Josh_Hildebran1
Jan 18, 2006Nimbostratus
connection pooling proxies & cookie persistence
I did some sniffs of external and internal NICs on my BigIP and filtered by a single IP address which I believe to be a proxy server of some type.
I wrote a Ethereal filter that shows all the bad HTTP requests that are going to the wrong node, based on the cookie that is inserted by the F5 not matching with the node it was sent to.
It appears that this proxy server is doing TCP connection pooling and is just sending random requests down open connections to the same VIP IP address. And the F5 isn't looking at the cookie's in each request to see if it needs to redirect the HTTP.Request to some other node. This is bad when there are numerous people/browsers all hitting our VIP from behind this proxy. Their requests are being randomized by the connection pooling done by their proxy server. That sort of kills my cookie-insert persistence!
I'm not sure what to do. What is the official or unofficial stance from F5 or others on this?
Clearly, I could probably write an irule to make this one src IP go to a different pool. Perhaps a pool that has priorities set, so only one server is used at a time. But, I'd rather find a different way to handle it. This must be a common issue w/ all clients trying to use cookie persistence. I'd rather not have to make a list of naughty-connection-pooling-proxies for an irule.
-Kyoo