Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Session persistence based on source IP address

Is there any way to create session persistence using source address affinity?
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
you can use the command persist source_addr: Click here
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
The customer wants the persistence to stop when either the browser closes or the session with the application ends. The customer wants to use source_addr persistence, however, I don't see a simple way of doing it. Is there an iRule written out there that can do this?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Session Cookie persistence would definitely be better and would avoid iRules

To do what you want to achieve may be really difficult since it means you'll need to create the persistency when the client establish the connection (fine) but the issue will be to identify when the client has closed all its connections. Since a Browser open several TCP connections at the same time it's quite painful and means you'll need to store some data for each client to monitor its browsing ....

DO you know why the customer wants to achieve such a thing and not using session cookie persistence ?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Thank you...I will go back to my customer with your comments.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
I have a similiar requirement, but in my case the LTM is acting as a SSL pass through device. Only way I can persist is based on source IP. Now here's the problem; some clients use distributed Proxies. What I thought is to created a Data Group per client. Then somehow do a lookup to these Data Groups and then just direct each data Group to a given Node. In that way no persistance is required, the client's SSL communication does not break. The trade off is that these specific clients never get load balanced (unless there is way to select another node, only if the primary node is not available); of course everything else should be processed as per normal. Any ideas how this can be done?

I get the feeling the irule could be pretty simple (or am I being a total novice!)
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
You can load balance based on SSL id... It used to break with older versions of IE (And I admit I haven't tried doing it for a long time now, I use tend to use session cookies & SSL Offload) but might be worth having a go.

Oh... The LB has no way of knowing if the browser closes, or session ends... There's no persistence of connection (Real TCP connection I mean)between browser & server for this to happen.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
is it possible to reveal the source IP address for an inbound session (even if SNAT) is configured for: HTTP, HTTPS and FTP traffic?

I appreciate your quickest help on this.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
source ip inbound would be IP::client_addr, regardless of the protocol.
0