Forum Discussion

BRUCE_A_NOLAN_1's avatar
BRUCE_A_NOLAN_1
Icon for Nimbostratus rankNimbostratus
Nov 15, 2017

How can I insert pool member IP into cookie when using Universal Persistence profile / iRule?

I am using the Universal Persistence Profile / iRule example from DevCentral to persist on the JSESSIONID. Is there a way to insert the destination pool member into the cookie so that it can be decoded after capturing the traffic using Fiddler or Wireshark for troubleshooting by Application/Dev teams?

In addition to the iRule below, i have turned on OneConnect and assigned a custom universal persistence profile with the following settings:

ltm persistence universal uie_sso-v2 {
    app-service none
    defaults-from universal
    match-across-services enabled
    rule uie_persist_sso-v2
    timeout 1200
}


iRule
    when HTTP_REQUEST {
        Log details for the request
       set log_prefix "[IP::client_addr]:[TCP::client_port]"
       log local0. "$log_prefix: Request to [HTTP::uri] with cookie: [HTTP::cookie value JSESSIONID] USER: [HTTP::cookie value user]"

        Check if there is a JSESSIONID cookie
       if { [HTTP::cookie "JSESSIONID"] ne "" }{
           Persist off of the cookie value with a timeout of 20 mins (1200 seconds)
          persist uie [string tolower [HTTP::cookie "JSESSIONID"]] 1200

           Log that we're using the cookie value for persistence and the persistence key if it exists.
          log local0. "$log_prefix: Used persistence record from cookie. Existing key? [persist lookup uie [string tolower [HTTP::cookie "JSESSIONID"]]]"

       } else {
           Parse the jsessionid from the path. The jsessionid, when included in the URI, is in the path, 
           not the query string: /path/to/file.ext;jsessionid=1234?param=value
          set jsess [findstr [string tolower [HTTP::path]] "jsessionid=" 11]

           Use the jsessionid from the path for persisting with a timeout of 20 mins (1200 seconds)
          if { $jsess != "" } {
             persist uie $jsess 1200

              Log that we're using the path jessionid for persistence and the persistence key if it exists.
             log local0. "$log_prefix: Used persistence record from path: [persist lookup uie $jsess]"
          }
       }
    }
    when HTTP_RESPONSE {
        Check if there is a jsessionid cookie in the response
       if { [HTTP::cookie "JSESSIONID"] ne "" }{
           Persist off of the cookie value with a timeout of 20 mins (1200 seconds)
          persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 1200

          log local0. "$log_prefix: Added persistence record from cookie: [persist lookup uie [string tolower [HTTP::cookie "JSESSIONID"]]]"
       }
    }

2 Replies

  • Is there a way to insert the destination pool member into the cookie so that it can be decoded

    What cookie?

    With UIE persistence there is no load-balancing cookie - the JSESSIONID cookie value is used as the index into an in-memory table on the LTM to retrieve the persistence information.

    You cannot modify the JSESSIONID cookie, because that will impact the server that is relying on the JSESSIONID value for session information.

    You can add your own cookie or header to the response to include the server IP address into the response:

    HTTP::cookie insert node_cookie [getfield [IP::server_addr] "%" 1"]

    or

    HTTP::header insert X-NODE-IP [getfield [IP::server_addr] "%" 1"]

    but this can only be done in development and would be a very bad idea to use in a live environment.
       when HTTP_RESPONSE {
        Check if there is a jsessionid cookie in the response
       if { [HTTP::cookie "JSESSIONID"] ne "" }{
           Persist off of the cookie value with a timeout of 20 mins (1200 seconds)
          persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 1200
    
          log local0. "$log_prefix: Added persistence record from cookie: [persist lookup uie [string tolower [HTTP::cookie "JSESSIONID"]]]"
          HTTP::cookie insert node_cookie [getfield [IP::server_addr] "%" 1"]
       }
    }