For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Cookie Persistence Inactivity Tracker

Problem this snippet solves:

iRule intended to be used in conjunction with BIG-IP Cookie Insert persistence (that doesn't have in-memory entries that can be viewed). The iRule creates "fake" persistence entries which aren't used for persistence, but allow administrators to track whether there is still activity to a server (that presumably has been soft-disabled) to see if sessions have finished bleeding off of that server.

Cookie to track could be BIGIP... cookie or other session cookie (even if session cookie [JSESSIONID] isn't used for BIG-IP server persistence).

How to use this snippet:

Apply iRule to virtual server.

Edit static variables in RULE_INIT section (cookie name to use and inactivity value).

once rule is in place, you can use "show ltm persistence persist node-addr a.b.c.d" to check on whether there's activity to the node you are bleeding traffic from.

Code :

#This iRule is intended to be used in conjunction with F5 cookie persistence (default insert type)
#By looking at persistence table entries on GUI or TMSH (show ltm persistence persist-records; you can
#assess whether sessions have "bled" away from a server after disabling it
#Note the default BIG-IP cookie persistence algorithm doesn't create in-memory persistence records
#This iRule doesn't implement persistence, only uses the persistence engine to track activity to nodes
#Cookie insert persistence will stil be what is honored
#c.jenison at f5.com (Chad Jenison)


when RULE_INIT {
    set static::cookiename "BIGipServerubuntu-tomcat"
    # set sessioninactivitytime to value in seconds before you want persistence records to timeout
    set static::sessioninactivitytime 300
}

when HTTP_REQUEST {
    if {[HTTP::cookie exists $static::cookiename]} {
        if {[persist lookup uie [HTTP::cookie $static::cookiename]] ne ""}{
            log local0. "Cookie $static::cookiename : [HTTP::cookie $static::cookiename]"
        } else {
            set requestcookievalue [HTTP::cookie $static::cookiename]
        }
    }
}

when HTTP_RESPONSE {
    if {[HTTP::cookie exists $static::cookiename]}{
        persist add uie [HTTP::cookie $static::cookiename] $static::sessioninactivitytime
        log local0. "Saw $static::cookiename cookie set with value: [HTTP::cookie $static::cookiename]"
    } elseif {[info exists requestcookievalue]}{
        persist add uie $requestcookievalue $static::sessioninactivitytime
        unset requestcookievalue
    }
}
Published Aug 19, 2015
Version 1.0
application delivery
devops
iRules
LTM
No CommentsBe the first to comment