Forum Discussion

Ram_T_S's avatar
Ram_T_S
Icon for Altostratus rankAltostratus
Oct 05, 2018

Source Address Persistence issue

Hi Team,

 

I have 2 servers running on my environment (10.0.0.1 and 10.0.0.2) Both the servers are hosting multiple applications on various ports. We have created the VIP(http://server.xyz.com 10.10.10.1:0) with any port and health montior as ICMP and Source address persistence with 180 Secs. Now when the User is sending the bulk files to the server LB always directing it to only one pool member (since we have a Source address persistence and it will timeout only after 180 secs of idle time), the files are continuously coming to the VIP so the persistence is not getting timed out. So the server is getting overloaded and going to the hung state. Also due to icmp monitor LB is unable to detect it.

 

Other applications running on the same server insisting to keep 180 Secs and server owners are unsure on what port the applications are running so do not have any option then to keep the Any port, and any port virtual server is supporting only ICMP health monitor.

 

Can i customize source address persistance for only one application.

 

LTM
security

2 Replies

Sort By
  • Philip_Jonsson's avatar
    Philip_Jonsson
    Icon for MVP rankMVP
    Oct 05, 2018

    Hey Ram

    First off, is connection limits an option? If the servers are crashing, perhaps you should set a high water value of connections that the servers can handle. Even though there is a persistence record, if the servers reach their connection limit, they won't accept any more traffic. This is set by the Override Connection Limit setting in the persistence profile, which is per default, turned off.

    If Connection Limit is not an option, some sort of separation needs to be done in order to use different persistence profiles. I'd say that you either investigate further to find the ports used and create a separate VIP for this traffic where you can assign a different persistence profile.

    Or you use an iRule on the existing VIP but you filter on different values, such as Client IP.

    Below are some example iRules:

    Match on Client IP:

    when CLIENT_ACCEPTED { 
    if { [class match [IP::client_addr] equals addressrange] } then { 
        persist source_addr [] []  
    }
}

    Match on URI:

    when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] contains "myuri" }  {
            persist source_addr [] []  
       }
}

    Let me know if you have any further questions. 🙂

  • PeteWhite's avatar
    PeteWhite
    Icon for Employee rankEmployee
    Oct 08, 2018

    Are your clients behind a proxy? If you have long-running sessions then you want to maintain persistence but it could be that all of your clients are only matching a single persistence record. You can check by looking at your persistence records. Do you have Match Across Services set in your persistence profile? I would expect that new connections will be loadbalanced across the servers, even if those sessions are long-running.

     

    It could be that you would be better off assigning an HTTP and OneConnect profile and using cookie persistence instead. To improve your monitor, use the HTTP monitor and set the port to one on which you know the web server is running.