Forum Discussion

Mattias_S_58640's avatar
Mattias_S_58640
Icon for Nimbostratus rankNimbostratus
Sep 16, 2009

Shared Persistence between VIP's and pools?

Hi all,

 

 

I have a question that I for some reason believe has a quite simple answer - I just can't seem to figure it out!

 

 

Consider this scenario:

 

 

VIP1 - 10.0.0.10:443 without SSL offload, just passthrough

 

|- Pool1

 

|- 10.0.0.11:443

 

|- 10.0.0.12:443

 

 

VIP2 - 10.0.0.10:80, just passthrough

 

|- Pool2

 

|- 10.0.0.11:80

 

|- 10.0.0.12:80

 

 

Both the VIP:s are using source_addr as persistence profile, since the LB itself isn't inspecting the traffic more closely.

 

 

The idea is that the server owner wants to run SSL on the real frontend servers, with the public official certificates.

 

 

From the beginning, only VIP1 (443) was set up for the application, it then turned out that the application developers needed a way for the client to connect to TCP80 on the servers as well, using the same IP-address as the TCP443 VIP... It's the application itself that redirects the user to a http connection in order to download pictures to the client.

 

 

We first believed that it was no issue if the user was directed to the other frontend server (because of the different persistence pool for that VIP) but of cource we found out that it does matter.

 

 

So my question is, is there any way of making these two VIP:s "share" one persistence pool or something like that so a user is directed to the sam frontend regardless of the protocol? Is a OneConnect profile something that could help..?

 

 

Thanks in advance, all help greatly appreciated!

 

 

Best regards,

 

/Mattias Sjodin

2 Replies

  • Hi Mattias,

     

     

    For source address persistence you can enable the "Match across" functions to ensure the client is persisted to the same node IP address regardless of which port the request is made to.

     

     

    SOL5837: Match Across options for session persistence

     

    https://support.f5.com/kb/en-us/solutions/public/5000/800/sol5837.html

     

     

     

    Match Across Services

     

     

    The Match Across Services option is used in the following two configurations:

     

     

    * Configurations that have multiple virtual servers with the same IP address but have different services specified

     

    * Configurations that have pool members sharing the same address but have different services specified

     

     

     

     

    Aaron