cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

HTTP POST messages are not load balanced.

Ashu_Aggarwal
Cirrus
Cirrus

Application/VS is configured with persistence profile "session cookie" & round-robin load balancing method. Application team is complaining HTTP POST messages from middleware (Axway) are going only to one server & not load balanced among three servers in load balancing pool which is causing one server to overload & crash multiple times a day.

Load balancing is fine for end users connections. Is it possible persistence profile causing the POST messages from Middleware to route to only one server?

4 REPLIES 4

PeteWhite
F5 Employee
F5 Employee

the session cookie persistence inserts a cookie into the stream to maintain the loadbalancing to that server. this will be the same for both GET and POST requests. Once this is set, all requests on that stream will hit that server so it should just be doing load based distribution - are you sure this isn't a DoS attack or suchlike? It could be that the middleware has setup a HTTP connection and is use pipelining and therefore targeting everything at one server due to the persistence.

You could change to least connections loadbalancing to see whether that fixes it. I'd tend to take a look at the stats and do some further testing to see this for yourself ie create 100 sessions with curl and see what cookie is returned. If that is fine then look further into the actual requests - whether they are one HTTP/TCP stream etc

Thanks Pete. It is internal application so DOS kind of possibilities are quite null. I will do a packet capture and see what happening Thanks again for your help.

Ashu_Aggarwal
Cirrus
Cirrus

Looks like al the requests are valid & legitimate. I am thinking to configure a i-rule to disable persistence for Axway POST requests. Can someone help me with i-rule with the logic if the client address is x.x.x.x then persistence none. currently there are 3 Axway servers which needs to be fit in i-rule. Thanks

Ashu_Aggarwal
Cirrus
Cirrus

This is the syntax, will this syntax work? Unfortunately i don't have a test environment.

 

when CLIENT_ACCEPTED {

 

if { [IP::addr [IP::client_addr] equals X.X.X.X] }

{

       persist none

  }

if [IP::addr [IP::client_addr] equals X.X.X.X] }

{

       persist none

  }

if [IP::addr [IP::client_addr] equals X.X.X.X] }

{

       persist none

  }