Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Custom session stickiness or a standard case?

Hello all,

I have a somewhat unusual setup, which I inherited. It is for providing Citrix services, which comprise of a web frontend (HTTPS) and ICA protocol

The traffic flow is thus:

client >> BigIP LTM >> 4 x Reverse Proxy Nodes >> various Backend servers (backend is however not relevant, the problem is between the BigIP and reverse proxy)

My goal is to have session stickiness so that the HTTPS and ICA protocol both pass through the same reverse proxy node. I see there are lots of options for this, but I would just like some feedback about what is needed.

The problem currently, is that the two protocols are sent to different virtual servers and then forwarded to different pools:

HTTPS protocol > virtual server1 > Pool1

ICA protocol > virtual server2 > Pool2

Pool1 and Pool2 both send traffic to the same 4 reverse proxy nodes, but to different virtual IPs. So the load balancer cannot recognize they are in fact the same destination.

There is no SSL offloading on the BigIP, so no session information is available to create persitence via a cookie or URL path.

The BigIP does however see the original source IP address.

What is needed to create persistence for sessions across the pools?

Would a simple source address persitence profile apply to all virtual servers where it is enabled across the whole BigIP config? Or does it only apply to the one individual virtual server?

If it does not apply across all the configuration, then I assume I need to write an irule that associates the IP of reverseproxy1 in pool1 with the IP of reverseproxy1 in pool2 - or is there an easier way?

Thank you in advance for your help! Peter

PS - it would also be possible to change the reverse proxy pools to forward from the BigIP to the reverse proxy nodes on different ports - eg rp1:443 - HTTPS rp1:8443 - ICA, but I would prefer not to change unless it is really necessary

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Try taking a look at Match Across options for session persistence. This is setting that allows you to share persistence data between virtual servers.

If you want configuration assistance or have any more questions, I am sure I can help.

0
Comments on this Answer
Comment made 1 week ago by phowes 1

Hi Rico,

thanks for the quick response!

I was trying to understand those options. The way I understand it, my current setup won't fit into one of these options.

So I have pools like this

Pool A backend A1 - 10.0.0.1:443 backend A2 - 10.0.0.2:443

Pool B backend B1 - 10.0.0.3:80 backend B2 - 10.0.0.4:80

where A1 and B1 are actually the same machine.

So I think I need to either do something with an irule to associate A1 and B1 with each other, so that they are seen as one destination

OR

I need to use the same backend IPs:

Pool A backend A1 - 10.0.0.1:443 backend A2 - 10.0.0.2:443

Pool B backend B1 - 10.0.0.1:80 backend B2 - 10.0.0.2:80

then enable "Match across virtual servers" with source address affinity, so that all traffic coming from one source IP gets forwarded.

I don't think the first option will work with any of the "Match across" options

Best wishes, Peter

0