Source address persistence.

Question

We have an issue to distribute load intelligently among the servers. Our external traffic nat'd on firewall using a group of IP addresses. As soon as VS receive incoming connections  , VIP distribute these connections as per LB method. e.g least connection. Now we have introduced two new servers to this pool which are not effectively utilize compare to existing servers. The reason is source address profile is configured. Each time new connection from the same source IP though the different port still sticks to the same server where this IP already have connection. Due to this new servers are not really in use. &nbsp;
Is there any alternate way to config F5 to avoid such situation ?&nbsp;

wesleyjack · Answer

Hey insert12,&nbsp;
As long as the VS is not an SSL-passthrough (the F5 can read and interpret data above Layer 4), you should be able to utilize other types of persistence like cookie persistence.  Just make sure you also apply an HTTP profile to the VS.  The configuration guide for the code you are on should assist with deploying these profiles.&nbsp;
If the VS is an SSL-passthrough, then you can try using a persistence like SSL.  We have had good and bad success with SSL persistence.  F5 describes SSL session persistence as: "SSL persistence is a type of persistence that tracks SSL sessions using the SSL session ID, and it is a property of each individual pool."
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-5-1/10.htmlunique_58886863&nbsp;

insert12_38638 · Answer

Thanks wesleyjack , basically this VIP is for RDP connection only.We have used source persistence instead mrd persistence, thinking that impact would be that same. For this solution persistence will be required to ensure that once connected a user’s traffic always returns to the same TS server otherwise their session will be lost as there’s no TS Session Broker configured.&nbsp;
The issue is because the clients are NAT’d through the firewall to only five or so source addresses which are then identified by IP address:port number when the Load Balancer distributes them as soon as one hits a real server the persistence kicks in and every other client NAT’d to that IP address regardless of port number bypasses LB’ing to follow to the same real server. So either we use source or MRD persistence we will get the same result. &nbsp;
Any other approach to overcome this situation ?&nbsp;

Forum Discussion

Source address persistence.

2 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Maintenance page / local website that includes subfolders

AWS F5_OWASP Managed Rule Blocking requests

AST Configuration help

rSeries Configuration Backup

Questions on Migrating configs from iSeries to RSeries F5s

Related Content

source address persistence maximum session timeout

The Power of Source Address

Decoding the IPv4 address from the persistence cookie

F5 XC – Persistence and Resiliency pt. I (persistence)

health monitor source IP address

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS