Forum Discussion

Dan_24402's avatar
Dan_24402
Icon for Nimbostratus rankNimbostratus
Sep 09, 2009

Cookie Persistence issue with Dual Persistence

We are having an issue with Dual Cookie Persistence.

 

 

We do dual persistence meaning

 

 

we have a static and dynamic pool and use two different cookies

 

 

The cookie persistent profile looks like this:

 

 

profile persist cookie {

 

mode cookie

 

mirror disable

 

timeout immediate

 

cookie mode insert

 

cookie name ServerIP

 

cookie expiration 0d 00:00:00

 

cookie hash offset 0

 

cookie hash length 0

 

across services enable

 

across virtuals enable

 

across pools enable

 

rule none

 

}

 

 

We do the following in an Irule to switch the persistence :

 

persist cookie insert ServerIP2

 

HTTP::cookie remove ServerIP

 

 

Though we are occasionally seeing session cookies come across as BIGipServer

 

though no where in the irules or config do we use BIGipServer as a cookie or add the pool name to the cookie name.

 

 

I'm wondering if the LTM has that hardcoded internally for some case that we are hitting.

 

application delivery
dev
devops
iRules

5 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 10, 2009
    Hi,

     

     

    Do you see the cookies being presented in requests or being set in responses?

     

     

    Can you post the full rule(s) you're using? If you're specifying custom cookie names LTM should never set a cookie with the default name of BIGipServer.

     

     

    Aaron
  • Dan_24402's avatar
    Dan_24402
    Icon for Nimbostratus rankNimbostratus
    Sep 10, 2009
    Hey Aaron,

     

     

    We are seeing the set cookies of the BIGipServer cookies in the response, and then it seems to persist to those instead of the Custom Cookie Name

     

    Here is a sample rule causing it:

     

     

    rule redirects {

     

    when HTTP_REQUEST {

     

    set eat_cookie 0

     

    set sessioned_req 0

     

    Routes specific folders to specific pools

     

    switch -glob [string tolower [HTTP::uri]] {

     

    "/static/*" {

     

    persist cookie insert ServerIP2

     

    HTTP::cookie remove ServerIP

     

    pool pool_80

     

    }

     

    "/dynamic/*/content/*" {

     

    set eat_cookie 0

     

    set sessioned_req 1

     

    pool pool_81

     

    }

     

    default {

     

    persist cookie insert ServerIP2

     

    HTTP::cookie remove ServerIP

     

    }

     

    }

     

    }

     

    }
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 10, 2009
    You must have a persistence profile enabled on the VIP in order to use cookie insert persistence in an iRule. So for /dynamic/* and /content/* requests, the clients should get a cookie based on the cookie insert persistence profile (because persistence is not specified in the iRule for those cases). If you've configured a custom name on that cookie profile, no default named persistence cookie should be used.

     

     

    So I don't see where you could be getting a default cookie based on that iRule. If you want to troubleshoot this further you might open a case with F5 Support.

     

     

    Aaron
  • Dan_24402's avatar
    Dan_24402
    Icon for Nimbostratus rankNimbostratus
    Sep 10, 2009
    Hey Aaron,

     

     

    you're correct. We are setting the persistence at the VIP level, and trying to override it in the iRule

     

    I agree that no default named persistence cookie should be used, but we are seeing it.

     

     

    just for completeness and example VIP:

     

     

    virtual vip_test_http {

     

    destination :http

     

    ip protocol tcp

     

    profile http oneconnect tcp

     

    persist cookie

     

    pool pool_80

     

    rule redirects

     

    }

     

     

    Off to call F5 Support.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 10, 2009
    Yeah, based on your config, I don't see how that could be happening. If you figure anything out, can you reply here?

     

     

    Thanks,

     

    Aaron