Forum Discussion

mreco_159588's avatar
mreco_159588
Icon for Cirrus rankCirrus
Jul 12, 2018

Persistence mode shows source address affinity although virtual server is set to use cookie persistence

Hi all,

I have trouble understanding cookie persistence on our Big-IP LTM devices. I have setup a virtual server with a 'default persistence profile' set to 'cookie' and a 'fallback persistence profile' set to 'source_addr'.

In a browser, I do see the load balancing cookie being created with name 'BIGipServer'.

I also see the cookie being logged when setting up logging via an iRule like this:

foreach cookie [HTTP::cookie names] {
    log local0. "Cookie name: $cookie, Cookie value: [HTTP::cookie value $cookie]"
}

In the ltm logging the cookie is logged correctly with name 'BIGipServer' and the same value the cookie has in my browser session.

The value of the cookie is the IP address of the pool member my session is sent to.

Now, when I look at the persistence records on the Big-IP LTM, it shows me:

source-address

Where the is the pool members that is also present in the cookie.

But the remaining question is why is the affinity method 'source-address' although I explicitly set 'cookie'?

Also if I remove the 'fallback persistence profile' of 'source_addr' in the virtual server, the method shown in the persistence table will still be 'source-address'.

Can anyone shed some light on this?

Thanks!

application delivery
BIG-IP
LTM
persistence

5 Replies

Sort By
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Jul 12, 2018

    mreco, i believe this is default behaviour. With cookies being a clientside thing, the BIGIP does not maintain that within it's own database, rather it checks the cookie on each client request. When you add fallback of source address this is something that the BIG-IP can track and so will add an entry into its database and use this should a cookie not get sent during the client request.

     

    So i believe you are seeing expected behaviour with cookie persistence plus fallback of source address.

     

    Hope this helps,

     

    N

     

  • KevinA_246454's avatar
    KevinA_246454
    Icon for Cirrostratus rankCirrostratus
    Jul 12, 2018

    HI Mreco

     

    1stly I agree with Nathan, The fallback persistence will only be used when the client does not present a cookie to the virtual server, the ltm will then check if their is a persistence entry if you have the fallback persistence configured on the same virtual server The source_addr persistence has a timeout setting could not be you seeing persistence entry on the virtual waiting to timeout ?

     

    • mreco_159588's avatar
      mreco_159588
      Icon for Cirrus rankCirrus
      Jul 13, 2018

      No, like I said, even source address affinity is shown even when I only select cookie persistence and don't even set a fallback persistence profile.

       

      How do I see if the pesistence record is waiting for a timeout?

       

      And, the client DOES present the cookie, since I can see it being logged in the ltm log via the iRule.

       

  • Surgeon's avatar
    Surgeon
    Ret. Employee
    Jul 16, 2018

    OK, as mentioned by nathan and KevinA you have fall-back persistence configured

    ltm virtual /Common/cs02_http_vs {
    destination /Common/:80
    fallback-persistence /Common/source_addr   <<<---here

    The behaviour you see is expected. K30483109: Overview of Fallback Persistence