source IP and source Port persistence using irule - Citrix - (carp vs uie)
Hi, We ran into an issue of uneven load-balancing due to using citrix. Clients end up using the same IP so we decided we need to start load-balancing using the source port as well. I have done my homework and search around until I came across multiple solutions of either to use uie or carp. I have multiple questions hopefully I will get answers for. I understand carp doesn't have a timeout so that leads to a question is it better to use in this situation? Also we are leaning towards load-balancing using the least connections. Would each algorithm limits to a specific load-balancing method? Per my irule below I don't add persist assuming it is done automatically. am I wrong with that assumption? Should I be adding each successful persistence records? what would be the best way to test such an implementation? Here is the irule I'm about to implement. when CLIENT_ACCEPTED { set client_ip_port "[IP::client_addr]:[TCP::client_port]" if {[TCP::client_port] and [IP::client_addr] !=0} { persist carp $client_ip_port } }
WebLogic universal persistance - multiple (JSESSIONID) cookie names
Hello experts, we have a customer which uses a Java Web-Application hosted on WebLogic middleware. In the past this was quite simple, we used this iRule for managing the universal persistance: when HTTP_REQUEST { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionid=" 11] if { $jsess != "" } { persist uie $jsess 300 } } } when HTTP_RESPONSE { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } } This worked ever fine. But now the customer has multiple Java Web-Applications configured in WebLogic, each of them uses seperate Cookie names. So JSESSIONID (as before), but also new SESSIONIDA, JSESSIONIDB and JSESSIONIDC. All must be served over one Loadbalancer virtual server, we we have to manage the complexity in the iRule on the F5. Note: We can use the same selected node node for one client, but also seperate per Cookie name, so per application to another selected node in the Backend - this is not relevant. This is what I think it should work, but it doesn't. Please don't blame me regarding efficiency, I know it is worse. (But am no iRule expert.) Pure funcionality is Prio-1 for us. when HTTP_REQUEST { if { [HTTP::cookie "JSESSIONID"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } elseif { [HTTP::cookie "JSESSIONIDA"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONIDA"]] 300 } elseif { [HTTP::cookie "JSESSIONIDB"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONIDB"]] 300 } elseif { [HTTP::cookie "JSESSIONIDC"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONIDC"]] 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionid=" 11] if { $jsess != "" } {persist uie $jsess 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionida=" 11] if { $jsess != "" } { persist uie $jsess 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionidb" 11] if { $jsess != "" } { persist uie $jsess 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionidc" 11] if { $jsess != "" } { persist uie $jsess 300 } } } } } } when HTTP_RESPONSE { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } if { [HTTP::cookie "JSESSIONIDA"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONIDA"]] 300 } if { [HTTP::cookie "JSESSIONIDB"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONIDB"]] 300 } if { [HTTP::cookie "JSESSIONIDC"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONIDC"]] 300 } } I would like to thank you in advance for any hint on my problem here...
multi profile uie persistence, match accross VS
hi I have an application that need to persist on the same backend. The application makes first a HTTPS connection, then a TCP connection and would eventually switch to udp connection. It use its own message ID mechanism and this is present in the HTTP request, the TCP and UDP payload. I wrote 3 irules for universal persistence and all are able to find properly that message id (uid) for the persistence. I have configured a "match accross virtual server" for all 3 persistence profiles. It results that we create a persistence record with the persistence irule of HTTPS-VS but it won't be reused for the tcp or udp connection. Here my irules: HTTPS: when HTTP_REQUEST { if { [HTTP::query] starts_with "uid=" } { set uid [findstr [HTTP::query] uid= 4 ] if { not (($uid eq "") || ($uid eq "(null)")) }{ persist uie $uid log local0. "using persistence for UID ($uid): [persist lookup uie $uid]" } } } TCP: when CLIENT_ACCEPTED { TCP::collect 24 } when CLIENT_DATA { set offset_header 16 set clientData [TCP::payload] binary scan $clientData @${offset_header}ccii sig ver size UIDdata log local0. "sig=[format %x [expr {$sig & 0xFF}]] , ver=$ver, size=$size, UID=$UIDdata" persist uie $UIDdata log local0. "using persistence for UID ($UIDdata): [persist lookup uie $UIDdata]" TCP::release } UDP: when CLIENT_DATA { set offset_header 8 set clientData [UDP::payload 24] binary scan $clientData @${offset_header}ccii sig ver size UIDdata log local0. "sig=[format %x [expr {$sig & 0xFF}]] , ver=$ver, size=$size, UID=$UIDdata" persist uie $UIDdata log local0. "using persistence for UID ($UIDdata): [persist lookup uie $UIDdata]" } In the logs we see the following: http_uie : using persistence for UID (4): /Common/HTTPS_Pool 192.168.2.50 443 tcp_uie : sig=ac , ver=8, size=293, UID=4 tcp_uie : using persistence for UID (4): udp_uie : sig=ad , ver=8, size=59, UID=4 udp_uie : using persistence for UID (4): udp_uie : sig=ad , ver=8, size=59, UID=4 udp_uie : using persistence for UID (4): and the persistence table shows the entries Sys::Persistent Connections universal 4 192.168.1.4:443 192.168.2.50:443 (tmm: 1) universal 4 192.168.1.4:443 192.168.2.50:443 (tmm: 0) Total records returned: 2 so my question is: why the subsequent uie persistence doesn't work ? Thanks Alex
Universal Persistence Profile (UIE) across multiple pools
Hi all I have a question about UIE with multiple pools. I have a Virtual Server which swaps pools depending on the URI: **POOLS:** pool1 server1 server2 pool2 server3 server4 default: server5 server6 **RULE1:** when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]]{ "/uri1/*" { pool pool1 } "/uri2/*" { pool pool2 } default { pool default } } } **RULE2:** when HTTP_REQUEST { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist uie [HTTP::cookie "JSESSIONID"] } } when HTTP_RESPONSE { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist add uie [HTTP::cookie "JSESSIONID"] } } /uri1/ has a single sign on system that creates a JSESSIONID cookie. This is used for Universal Persistence. Rule2 is associated with a Universal Persistence Profile. This Profile is then associated with the Virtual Server - this is done so Rule2 can be used on several Virtual Servers and not just the one specified above. User test - in a browser session, request1: http://www.server.com/uri1/getssotoken - this is served by server1 and I get a JSESSIONID cookie request2: http://www.server.com/uri2/somecontent - this is served by server4 request3: http://www.server.com/othercontent - this is served by server6 So the question I have... Any request I now make in this same browser session, depending on uri, I will always be served by either server1, server4 or server6 Is this correct? Thanks
UIE string based persistence help
Hello, I have a rule that was working 95% of the time in regards to UIE string based persistence, but sometimes the string was routed to 2 pool members. I can see in the uie persistence table the few occasions where the string is the exact same string but is sent to different pool members. For the most part it works correctly but I need to have it working 100%. any pointers or tips on the best way forward is greatly appreciated!! I have an application that creates two sockets, in each the string is parsed correctly and is required to go to the same pool member. The sockets are opened anywhere from 1 to 3 seconds apart. I read some articles that explain where to persist uie and when to add persist add uie and I recently modified the rule to use LB_Selected event, however now im getting some TCL errors about the LB_selected event cantt find the variable used in the CLIENTSSL_Data event. Here is the current Irule: Code when CLIENTSSL_HANDSHAKE { log local0. "[IP::client_addr]:[TCP::client_port]: SSL handshake completed, collecting SSL payload" SSL::collect } when CLIENTSSL_DATA { set payload [SSL::payload] if { $payload contains "SOR" } { log local0. "Aggregator first socket initiated using SOR message parsing" Now execute first string match for the first socket set entityID [findstr $payload "@" 1 ","] pool xyz log local0. "Here is the first TCP socket entity $entityID" persist uie $entityID 1800 SSL::release } elseif { $payload contains "LI" } { log local0. "App second socket initiated using LI message parsing" Now execute second string match for the first socket set entityID2 [findstr $payload "@" 1 "null"] log local0. "Here is the second TCP socket entity $entityID2" pool xyz persist uie $entityID2 1800 log local0. "Entity Session routing for $entityID2 and setting persistence" SSL::release } else { log local0. "No match is found" } } when LB_SELECTED { add server info to session table when server selected only add if key exists & node not directly selected above if {$entityID != "" }{ session add uie $entityID [LB::server addr]:[LB::server port] log local0. "$entityID has been sent to [LB::server addr]:[LB::server port]" } elseif {$entityID2 != "" }{ session add uie $entityID2 [LB::server addr]:[LB::server port] log local0. "$entityID2 has been sent to [LB::server addr]:[LB::server port]" } }
UIE string based persistence help
Hello, I have a rule that was working 95% of the time in regards to UIE string based persistence, but sometimes the string was routed to 2 pool members. I can see in the uie persistence table the few occasions where the string is the exact same string but is sent to different pool members. For the most part it works correctly but I need to have it working 100%. any pointers or tips on the best way forward is greatly appreciated!! I have an application that creates two sockets, in each the string is parsed correctly and is required to go to the same pool member. The sockets are opened anywhere from 1 to 3 seconds apart. I read some articles that explain where to persist uie and when to add persist add uie and I recently modified the rule to use LB_Selected event, however now im getting some TCL errors about the LB_selected event cantt find the variable used in the CLIENTSSL_Data event. Here is the current Irule: Code when CLIENTSSL_HANDSHAKE { log local0. "[IP::client_addr]:[TCP::client_port]: SSL handshake completed, collecting SSL payload" SSL::collect } when CLIENTSSL_DATA { set payload [SSL::payload] if { $payload contains "SOR" } { log local0. "Aggregator first socket initiated using SOR message parsing" Now execute first string match for the first socket set entityID [findstr $payload "@" 1 ","] pool xyz log local0. "Here is the first TCP socket entity $entityID" persist uie $entityID 1800 SSL::release } elseif { $payload contains "LI" } { log local0. "App second socket initiated using LI message parsing" Now execute second string match for the first socket set entityID2 [findstr $payload "@" 1 "null"] log local0. "Here is the second TCP socket entity $entityID2" pool xyz persist uie $entityID2 1800 log local0. "Entity Session routing for $entityID2 and setting persistence" SSL::release } else { log local0. "No match is found" } } when LB_SELECTED { add server info to session table when server selected only add if key exists & node not directly selected above if {$entityID != "" }{ session add uie $entityID [LB::server addr]:[LB::server port] log local0. "$entityID has been sent to [LB::server addr]:[LB::server port]" } elseif {$entityID2 != "" }{ session add uie $entityID2 [LB::server addr]:[LB::server port] log local0. "$entityID2 has been sent to [LB::server addr]:[LB::server port]" } }
Universal Persistance - iRule vs Profile
Hi, I have learned that we can implement UIE persistency in 2 ways. 1) added as a iRule in the Virtual Server's resource. 2) add the iRule into a Universal Persistence profile, then add to the Virtual Server's resources under the "Default Persistence Profile". My question is, is there any difference in the implementation?