Source-ip based persistency not working properly

Question

Hi all,
I have a problem with the source ip based persistence. Although there is source ip based persistency, i can see from the HSL logs that there are two different nodes that the requests are forwarded. I have checked the show sys connection table. The requests are all fresh, cause i cant see more than 1 request at a time. (And each time the source port is changing)&nbsp;
I have ran the command below and there are three records. Not surprisingly the packets are distributed in a proportion 2/3 and 1/3
show /ltm persistence persist-records client-addr 82.222.128.66
Sys::Persistent Connections
source-address  82.222.128.66  172.16.200.36:80    172.16.210.45:8080  (slot/tmm: 1/2)
source-address  82.222.128.66  172.16.200.36:443   172.16.210.40:8080  (slot/tmm: 1/2)
source-address  82.222.128.66  172.16.200.36:80  172.16.210.45:8080  (slot/tmm: 1/0)&nbsp;
The client creates the requests instantly, can that be the root cause of the problem. Is it logical to have more than one record in this table for a single ip address.
Thanks in advance.
Sadik&nbsp;

ed_summers · Answer

It appears that you've listed persistence records for two different virtual servers? From your list, the first and third records correspond to VS 172.16.200.36:80, while the second shows a different destination port (172.16.200.36:443). Are these indeed separate virtual servers? Note that the first and third records do correspond to the same pool member (172.16.210.45:8080).&nbsp;
IIRC you can have multiple persistence records for the same source IP/virtual server if subsequent traffic is handed off to a different instance of TMM. I see that your first and third records reference different TMM instances.&nbsp;
So, yes you can have multiple persistence records for the same source IP and VS for different TMM instances. Those should point to the same pool member.&nbsp;
In your case I suspect the second record is a separate VS (HTTPS instead of HTTP, for example). By default that will be a separate persistence decision. If you need these to be sent to the same pool member you can enable the 'match across services' persistence function. In this scenarion that will cause connections from the same source IP destined to the same VIP (but different port) to go to the same pool member.&nbsp;

canstayn569 · Answer

Hi Ed,&nbsp;
We have confirmed that there were two seperate request types.&nbsp;
HTTP's were directed to one node, HTTPS's to another. And the persistence was working properly.
It seems that the client was the problem. 
Thanks for your help back then.
Kind regards.
Sadik&nbsp;

ed_summers · Answer

Thanks for the follow up and glad all worked out!&nbsp;

Forum Discussion

Source-ip based persistency not working properly

3 Replies

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

Block destination IP by source IP

Sync-failover group doesn't sync properly

Setting up persistence in F5 XC

Load Balance UDP (Retain Source Client IP)

Application attack from different source IPs