For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RupeshK_342180's avatar
RupeshK_342180
Icon for Nimbostratus rankNimbostratus
Nov 27, 2017

Uuniversal persistence for HTTPS

Hi,   We've a requirement where we want to do the load balancing from the server side itself. As of now, we suggest to use the "source address affinity" but the issue with this profile is; if one ...
application delivery
BIG-IP
iRules
Andy_McGrath's avatar
Andy_McGrath
Icon for Cumulonimbus rankCumulonimbus
Nov 28, 2017

First are you off loading SSL to the F5s? If not you will not be able to read any of the HTTP Requests/Responses.

 

If needed to be HTTPS to the Server apply a Client and Server SSL Profile to re-encrypt the traffic.

 

Once done recommend you simply apply a standard Cookie Persistence profile.

 

You issue of all traffic sticking to a single pool member after a pool member has gone down and is now back up is a common one. Getting timing of your persistence to match the application will minimise this but most like need to wait for connection to bleed from the one pool member which should happen over time.

 

If this is a huge issue might want to look at additional back end servers or a manual step to clean down the connections, but this would disrupt many of the user sessions.

 

Hope this helps.