Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Mar 28, 2017

Persistence and Match Across

Hi,

 

I did few test using Source Address persistence on v13. Outcome is a bit surprising for me.

 

Scenario 1: Two Virtual Servers configured

 

  1. VS1 - IP1:80, persistence without Match Across enabled
  2. VS2 - IP2:8081, persistence with Match Across Virtual Servers

Result:

 

  1. Client connecting to VS1 - Persistence Record (PR) created, ports listed for both Virtual Addr and Node Addr 80
  2. Client connecting to VS2 - no new PR created, one created before used, same ports reported (tmsh show ltm persistence persist-records client-addr all-properties) as in point 1
  3. PR deleted
  4. Connection to VS2 - PR created, ports listed 8081
  5. Connection to VS1 - PR created, ports listed 80, another node can be selected, persistence behavior completely separate from VS2

Conclusion:

 

Depending on the order of client connections persistence behavior is different. Basically it is working as described for Match Across Virtual Servers, but leads to quite unpredictable situations.

 

Another issue is that there is no way to find out what actual connection refreshed Age, ports are not updated when connection do different VS with different port is established. It makes troubleshooting mutch harder.

 

For me only VS-s with same persistence profile applied (with Match Across Virtual Servers) should be evaluated. That would create match more predictable setups. What do you think?

 

Scenario 2: Two Virtual Servers configured

 

  1. VS1 - IP1:80, persistence with Match Across Virtual Servers, timeout 180s
  2. VS2 - IP2:8081, persistence with Match Across Virtual Servers, timeout 360s

Result:

 

  1. Client connecting to VS1 - PR created, timeout set to 180s
  2. Client connecting to VS2 - existing PR used, Age refreshed, timeout NOT changed, still 180s used as timeout

In opposite situation timeout will be set to 360s even if second connection is using timeout 180s

 

Conclusion:

 

Same for Scenario 1 - only VS-s with the same persistence profile should be evaluated for Match Across functionality.

 

Another issues I noticed:

 

There is no way (at least I am not aware) to check how long given PR will be valid. I can see Age but not timeout when using tmsh, can it be done via iRule?

 

Piotr

 

application delivery
devops
iRules
LTM
match across
persistence
source address

1 Reply

Sort By
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Mar 29, 2017

    Hi Piotr,

    Scenario 1 Conclusion: For me only VS-s with same persistence profile applied (with Match Across Virtual Servers) should be evaluated. That would create match more predictable setups. What do you think?

    Yes, you have to use the same persistence profiles for both Virtuals to make it reliable and predictable.

    Scenario 2 Conclusion: Same for Scenario 1 - only VS-s with the same persistence profile should be evaluated for Match Across functionality.

    Yes, same here. Use identical persistence profiles for both Virtuals to make it reliable and predictable.

    Another issues I noticed: There is no way (at least I am not aware) to check how long given PR will be valid. I can see Age but not timeout when using tmsh.

    A funky bash syntax may pull off the trick by enumerating the Virtual Server name on which the persistence record was created -> enumarating the used Persistence profile of the used Virtual Server -> enumerating the timeout setting of the used persistence profile. But this approach will only work if the persistence records was not created via an iRules /w different timeout values.

    can it be done via iRule?

    Neither the 

    [session]
    nor the 
    [persist]
    command supports a lookup of the remaining / total lifetimes.

    Cheers, Kai