Hi Aaron,
Output for VIPs, pools and iRule as follows (I've replaced webcache by 8080 for the port for clarity on the login pool)
virtual catchall-virtual {
destination any:http
mask none
ip protocol tcp
rules session-management
profiles
http
tcp
translate address enable
}
pool login-pool {
monitor all gateway_icmp
members
172.22.21.137:8080
172.22.21.147:8080
down
session disable
}
pool squid-proxy-pool {
monitor all gateway_icmp
members
172.22.21.249:http
172.22.21.250:http
}
rule session-management {
when RULE_INIT {
set ::asm_bypass 0
set ::cookieName "wibble"
}
when HTTP_REQUEST {
set hasCookie [HTTP::cookie exists $::cookieName]
if {!($hasCookie)}
{
pool login-pool
}
else
{
Cookie found
<...some URL parameter tweaking code removed...>
Use persist by client ip address with a timeout of 2 hours
set sourceIPAddress [IP::client_addr]
pool squid-proxy-pool
persist source_addr 7200
set pResult [persist lookup source_addr $sourceIPAddress]
log local0.debug "ip: $sourceIPAddress - persist result: $pResult"
}
}
}
I've tried having the persistence defined on the VIP (with no default pool) instead of in the iRule, with it just in the iRule and with it in both places. All three give the same result of 2 entries in the persistence table for each source IP.
If source address affinity is turned on for the VIP we also get double entries for each login-pool, VIP, source address combination even though one of the pool members is disabled.
We don't get double entries if there is no iRule (i.e. boring load balanced servers with source address affinity).
Cheers
Andy