fir3net
PPS-Firenetbanner-780.5x190-30-03-17
  • Home
  • Articles
  • Loadbalancers
  • F5 BIG-IP
  • Why is the Client Addr field within the UIE persistence record not populated ?

Why is the Client Addr field within the UIE persistence record not populated ?

Issue

When viewing the UIE persistence records you observe that the Client Addr field is not populated.

root@f5ltm(Active)(tmos)# show ltm persistence persist-records all-properties
Sys::Persistent Connections
universal - 172.16.100.200:80 - 192.168.1.31:80
-----------------------------------------------------------
TMM           0
Mode          universal
Key           8ffa6c0012825a76b3b68d10a9c68ad3
Age (sec.)    4
Virtual Name  VS-172.16.100.200-80
Virtual Addr  172.16.100.200:80
Node Addr     192.168.1.31:80
Pool Name     POOL-172.16.100.200-80
Client Addr   ::

Reason

This occurs due to the way in which Client Addr is represented when multiple connections with the same key are processed by the same TMM.

Consider the following scenario, connection 1 is received by the F5, and processed by TMM0. A UIE persistence record is built, with the Client Addr field populated. A 2nd connection is then received (containing the same key) and processed by TMM1. As this is on a different TMM the UIE record from TMM0 is copied and the Client Addr field is populated with the client address.

    Connection 1 (1.1.1.1) --> TMM0 --> Key=8ffa6c0012825a76b3b68d10a9c68ad3 Client Addr 1.1.1.1
    Connection 2 (2.2.2.2) --> TMM1 --> Key=8ffa6c0012825a76b3b68d10a9c68ad3 Client Addr 2.2.2.2

However now consider the following, connection 1 is recieved by the F5, and processed by TMM0. A UIE persistence record is built, with the Client Addr field populated. A 2nd connection is then recieved (containing the same key) and processed by the same TMM (TMM0). As the connection has the same key and is on the same TMM the UIE record is not copied, instead the Client Addr field is represented by ::

    Connection 1 (1.1.1.1) --> TMM0 --> Key=8ffa6c0012825a76b3b68d10a9c68ad3 Client Addr ::
    Connection 2 (2.2.2.2) --> TMM0 --> Key=8ffa6c0012825a76b3b68d10a9c68ad3 Client Addr ::

Why does this matter ?

If non-unique keys are being used this can lead to a situation where a large amount of connections persist to a single host, should each client arrive on the same TMM. As each client performs a lookup of the single UIE persistence record the Age will be reset back to 0 seconds.

 

Tags: BIG-IP F5, Loadbalancing, Persistence

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001