Forum Discussion
Bjarne_10209
Nimbostratus
Nimbostratussource addr persistence and member selection across pools
Hi
I am at a customer that have a problem with cookie persitence. I can solve this by using source address affinity persistence instead, but I have question if this can cause a problem in this scenario:
The have one VS, and with iRule clients are send to the right pool based on URI.
They have 5 different pools that the client can be send to. All the pools have the same two members.
If member 1 fails in pool1, but active in all other pools, and if member 2 fails in pool 2, but active on other pools. Will this cause a problem when I enable Match across pools ?
The real question is. Can I use source address affinity persistence even if there are several pools under one VS, and the pools have the same members without causing problems for several users that come from a NAT adr?
Regards
Bjarne
3 Replies
- nitass
Employee
it seems to be okay for me. i am running 10.2.3. please let me know if i missed anything.[root@ve1023:Active] config b virtual bar list virtual bar { snat automap destination 172.28.19.79:80 ip protocol 6 rules myrule persist mypersist profiles { http {} tcp {} } } [root@ve1023:Active] config b profile mypersist list profile persist mypersist { defaults from source_addr mode source addr timeout indefinite } [root@ve1023:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { log local0. "client: [IP::remote_addr]:[TCP::remote_port]" log local0. "host: [HTTP::host]" log local0. "uri: [HTTP::uri]" if {[HTTP::uri] equals "/test1"} { pool foo1 } else { pool foo2 } } when LB_SELECTED { log local0. "pool: [LB::server pool]" log local0. "member: [LB::server addr]" } when LB_FAILED { log local0. "just in case" } when HTTP_RESPONSE { log local0. "server: [IP::remote_addr]:[TCP::remote_port]" } } [root@ve1023:Active] config b persist show all No Persistence Table Entries were found. [root@ve1023:Active] config curl -I http://172.28.19.79/test1 HTTP/1.1 404 Not Found Date: Tue, 06 Dec 2011 05:27:48 GMT Server: Apache/2.2.3 (CentOS) Connection: close Content-Type: text/html; charset=iso-8859-1 [root@ve1023:Active] config Dec 5 21:27:34 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: client: 172.28.19.80:44874 Dec 5 21:27:34 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: host: 172.28.19.79 Dec 5 21:27:34 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: uri: /test1 Dec 5 21:27:34 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: pool: foo1 Dec 5 21:27:34 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: member: 200.200.200.101 Dec 5 21:27:34 local/tmm info tmm[8145]: Rule myrule HTTP_RESPONSE: server: 200.200.200.101:80 [root@ve1023:Active] config b persist show all PERSISTENT CONNECTIONS | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.101:80 age 4sec [root@ve1023:Active] config curl -I http://172.28.19.79/other HTTP/1.1 404 Not Found Date: Tue, 06 Dec 2011 05:28:13 GMT Server: Apache/2.2.3 (CentOS) Connection: close Content-Type: text/html; charset=iso-8859-1 [root@ve1023:Active] config Dec 5 21:27:58 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: client: 172.28.19.80:44903 Dec 5 21:27:58 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: host: 172.28.19.79 Dec 5 21:27:58 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: uri: /other Dec 5 21:27:58 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: pool: foo2 Dec 5 21:27:58 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: member: 200.200.200.101 Dec 5 21:27:58 local/tmm info tmm[8145]: Rule myrule HTTP_RESPONSE: server: 200.200.200.101:80 [root@ve1023:Active] config b persist show all PERSISTENT CONNECTIONS | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.101:80 age 29sec | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.101:80 age 5sec [root@ve1023:Active] config b pool foo1 member 200.200.200.101:80 monitor fake [root@ve1023:Active] config b pool foo1 |grep -i pool\ member +-> POOL MEMBER foo1/200.200.200.101:80 inactive,down +-> POOL MEMBER foo1/200.200.200.102:80 active,unchecked [root@ve1023:Active] config b persist show all PERSISTENT CONNECTIONS | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.101:80 age 113sec | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.101:80 age 89sec [root@ve1023:Active] config curl -I http://172.28.19.79/test1 HTTP/1.1 404 Not Found Date: Tue, 06 Dec 2011 05:28:30 GMT Server: Apache/2.2.3 (CentOS) Connection: close Content-Type: text/html; charset=iso-8859-1 [root@ve1023:Active] config Dec 5 21:29:36 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: client: 172.28.19.80:35084 Dec 5 21:29:36 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: host: 172.28.19.79 Dec 5 21:29:36 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: uri: /test1 Dec 5 21:29:36 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: pool: foo1 Dec 5 21:29:36 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: member: 200.200.200.102 Dec 5 21:29:36 local/tmm info tmm[8145]: Rule myrule HTTP_RESPONSE: server: 200.200.200.102:80 [root@ve1023:Active] config b persist show all PERSISTENT CONNECTIONS | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.102:80 age 5sec | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.101:80 age 103sec [root@ve1023:Active] config curl -I http://172.28.19.79/other HTTP/1.1 404 Not Found Date: Tue, 06 Dec 2011 05:30:32 GMT Server: Apache/2.2.3 (CentOS) Connection: close Content-Type: text/html; charset=iso-8859-1 [root@ve1023:Active] config Dec 5 21:30:18 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: client: 172.28.19.80:35155 Dec 5 21:30:18 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: host: 172.28.19.79 Dec 5 21:30:18 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: uri: /other Dec 5 21:30:18 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: pool: foo2 Dec 5 21:30:18 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: member: 200.200.200.101 Dec 5 21:30:18 local/tmm info tmm[8145]: Rule myrule HTTP_RESPONSE: server: 200.200.200.101:80 [root@ve1023:Active] config b persist show all PERSISTENT CONNECTIONS | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.102:80 age 49sec | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.101:80 age 7sec 
Bjarne_10209Thanks for replay nitass.
Forgot to mention that I will use the Match Across pools option. I can see that there is no problem when not using this option, but when it is enabled I wonder what would happen when you use the same member inn all of the pools. If I only got two members, and one will fail in one pool, and the member fails in another pool. Will the user behind the NAT addr. be moved between the member constantly, and the effect will that the persitence will fail.- nitassIf I only got two members, and one will fail in one pool, and the member fails in another pool. when saying failing, what does it really mean? is pool member marked down by heath monitor (pool member is down on one pool but up on another pool)? if yes, i understand traffic will still be directed to that pool member on another pool (which is up) because of match across pool setting.
Match Across Pools
The Match Across Pools option allows the BIG-IP to use any pool that contains a persistence record for that specific client. You must proceed cautiously when using this option, as it can direct a client's request to a pool that is not specified by the virtual server.
sol5837: Match Across options for session persistence
http://support.f5.com/kb/en-us/solutions/public/5000/800/sol5837.html
e.g.[root@ve1023:Active] config b virtual bar list virtual bar { snat automap destination 172.28.19.79:80 ip protocol 6 rules myrule persist mypersist profiles { http {} tcp {} } } [root@ve1023:Active] config b profile mypersist list profile persist mypersist { defaults from source_addr mode source addr timeout indefinite across pools enable } [root@ve1023:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { log local0. "client: [IP::remote_addr]:[TCP::remote_port]" log local0. "host: [HTTP::host]" log local0. "uri: [HTTP::uri]" if {[HTTP::uri] equals "/test1"} { pool foo1 } else { pool foo2 } } when LB_SELECTED { log local0. "pool: [LB::server pool]" log local0. "member: [LB::server addr]" } when LB_FAILED { log local0. "just in case" } when HTTP_RESPONSE { log local0. "server: [IP::remote_addr]:[TCP::remote_port]" } } [root@ve1023:Active] config b pool foo1 list pool foo1 { members { 200.200.200.101:80 {} 200.200.200.102:80 {} } } [root@ve1023:Active] config b pool foo2 list pool foo2 { members { 200.200.200.101:80 {} 200.200.200.102:80 {} } } [root@ve1023:Active] config curl -I http://172.28.19.79/test1 HTTP/1.1 404 Not Found Date: Tue, 06 Dec 2011 11:42:23 GMT Server: Apache/2.2.3 (CentOS) Connection: close Content-Type: text/html; charset=iso-8859-1 [root@ve1023:Active] config Dec 6 03:42:09 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: client: 172.28.19.80:34194 Dec 6 03:42:09 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: host: 172.28.19.79 Dec 6 03:42:09 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: uri: /test1 Dec 6 03:42:09 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: pool: foo1 Dec 6 03:42:09 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: member: 200.200.200.101 Dec 6 03:42:09 local/tmm info tmm[8145]: Rule myrule HTTP_RESPONSE: server: 200.200.200.101:80 [root@ve1023:Active] config b persist show all PERSISTENT CONNECTIONS | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.101:80 age 56sec [root@ve1023:Active] config curl -I http://172.28.19.79/other HTTP/1.1 404 Not Found Date: Tue, 06 Dec 2011 11:43:50 GMT Server: Apache/2.2.3 (CentOS) Connection: close Content-Type: text/html; charset=iso-8859-1 [root@ve1023:Active] config Dec 6 03:43:36 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: client: 172.28.19.80:60193 Dec 6 03:43:36 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: host: 172.28.19.79 Dec 6 03:43:36 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: uri: /other Dec 6 03:43:36 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: pool: foo1 Dec 6 03:43:36 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: member: 200.200.200.101 Dec 6 03:43:36 local/tmm info tmm[8145]: Rule myrule HTTP_RESPONSE: server: 200.200.200.101:80 [root@ve1023:Active] config b persist show all PERSISTENT CONNECTIONS | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.101:80 age 19sec [root@ve1023:Active] config [root@ve1023:Active] config b pool foo1 member 200.200.200.101:80 monitor fake [root@ve1023:Active] config b pool foo1|grep -i pool\ member +-> POOL MEMBER foo1/200.200.200.101:80 inactive,down +-> POOL MEMBER foo1/200.200.200.102:80 active,unchecked [root@ve1023:Active] config curl -I http://172.28.19.79/other HTTP/1.1 404 Not Found Date: Tue, 06 Dec 2011 11:48:35 GMT Server: Apache/2.2.3 (CentOS) Connection: close Content-Type: text/html; charset=iso-8859-1 [root@ve1023:Active] config Dec 6 03:48:20 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: client: 172.28.19.80:47676 Dec 6 03:48:20 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: host: 172.28.19.79 Dec 6 03:48:20 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: uri: /other Dec 6 03:48:20 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: pool: foo2 Dec 6 03:48:20 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: member: 200.200.200.101 Dec 6 03:48:21 local/tmm info tmm[8145]: Rule myrule HTTP_RESPONSE: server: 200.200.200.101:80 [root@ve1023:Active] config b persist show all PERSISTENT CONNECTIONS | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.101:80 age 18sec [root@ve1023:Active] config curl -I http://172.28.19.79/test1 HTTP/1.1 404 Not Found Date: Tue, 06 Dec 2011 11:49:06 GMT Server: Apache/2.2.3 (CentOS) Connection: close Content-Type: text/html; charset=iso-8859-1 [root@ve1023:Active] config Dec 6 03:48:52 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: client: 172.28.19.80:47730 Dec 6 03:48:52 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: host: 172.28.19.79 Dec 6 03:48:52 local/tmm info tmm[8145]: Rule myrule HTTP_REQUEST: uri: /test1 Dec 6 03:48:52 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: pool: foo2 Dec 6 03:48:52 local/tmm info tmm[8145]: Rule myrule LB_SELECTED: member: 200.200.200.101 Dec 6 03:48:52 local/tmm info tmm[8145]: Rule myrule HTTP_RESPONSE: server: 200.200.200.101:80 [root@ve1023:Active] config b persist show all PERSISTENT CONNECTIONS | Mode source addr Value 172.28.19.80 | virtual 172.28.19.79:80 node 200.200.200.101:80 age 17sec
