Forum Discussion

phowes's avatar
phowes
Icon for Nimbostratus rankNimbostratus
Mar 14, 2019

Custom session stickiness or a standard case?

Hello all,

 

I have a somewhat unusual setup, which I inherited. It is for providing Citrix services, which comprise of a web frontend (HTTPS) and ICA protocol

 

The traffic flow is thus:

 

client >> BigIP LTM >> 4 x Reverse Proxy Nodes >> various Backend servers (backend is however not relevant, the problem is between the BigIP and reverse proxy)

 

My goal is to have session stickiness so that the HTTPS and ICA protocol both pass through the same reverse proxy node. I see there are lots of options for this, but I would just like some feedback about what is needed.

 

The problem currently, is that the two protocols are sent to different virtual servers and then forwarded to different pools:

 

HTTPS protocol > virtual server1 > Pool1

 

ICA protocol > virtual server2 > Pool2

 

Pool1 and Pool2 both send traffic to the same 4 reverse proxy nodes, but to different virtual IPs. So the load balancer cannot recognize they are in fact the same destination.

 

There is no SSL offloading on the BigIP, so no session information is available to create persitence via a cookie or URL path.

 

The BigIP does however see the original source IP address.

 

What is needed to create persistence for sessions across the pools?

 

Would a simple source address persitence profile apply to all virtual servers where it is enabled across the whole BigIP config? Or does it only apply to the one individual virtual server?

 

If it does not apply across all the configuration, then I assume I need to write an irule that associates the IP of reverseproxy1 in pool1 with the IP of reverseproxy1 in pool2 - or is there an easier way?

 

Thank you in advance for your help! Peter

 

PS - it would also be possible to change the reverse proxy pools to forward from the BigIP to the reverse proxy nodes on different ports - eg rp1:443 - HTTPS rp1:8443 - ICA, but I would prefer not to change unless it is really necessary