For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mubashir_133429's avatar
mubashir_133429
Icon for Nimbostratus rankNimbostratus
May 09, 2014

Source Address Affinity

Our client has configured there Virtual Servers with Persistence Profile Source Address Affinity and Leas Connection(member) and they want Balance Load Balancing between there Pool Members. I removed the Persistence Profile Source Address Affinity and i was able to see the connection were balanced but some users were unable to connect so i thought may be because of Persistence Profile and i did this in evening and left it like that and when i wake up the next morning the customers end user were complaining that they can't access the application. So i revert back the configuration and users we happy that they can connect. What is this how can i have Balance load between Pool Members ??????????????????????

 

application delivery
LTM
management
performance

1 Reply

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    May 09, 2014

    There are a few things to consider here:

     

    1. First, load balancing and persistence, while dependent upon each other, are different things. A (new) load balancing decision is only made in the absence of persistence information. A persistence profile is then used to store a previously-selected decision for re-use across multiple TCP sessions.

       

    2. In the absence of a persistence profile, a new load balancing decision will be made upon every new TCP session. So if you remove the persistence profile, you'll have persistence to a single server for the life of that (potentially discreet) TCP session, but if that TCP session closes and the user initiates a new request, a new server may be selected. Depending on the application, this is usually a bad thing.

       

    3. Source address affinity is really only useful in environments where the IP space is controlled. Across the Internet, for example, there's no guarantee that traffic won't be NATted, and/or that multiple clients can appear to use the same source address, or worse, a client's IP address can actually change. If it's at all possible, some of the more robust persistence profiles should be used instead. For HTTP traffic, the cookie persistence profile is usually best. For other protocols, you may need to use an iRule to examine unique client characteristics.