How to maintain the maintain session for the single pool member connected to F5 LTM LB?

Question

For our application we are using F5 LTM LB to load balance two nodes connected to it. Recently we have implemented SSL for few pages on site. means we need http and https traffic as well. The load balancer has been configured with two separate Virtual IP configuration(2 Virtual servers), one is for http port and other is for https port. Source IP persistence had been enabled for both VIP individually, the problem here is for http requests LB is providing one member pool and for https requests the LB is providing second member pool. 
The load balancing is happening twice here, is there a way to make the load balancing only once?
Note: We have used SSL offload and SSL termination concept to hold the ssl certificates and to free web server.&nbsp;

pranav_73262 · Answer

Hi, If you are using default 'source_addr' persistence profile, then there is an option to select 'Match across Virtual Server'. Please try that.&nbsp;
Note: Since default profiles are not synchronized across pair of LTMs, I would suggest you to create custom child profile with default 'source_addr' profile as a parent profile.&nbsp;

sree1_135098 · Answer

Thank you for your answer, I want to know one more thing over here. In the same load balancer so many other applications are also hosted on, by selecting  'Match across Virtual Server' will it affect other applications as well?

pranav_73262 · Answer

I guess NO. It is only going to persist across virtual servers based on initial LB decision, so request should go to initial valid server only. However, I will suggest you to check it thoroughly in test environment before implementing in production setup. &nbsp;
Also do not edit default or existing profile, create new custom profile for this particular requirement &amp; use.&nbsp;

pranav_73262 · Answer

Hi, If you use same source_addr profile for other VS, then it will impact there as well.&nbsp;

rob_carr · Answer

How you do this depends on the configuration of your HTTP and HTTPS virtual servers. Do they share the same IP address or not?  If they do, then you can use 'Match across Services', if not, then you need to use 'Match across Virtual Servers'.  Read this for a full explanation: 
http://support.f5.com/kb/en-us/solutions/public/5000/800/sol5837.html?sr=32360941&nbsp;
Traffic persistence is based on the application of a persistence profile to a virtual server.  As such, any virtual servers that don't share the same persistence profile (with Match across Services or Match across Virtual Servers configured), will not pay any attention to the persistence record of a client.&nbsp;
Hope this helps.&nbsp;

Forum Discussion

How to maintain the maintain session for the single pool member connected to F5 LTM LB?

5 Replies

Recent Discussions

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

Use Kubernetes Cert-Manager to Maintain Let's Encrypt Certificates

Maintainers, Slowloris/2, Kobold Letters - April 1st - 7th, 2024 - F5 SIRT - This Week in Security

Virtual Server to maintain the same destination port to the backend

Maintain sticky across tiered VIPs

Gain insight into SSL/TLS traffic to help maintain compliance with privacy regulations using F5 SSL Orchestrator