Forum Discussion
hooleylist
Jul 22, 2006Cirrostratus
Hi,
"match across" functionality was never actually available for anything but hash persistence, but the CLI/GUI errantly allowed it to be configured. This was fixed in 9.2.x as noted in CR54410.
I went through and tested using cookie persistence on two VIPs on the same virtual address:
VIP1:443 -> client SSL profile -> pool1:80
VIP1:80 -> iRule to redirect requests to /redirect to HTTPS, else use pool1:80
I made a few requests to VIP1:80 that didn't match the redirect rule, so a persistence cookie would be set. I saw the following cookie set by the BIG-IP:
BIGipServerhttp_200_2_node_pool=1090526636.20736.0000; path=/
The cookie value can be calculated using the following formula:
You can perform the encoding using the following equation for address (a.b.c.d):
d*(256^3) + c*(256^2) + b*256 +a
The way to encode the port is to take the two bytes that store the port and reverse them. Thus, port 80 becomes 80 * 256 + 0 = 20480. Port 1433 (instead of 5 * 256 + 153) becomes 153 * 256 + 5 = 39173.
I then made a request which was redirected by the rule to HTTPS://[HTTP::host]. The browser still presented the cookie as the HTTP host of the cookie matched the requested host. The request was persisted to the same node in pool1:80.
At this point, I don't think this is an iRule issue (or even a persistence issue), as persistence is working as expected.
I talked with the person in Support who was working on your case and gave them this info. I asked them to contact you to get more debug information to help solve this problem. If you have any questions, please refer to the case.
Thanks,
Aaron