Oracle Weblogic with F5 issue,Jsession your session has expired
What can be done to resolve an issue on an oracle weblogic VIP which offloads SSL, The page loads and a "YOUR SESSION HAS EXPIRED" message is popped out,and the page redirects back to login page. When the backend servers are called directly, no such error is encountered. I already deployed an iapp for this,and it didn't solve the issue.
WebLogic universal persistance - multiple (JSESSIONID) cookie names
Hello experts, we have a customer which uses a Java Web-Application hosted on WebLogic middleware. In the past this was quite simple, we used this iRule for managing the universal persistance: when HTTP_REQUEST { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionid=" 11] if { $jsess != "" } { persist uie $jsess 300 } } } when HTTP_RESPONSE { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } } This worked ever fine. But now the customer has multiple Java Web-Applications configured in WebLogic, each of them uses seperate Cookie names. So JSESSIONID (as before), but also new SESSIONIDA, JSESSIONIDB and JSESSIONIDC. All must be served over one Loadbalancer virtual server, we we have to manage the complexity in the iRule on the F5. Note: We can use the same selected node node for one client, but also seperate per Cookie name, so per application to another selected node in the Backend - this is not relevant. This is what I think it should work, but it doesn't. Please don't blame me regarding efficiency, I know it is worse. (But am no iRule expert.) Pure funcionality is Prio-1 for us. when HTTP_REQUEST { if { [HTTP::cookie "JSESSIONID"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } elseif { [HTTP::cookie "JSESSIONIDA"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONIDA"]] 300 } elseif { [HTTP::cookie "JSESSIONIDB"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONIDB"]] 300 } elseif { [HTTP::cookie "JSESSIONIDC"] ne "" } { persist uie [string tolower [HTTP::cookie "JSESSIONIDC"]] 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionid=" 11] if { $jsess != "" } {persist uie $jsess 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionida=" 11] if { $jsess != "" } { persist uie $jsess 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionidb" 11] if { $jsess != "" } { persist uie $jsess 300 } else { set jsess [findstr [string tolower [HTTP::path]] "jsessionidc" 11] if { $jsess != "" } { persist uie $jsess 300 } } } } } } when HTTP_RESPONSE { if { [HTTP::cookie "JSESSIONID"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONID"]] 300 } if { [HTTP::cookie "JSESSIONIDA"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONIDA"]] 300 } if { [HTTP::cookie "JSESSIONIDB"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONIDB"]] 300 } if { [HTTP::cookie "JSESSIONIDC"] ne "" }{ persist add uie [string tolower [HTTP::cookie "JSESSIONIDC"]] 300 } } I would like to thank you in advance for any hint on my problem here...
Load Balance Host Headers
I posted last week asking for assitance load balancing WebLogic apps. I received some good responses, but they didn't work. I submitted an F5 support case and was basically told they don't help build new configurations, only fix "broken" ones and I should use professional services. I found some third party WebLogic admin books that suggest load balancers should NOT replace proxies, but be used with them. So my current isue. I had an existing IIS server using host headers to accept the incoming requests, handle SSL requirements and proxy (forward) HTTP requests to some WebLogic nodes. I changed DNS and put F5 in front of this (still using a single VIP entry point) to route to the same IIS box then proxy to WebLogic. With this setup I have a few sites (4 out of 11) that seem ok. The rest show infinite loops on the redirects. I've rechecked the IIS config multiple times to make sure the SSL redirects were removed and sites are now HTTP only. The IIS logs seem to show that the traffic actually never gets to the IIS server. I can't seem to figure out how I introduced this redirect. I'm wondering if I need to remove the idea of "host headers" on IIS or F5 or both to get this stable and working.
F5 routing tcp traffic to WebLogic Managed servers
Hi, I have cluster WebLogic server (ver 12.2.1.3) hosting JMS server with distributed queues and topic. 1) When jms client connects to these WebLogic manage servers over t3://WL1:7001,WL2:7001, it works as expected that rules out any issues with WebLogic.. 2) Now, when I try adding F5 (as external load balancer with virtual service and virtual port # same as backend WebLogic servers) and run jms client using t3://f5jms:7001, it works as expected... 3) However, when the virtual server port is changed to something else (other than what is used by backend WL server), client throws following error, t3://f5jms:8001 java.net.SocketException: Connection reset; No available router to destination.; nested exception is: java.rmi.ConnectException: No available router to destination. [Root exception is java.net.ConnectException: t3://XXXXXXXXX:8002: Destination XXXXXX, 8002 unreachable.; nested exception is: java.net.SocketException: Connection reset; No available router to destination.; nested exception is: java.rmi.ConnectException: No available router to destination.] I don't see any error message in WL server logs or anything related to the traffic.. I took tcpdump on host where WL server is hosted, see traffic coming to WebLogic server from SNAT ip (F5), however I don't see any ACK back from WebLogic to SNAT, finally SNAT gives up and RST is issued.. I tried searching on the forum, closest I could get is https://devcentral.f5.com/s/question/0D51T00006i7gTNSAY/how-connect-weblogic-t3-protocol-with-virtual-server (few years old question), where person posting question clearly stated that ""if you want to connecto to a wlst or a jms connection factory, the VS port must be the same of the weblogic server where the jms connection factory and the queue was create, or where you connect to wlst cli"", does it mean that VS port needs to match what is used on WebLogic servers and curious if it is possible to have VS port and backend WL port different by means of passing any JVM argument etc?Oracle Weblogic with F5 issue,Jsession your session has expired
What can be done to resolve an issue on an oracle weblogic VIP which offloads SSL, The page loads and a "YOUR SESSION HAS EXPIRED" message is popped out,and the page redirects back to login page. When the backend servers are called directly, no such error is encountered. I already deployed an iapp for this,and it didn't solve the issue.VIP is not accessible but direct servers are reachable
I have a scenario where the VIP is not reachable but the pool members are reachable. My virtual server is 10.1.130.100:5003, my pool members are 10.1.130.83:5003,10.1.130.85:5003,10.1.130.87:5003,10.1.130.89:5003. I created an iapp based on Weblogic for it,I have AUTOMAP enabled but the application owners insist,they can't access the VIP, but can access the individual pool members directly. What is the solution to this.
How to setup F5 Big-IP LTM for Weblogic on different ports, same IP
Hi Everyone, I am a Weblogic/Oracle DB administrator. Currently we are establishing our web application on a Weblogic Cluster using two redundant Big-IP 1600 LTM devices. We have a 9-node Weblogic cluster on 3 different AIX 7.1 machines (each machine has 3 different Virtual Servers). Our F5 consultants have asked us to establish our Virtual servers on different IPs due to some constraints on F5 LTM that you cannot have more than one pool member with the same IP. So we tried multihoming on our cluster (to use more than one NIC with different IP addresses and bind each Weblogic Virtual Server to each one of them) but later we found out that multihoming causes issues with Weblogic internal messaging system. What we are currently looking at is to have one IP per machine and running our Virtual Servers on a different port. But it seems it causes issues for F5 in configuration. How we can deal with this? Anyone has any ideas? So far, I've found two solutions : IP teaming and reverse proxy, we are still investigating these two but due to some project constraints we might not be able to proceed with these two. I wanted to know if there is something inside F5 (like iRule) to direct the requests to different VIP/Ports. Let me know if "any" ideas on "any" layers came into your mind!
