Forum Discussion

Piotr_Lewandows's avatar
Piotr_Lewandows
Icon for Altostratus rankAltostratus
Apr 20, 2015

Cookie persistence and source address fallback

I wonder what will be result of such setup:

 

  • LB set to Round Robin
  • Default Persistence Profile: Cookie (Cookie Insert)
  • Fallback Persistence Profile: Source Address
  • Source IP same for all requests (SNATed)

My assumption is:

 

  • First new TCP connection established, no cookie present
  • Fallback Persistence used, no Persistence Record (PR) found
  • No persistence is applied because none exist so connection will be directed to first member
  • What will happen then? Persistence Record for source IP will be created pointing to first server?
  • In HTTP response cookie is inserted pointing to first pool member
  • Then second connection from the same IP comes, assuming that PR was created and did not time out then LB will be ignored and connection will be directed to first server
  • In HTTP response again cookie pointing to first server will be inserted
  • Then all returning connections (with cookies set) will be directed to first server, LB in fact will not be used, except for situation when there is enough period of inactivity between connections to allow PR to expire, but will then new connection be send to second server according to RR or not necessarily?

Is above correct?

 

Piotr

 

  • You are correct when putting Cookie and Source Persist together. If there is a persist record it will go to that server and cluster all the clients that share the same IP to the same server.

     

  • Richard__Harlan's avatar
    Richard__Harlan
    Historic F5 Account

    You are correct when putting Cookie and Source Persist together. If there is a persist record it will go to that server and cluster all the clients that share the same IP to the same server.

     

    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Thanks, good to have confirmation from experienced F5'ers Piotr
    • gsharri's avatar
      gsharri
      Icon for Altostratus rankAltostratus
      Piotr, If the clients have a persistence cookie then the source address records will not be used. LTM will attempt to match clients with no cookie with a source address persistence record and then insert a cookie into the response. Note that the source addr persistence record will be created using the client-side source address not the server-side snat source addr.
    • keshav_163381's avatar
      keshav_163381
      Icon for Nimbostratus rankNimbostratus
      Yes....Because Persistence table check first before doing the SNAT on egress interface