24-Aug-2022 02:28 - edited 24-Aug-2022 02:29
Hi,
I have two http servers behind a specific VIP, i'm using cookie method for persistency which working fine,
The problem I have is that when one of the my pool members goes down, the users who were logined on this pool member thrown out and have to log in again.
Can I use the RESELECT method in ActionOnDown section of my pool to avoid this problem?
if yes, shall i disable port/address translation on my virtual server?
thanks
24-Aug-2022 04:20
Hello Nimbostratus,
what is the current Virtual server and backend server IP/port ?
24-Aug-2022 06:54
Hello 🙂
Both virtual server and pool members are on same subnet, and service port is 80 (HTTP)
for example:
Virtual Server is: 192.168.23.254
Server1: 192.168.23.180
Server2: 192.168.23.181
24-Aug-2022 07:58
Hello,
you are right, you need to disable both translation to use this option based on the below article.
Reselect option is only appropriate for:
https://support.f5.com/csp/article/K15095
It actually doesn't matter for the port translation. But regarding the address translaiton, the service will stop working because the address must be translated to the pool member.
So based on this, unfortunately, i think you will not be able to use the reselect option.
24-Aug-2022 09:19
Forgive me if I'm reading this wrong, but Isn't everyone forgetting a little thing? Even is the reselect action was a valid option, the user would still need to login again on the "new" server.
/Mike/
24-Aug-2022 21:31 - edited 24-Aug-2022 21:34
Hi Mike,
That's the question. I am looking for a way to prevent users from re-authenticating, as far as I understand, it is not possible because when the user who currently loggined transferred to the new server must be re-authenticated by the new server back-end. Unless the servers themselves (meaning the back-end part) have the ability to exchange the session information of their users.
Thanks
26-Aug-2022 07:36
I agree with Mike - this is not about connections to servers, it is at the HTTP level. In short, you need a common authentication mechanism across backend servers, or use APM to handle the authentication and passthrough the user credentials to the server. You may find that federation such as SAML or OAuth gives a near-seamless solution ( to re-authenticate, the client would be redirected to the IdP and assuming they have a valid session then be redirected back immediately ).
This requires some architectural thought - we in F5 Professional Services do this sort of thing all the time, it might be worth looking into that if you want to discuss it further.
24-Aug-2022 07:22
Better read the article for this feature https://support.f5.com/csp/article/K15095 as it has good description for this feature:
==========
This option is only appropriate for:
Note: This is the default for network virtual servers, such as wildcard IP Forwarding virtual servers.
Note: Transparent devices can forward packets to destinations without regard for the state of the connection.
==========
16-Oct-2022 04:19
If you managed to get the needed answers, please flag the question as answered.