source IP based persistence

I agree that the source you are referring to is not overly clear, i may be on the wrong track here although the only thing i can think of would be the biggest drawback of Source address persistence:

 

 

If an address is NAT'd then in multiple connections behind this address from different connections will be load balanced to the same backend servers. Traditionally this is an issue with ISP mega proxies such as AOL, who used to route all traffic via a single IP for the obvious reasons, fortunately Mega Proxies at carrier level are not such an issue and not commonly used. theoretically 20K connections behind a megaproxy could connect to a VIP with 500 servers behind it and all be LB'd to the same server.

 

 

 

Hope this helps.

 

 

 

Craig

 

 

 

thanks, what I understand - if at the client end there is firewall/proxy which is using dynamic NAT to go outside then all the client behind this firewall/proxy will get the same NAT'd IP as source IP address when connecting to the F5 VIP and automatically directed to same backend pool member if source IP persistence is used. Please correct me if I am wrong.

 

 

Thanks

 

som

have you enabled match across option?

 

 

sol5837: Match Across options for session persistence

 

http://support.f5.com/kb/en-us/solutions/public/5000/800/sol5837.html

not done yet, planning to do as below..Is this ok? What about inconsistencies in load distribution across the servers for source ip based persistance?

HTTP Virtual Server: 10.254.14.172:http 
Type of Persistence Used: Source Address and Match Across Services enabled
HTTP Pool Name: BKC.http_pool 
HTTP Pool Members: 
10.254.49.126:80 
10.254.49.127:80 
10.254.49.128:80
HTTPS Virtual Server: 10.254.14.172:https
 Type of Persistence Used: Source Address Affinity and Match Across Services enabled 
HTTPS Pool Name: BKC.http_1010_pool 
HTTPS Pool Members: 
10.254.49.126:1010
10.254.49.127:1010 
10.254.49.128:1010

planning to do as below..Is this ok?it looks ok for me.

 

 

What about inconsistencies in load distribution across the servers for source ip based persistance?isn't it an expected behavior when using persistence??

 

 

sol10430: Causes of uneven traffic distribution across BIG-IP pool members

 

http://support.f5.com/kb/en-us/solutions/public/10000/400/sol10430.html

thanks, can you also please let me know how to use cookie persistance for same purpose (HTTP to HTTPS)?

 

 

can you also please let me know how to use cookie persistance for same purpose (HTTP to HTTPS)?match across option is not available in cookie persistence. thus, we have to use other persistence method such as universal persistence instead which is shown in the link you have posted.

 

 

HTTP To HTTPS Cookie Persistence by marek.skrobacki

 

http://devcentral.f5.com/wiki/iRules.HttpToHTTPsCookiePersistence.ashx

 

 

do i understand your question correctly??

yes you are correct. I have checked the i rule but unable to understand clearly. Can I copy and paste the the below rule , will this ok? or so i need to edit anything?

 

It'll really help me a lot!

 

 

 

01 rule cookie_persist_http_plus_s {

 

 

02 Check if there is a cookie and lookup persistence table

 

 

03 if the entry does not exist, loadbalance and save record

 

 

04 when HTTP_REQUEST {

 

 

05 if { [HTTP::cookie exists "bIPs"] } { ------------>What is "bIPs" ?

 

 

06 persist uie [HTTP::cookie value "bIPs"]

 

 

07 }

 

 

08 }

 

 

09 For initial requests, we have to calculate MD5

 

 

10 checksum of the server's IP, convert it to hex,

 

 

11 then finally store it as a cookie and create persistence record

 

 

12 when HTTP_RESPONSE {

 

 

13 if { ![HTTP::cookie exists "bIPs"] } {

 

 

14 binary scan [md5 [IP::server_addr]] H* md5var junk -------------> what this line will do?

 

 

15 HTTP::cookie insert name "bIPs" value $md5var -------------> what this line will do?

 

 

16 persist add uie [HTTP::cookie value "bIPs"]

 

 

17 }

 

 

18 }

 

 

19 }

 

05 if { [HTTP::cookie exists "bIPs"] } { ------------>What is "bIPs" ?it is a cookie name. you can change to whatever name you want.

 

 

14 binary scan [md5 [IP::server_addr]] H* md5var junk -------------> what this line will do?this will create md5 checksum of pool member ip address, convert it to hex and assign it to md5var variable.

 

 

15 HTTP::cookie insert name "bIPs" value $md5var -------------> what this line will do?this will insert cookie name "bIPs" with md5var value which will be sent to client.

This is really helpful; please help to understand below two lines as well.

 

 

persist uie [HTTP::cookie value "bIPs"]

 

 

persist add uie [HTTP::cookie value "bIPs"]