Enabling Session Persistence with iRules

Chapter Enabling Session Persistence in the BIG-IP Configuration Guide, describes how to enable session persistence by configuring a persistence profile and assigning it to a virtual server. As described in that chapter, the BIG-IP applies those persistence profile settings to every applicable session that passes through the virtual server. For example, if you have assigned the msrdp profile to the virtual server, then the BIG-IP applies those settings to every incoming Microsoft® Remote Desktop Protocol (RDP) connection.

There are cases, however, when you might want to enable persistence in a more granular way. For example, instead of using the ssl persistence profile, which acts on non-terminated SSL traffic only, you might want to persist sessions based on SSL certificate status that you insert into the header of an HTTP request. To do this, you write an iRule using the HTTP::header command and then assign the iRule to the virtual server. Whenever the BIG-IP terminates an SSL request, the iRule inserts the certificate status as a header into the request, and persists the session based on that status.

The BIG-IP includes a special iRule command, persist, for implementing the types of session persistence described in Chapter 9 of the BIG-IP Configuration Guide, Enabling Session Persistence. You simply type the persist command in your iRule, specifying a persistence type. For some persistence types, you must specify some additional arguments.

  • persist cookie
  • persist destaddr [mask ] []
  • persist hash
  • persist msrdp
  • persist sip
  • persist srcaddr [mask ] []
  • persist ssl
  • persist universal []
  • persist none

You can use the persist none, hash, srcaddr, destaddr, and universal commands in any circumstance, even if a corresponding persistence profile is not configured and assigned to the virtual server. However, the persist ssl, cookie, msrdp, and sip commands require that you assign a corresponding persistence profile to the virtual server. Attempts to use these commands without a corresponding profile result in a run-time iRule error.