For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AVF_7351's avatar
AVF_7351
Icon for Nimbostratus rankNimbostratus
Jun 22, 2010

Stateless session persistence

Hi,

 

 

I'm trying to set up session persistence in such a way that it doesn't depend on a state table in LTM. This is so that persistence will work when a client moves to a different LTM, when the LTMs aren't in a cluster. (This is for OSPF failover, but this is irrelevant.)

 

 

What I basically want to do is to insert (an obscured version of) the backend server's IP into a cookie and then persist just by going to whatever server is specified in the cookie (with some logic to handle the server going down).

 

 

Before I go on, maybe I should just ask at this point: how would I do this? I'm new to F5, and in some cases, I can make something work, but it just feels wrong, so I'd rather not share my code at this stage.

 

 

I've tried creating a universal persistence profile with a rule that looks at the cookie and says "pool [ LB::server pool ] member $foo". However, I also have a rule which selects a pool based on the URL. With this set-up, the persistence rule runs first and the result is that it's messed up when the pool selection rule says "pool foo".

 

 

The way I got it to work is by having no persistence profile and just attaching the persistence rule to the vserver, and making it run after the pool selection rule.

 

 

However, this just feels Wrong. It also won't be very transparent when someone else comes to look at the config (this is something we were really hoping to achieve by replacing our old load balancers with F5).

 

 

Another related question: what is the difference between "pool $pool member $member" and "LB::reselect pool $pool $member"?

 

 

I'd be very grateful for any suggestions.

 

 

 

Alex

 

application delivery
dev
devops
iRules

12 Replies

Show More
  • AVF_7351's avatar
    AVF_7351
    Icon for Nimbostratus rankNimbostratus
    Jun 24, 2010
    Okay, I can see why this is a "feature", not a bug.

     

     

    The reason I'm selecting a node manually is because I have a pool with nodes on port 0 (any). I then want to select a port on the backend server depending on which port the request came in on: 80 -> 8080, 443 -> 8443 (with SSL profiles set up in the same iRule). So I actually just need to select the port, not the node, but I couldn't see a way of doing this without having to specify the node. This approach avoids having two pools with the same nodes but on different ports (this is something I really don't want to have --- if we add a new server, I don't want to have to add it in two places).

     

     

    I guess I'm trying to do something similar to what is being done in the penultimate part of

     

     

    http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/109/Persisting-Across-Virtual-Servers.aspx

     

     

    except that I'm not sure what to do with persistence.

     

     

     

    Thanks for your help!

     

     

     

    Alex

     

  • AVF_7351's avatar
    AVF_7351
    Icon for Nimbostratus rankNimbostratus
    Jun 24, 2010
    Also, the order of the "persist" and "node" commands doesn't seem to make any difference.

     

     

     

    Alex