Forum Discussion
JRahm
Admin
AdminTerminal Server Persistence
I have msrdp persistence working without a rule, but only within a single vip. Globally, I don't have persistence to the client, so a client could potentially be assigned to the wrong vip, and even t...
Ok, two things:
First, the "Has Session Directory" setting is now ignored (I just realized this is only true in 9.0.5 which is pending release) by the BigIP because the session actually sends different cookies depending on whether the servers have been configured to use the session directory.
We now switch behavior depending on which cookie is present. Cookie: msts= is what you see when the servers are using a session directory and Cookie: mstshash= is what you see when the servers are not using a session directory.
When the msrdp persistence detects the session directory cookie, it does not actually use any stored persistence on the BigIP. It merely checks the node to see if it's a member of the pool and directly selects it if it is. Since your vip2 is not using the same pool, this fails and it is re-load balance to server2 within pool2.
To fix this, you have several choices (or potentially more if your creative)...
Option a) Change your servers to not use a session directory, thus causing the Cookie switch to mstshash which the BigIP will store in it's persistence table and would be available "across virtuals".
Option b) Install a rule that check if the node is really in pool1 and uses that instead (I will give you an example of this at the bottom).
Option c) Merge vip1/vip2 and instead use a rule to dynamically make the selection that differentiates the two vips (say a larger pool vs. a smaller pool). Here is where I'm not clear on why you have vip1 and vip2 and so I can't guess at why you would first get connected to vip1 and then later to vip2.
The rule that you could use to replace msrdp persistence and instead directly use the node regardless of the pool would look something like this:
rule msrdp_sessdir_uie {
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
if { [TCP::payload length] < 25 } {
TCP::collect
return
}
binary scan [TCP::payload] x11a* msrdp
if { [string equal -nocase -length 12 $msrdp "cookie: msts"] } {
set msrdp [string range $msrdp 12 end]
set len [string first "\n" $msrdp]
if { $len == -1 } {
Didnt get whole cookie collect more
TCP::collect
return
}
if { $msrdp starts_with "=" } {
Session directory - extract node/port
if { [scan $msrdp "=%u.%u" node port] != 2] }
Did not find node/port, get more
TCP::collect
return
}
set node [ntohl $node]
set port [ntohs $port]
log "DEBUG: overriding to $node:$port"
Note: the node command does not check the pool
node $node $port
} elseif { $msrdp starts_with "hash=" } {
No session directory - username used instead
if { $len > 5 } {
incr len -1
set record [string range $msrdp 5 $len]
log "adding persistence record - $record"
persist uie $record 300
} else {
log "No username - not persisting"
}
}
} else {
log "Cookie not found"
}
TCP::release
}
}
Note: this rule has not been validated or tested in any way and is provided solely as an example.