cancel
Showing results for 
Search instead for 
Did you mean: 

Round Robin and MSRDP peristance with APM RDP Gateway

paulfish
Nimbostratus
Nimbostratus

Hi All,

 

I raised a support ticket on this one, it's an interesting challenge, so I thought I might post here as well. If they give me an answer I'll post it

 

 

 

We are using APM Webtop rdp gateway (unidesk1.edu.au_https-vs) the RDP resource objects then call a vip address (link-local) via a name call unilab.edu.au on a port allocated for the pool resource the student is accessing.

 

Each node in the pool as a connection limit of 1.

 

For the AG-RDPLabs-GeneralLab_3401 resource today we had a student login and access the pool.

 

Apr 7 14:09:14 f5-p1 notice tmm2[1888]: Rule /UniDesk/hsl-tcp-irule <SERVER_CONNECTED>: AG-RDPLabs-GeneralLab_3401-vs Client: 10.4.255.30:29947 -> VIP: 169.254.0.1:3401 -> Node: x.x.237.100:3389

 

The node did reach connection limit.

 

Apr 7 14:09:14 f5-p1 warning tmm2[1888]: 01200017:4: Warning, pool member IP x.x.237.100 port 3389 for pool /UniDesk/AG-RDPLabs-GeneralLab_3401-pool has reached its connection limit.

 

I'm assuming the student then disconnected without logging out.

 

Then another staff member was routed to the same node.

 

Apr 7 15:28:51 f5-p1 notice tmm[1888]: Rule /UniDesk/hsl-tcp-irule <SERVER_CONNECTED>: AG-RDPLabs-GeneralLab_3401-vs Client: 10.4.255.30:13125 -> VIP: 169.254.0.1:3401 -> Node: x.x.237.100:3389

 

 

I do not believe the F5 should have routed to that node until it did the full round robin, which is 960 nodes. At the time we had about 10nodes utilized.

 

 

Apr 7 15:28:51 f5-p1 notice tmm[1888]: Rule /UniDesk/hsl-tcp-irule <SERVER_CONNECTED>: AG-RDPLabs-GeneralLab_3401-vs Client: 10.4.255.30:13125 -> VIP: 169.254.0.1:3401 -> Node: x.x.237.100:3389

 

I have questions

 

1) Is the msrdp profile sticky against only source address, as all the clients are comming source nated to the second vip or is there something arwy with the mrsdp persistence in this version.

2) Are there better option for persistence or should I turn it off, it's only on to return students who accidentally disconnect, it is more important the round robin works correctly and the session limit of one is working (It appears to be)

3) Is there away to get the system to log when the session has been released, the opposite of this message.

 

Warning, pool member IP x.x.237.100 port 3389 for pool /UniDesk/AG-RDPLabs-GeneralLab_3401-pool has reached its connection limit.

1 REPLY 1

paulfish
Nimbostratus
Nimbostratus

So, as in regard to your query about persistence, F5 Networks recommends choosing the "source IP" persistence profile, instead of the MSRDP one. Please, Please refer article K22242442.

 

K22242442: Routing or persistence problem with MS RDS BROKER

https://support.f5.com/csp/article/K22242442