Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Universal persistence using IPV6 with iRule..


Hello everyone and F5,


please help....I am stuck and don’t know what to do or if F5 can support this...


Does anyone know how to persist an IPV6 address in an X-forwarded-for header, or add it to the current code below? We are currently calling

this i-Rule with universal persistence profile, however it seems to only work if the user's client IP is in IPV4 format. If they get an IPV6 address from

their ISP provider, the persistency does not work even though our CDN address their IPV6 in the XFF header field.


Any help is much appreciated!



when HTTP_REQUEST {      if {[HTTP::header X-Forwarded-For] != ""} then {         persist uie [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0]     } else { persist uie [IP::client_addr]     } }



Community Manager
Community Manager

Do you have a persistence profile on the virtual? Might be best to have a default of source_addr persistence as a profile on the virtual, that way you can reduce your iRule to this (my attempt, you'll need to test)


when HTTP_REQUEST { if { [HTTP::header exists X-Forwarded-For] } { persist uie [getfield [HTTP::header X-Forwarded-For] "," 1] } }




Hi Jason,


We can't use a default source_addr profile because the inbound traffic goes through a CDN, which they append the client IP and their proxy IP to the XFF header. We use the irule to look into this and persist the connection for the client to a server in the backend. This works fine with IPV4, however there are instances where some of our user's ISP is giving them an IPV6 address. How can this iRule or any other method be used to read the IPV6 along with the IPV4 (this irule) and persist the client

based on that?



Hello F5/Jason,


Please help...can you let me know if this can be done or not?



Community Manager
Community Manager

it should be possible, but I really need to see samples of the contents of your XFF headers in ipv4 and ipv6 to see if you are indexing and splitting correctly for both protocols. I can track down bugs and experience in the meantime. Sorry, I don't have much operational ipv6 experience

Thank you Jason, appreciate your help. Once I get more info and a sample, I will post it.