Forum Discussion
CirrusUniversal persistence in iRule and mirror persistence
Hello everybody,
I have a problem concerning the universal persistence in version 11.5.2. I’m using an iRule like this:
when HTTP_RESPONSE {
if { [HTTP::cookie exists "JSESSIONID"] } {
persist add uie [HTTP::cookie "JSESSIONID"]
}
}
when HTTP_REQUEST {
if { [HTTP::cookie exists "JSESSIONID"] } {
persist uie [HTTP::cookie "JSESSIONID"]
}
}
The iRule itself works without any problems and I can see the persistence entries. The iRule is used on two virtual servers, one on port 80 and one on port 443 where I use a clientssl profile as well.
My goal is to get the entries mirrored onto the standby device, hence I created a persistence profile of type “universal”. In this profile I configured the corresponding iRule, timeout and – of course - mirror persistence.
When I check the persistence entries on the standby system I can see the mirrored entries only from the virtual server which listens on port 80 but not of the one listening on port 443.
Has anyone an idea why I can’t see the entries for port 443?
Thank you very much for your contributions!
3 Replies
Samir_Jha_52506Noctilucent
You cannot currently mirror Secure Socket Layer (SSL) connections that are terminated by the BIG-IP system. If you enable connection mirroring for a virtual server that references a clientssl or serverssl profile, active connections being processed by the virtual server will be closed by the BIG-IP system when failover occurs. The BIG-IP system will send a TCP RST to the client when failover occurs, because the newly active BIG-IP system does not have the SSL connection in its connection table.
EuropeanITCrow1Hi Samir,
many thanks for your reply. You're right, but I'm not talking about the connection mirroring but about the persistence mirroring. From what I know there shouldn't be a technical limitation to achieve this!
Regards Otto
- Samir_Jha_52506
Thank you so much. I believe you have enable persistence mirror in VIP. Please go through this link. Thanks
