Forum Discussion
BRUCE_A_NOLAN_1
Nimbostratus
NimbostratusHow can I insert pool member IP into cookie when using Universal Persistence profile / iRule?
I am using the Universal Persistence Profile / iRule example from DevCentral to persist on the JSESSIONID. Is there a way to insert the destination pool member into the cookie so that it can be decoded after capturing the traffic using Fiddler or Wireshark for troubleshooting by Application/Dev teams?
In addition to the iRule below, i have turned on OneConnect and assigned a custom universal persistence profile with the following settings:
ltm persistence universal uie_sso-v2 {
app-service none
defaults-from universal
match-across-services enabled
rule uie_persist_sso-v2
timeout 1200
}
iRule
when HTTP_REQUEST {
Log details for the request
set log_prefix "[IP::client_addr]:[TCP::client_port]"
log local0. "$log_prefix: Request to [HTTP::uri] with cookie: [HTTP::cookie value JSESSIONID] USER: [HTTP::cookie value user]"
Check if there is a JSESSIONID cookie
if { [HTTP::cookie "JSESSIONID"] ne "" }{
Persist off of the cookie value with a timeout of 20 mins (1200 seconds)
persist uie [string tolower [HTTP::cookie "JSESSIONID"]] 1200
Log that we're using the cookie value for persistence and the persistence key if it exists.
log local0. "$log_prefix: Used persistence record from cookie. Existing key? [persist lookup uie [string tolower [HTTP::cookie "JSESSIONID"]]]"
} else {
Parse the jsessionid from the path. The jsessionid, when included in the URI, is in the path,
not the query string: /path/to/file.ext;jsessionid=1234?param=value
set jsess [findstr [string tolower [HTTP::path]] "jsessionid=" 11]
Use the jsessionid from the path for persisting with a timeout of 20 mins (1200 seconds)
if { $jsess != "" } {
persist uie $jsess 1200
Log that we're using the path jessionid for persistence and the persistence key if it exists.
log local0. "$log_prefix: Used persistence record from path: [persist lookup uie $jsess]"
}
}
}
when HTTP_RESPONSE {
Check if there is a jsessionid cookie in the response
if { [HTTP::cookie "JSESSIONID"] ne "" }{
Persist off of the cookie value with a timeout of 20 mins (1200 seconds)
persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 1200
log local0. "$log_prefix: Added persistence record from cookie: [persist lookup uie [string tolower [HTTP::cookie "JSESSIONID"]]]"
}
}
Simon_BlakelyEmployee
Is there a way to insert the destination pool member into the cookie so that it can be decoded
What cookie?
With UIE persistence there is no load-balancing cookie - the JSESSIONID cookie value is used as the index into an in-memory table on the LTM to retrieve the persistence information.You cannot modify the JSESSIONID cookie, because that will impact the server that is relying on the JSESSIONID value for session information.
You can add your own cookie or header to the response to include the server IP address into the response:
orHTTP::cookie insert node_cookie [getfield [IP::server_addr] "%" 1"]
but this can only be done in development and would be a very bad idea to use in a live environment.HTTP::header insert X-NODE-IP [getfield [IP::server_addr] "%" 1"]when HTTP_RESPONSE { Check if there is a jsessionid cookie in the response if { [HTTP::cookie "JSESSIONID"] ne "" }{ Persist off of the cookie value with a timeout of 20 mins (1200 seconds) persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 1200 log local0. "$log_prefix: Added persistence record from cookie: [persist lookup uie [string tolower [HTTP::cookie "JSESSIONID"]]]" HTTP::cookie insert node_cookie [getfield [IP::server_addr] "%" 1"] } }
Andy_McGrathCumulonimbus
Not an answer to the question but link to code snippet I did regarding better JSESSIONID style persistence.
persistence-on-http-response-only