Forum Discussion
NimbostratusSpecify use specific custom persistence profile in iRule
We currently have this iRule association on LTM VIP service. It does a conditional check and if it meets criteria then it says to use (persist cookie) else it will use (persist source_addr). We would like to change the (persist source_addr) and instead use a SPECIFIC / CUSTOM source address PROFILE. Not sure of the syntax to do this if you can please help with this. Here is the current iRule that we need to change.
when HTTP_REQUEST { if { (([HTTP::path] starts_with "/poweshell") && ([IP::addr [IP::client_addr] equals 10.15.10.15])) } { persist cookie } else { persist source_addr } }
7 Replies
Steve_M__153836It should just be persist and then your custom profile name.
Example
persist my_custom_source_addr
cvitale_103614Steve, Thanks for the response. Yes I have tried that (just simply putting in the profile name) but rejects with following error.
01070151:3: Rule [iRule-Test-tmp] error: line 6: [invalid option "source_addr-3600sec" must be: cookie none source_addr simple dest_addr sticky msrdp ssl uie universal hash carp sip add lookup delete] [source_addr-3600sec]
when HTTP_REQUEST { if { (([HTTP::path] starts_with "/poweshell") && ([IP::addr [IP::client_addr] equals 10.15.10.15])) } { persist cookie } else { persist source_addr-3600sec } }
- Steve_M__153836Sorry I think I was wrong. I don't think you can specify a custom persistence profile in an iRule. What you can do is specify the standard profile with the values that you want. Example "persist source_addr 255.255.255.0 3600". In this case you're specifying the mask and a timeout of 3600 seconds.
- cvitale_103614
ok thanks. So if I wanted to specify (ANY) source address would the mask be 255.255.255.255.
- Steve_M__153836Yes you are correct. I would be careful with that. It's not uncommon to do that, but one issue I have seen is a customer using NAT on their end so their IP would change sometimes and then they could get load balanced to a different server in the pool if the persistence mask is set to 255.255.255.255. With a stateful application this is a problem. You may want to consider a Class C mask to avoid that. There are pros/cons for either mask. All depends on your customers and your application.
- cvitale_103614
Thanks Steve - Wondering if you know how does the F5 know that the '3600' is specific to the timeout value in the persist statement - "persist source_addr 255.255.255.0 3600".
- Steve_M__153836I'm not 100% certain, but since the timeout is the only numeric value in whole number, integer format when specifying source_addr persistence that the LTM is designed to look for that type of value, and to use it for the timeout.
