Forum Discussion

Ed_Summers's avatar
Ed_Summers
Icon for Nimbostratus rankNimbostratus
Apr 29, 2015

Source address persistence w/ CARP algorithm - hash calculation

Does anyone have additional information or a link to detailed resources on an F5 site in how the LTM uses the CARP algorithm to calculate hashes when used in a 'source address persistence' profile?

 

I have a virtual service handling HTTP in SSL passthrough mode. The service utilizes a pool of two members which connect to an SSO service on the back-side to perform user authentication and SSO. According to the application admin all user connections must pass through the same pool member to take advantage of the SSO session.

 

We are currently using source-address persistence but the application admin raised issues about some sessions 'breaking' which he attributes to a persistence expiration and client being re-balanced to the other server. I'm looking at enabling the CARP hashing algorithm on the source-address persistence profile to remedy this, with the thought being that the deterministic result of CARP hashing will resolve issues of client being re-balanced to a new server during the 'session', while also eliminating any persistence records on the LTM.

 

Application admin's concern is the effect on the balance of connections between the two servers. Is the implementation of F5 CARP hashing with the source-address profile documented as far as how the hashing would be performed given source address and available pool members?

 

Thanks! -Ed

 

  • So a ticket with F5 support did not provide further information. They could not or won't release the specific parameters used to calculate the hash. I may try to set up a test to see if the parameters used to calculate the hash can be easily determined. If anyone has done this or has seen other resources that have done this a link would be appreciated!