Forum Discussion

LoveNoodles's avatar
LoveNoodles
Icon for Altocumulus rankAltocumulus
Sep 01, 2009

irule - persistance for url path

Hi There;

 

 

What would be the syntax to create an irule to apply source address persistance for a particular URL path, specifying a specific timeout setting in the process.

 

 

For example:

 

 

URL path = http://pstintra/apps/aml/*

 

Persistance profile = source_addr

 

Persistance profile source_addr timeout = 2 hours or idefinite.

 

 

And if the VIP (pstintra) already has persistance applied as source_addr with a timeout setting of 180 seconds, would the irule be applied first before it looks at the VIP setting.

 

 

Thanks

8 Replies

  • The iRule persist command would take precedence over the VIP's configuration. If you want to do exactly what you've described (persist requests for a specific URI longer than the default VIP profile), you can use an iRule like this:

     
     when HTTP_REQUEST { 
      
         Check requested path 
        switch -glob [HTTP::path] { 
           "/apps/aml/*" { 
               Persist client for 10 hours 
              persist source_addr 36000 
           } 
           default { 
               Persist client for 1 hour 
              persist source_addr 3600 
           } 
        } 
     } 
     

    I think you'd need to specify the persistence timeout for both matching and non-matching requests as the persistence from the VIP may not be used for subsequent HTTP requests over the same TCP connection. You could test this by making requests over the same TCP connection (one which matches the URI check and one that doesn't) and checking the 'b persist all show all' output. You would want to comment out the second persist command (persist source_addr 3600) while testing this to see if the timeout on the VIP's persistence profile is used.

    Also, if a client would typically make a request to /apps/aml and then a later request to a non-"/apps/aml" URI, you would probably still want to keep their persistence timeout set to 10 hours. Else, a client who first requested "/apps/aml" received a 36000 timeout record, requested a non-"/apps/aml" URI and received a 3600 timeout record and then waited more than 3600 seconds to make the next request would no longer get persisted to the same server as when they first requested "/apps/aml". I hope that's clear, but please reply if it's not.

    To handle this, you might want to use uie persistence based on the client IP and some token which indicates they're getting a longer timeout:

     
     when HTTP_REQUEST { 
      
         Check if there is an existing UIE persistence record 
        if {[persist lookup uie "[IP::client_addr]_apps"] ne ""}{ 
      
            Use the existing UIE persistence record regardless of which URI was requested 
           persist uie "[IP::client_addr]_apps"] 36000 
      
        } else { 
      
            Check requested path 
           switch -glob [HTTP::path] { 
              "/apps/aml/*" { 
                  Persist client for 10 hours using client IP _ apps 
                 persist uie "[IP::client_addr]_apps" 36000 
              } 
              default { 
                  Persist client for 1 hour 
                 persist source_addr 3600 
              } 
           } 
        } 
     } 
     

    Aaron
  • Hoolio, many many thanks for your reply. I shall test out your suggestions in a test enviornment and get back to you.
  • Hi there; due to the way the application behaves we have decided to implement insert cookie persistance profile for path /apps/aml/*, leaving the cookie name as blank; using default. Therefore would the irule have the following syntax:

     

     

    persist cookie insert_cookie

     

     

    instead of:

     

     

    persist source_addr 3600

     

     

    And default syntax remain the same as you have shown previously.

     

     

    I have as yet not tested under the same TCP connection, but if you could confirm the irule syntax for insert cookie method, that would be greate and i can then undergo testing.

     

     

    Many thanks

     

     

  • Cookie insert persistence seems like a good solution here as well. You can use this format:

     

     

    persist cookie insert "cookie_name" 3600

     

     

    This will trigger the use of a persistence cookie named cookie_name. If you want to use a session cookie that the client should keep for the duration of the browser being open, you can remove the timeout from the end. Else, LTM will set a time-expired cookie valid for one hour.

     

     

    To test multiple HTTP requests on the same TCP connection manually, you can use nc (netcat) from the command line of LTM itself (nc 1.1.1.1 80) and then type/paste in the HTTP headers you want to send for each request.

     

     

    Aaron
  • Hi Hoolio,

     

     

    It appears that under the same TCP connection, when browsing to a non /apps/aml path under the same virtual server, the cookie perisistance is till beign used, and vice versa, when browsing to an /apps/aml path under the same TCP connection under the ame virtual server, source address persistance is being used.

     

     

    How can i amend the following you sent in your earlier reply to use cookie persistance for path /apps/aml and default source address persistence.

     

     

    Or having the virtual server set to cookie will adhere to the section before "default" and therefore the code below does not need to be amended?

     

     

    when HTTP_REQUEST {

     

     

    Check if there is an existing UIE persistence record

     

    if {[persist lookup uie "[IP::client_addr]_apps"] ne ""}{

     

     

    Use the existing UIE persistence record regardless of which URI was requested

     

    persist uie "[IP::client_addr]_apps"] 36000

     

     

    } else {

     

     

    Check requested path

     

    switch -glob [HTTP::path] {

     

    "/apps/aml/*" {

     

    Persist client for 10 hours using client IP _ apps

     

    persist uie "[IP::client_addr]_apps" 36000

     

    }

     

    default {

     

    Persist client for 1 hour

     

    persist source_addr 3600

     

    }

     

    }

     

    }

     

    }

     

  • my url is https://www.abc.com

     

     

    does the " when HTTP_REQUEST" also working or any other like "when HTTPS_REQUEST"

     

     

    Thanks

     

     

    Michael
  • Hi Michael,

     

     

    You'd need to import the server cert/key for www.abc.com, add it to a client SSL profile and add that to the HTTPS virtual server in order to inspect or modify the HTTP headers or payload. There aren't HTTPS_* events--just HTTP_* which can be used after the SSL has been decrypted.

     

     

    Aaron
  • Thank you very much Aaron,

     

     

    yeah, i setup ssl profile already.

     

     

    And i also created irule to setup different persistence time (persistence command) base on url path, now it has been passed to qa for testing.

     

     

    hopefully it will work. Appreciate for your help!

     

     

    Otherwsie, i may need to bug you agagin here. :-)

     

     

    Michael