Forum Discussion

D__Yutzy_151141's avatar
D__Yutzy_151141
Icon for Nimbostratus rankNimbostratus
May 27, 2015

1 Apache RP works, 2 Apache RP does not

  • We have the following configuration:

Internet->F5->Apache RP x 2->F5->App Server Web Tier F5 has cookie/IP sessions turned off App Tier F5 has Cookie Based sessions

 

What happens is thus:

 

  • Both RP in pool
  • Request comes in, hits F5, hits RP1, hits F5, hits AppSvr
  • Same user, same session, hits F5, hits RP2, hits F5, hits different AppSvr

What appears to be happening is the App Tier F5 somehow does not recognize the previous session value because the request came through a different reverse proxy. My assumption from the observed behavior is we should somehow "sticky" to the same RP for that session which would then in turn fix the issue at the App Tier F5 level.

 

My questions are:

 

  • What sessions/persistence setting should we set at the web tier F5?
  • What sessions/persistence setting should we set at the app tier F5?
availability
BIG-IQ
design

3 Replies

Sort By
  • Josiah_39459's avatar
    Josiah_39459
    Historic F5 Account
    May 27, 2015
    Does the Apache RP proxy cookies back to the first F5 or does it keep them in a cookie jar of some type? Assuming a cookie from the second F5 can get passed all the way back to the client, then simply setting cookie persistence on the second F5 (no persistence necessary on the first F5 or Apache RP) would be enough.
  • D__Yutzy_151141's avatar
    D__Yutzy_151141
    Icon for Nimbostratus rankNimbostratus
    May 27, 2015
    The cookie is set on the App Tier F5 for the session and is passed back to the client. However, when the second request (same session) comes back through and hits a different RP, the session is somehow invalidated and the request is sent to a new app server.
  • Josiah_39459's avatar
    Josiah_39459
    Historic F5 Account
    May 27, 2015

    To persist on your own cookie (not the BIGIP cookie) then you can use a universal persistence profile. This example is for JSESSIONID, but you can change it to your own cookie name:

     

    https://support.f5.com/kb/en-us/solutions/public/7000/300/sol7392.html

     

    Cookie hash persistence would also work:

     

    https://support.f5.com/kb/en-us/solutions/public/7000/000/sol7019.html

     

    And also just normal Cookie persistence will work, but it will result in an additional cookie being used.

     

    Whichever method you choose, you should set the persistence on the second F5:

     

    Internet->F5->Apache RP x 2->__*F5*__->App Server Web Tier

     

    The other devices should not need persistence, only they need to proxy cookies.