irule cookie insert

Question

Hi,&nbsp;
 I'm reaching out to the community in hope of getting irule assistance. I need to be able to create an irule that meets the following crtieria. As a plus it would be great to reference a string data group but I haven't been able to make that work. The VS is using a cookie type persistance profile.&nbsp;
The irule must...&nbsp;
1. Set a cookie value based on server IP (not server set cookie nor Bigip cookie)&nbsp;
 2. Persist off of that cookie value&nbsp;
Here is what I have so far...&nbsp;
when HTTP_RESPONSE {&nbsp;
     Insert cookie that matches the Web server IPs&nbsp;
&nbsp;
       if {[IP::server_addr] equals "10.0.0.1"} then {&nbsp;
        HTTP::cookie insert name "webserver" value "wsA"&nbsp;
}&nbsp;
       if {[IP::server_addr] equals "10.0.0.2"} then {&nbsp;
        HTTP::cookie insert name "webserver" value "wsB"&nbsp;
}&nbsp;
       if {[IP::server_addr] equals "10.0.0.3"} then {&nbsp;
        HTTP::cookie insert name "webserver" value "wsC"&nbsp;
}&nbsp;
       if {[IP::server_addr] equals "10.0.0.4"} then {&nbsp;
        HTTP::cookie insert name "webserver" value "wsD"&nbsp;
}&nbsp;
       if {[IP::server_addr] equals "10.0.0.5"} then {&nbsp;
        HTTP::cookie insert name "webserver" value "wsE"&nbsp;
}&nbsp;
       Persist off of that cookie value&nbsp;
 &nbsp;
      if {{HTTP::cookie} equals "webserver"} then {&nbsp;
             persist cookie&nbsp;
          }&nbsp;
}&nbsp;
This seems to work but may be persisting off of the default cookie insert established in the "cookie"  profile. (This was mandatory in order to use the "persist cookie" statement). Any and all help would be appreciated.  Thanks.&nbsp;
 &nbsp;

chris_campbell1 · Answer

LTM is making a load balancing decision and persisting from the default cookie in your code. I suspect you are trying to avoid the default cookie that is used that can be decoded to a server IP, in which case you should just encrypt the cookie that LTM sets. http://support.f5.com/kb/en-us/solutions/public/6000/900/sol6917.htmlencrypt 
&nbsp;  
&nbsp; Also your code is ideal for use of the switch statement rather than multiple if statements https://devcentral.f5.com/tech-tips/articles/irules-101-04-switch.UZ0sn5XpbZE

nitass · Answer

is it something like this? 
  
 [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members {
      200.200.200.101:80 {}
      200.200.200.111:80 {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
  if { [HTTP::cookie exists webserver] } {
    persist uie [HTTP::cookie value webserver]
  }
}
when HTTP_RESPONSE {
  switch [IP::server_addr] {
    200.200.200.101 { set cookie_value "wsA" }
    200.200.200.111 { set cookie_value "wsB" }
  }
  HTTP::cookie insert name webserver value $cookie_value
  persist add uie $cookie_value
}
}

client

[root@centos17 ~] curl -I http://172.28.19.252 -H "Cookie: webserver=wsA"
HTTP/1.1 200 OK
Date: Thu, 23 May 2013 00:34:49 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 23 May 2013 00:28:46 GMT
ETag: "4185a8-59-c3efab80"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8
Set-Cookie: webserver=wsA;

persistence record

[root@ve10:Active] config  b persist show all
PERSISTENT CONNECTIONS
|     Mode universal   Value wsA
|        virtual 172.28.19.252:80   node 200.200.200.101:80   age 3sec

dathomas111_201 · Answer

Thanks Chris, That what I thought.I . But I'm not trying to mask the cookie so much as trying to set a new one and maintain persistence by it. I modified the persist statement to match what Nitass had implied and it seems to be working now. Last item is how to reference a data group to extract the server IPs and assign the cookie value.

lianjx_204891 · Answer

I had modify the iRules and the persistence works for a single user. However, when I do a load test with 10 users, I am hit by tcl error on iRules stating the following:
 - can't read "cookie_value": no such variable     while executing "
HTTP::cookie insert name webserver value $cookie_value"
Modify irules as the following:
when HTTP_REQUEST {
pool  web_pool
  if { [HTTP::cookie exists webserver] } {
    persist uie [HTTP::cookie value webserver]
  }
}
when HTTP_RESPONSE {
  switch [IP::server_addr] {
    172.10.20.1 { set cookie_value "webA" }
    172.10.20.2 { set cookie_value "webB" }
  }
  HTTP::cookie insert name webserver value $cookie_value
  persist add uie $cookie_value
}

The load test result was terrible with 50% errors flag out.

Forum Discussion

irule cookie insert

4 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

iRule Header Insert

iRule HTML Maintenance Page insert URI Value

APM AdAuth HTTP Header Insert iRule Switch Statement

iRule to take cookie from HTTP Response into HTTP Request via table

Decoding the IPv4 address from the persistence cookie