what is the default behaviour when cookie encrytion enabled, set to required. we know the client->F5 cookie is encrypted, how about F5->server?. i could see the cookie is decrypted in the capture when sending to server. is it suppose to be like that ?
is there way that we can re-encrypt the cookie on server side. Because my connection flow, the backend application will hit the same F5 vip again where it sees an unecrypted cookie, but F5 is expecting encrypted cookie so instead it makes new load balancing decision and new cookie is generated and terminated in different server. This makes the connections inconsistencies.
here my bothe web and application server are same address.
if i set the cookie to "prefered" i think it will work?. but on the client i would see unencrypted cookie as well. so that's why i am looking for ree-ncrypt the cookie on the server side.
You can try the prefered option , it means bigip accepts both encrypted and decrypted cookies.
I have another question : is this virtual server has ( 2 IPs " 10.10.10.10 & 20.20.20.20 " ) you created it by address list ??! I need more clarification here , you can draw your flow as well and show me.
client - > F5 VIP(1.1.1.1) -> webserver (10.10.10.10, 20.20.20.20) -> kong -> F5 VIP(1.1.1.1) -> application server (10.10.10.10, 20.20.20.20).
kong -> F5 VIP(1.1.1.1) : this is where the cookie is seen unencypted and and F5 is expecitng encrypted cookie. so it can't find, thus its treating as new connection and load balanced to new server.
