "FOO"

My understanding of this named cookie is that if the user has no cookie set (first entry) then the irule will pool that user to one of the pool's and that user will have a persistence record set for that pool...that is until the irule chooses a different pool (killing the persistence cookie) or the member gets marked down (also killing the persistence cookie)

So with a named cookie each unique user session can have only a single instance of the persistence cookie...either pointing at pool1 or pool2.

Joe could have FOO persistence cookie pointing his requests at pool1/member4, while at same time Paul could have FOO persistence cookie pointing his requests at pool2/member1.

Each time a user changes pools via iRule pool command then a fresh member is selected and the user is then persisted there. Is all that correct?

I would like to rely on the persistence profile in the VS to set the cookie and then just look for the presence of that cookie by name in the irule. If its not there, then I know its a new connection and I can select any pool for them. If it is there, I just want to send them along to that same pool and member referenced by the cookie and terminate irule processing.

My assumption is that if the persistence profile is activley inserting a cookie, then in the iRule I can just persist passivley on that cookie name just like if a webserver had inserted it. Correct? 

   
    
 when RULE_INIT {   
 set ::cnt 0   
 }   
 when HTTP_REQUEST {     
     if {[HTTP::cookie exists FOO]}{     
         persist cookie passive FOO   
             This should pass connection along to the   
             pool/member that the client has in the    
             persistence record...irule terminates here   
             just like I did a 'pool' command...correct?   
     } else {   
         incr $cnt   
         if { $cnt = 4000 } {    
              set ::cnt 0   
              pool pool2 New FOO cookie for user inserted via profile 
         } else {    
              pool $pool1 New FOO cookie for user inserted via profile   
         }    
     }     
 }

Thanks for the help and sorry if I am missing a point somewhere
Related Content