LTM Persistant Connections

Question

Trying to understand the persistence details in the article below. What does "an existing persistence session" actually mean? Is this what I'm seeing when I do a "show ltm persistence persist-records pool poolName? Does it mean that if server member 2.2.2.2:443 is disabled in the pool and a new connection just happens to come in with a cookie value of "CookieName" it would be directed to server 2.2.2.2:443 even though it is disabled? How do the persistence time-outs factor in here especially if they are set to indefinite. The line "It can accept new connections only if the connections belong to an existing persistence session" is what I'm trying to make head and tail of.&nbsp;
universal CookieName 1.1.1.1:443(looks like my vip) 2.2.2.2:443(looks like my server) (tmm: 4)&nbsp;
When set to Disabled, a node or pool member continues to process persistent and active connections. It can accept new connections only if the connections belong to an existing persistence session.&nbsp;
https://support.f5.com/csp/article/K133108)&nbsp;

crodriguez · Answer

An "existing persistence session" can roughly be explained as a connection request that arrives on the BIG-IP system and either matches persistence criteria in a persistence record (yes, the ones you can display with the tmsh show /ltm persistence persist-records command) or contains a persistence cookie. New connections that match existing persistence criteria are not load balanced. Instead, they are directed ("persisted," if you will) to the pool member identified in the persistence record/cookie. This is true even for a pool member that has been manually disabled, as a BIG-IP administrator might do to begin offloading traffic from a server before maintenance.&nbsp;
The idea behind a manual disable (rather than a force offline) is that it allows traffic - to slowly and gracefully bleed off the server. This includes traffic from both existing and persistent connections (sessions). Once the pool member is disabled, no new connections will be allowed unless the connection matches existing persistence criteria.&nbsp;
As persistence records timeout or persistence cookies expire, so do the associated persistent "sessions." If a persistence record has an indefinite timeout though, then the only way to ensure no connections are directed to the pool member is to manually force the pool member offline or delete the persistence record on the BIG-IP system. For cookie persistence where the cookie has a "session" or very long timeout value, I think forcing offline is the only choice as an Administrator cannot delete the cookie. So long as the client continues to send the persistence cookie on each connection, the connection will persist to an enabled or disabled pool member - but not to a forced offline pool member.&nbsp;

Forum Discussion

LTM Persistant Connections

1 Reply

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

Session persistence in LTM

View persistence table data

Persistence mirroring across datacenters?

F5 LTM SNAT: only 1 outgoing connection, multiple internal clients

APM SSO breaks RDP persistence