LTM Policies only evaluated once within same HTTP-Connection?

Question

Hi F5 Community,&nbsp;
One of our customers has a strange issue with LTM Policies.
The customer has many LTM Policies in place. One of them checks the "path" value and does some forwarding decision to a specific pool. It the "path" value does not match the condition the request will be forwarded to the default pool assigned on the VIP.&nbsp;
We just found out that forwarding decision within the same HTTP connection (curl) will only be evaluated once.
So this means if we test with a valid path the forwarding works fine for the first time. When doing a second request with an invalid path in the same HTTP connection, we still get forwarded to the pool for the valid path value. Obviously the first forwarding decission made by the LTM policy will be cached somehow within the same HTTP Connection?!
If we start two curl sessions one after each other, the forwarding works fine based on the HTTP valdi and invalid path value.&nbsp;
How could that be?
Does anybody know how to solve this issue?&nbsp;
Thanks a lot for any info
Regards
Thrillseeker&nbsp;

kevin_stewart · Answer

I don't recall if this matters for LTM policies, but do you have OneConnect enabled on the VIP (enabled in the VIP and in the associated HTTP profile)?&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
this is not an issue, but the default behavior.&nbsp;
The pool assignment is done for the entire connection. if you change connection pool for one request, it will be changed for following request until another request change the pool again.&nbsp;
to change this behavior, add a default rule (without any condition) at the end of your policy with pool assignment same as virtual server default pool.&nbsp;

hannes_rapp · Answer

Have you defined a default action in your LTM policy (e.g if no other criteria is met, forward to default pool)? If your LTM policy has one condition and one action, this issue is to be expected.&nbsp;
By minimum, you will need:&nbsp;
Rule: Default_action&nbsp;
Rule2: Conditional_action&nbsp;&nbsp;
Optionally:&nbsp;
RuleN: Another_conditional_action&nbsp;
If you have multiple LTM policies which all perform a similar function, try to merge them into one to avoid any issues with exectuion priorities and execution errors. In case of multiple conditions, use the "best match" strategy to ensure no more than one conditional action can occur per request.&nbsp;

thrillseeker_12 · Answer

Thanks for the replies. The customer is not using any One-connect profile.
So I will test it with a default rule at the end forwarding to the same pool default as assigned to the VIP. Keep you up-to-date&nbsp;
Thanks&nbsp;

thrillseeker_12 · Answer

Just want to inform you that default action with no condition solved my problem!
So different URI's will be handled differently by the LTM Policy within the same HTTP Connection. ;-)&nbsp;
Thanks a lot
Thrillseeker&nbsp;

Forum Discussion

LTM Policies only evaluated once within same HTTP-Connection?

5 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Evaluate WAF Policy with BIG-IQ Policy Analyzer

Auditing Security Policy Updates

Custom APM Logon page Access policy evaluation is already in progress for your current session

Minimizing Security Complexity: Managing Distributed WAF Policies

iRule operator evaluation order OR/AND