Universal persistence using IPV6 with iRule..

Question

Hello everyone and F5,&nbsp;please help....I am stuck and don’t know what to do or if F5 can support this...&nbsp;Does anyone know how to persist an IPV6 address in an X-forwarded-for header, or add it to the current code below? We are currently callingthis i-Rule with universal persistence profile, however it seems to only work if the user's client IP is in IPV4 format. If they get an IPV6 address fromtheir ISP provider, the persistency does not work even though our CDN address their IPV6 in the XFF header field.&nbsp;Any help is much appreciated!&nbsp;&nbsp;when HTTP_REQUEST {&nbsp;
&nbsp; &nbsp; if {[HTTP::header X-Forwarded-For] != ""} then {
&nbsp; &nbsp; &nbsp; &nbsp; persist uie [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0]
&nbsp; &nbsp; } else {
persist uie [IP::client_addr]
&nbsp; &nbsp; }
}&nbsp;

jrahm · Answer

Do you have a persistence profile on the virtual? Might be best to have a default of source_addr persistence as a profile on the virtual, that way you can reduce your iRule to this (my attempt, you'll need to test)when HTTP_REQUEST {
  if { [HTTP::header exists X-Forwarded-For] } {
    persist uie [getfield [HTTP::header X-Forwarded-For] "," 1]
  }
}

ant77 · Answer

Hi Jason,&nbsp;We can't use a default source_addr profile because the inbound traffic goes through a CDN, which they append the client IP and their proxy IP to the XFF header. We use the irule to look into this and persist the connection for the client to a server in the backend. This works fine with IPV4, however there are instances where some of our user's ISP is giving them an IPV6 address. How can this iRule or any other method be used to read the IPV6 along with the IPV4 (this irule) and persist the clientbased on that?&nbsp;Thanks!

ant77 · Answer

Hello F5/Jason,&nbsp;Please help...can you let me know if this can be done or not?&nbsp;Thanks!

jrahm · Answer

it should be possible, but I really need to see samples of the contents of your XFF headers in ipv4 and ipv6 to see if you are indexing and splitting correctly for both protocols. I can track down bugs and experience in the meantime. Sorry, I don't have much operational ipv6 experience

ant77 · Answer

Thank you Jason, appreciate your help. Once I get more info and a sample, I will post it.

Forum Discussion

Universal persistence using IPV6 with iRule..

5 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

XFF Universal Persistence iRule

Universal Persistence iRule based upon ASP.NET SessionId

Decoding the IPv4 address from the persistence cookie

Universal HTTP host redirect

SOCKS5 SSL Persistence