I have two http servers behind a specific VIP, i'm using cookie method for persistency which working fine,
The problem I have is that when one of the my pool members goes down, the users who were logined on this pool member thrown out and have to log in again.
Can I use the RESELECT method in ActionOnDown section of my pool to avoid this problem?
if yes, shall i disable port/address translation on my virtual server?
It actually doesn't matter for the port translation. But regarding the address translaiton, the service will stop working because the address must be translated to the pool member.
So based on this, unfortunately, i think you will not be able to use the reselect option.
Forgive me if I'm reading this wrong, but Isn't everyone forgetting a little thing? Even is the reselect action was a valid option, the user would still need to login again on the "new" server.
That's the question. I am looking for a way to prevent users from re-authenticating, as far as I understand, it is not possible because when the user who currently loggined transferred to the new server must be re-authenticated by the new server back-end. Unless the servers themselves (meaning the back-end part) have the ability to exchange the session information of their users.
I agree with Mike - this is not about connections to servers, it is at the HTTP level. In short, you need a common authentication mechanism across backend servers, or use APM to handle the authentication and passthrough the user credentials to the server. You may find that federation such as SAML or OAuth gives a near-seamless solution ( to re-authenticate, the client would be redirected to the IdP and assuming they have a valid session then be redirected back immediately ).
This requires some architectural thought - we in F5 Professional Services do this sort of thing all the time, it might be worth looking into that if you want to discuss it further.
Virtual servers with address and port translation disabled
Note: This is the default for network virtual servers, such as wildcard IP Forwarding virtual servers.
Transparent pool members, such as firewalls, routers, proxy servers, and cache servers
Note: Transparent devices can forward packets to destinations without regard for the state of the connection.
UDP virtual servers
Important: Because this setting does not re-establish TLS or any other stateful protocol, you should not use it in a reverse-proxy deployment where pool members are stateful endpoints.
