Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

source IP and source Port persistence using irule - Citrix - (carp vs uie)

Hi,

We ran into an issue of uneven load-balancing due to using citrix. Clients end up using the same IP so we decided we need to start load-balancing using the source port as well. I have done my homework and search around until I came across multiple solutions of either to use uie or carp.

I have multiple questions hopefully I will get answers for.

  • I understand carp doesn't have a timeout so that leads to a question is it better to use in this situation?
  • Also we are leaning towards load-balancing using the least connections. Would each algorithm limits to a specific load-balancing method?
  • Per my irule below I don't add persist assuming it is done automatically. am I wrong with that assumption? Should I be adding each successful persistence records?
  • what would be the best way to test such an implementation?

Here is the irule I'm about to implement.

when CLIENT_ACCEPTED { 
    set client_ip_port "[IP::client_addr]:[TCP::client_port]" 
    if {[TCP::client_port] and [IP::client_addr] !=0} { 
       persist carp $client_ip_port
    } 
}
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

This is my limited understanding of CARP:

It is a one-way hash-like algorithm that matches on a "source" and sends it to a "destination". As long as the "source" remains the same, the "destination" will be the same and it is for this reason that it doesn't store any persistence value on the F5 locally.

Now, using the above understanding, as long as the "source" values are diverse at any instance, we should have a better distribution of traffic. I think, if you have many pool members, it will increase the chances of the traffic being evenly distributed.

Least Connections (Member) is my favorite and default algorithm to implement by default. If it doesn't help, then explore other options. I don't think CARP/Hash is tied to a specific load balancing algorithm.

No, you don't have to add persistence records.

Testing - depends on the application, what you are trying to test and of course the resources you possess. If you have a great LT/Stage environment, it is easier to test or you can spin up a bunch of cloud servers in different DC from one of the public cloud providers to see if the load is evenly distributed.

0
Comments on this Answer
Comment made 19-Oct-2016 by logical 54

Thanks for the response. it is a great answer however I'm a bit confused.

If CARP uses a hashing algorithm that is based on it will forward the traffic to a specific destination then wouldn't that override the load-balancing method specified for the pool?

I mean specially it isn't keeping any persistence records so it sounds like it is acting as a load-balancing method by itself. My understanding there is a fine line between load-balancing method and persistence mainly defined by the fact that persistence is keeping records. You take that away then how would it know which to apply. Is it the CARP based on hashing or the load-balancing method? (Let's say least connection in this case)

Also I was wondering about UIE? How does it work in comparison?

0
Comment made 19-Oct-2016 by Vijay 4916

Persistence/CARP takes precedence over LB method. By having diverse source (source ports, in your case) and possibly many pool members, you will distribute the traffic more evenly.

UIE is generally utilized anytime you want to define persistence based on your requirements that is not addressed by F5 - example: persistence based on a session id that exists in the HTTP header. In your case, you can use something like this:

when CLIENT_ACCEPTED { 
    set client_ip_port "[IP::client_addr]:[TCP::client_port]" 
    if {[TCP::client_port] and [IP::client_addr] !=0} { 
       persist uie $client_ip_port
    } 
}

Attach the above iRule to an UIE persistence profile with relevant timeout interval and then attach the persistence profile to the VS.

0
Comment made 19-Oct-2016 by logical 54

Thanks, it seems UIE is more suitable for my issue.

Is it enough to specify the timeout within the universal persistence profile I created or do I have to specify the timeout within the irule itself. I'm not sure if UIE takes timeout variable

ex. persist uie $client_ip_port 1400

0
Comment made 19-Oct-2016 by Vijay 4916

Either way should work. Your preference. I prefer the profile.

0
Comment made 19-Oct-2016 by logical 54

Great, thanks again!

0