Forum Discussion

mthornton_13926's avatar
mthornton_13926
Icon for Nimbostratus rankNimbostratus
Sep 04, 2014

Viewing Cookie-insert Persistence Records

Is there anywhere on the LTM that I can confirm that cookie-insert is being used for persistence? Currently I have a VS with cookie-insert as primary, and source-address as secondary, but when I look in tmshell all I see are source-address persistence records. When I enable AVR and capture transactions I can see the client sending the cookie in its requests.

 

I suppose my confusion stems from the fact that I have another VS with cookie-hashing enabled, and "show ltm persistence...." will show that hashing is the method in use.

 

This thread here indicates that the BIG-IP doesn't "store" the cookies, but it seems like it should indicate when a client is utilizing cookie-insert.

 

application delivery
cloud
cookie persistence
deployment
LTM
TMSH
vmware
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Sep 04, 2014

    The cookie insert method sends a cookie to the client with the encoded VIP, pool, node, and port information, so there's no reason to store any persistence information locally. I believe the cookie hash method takes a hash of an existing cookie and sets that hash and the pool member information in the persistence table.

     

  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Sep 05, 2014

    Its easy enough to tell on the bigip. Just look at the resources tab on the virtual server. It also easy to identify on the client side, just look for a cookie that starts with the name Big.

     

  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Sep 05, 2014

    One of the advantages of cookie insert persistence is to avoid memory allocation on the load balancer.

    Especially if you need to handle persistence for millions of clients (may happen as well during a DoS attack) I see it as an advantage, that the BIG-IP does not keep track locally.

    As especially with cookie insert mode the persistence cookie will have a determined name or a configurable name you can easily use a plugin to your webbrowser to check, if a persistence cookie is returned.

    You can do this even locally on your bigip by using i.e. cURL after adjusting the path: 
     curl -I http://10.131.131.120/ | grep -iE '^set-cookie'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0   984    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
Set-Cookie: JSESSIONID=168236696.554161526
Set-Cookie: StaticCookie=lb-net_static
Set-Cookie: BIGipServerpool_test=1904444170.20480.0000; path=/

    In case your virtual servers are processing SSL and do SSL termination (as mandatory to insert a cookie) cURL can be used as well: 

     curl -kI https://10.131.131.120/ | grep -iE '^set-cookie'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0   984    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
Set-Cookie: JSESSIONID=587552285.991263425
Set-Cookie: StaticCookie=lb-net_static
Set-Cookie: BIGipServerpool_test=1854112522.20480.0000; path=/
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Sep 05, 2014

    i think, based on the post below, mthornton wants to know whether cookie persistence is used indeed or not.

    For cookie-insert it would be nice to at least have some indication that it is the persistence method currently in use. I suppose I can disable the source-address persistence and see if my sessions still persist.

    i do not we have that kind of stats. what i know is there is cookie_persist_inserts stats but it is not the one he is looking for.

    root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm profile http myhttp | grep -A 3 Miscellaneous
Miscellaneous
  Set-Cookie Insertions     10
  Proxy requests             0
  Proxy CONNECT requests     0
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Sep 05, 2014

    i think, based on the post below, mthornton wants to know whether cookie persistence is used indeed or not.

    For cookie-insert it would be nice to at least have some indication that it is the persistence method currently in use. I suppose I can disable the source-address persistence and see if my sessions still persist.

    i do not we have that kind of stats. what i know is there is cookie_persist_inserts stats but it is not the one he is looking for.

    root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm profile http myhttp | grep -A 3 Miscellaneous
Miscellaneous
  Set-Cookie Insertions     10
  Proxy requests             0
  Proxy CONNECT requests     0