Forum Discussion

JG_SIRAC_43255's avatar
JG_SIRAC_43255
Icon for Nimbostratus rankNimbostratus
Nov 10, 2009

Persistence accross pools

Hi,

 

 

First time posting here. I'll expose the context of my problem first.

 

 

We have 2 servers behind a BigIP, each running Apache/Jboss. Until now, we had a single http pool and 2 VIPs, one for http and the other for https. The persistence did its job correctly, keeping track of wich server was used whatever the protocol.

 

 

Due to security restrictions, we now need to internally encrypt https protocol from BigIP to servers. We created a second pool activating SSL on another port. So now, http traffic is sent to http_pool and https traffic is sent to https_pool. However the problem is we don't have persistence accross those 2 pools.

 

 

How can we achieve that? Is there a best pratice?

 

 

Thanks in advance as this is a really urgent problem.

 

 

JG SIRAC

 

 

application delivery
dev
devops
iRules

1 Reply

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Nov 10, 2009
    For cookie insert persistence, you can use a codeshare example from Kirk Bauer that might help:

     

     

    http://devcentral.f5.com/Wiki/default.aspx/iRules/Cookie_Encryption_across_pools_and_services.html

     

     

    For source address persistence, you can use the "match across" functionality:

     

     

    SOL5837: Match Across options for session persistence

     

    https://support.f5.com/kb/en-us/solutions/public/5000/800/sol5837.html

     

     

     

    Match Across Services

     

     

    The Match Across Services option is used in the following two configurations:

     

     

    * Configurations that have multiple virtual servers with the same IP address but have different services specified

     

    * Configurations that have pool members sharing the same address but have different services specified

     

     

     

     

    Aaron