Active-Active DC cookie persistence

Question

Hi team,&nbsp;
We have two DC, let us call them DC01 and DC02&nbsp;
One of HTTPs-based app requires active-active from GLSB point of view and cookie persistence is used to assure the traffic is always sent to the same pool member.&nbsp;
We understand the cookie encoding as F5 KB https://support.f5.com/csp/article/K6917. So we have the same pool member setup including local-site pool members and remote-site pool member with Cookie Insert at both DC. The inserted cookie is set up exactly same on LTMs in both DCs.(We proved that app client browser do get the same cookie (same name and same value) from vIP in DC01 and vIP in DC02).&nbsp;
But we still have issue with cookie persistence:&nbsp;
For example, when client session is connected to vIP at DC01 initially. When DNS cache timeout and DNS response of new DNS query points client to vIP at DC02, client will experienced 401 error.  We can see all client subsequent requests have F5 inserted cookie included. But It looks like that the cookie which is inserted by LTM in the DC01 is not recognized by the LTM in the DC02. So cookie persistence is failed to send the traffic to the same pool member.&nbsp;
any clue of cause of our issue?&nbsp;

flypast · Answer

anybody can help?&nbsp;

cjunior · Answer

Man, I just can think that you don't have the same names and addresses on both sides. I could say you have different encryption passwords, but, I think you don't encrypt your cookies, right?
I have same scenario here with two DC and working as well.
I think you should trace requests with an iRule to ensure that "Authorization" and "BIGIP cookie" headers are sent and reached on the BIG-IPs. 
Is possible to you to share the things here with us or, is possible to you to check your setup in a lab?&nbsp;
Regards.&nbsp;

flypast · Answer

We don't encrypt your cookie.
Thank you very much for your suggestion. Will run a lab to retest our solution. &nbsp;

keesvandenbos · Answer

Did you change the cookie name or are you using the default name?
Are both virtual servers in the same route domain?&nbsp;
Cheers,&nbsp;
Kees&nbsp;

Forum Discussion

Active-Active DC cookie persistence

Recent Discussions

Is network access bypassing APM logon pages?

<apm_do_not_touch> in JS file failing</apm_do_not_touch>

Suddenly Can't access Login Box to F5 LTM Via SSH & GUI

LTM + GTM on same box

Application drop down menus does not work behind F5 APM Portal Access

Related Content

Activate serverssl profile in iRule

Persistence Cookie Logging

Especial Load Balancing Active-Passive Scenario (II)

BIG-IP L2 Virtual Wire LACP Passthrough Deployment with IXIA Bypass Switch and Network Packet Broker (Single Service Chain - Active / Active)

Persistence Cookie Logger