Forum Discussion

f5_newbie_10463's avatar
f5_newbie_10463
Icon for Nimbostratus rankNimbostratus
Apr 17, 2012

Source Address Persistence with multiple ports

I have one virtual IP with the same pool members but are using multiple ports.The ports are 3446, 3447,7889,7990. I applied an iRule so it will persist looking into the ip address and the port being used. certain issues arise using the irule:

 

- no statistics appears on the pool members and also on the persistence records

 

- when a user log-in using 3446, then he tries to log-in using 3447 the session for 3446 will be logged off.but this does not happen when directly accessing server.

 

please check the irule:

 

when CLIENT_ACCEPTED {

 

set LB port based on requested port

 

switch [TCP::local_port] {

 

3446 {set port 3446}

 

3447 {set port 3447} }

 

log local0. "\$port = $port"

 

check for existing persistence record

 

if it exists, directly select node by address:port

 

set persist "[IP::client_addr]"

 

log local0. "\$persist = $persist"

 

set server [session lookup uie [list $persist]]

 

log local0. "\$server =$server"

 

if {($server != "") && ($port != "")}{ node $server $port

 

log local0. "persisting [IP::client_addr]:[TCP::client_port] to $server:$port" }

 

else {

 

log local0. "no persist connection" }

 

}

 

when LB_SELECTED {

 

add session table entry (5 min timeout)

 

log local0. "server in selected = $server" if {$server >= "1"}{

 

log local0. "persist an forward to = $server" }

 

else { set server [LB::server addr]

 

if {$server != ""}{ session add uie [list $persist] $server 1800

 

log local0. "add persitence record: $persist $server :$port 1800" }

 

else { log local0. "no server selected" } }

 

 

 

I hope anyone can help me on this one. Thank you.
application delivery
dev
devops
iRules

5 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 17, 2012
    can you show some example e.g. virtual server ip and port, pool member ip and port, what action you want when traffic is coming to bigip, etc?
  • f5_newbie_10463's avatar
    f5_newbie_10463
    Icon for Nimbostratus rankNimbostratus
    Apr 17, 2012
    vip = 172.16.25.22:3446

    pool members = 10.10.10.20:3446

     

    10.10.10.21:3446

     

     

     

    vip = 172.16.25.22:3447

    pool members = 10.10.10.20:3447

     

    10.10.10.21:3447

     

     

     

     

     

     

    when a connection has been established with the pool member (web server), then it will go to a database for authentication, after which it will go back to the server then to F5 and back to the client. so there should be persistence. If there's no iRule associated with the VS, the user can only go as far as the Log-in page.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 19, 2012
    which is login-page vip? is it 172.16.25.22:3446? what is the other one?

    are you asking how to persist across virtual servers?

    by the way, will virtual server with any port work?

    e.g. 

    [root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:any
   ip protocol 6
   persist source_addr
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:any {}
}
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 20, 2012
    not sure if i understand correctly. anyway, i think what you want is to persist traffic across two virtual servers i.e. 192.168.7.32:6443 and 192.168.7.32:7443. if so, can you try match across service option instead of the irule?
  • Spidey_29396's avatar
    Spidey_29396
    Icon for Nimbostratus rankNimbostratus
    Apr 20, 2012
    Thanks Nitass for the input. We already figured it out.It's a bug in IE8.also, i have another query:

     

    we have this setup,

     

    server > F5 > Router > client

     

     

    server originally gateway to Router but we want F5 to be it's gateway, client now unable to reach the servers.

     

    What could be the possible problem?

     

     

    IP:

     

     

    202.126.40.7(server) > 202.126.40.6(F5 floating IP) > Router(202.126.40.3) > 222.126.40.5