Forum Discussion

Gus_Thompson_11's avatar
Gus_Thompson_11
Icon for Nimbostratus rankNimbostratus
Oct 29, 2007

Cookie Persistence iRule help

Greetings,     I’m in desperate need of a solution for “Cookie Insert” persistence. I have worked with F5 support for over a month now, and still have not been able to resolve our issues. So, ...
application delivery
dev
devops
iRules
Gus_Thompson_11's avatar
Gus_Thompson_11
Icon for Nimbostratus rankNimbostratus
Nov 09, 2007
Hey Guys,

Just a quick update, we have upgraded the F5’s to version 9.4.1. I was able to create the iRule as listed above, and will begin testing it shortly. Here are a few things we’ve done and tested since the upgrade:

Created a pool on port 80

Created a pool on port 443

Created a VIP on port 80 with its respective pool attached.

Created a VIP on port 443 with its respective pool attached.

Created a SSL client and server profile and attached them to the 443 VIP.

Set the pools to Least Connections (node)

Set the VIP’s to Cookie Insert

We ran minimal tests with 10 users, and everything seemed to work. I noticed that the F5 would insert 2 cookies, one for HTTP and one for HTTPS. I understand that Cookie Insert uses the pool name.

We then loaded the testing site with 200 concurrent sessions (connections) and persistence began to break. Once we saw that, we tried a new configuration:

Created a single pool on port 0

Created a VIP on port 80 with the single pool attached.

Created a VIP on port 443 with the single pool attached.

Created a SSL client and server profile and attached them to the 443 VIP.

Set the pool to Least Connections (node)

Set the VIP’s to Cookie Insert

We ran minimal tests with 10 users, and everything seemed to work. I noticed that the F5 would insert 3 cookies, one for HTTP, HTTPS, and one named GTSessionID.

When we loaded the testing site with 200 concurrent sessions (connections), persistence began to break just as it did with 2 pools.

Now we’re testing the iRule that was posted. Let me know if I am following the correct procedure to use this iRule.

Created a single pool on port 0

Created a VIP on port 80 with the single pool attached.

Created a VIP on port 443 with the single pool attached.

Created a SSL client and server profile and attached them to the 443 VIP.

Set the pool to Least Connections (node)

Created a Universal Persistence Profile and attached the iRule to it.

Set the VIP’s to use the Universal Profile.

When I do that, I get the following error message:


01070394:3: SSL::disable in rule (gus_test) requires an associated SERVERSSL or CLIENTSSL profile on the virtual server (ST_http_173-lbc.aw.amo.com)

Am I supposed to set the server and client SSL profile on the HTTP (80) pool as well?

Am I just to create a single VIP servicing port 0?

Thanks for your help,

Gus