Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

source address & source port persistence

Hi !

I have a virtual server that has a pool of 3 Citrix Secure Gateway servers. The VIP is FASTL4, with source address persistence and least conections LB. I would like to implment an irule that provides us with source address & port persistence, and after doing some research I found this sample:

when CLIENT_ACCEPTED { 
    if {[TCP::client_port] and [IP::client_addr] !=0} { 
        persist uie "[IP::client_addr]:[TCP::client_port]" 
    } 
} 

However, I have some doubts... The traffic is ICA over SSL, and the SSL offload is done at the Gateways, not at the F5. Does this represent a problem? What TCP profile would I need to set my VIP to in order to make the irule work?

Thanks! Fabian

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

It looks like:

  1. There should not be a problem with backends (Gateways) doing SSL offload as you're persisting on TCP level
  2. The following example suggests that you first need to do "persist add uie": https://devcentral.f5.com/wiki/iRules.ProxyAuth.ashx

Thus the iRule transforms into:

when CLIENT_ACCEPTED { 
    set client_ip_port "[IP::client_addr]:[TCP::client_port]"
    persist uie $client_ip_port
}
when SERVER_CONNECTED {
    persist add uie $client_ip_port 3600
}
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Thank you! However, what does this part do?

when SERVER_CONNECTED {
    persist add uie $client_ip_port 3600
}

Fabian

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I mean, what do I need it for ? What is the difference between perists uie and persist add uie

and why do I need to do it when SERVER_CONNECTED ?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

As I understand it:

  1. "persist add uie" adds the persistence record.
  2. "persist uie" looks up that record and persists to the previously chosen pool member.
0