skriba_85538
Oct 04, 2007Nimbostratus
BigIP 1500 sticky session management/AOL problems
Hello,
How do you handle sticky session management with BigIPs for cases like users from AOL whose source IP address will change per request?
We recently installed 2 BigIP 1500's in active/backup mode for our production sites. The web application layer is ColdFusion 7, and our web apps use CF's Session scope to store variables. CF writes a cookie to the client to manage the session, which is fine since we require cookies for all our sites. Since we use the Session scope in CF, we knew we would have to peg the users to a specific web server for the life of their session. (Rewriting our thousands of web pages to be Session-less was not an option because of time.) We set the BigIPs to stick session state based on the source IP. The timeouts for the CF sessions is 30 minutes, so we set the BipIPs to 2 hours just so we don't encounter any conflict between the two. During our testing phase, everything appeared fine with the session management, so we went live with the new config.
After two months, though, we've been getting many session timeout messages on our sites. Half of these session timeout messages happen for AOL users (found by looking at the HTTP headers in our Apache logs). Having half of all the errors revolve around AOL users made me start to investigate what's different about AOL and sticky session management. I started finding a bunch of articles like this:
http://www.thescripts.com/forum/thread54390.html
Basically, AOL and similar ISPs will not necessarily NAT a users' request through the same IP address, so the source IP can change per page request. Suffice it to say this means out current BigIP session management does not work for it.
So, for these configuration needs and stated problem, is there a Session management state (iRule?) we can use on the BigIPs that will properly route requests from AOL and similar users to the same web server even if their source IP changes between requests? I heard that we can put in blocks/subnet masks for ranges of IPs to treat as the same source. This, though, does not appear to be a good solution. We would have to find all the outbound IPs for all ISPs that do this, which is an improbable task. On top of that, if any ISP adds outbound IPs to these ranges, this solution would break, making maintenance a nightmare and a reactive, not proactive, problem. I see many different options for persistence for the BigIPs from articles like this:
http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=47
I don't know the details of the other session persistence options, so any guidance as to which one(s) could work for our scenario would be extremely helpful.
I will admit that I do not know anything about configuring BigIPs since our managed hosting provider deals with them. But, since I manage the ColdFusion/development side, I need to understand how the BigIPs will interact with its Session scope to resolve this problem.
Thank you,
Lou