fir3net
PPS-Firenetbanner-780.5x190-30-03-17

BigIP F5 LTM - Persistence

Persistence

When an application maintains the session, a persistent session between the client and server must be correctly maintained to ensure the server can continue to process client requests. A typical example is web based shopping carts, this normally requires the user to maintain persistence to a single server during the lifetime of the session.
Persistence is configured via the use of a persistence profile. This alters the load balancing behaviour of a virtual server.

Upon the initial client connection BigIP tracks and stores session data within a persistence record.

Source Address Persistence

Source Address Persistence supports the TCP and UDP protocols and directs traffic to the same server based upon the clients source IP address.
A limitation to source address persistence is when traffic transverses a NAT or proxy device, in which all connections appear to originate from a single IP.

Configuring Source Address Persistence

To configure source address persistence :

  1. Go to 'Local Traffic | Profiles | Persistence | Create'
  2. Within General Properties add the Name
  3. Select Source Address Affinity as the Persistence Type
  4. Click Finished
  5. Add the Persistence Profile to the Virtual Server, via 'Local Traffic | Virtual Servers | [VS NAME] | Resources | Default Persistence Profile'.

Cookie Persistence

Cookie persistence only supports the HTTP protocol. This is because the F5 BigIP is unable to inspect cookies from within an encrypted session. It is also worth noting that if a) the clients system clock is incorrect or b) cookies are disabled then the cookies may not be sent from the client to BigIP.

The F5 LTM offers 4 main modes of cookie persistence:

Hash mode - Hash mode expects that the server provides the cookie. The system then builds a hash from either part or all of this cookie to build a persistence record.
Insert mode   - With Insert Mode the F5 LTM inserts a special cookie in the HTTP Response. These includes the pool named and pool member.
Rewrite mode - Once the web server has created a blank cookie, the F5 LTM rewrites the cookie so that is can be later read as a special cookie and used for persistence.
Passive mode - Passive mode is based upon the web server creating the specially formatted cookie that contains the node IP and port. This cookie is then passively passed through.

Configuring Cookie Persistence

To Configure Cookie Persistence follow the steps below:

  1. Within the Virtual Server ensure that the HTTP profile is configured.
  2. Within the Virtual Server go to Resources and then select Cookie from the Default Persistence Profile.

Other Persistence Methods

SSL Persistence

SSL Persistence uses the SSL Session ID for persistence. Though this has the benefit of providing persistence to SSL sessions that aren't terminated on the F5, as some browsers frequently negotiate the Session ID (due to security reasons) this can lead to short persistence periods. Due to this it is recommended that source IP persistence is defined as backup persistence method.

Match Across

Match Across Services - When “Match Across Services” is enabled persistence is matched across all virtual servers that have the same IP address.
Match Across Virtual Servers - When “Match Across Virtual Servers” is enabled persistence is matched across all virtual servers. This is the same as “Match across services” however it allows the client to access different virtual servers and still access the same pool member. This also applies if both virtual servers are using different ports.
Match Across Pools - When “Match Across Pools” is enabled persistence is matched across all pools using any persistence record matching to the client. However, this means that the client could be sent to a pool that is not associated by the  virtual.

Tags: BIG-IP F5

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001