Forum Discussion
source IP based persistence
Hi,
I have a requirement where clients must stick to the same server for HTTP to HTTPS and decided to use source address persistence but in a document (http://devcentral.f5.com/wiki/iRule...tence.ashx) it's written that source IP based persistence is inconsistent in load distribution across the servers. Why would it result in imbalance? Please explain.
- Craig_12932NimbostratusI agree that the source you are referring to is not overly clear, i may be on the wrong track here although the only thing i can think of would be the biggest drawback of Source address persistence:
If an address is NAT'd then in multiple connections behind this address from different connections will be load balanced to the same backend servers. Traditionally this is an issue with ISP mega proxies such as AOL, who used to route all traffic via a single IP for the obvious reasons, fortunately Mega Proxies at carrier level are not such an issue and not commonly used. theoretically 20K connections behind a megaproxy could connect to a VIP with 500 servers behind it and all be LB'd to the same server.
Hope this helps.
Craig
- som_86408Nimbostratusthanks, what I understand - if at the client end there is firewall/proxy which is using dynamic NAT to go outside then all the client behind this firewall/proxy will get the same NAT'd IP as source IP address when connecting to the F5 VIP and automatically directed to same backend pool member if source IP persistence is used. Please correct me if I am wrong.
- nitassEmployeehave you enabled match across option?
- som_86408Nimbostratus
not done yet, planning to do as below..Is this ok? What about inconsistencies in load distribution across the servers for source ip based persistance?
HTTP Virtual Server: 10.254.14.172:http Type of Persistence Used: Source Address and Match Across Services enabled HTTP Pool Name: BKC.http_pool HTTP Pool Members: 10.254.49.126:80 10.254.49.127:80 10.254.49.128:80 HTTPS Virtual Server: 10.254.14.172:https Type of Persistence Used: Source Address Affinity and Match Across Services enabled HTTPS Pool Name: BKC.http_1010_pool HTTPS Pool Members: 10.254.49.126:1010 10.254.49.127:1010 10.254.49.128:1010
- nitassEmployeeplanning to do as below..Is this ok?it looks ok for me.
- som_86408Nimbostratusthanks, can you also please let me know how to use cookie persistance for same purpose (HTTP to HTTPS)?
- nitassEmployeecan you also please let me know how to use cookie persistance for same purpose (HTTP to HTTPS)?match across option is not available in cookie persistence. thus, we have to use other persistence method such as universal persistence instead which is shown in the link you have posted.
- som_86408Nimbostratusyes you are correct. I have checked the i rule but unable to understand clearly. Can I copy and paste the the below rule , will this ok? or so i need to edit anything?
- nitassEmployee05 if { [HTTP::cookie exists "bIPs"] } { ------------>What is "bIPs" ?it is a cookie name. you can change to whatever name you want.
- som_86408Nimbostratus
This is really helpful; please help to understand below two lines as well.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com