Forum Discussion

mulhollandm_648's avatar
mulhollandm_648
Icon for Nimbostratus rankNimbostratus
Sep 29, 2013

big ip ltm persistence help

folks

 

i have a couple of ironports in a pool behind a vserver on my ltm 1600 and they're giving me problems with authentication

 

i've configured source address persistence (/24 mask) and bound it to the vserver

 

when i use the ltm as my explicit proxy i can connect from device A and all the traffic goes to a single ironport

 

if i connect from device B i'm passed to a different ironport but can't get internet access - if i tail the acesslogs on the ironport i can see a http 307 but no traffic is passed

 

i'm looking for advice on

 

  • how to correctly configure a persistence policy

     

  • how to verify that policy is being applied

     

thanks to anyone lookin at this or replying

 

APM
application delivery
deployment
performance
security
TMSH

3 Replies

Sort By
  • Approxee's avatar
    Approxee
    Icon for Nimbostratus rankNimbostratus
    Sep 29, 2013
    try this command "show /ltm persistence persist-records" in TMOS, or you can view it from the statistics part of the web interface
  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Sep 29, 2013

    You are sure the issue is related to persistency? Your described approach should make sure a specific mapping will be made based on the clients network range of 24bit.

     

    How about taking one of the proxies offline (individual poolmember settings) and run tests again from both clients? Still same result? Now switch the proxies and try again, please.

     

    Do you see the 307 as well for logons from client A? How does the client B deal with the 307? A and B belong to different subnets? Otherwise they should be send to the same poolmember according to the selected persistence method. A browser plugin or a clientside tcpdump on your BIG-IP may help to troubleshoot the issue.

     

  • mulhollandm_648's avatar
    mulhollandm_648
    Icon for Nimbostratus rankNimbostratus
    Oct 01, 2013
    greecemonkey many thanks for your help i ran the command but i get 0 records even though i can see the traffic staying with one ironport thanks