Forum Discussion
f5_newbie_10463
Nimbostratus
NimbostratusSource Address Persistence with multiple ports
I have one virtual IP with the same pool members but are using multiple ports.The ports are 3446, 3447,7889,7990. I applied an iRule so it will persist looking into the ip address and the port being used. certain issues arise using the irule:
- no statistics appears on the pool members and also on the persistence records
- when a user log-in using 3446, then he tries to log-in using 3447 the session for 3446 will be logged off.but this does not happen when directly accessing server.
please check the irule:
when CLIENT_ACCEPTED {
set LB port based on requested port
switch [TCP::local_port] {
3446 {set port 3446}
3447 {set port 3447} }
log local0. "\$port = $port"
check for existing persistence record
if it exists, directly select node by address:port
set persist "[IP::client_addr]"
log local0. "\$persist = $persist"
set server [session lookup uie [list $persist]]
log local0. "\$server =$server"
if {($server != "") && ($port != "")}{ node $server $port
log local0. "persisting [IP::client_addr]:[TCP::client_port] to $server:$port" }
else {
log local0. "no persist connection" }
}
when LB_SELECTED {
add session table entry (5 min timeout)
log local0. "server in selected = $server" if {$server >= "1"}{
log local0. "persist an forward to = $server" }
else { set server [LB::server addr]
if {$server != ""}{ session add uie [list $persist] $server 1800
log local0. "add persitence record: $persist $server :$port 1800" }
else { log local0. "no server selected" } }
I hope anyone can help me on this one. Thank you.
nitassEmployee
can you show some example e.g. virtual server ip and port, pool member ip and port, what action you want when traffic is coming to bigip, etc?
f5_newbie_10463vip = 172.16.25.22:3446pool members = 10.10.10.20:3446
10.10.10.21:3446vip = 172.16.25.22:3447
pool members = 10.10.10.20:3447
10.10.10.21:3447when a connection has been established with the pool member (web server), then it will go to a database for authentication, after which it will go back to the server then to F5 and back to the client. so there should be persistence. If there's no iRule associated with the VS, the user can only go as far as the Log-in page.
- nitasswhich is login-page vip? is it 172.16.25.22:3446? what is the other one?
are you asking how to persist across virtual servers?
by the way, will virtual server with any port work?
e.g.[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:any ip protocol 6 persist source_addr } [root@ve1023:Active] config b pool foo list pool foo { members 200.200.200.101:any {} } - nitassnot sure if i understand correctly. anyway, i think what you want is to persist traffic across two virtual servers i.e. 192.168.7.32:6443 and 192.168.7.32:7443. if so, can you try match across service option instead of the irule?
Spidey_29396Thanks Nitass for the input. We already figured it out.It's a bug in IE8.also, i have another query:
we have this setup,
server > F5 > Router > client
server originally gateway to Router but we want F5 to be it's gateway, client now unable to reach the servers.
What could be the possible problem?
IP:
202.126.40.7(server) > 202.126.40.6(F5 floating IP) > Router(202.126.40.3) > 222.126.40.5