Forum Discussion
Dicky_Moe_13167
Nimbostratus
Nimbostratussource address & source port persistence
Hi !
I have a virtual server that has a pool of 3 Citrix Secure Gateway servers. The VIP is FASTL4, with source address persistence and least conections LB. I would like to implment an irule that provides us with source address & port persistence, and after doing some research I found this sample:
when CLIENT_ACCEPTED {
if {[TCP::client_port] and [IP::client_addr] !=0} {
persist uie "[IP::client_addr]:[TCP::client_port]"
}
}
However, I have some doubts... The traffic is ICA over SSL, and the SSL offload is done at the Gateways, not at the F5. Does this represent a problem? What TCP profile would I need to set my VIP to in order to make the irule work?
Thanks! Fabian
It looks like:
- There should not be a problem with backends (Gateways) doing SSL offload as you're persisting on TCP level
- The following example suggests that you first need to do "persist add uie": https://devcentral.f5.com/wiki/iRules.ProxyAuth.ashx
Thus the iRule transforms into:
when CLIENT_ACCEPTED { set client_ip_port "[IP::client_addr]:[TCP::client_port]" persist uie $client_ip_port } when SERVER_CONNECTED { persist add uie $client_ip_port 3600 }
Dicky_Moe_13167Thank you! However, what does this part do?
when SERVER_CONNECTED { persist add uie $client_ip_port 3600 }Fabian
- Dicky_Moe_13167
I mean, what do I need it for ? What is the difference between perists uie and persist add uie
and why do I need to do it when SERVER_CONNECTED ?
As I understand it:
- "persist add uie" adds the persistence record.
- "persist uie" looks up that record and persists to the previously chosen pool member.
