Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Universal persistence using IPV6 with iRule..

ant77
Cirrus
Cirrus

‎09-Mar-2021 13:08 - last edited on ‎21-Nov-2022 16:19 by Community Manager

Hello everyone and F5,

 

please help....I am stuck and don’t know what to do or if F5 can support this...

 

Does anyone know how to persist an IPV6 address in an X-forwarded-for header, or add it to the current code below? We are currently calling

this i-Rule with universal persistence profile, however it seems to only work if the user's client IP is in IPV4 format. If they get an IPV6 address from

their ISP provider, the persistency does not work even though our CDN address their IPV6 in the XFF header field.

 

Any help is much appreciated!

 

 

when HTTP_REQUEST { 
    if {[HTTP::header X-Forwarded-For] != ""} then {
        persist uie [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0]
    } else {
persist uie [IP::client_addr]
    }
}

 

Labels:
0 Kudos
5 REPLIES 5

JRahm
Community Manager
Community Manager

‎10-Mar-2021 12:47 - last edited on ‎04-Jun-2023 21:01 by Community Manager

Do you have a persistence profile on the virtual? Might be best to have a default of source_addr persistence as a profile on the virtual, that way you can reduce your iRule to this (my attempt, you'll need to test)

when HTTP_REQUEST {
  if { [HTTP::header exists X-Forwarded-For] } {
    persist uie [getfield [HTTP::header X-Forwarded-For] "," 1]
  }
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
0 Kudos

ant77
Cirrus
Cirrus
In response to JRahm

‎11-Mar-2021 05:29

Hi Jason,

 

We can't use a default source_addr profile because the inbound traffic goes through a CDN, which they append the client IP and their proxy IP to the XFF header. We use the irule to look into this and persist the connection for the client to a server in the backend. This works fine with IPV4, however there are instances where some of our user's ISP is giving them an IPV6 address. How can this iRule or any other method be used to read the IPV6 along with the IPV4 (this irule) and persist the client

based on that?

 

Thanks!

0 Kudos

ant77
Cirrus
Cirrus
In response to ant77

‎12-Mar-2021 11:38

Hello F5/Jason,

 

Please help...can you let me know if this can be done or not?

 

Thanks!

0 Kudos

JRahm
Community Manager
Community Manager
In response to ant77

‎12-Mar-2021 12:01

it should be possible, but I really need to see samples of the contents of your XFF headers in ipv4 and ipv6 to see if you are indexing and splitting correctly for both protocols. I can track down bugs and experience in the meantime. Sorry, I don't have much operational ipv6 experience

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
0 Kudos

ant77
Cirrus
Cirrus
In response to ant77

‎15-Mar-2021 07:27

Thank you Jason, appreciate your help. Once I get more info and a sample, I will post it.

0 Kudos
Copyright © 2023 Khoros, LLC