Persist connection or session on F5 (where client /server both do not have cookies or session management

Hi Sosa. It is difficult to tell if BIG-IP can persist connections for your application or not.

The BIG-IP does have a Universal Persistence option, which is a persist table entry based on user defined values in the payload data. Here is an overview of the Universal Persistence:

http://support.f5.com/kb/en-us/solutions/public/7000/300/sol7392.html?sr=37123366

The best way to use this, is to find a unique value in the client side or server side data stream for EACH tcp connection as it is created on the BIG-IP. I see from your request/response examples, that it appears there might be some unique client/server pairs of data in the "SSI" values. However, without a complete packet trace, it is impossible to tell from your posting.

You also have to be mindful, that persist will only help you on BIG-IP if your application can run multiple transactions down the same TCP connection to the same server ( which is the whole point of persistence ). If the tcp connection is torn down after each transaction, you don't even need persistence because it won't be used after the first transaction.

If you can provide additional client>big-ip>server traffic details, both at the tcp and application levels, then perhaps we can look at the payloads and see if we can find a unique value to persist on.

Thanx,

Chris.

if session id always presents in a request and format is fixed, may we collect payload, extract the session id and persist on it?

e.g.

 config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 41
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  if {[HTTP::method] eq "POST"}{
    if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{
      set content_length [HTTP::header "Content-Length"]
    } else {
        set content_length 1048576
    }
    if { $content_length > 0} {
      HTTP::collect $content_length
    }
  }
}
when HTTP_REQUEST_DATA {
  set sessionid [findstr [HTTP::payload] CE_ 0 15]
  persist uie $sessionid
}
}

 test

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(44802) <-> 172.28.24.10(80)
1402233272.6457 (0.0038)  C>S
---------------------------------------------------------------
POST / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
Content-Length: 33
Content-Type: application/x-www-form-urlencoded

bhabhabhaCE_101253524257bhabhabha---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(44802) <-> 200.200.200.101(80)
1402233272.6744 (0.0271)  C>S
---------------------------------------------------------------
POST / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
Content-Length: 33
Content-Type: application/x-www-form-urlencoded

bhabhabhaCE_101253524257bhabhabha---------------------------------------------------------------

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records all-properties
Sys::Persistent Connections
universal - 172.28.24.10:80 - 200.200.200.101:80
------------------------------------------------
  TMM           1
  Mode          universal
  Value         CE_101253524257
  Age (sec.)    8
  Virtual Name  /Common/bar
  Virtual Addr  172.28.24.10:80
  Node Addr     200.200.200.101:80
  Pool Name     /Common/foo
  Client Addr   172.28.24.1
  Owner entry

Total records returned: 1

by the way, initially i was thinking to use stream profile/irule but it seems persist uie command does not work in STREAM_MATCHED.

Hi Sosa, now that I have looked at your capture, I see these are XML/Soap calls. There is already a DevCentral post with some ideas on how to do this, here:

https://devcentral.f5.com/questions/soap-sessions

Unfortunately, there is not an actual example iRule in the post, but the links to the Support article do. I think if you mix the XML parsing with the Persist command in an iRule, you should be able to accomplish what you are looking for with the universal persistence records.

I'll also comment, if I may, that it appears that you have the user phone number in one XML element, and the user session key in another element. I would suggest that for future development ( and traffic management ) simplicity, you consider moving/adding user-specific data to HTTP headers, which are much more easily accessible to other systems ( that don't have XML parsing ). If this data is sensitive, you could always encrypt it with SSL. Just an idea for your dev team :-)

Hope this is helpful and good luck !

-Chris.