Manual Chapter : BIG-IP Administrator guide v3.2: Working with Advanced Persistence Options

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 3.2 PTF-01, 3.2.3 PTF-01, 3.2.3, 3.2.0
Manual Chapter


6

Working with Advanced Persistence Options



Introducing advanced persistence options

In addition to the simple persistence and SSL persistence options provided by the BIG-IP Controller, several advanced persistence options are available. The options described in this section include:

  • HTTP cookie persistence
  • Destination address affinity (sticky persistence)
  • Persist masking
  • Maintaining persistence across virtual servers with the same address
  • Maintaining persistence across all virtual servers
  • Backward compatibility with node list virtual servers

Note: This chapter describes advanced peristence options applied at the pool level. For more information about SSL persistence and simple persistence, see the BIG-IP Controller Getting Started Guide, Configuring persistence for e-commerce and other dynamic content sites.

Using HTTP cookie persistence

You can set up the BIG-IP Controller to use HTTP cookie persistence. This method of persistence uses an HTTP cookie stored on a client's computer to allow the client to reconnect to the same server previously visited at a web site.

There are four types of cookie persistence available:

  • Insert mode
  • Rewrite mode
  • Passive mode
  • Hash mode

    The mode you choose affects how the cookie is handled by the BIG-IP Controller when it is returned to the client.

Insert mode

If you specify Insert mode, the information about the server to which the client connects is inserted in the header of the HTTP response from the server as a cookie. The cookie is named BIGipServer <pool_name>, and it includes the address and port of the server handling the connection. The expiration date for the cookie is set based on the timeout configured on the BIG-IP Controller.

To activate Insert mode in the Configuration utility

  1. In the navigation pane, click Pools.
    The Pools screen opens.
  2. In the Pools list, click the pool for which you want to set up Insert mode.
    The properties screen for the pool you clicked opens.
  3. In the toolbar, click the Persistence button.
    The Pool Persistence screen opens.
  4. Click the Active HTTP Cookie button.
  5. Select Insert mode from the Method list.
  6. Type the timeout value in days, hours, minutes, and seconds. This value determines how long the cookie lives on the client computer before it expires.
  7. Click the Apply button.

To activate Insert HTTP cookie persistence from the command line

To activate Insert mode from the command line, use the following syntax:

  bigpipe pool <pool_name> { <lb_mode_specification> persist_mode 
cookie cookie_mode insert cookie_expiration <timeout> <member
definition> }

The <timeout> value for the cookie is written using the following format:

  <days>d hh:mm:ss

Rewrite mode

If you specify Rewrite mode, the BIG-IP Controller intercepts a Set-Cookie, named BIGipCookie, sent from the server to the client and overwrites the name and value of the cookie. The new cookie is named BIGipServer <pool_name> and it includes the address and port of the server handling the connection.

Rewrite mode requires you to set up the cookie created by the server. In order for Rewrite mode to work, there needs to be a blank cookie coming from the web server for the BIG-IP Controller to rewrite. With Apache variants, the cookie can be added to every web page header by adding an entry in the httpd.conf file:

  Header add Set-Cookie 
BIGipCookie=0000000000000000000000000...

(The cookie should contain a total of 120 zeros.)

Warning: For backward compatibility the blank cookie can contain only 75 zeros. However, cookies of this size do not allow you to use rules and persistence together.

To activate Rewrite mode cookie persistence in the Configuration utility

  1. In the navigation pane, click Pools.
    The Pools screen opens.
  2. In the Pools list, click the pool for which you want to set up Rewrite mode.
    The properties screen for the pool you clicked opens.
  3. In the toolbar, click the Persistence button.
    The Pool Persistence screen opens.
  4. Click the Active HTTP Cookie button.
  5. Select Rewrite mode from the Method list.
  6. Type the timeout value in days, hours, minutes, and seconds. This value determines how long the cookie lives on the client computer before it expires.
  7. Click the Apply button.

To activate Rewrite mode cookie persistence from the command line

To activate Rewrite mode from the command line, use the following syntax:

  bigpipe pool <pool_name> { <lb_mode_specification> persist_mode 
cookie cookie_mode rewrite cookie_expiration <timeout> <member
definition> }

The <timeout> value for the cookie is written using the following format:

  <days>d hh:mm:ss

Passive mode

If you specify Passive mode, the BIG-IP Controller does not insert or search for blank Set-Cookies in the response from the server. It does not try to set up the cookie. In this mode, it is assumed that the server provides the cookie formatted with the correct node information and timeout.

In order for Passive mode to work, there needs to be a cookie coming from the web server with the appropriate node information in the cookie. With Apache variants, the cookie can be added to every web page header by adding an entry in the httpd.conf file:

  Header add Set-Cookie: "BIGipServer my_pool=184658624.20480.000; 
expires=Sat, 19-Aug-2000 19:35:45 GMT; path=/"

In this example, my_pool is the name of the pool that contains the server node, 184658624 is the encoded node address and 20480 is the encoded port.

The equation for an address (a.b.c.d) is:

a*(256^3)+b(256^2)+c*256+d

The way to encode the port is to take the two bytes that store the port and reverse them. So, port 80 becomes 80 * 256 + 0 = 20480. Port 1433 (instead of 5 * 256 + 253) becomes 253 * 256 + 64773.

To activate Passive mode cookie persistence in the Configuration utility

After you set up the cookie created by the web server, you must activate Passive mode on the BIG-IP Controller.

  1. In the navigation pane, click Pools.
    The Pools screen opens.
  2. In the Pools list, click the pool for which you want to set up Passive mode.
    The properties screen for the pool you clicked opens.
  3. In the toolbar, click the Persistence button.
    The Pool Persistence screen opens.
  4. Select Passive HTTP Cookie mode.
  5. Click the Apply button.

To activate Passive mode cookie persistence from the command line

After you set up the cookie created by the web server, you must activate Passive mode on the BIG-IP Controller. To activate HTTP cookie persistence from the command line, use the following syntax:

  bigpipe pool <pool_name> { <lb_mode_specification> persist_mode 
cookie cookie_mode passive <member definition> }

Note: The <timeout> value is not used in Passive mode.

Hash mode

If you specify Hash mode, the hash mode consistently maps a cookie value to a specific node. When the client returns to the site, the BIG-IP Controller uses the cookie information to return the client to a given node. With this mode, the web server must generate the cookie. The BIG-IP Controller does not create the cookie automatically like it does with Insert mode.

To configure the cookie persistence hash option in the Configuration utility

Before you follow this procedure, you must configure at least one pool.

  1. In the navigation pane, click Pools.
    The Pools screen opens.
  2. In the Pools list, click the pool for which you want to set up hash mode persistence.
    The properties screen for the pool you clicked opens.
  3. In the toolbar, click the Persistence button.
    The Pool Persistence screen opens.
  4. Click the Cookie Hash button.
    Set the following values (see Table 6.1 for more information):

    · Cookie Name
    Type in the name of an HTTP cookie being set by the Web site. This could be something like Apache or SSLSESSIONID. It depends on the type of web server your site is running.

    · Hash Values
    The Offset is the number of bytes in the cookie to skip before calculating the hash value. The Length is the number of bytes to use when calculating the hash value.

  5. Click the Apply button.

To configure the hash cookie persistence option from the command line

Use the following syntax to configure the hash cookie persistence option:

  bigpipe pool <pool_name> { <lb_mode_specification> persist_mode 
cookie cookie_mode hash cookie_hash_name <cookie_name>
cookie_hash_offset <cookie_value_offset> cookie_hash_length
<cookie_value_length> <member definition> }

The <cookie_name>, <cookie_value_offset>, and <cookie_value_length> values are described in Table 6.1:

The cookie hash mode values
Hash mode values Description

<cookie_name>

This is the name of an HTTP cookie being set by a Web site.

<cookie_value_offset>

This is the number of bytes in the cookie to skip before calculating the hash value.

<cookie_value_length>

This is the number of bytes to use when calculating the hash value.

Using destination address affinity (sticky persistence)

You can optimize your proxy server array with destination address affinity (also called sticky persistence). Address affinity directs requests for a certain destination to the same proxy server, regardless of which client the request comes from.

This enhancement provides the most benefits when load balancing caching proxy servers. A caching proxy server intercepts web requests and returns a cached web page if it is available. In order to improve the efficiency of the cache on these proxies, it is necessary to send similar requests to the same proxy server repeatedly. Destination address affinity can be used to cache a given web page on one proxy server instead of on every proxy server in an array. This saves the other proxies from having to duplicate the web page in their cache, wasting memory.

Warning: In order to prevent sticky entries from clumping on one server, use a static load balancing mode for the members of the pool, such as Round Robin.

To activate destination address affinity in the Configuration utility

You can only activate destination address affinity on pools directly or indirectly referenced by wildcard virtual servers. For information on setting up a wildcard virtual server, see the BIG-IP Getting Started Guide, Defining wildcard virtual servers. Follow these steps to configure destination address affinity:

  1. In the navigation pane, click Pools.
    The Pools screen opens.
  2. In the Pools list, click the pool for which you want to set up destination address affinity.
    The properties screen for the pool you clicked opens.
  3. In the toolbar, click the Persistence button.
    The Pool Persistence screen opens.
  4. Click the Destination Address Affinity button to enable destination address affinity.
  5. In the Mask box, type in the mask you want to apply to sticky persistence entries.
  6. Click the Apply button.

To activate sticky persistence from the command line

Use the following command to enable sticky persistence for a pool:

  bigpipe pool <pool_name> modify { persist_mode sticky <enable | 
disable> sticky_mask <ip address> }

Use the following command to disable sticky persistence for a pool:

  bigpipe pool <pool_name> modify { persist_mode sticky disable 
sticky_mask <ip address> }

Use the following command to delete sticky entries for the specified pool:

  bigpipe pool <pool_name> sticky clear

To show the persistence configuration for the pool:

  bigpipe pool <pool_name> persist show

Using a simple timeout and a persist mask on a pool

The persist mask feature works only on pools that implement simple persistence. By adding a persist mask, you identify a range of client IP addresses to manage together as a single simple persistent connection when connecting to the pool.

To apply a simple timeout and persist mask in the Configuration utility

  1. In the navigation pane, click Pools.
    The Pools screen opens.
  2. In the Pools list, click the pool for which you want to set up simple persistence.
    The properties screen for the pool you clicked opens.
  3. In the toolbar, click the Persistence button.
    The Pool Persistence screen opens.
  4. Select Simple Persistence mode.
  5. In the Timeout box, type the timeout in seconds.
  6. In the Mask box, type the persist mask you want to apply.
  7. Click the Apply button.

To apply a simple timeout and persist mask from the command line

The complete syntax for the command is:

  bigpipe pool <pool_name> modify { [<lb_mode_specification>] 
persist_mode simple simple_timeout <timeout> simple_mask
<dot_notation_longword> }

For example, the following command would keep persistence information together for all clients within a C class network that connect to the pool classc_pool:

  bigpipe pool classc_pool modify { persist_mode simple 
simple_timeout 1200 simple_mask 255.255.255.0 }

You can turn off a persist mask for a pool by using the none option in place of the simple_mask mask. To turn off the persist mask that you set in the preceding example, use the following command:

  bigpipe pool classc_pool modify { simple_mask none }

To display all persistence information for the pool named classc_pool, use the show option:

  bigpipe pool classc_pool persist show

Maintaining persistence across virtual servers that use the same virtual addresses

When this mode is turned on, the BIG-IP Controller attempts to send all persistent connection requests received from the same client, within the persistence time limit, to the same node only when the virtual server hosting the connection has the same virtual address as the virtual server hosting the initial persistent connection. Connection requests from the client that go to other virtual servers with different virtual addresses, or those connection requests that do not use persistence, are load balanced according to the load balancing mode defined for the pool.

If a BIG-IP Controller configuration includes the following virtual server mappings, where the virtual server v1:http references the http_pool (contains the nodes n1:http and n2:http) and the virtual server v1:ssl references the pool ssl_pool (contains the nodes n1:ssl and n2:ssl). Each virtual server uses persistence:

  bigpipe vip v1:http use pool http_pool
  bigpipe vip v1:ssl use pool ssl_pool
  bigpipe vip v2:ssl use pool ssl_pool

For example, a client makes an initial connection to v1:http and the load balancing mechanism assigned to the pool http_pool chooses n1:http as the node. If the same client then connects to v2:ssl, the BIG-IP Controller starts tracking a new persistence session, and it uses the load balancing mode to determine which node should receive the connection request because the requested virtual server uses a different virtual address (v2) than the virtual server hosting the first persistent connection request (v1). However, if the client subsequently connects to v1:ssl, the BIG-IP Controller uses the persistence session established with the first connection to determine the node that should receive the connection request, rather than the load balancing mode. The BIG-IP Controller should send the third connection request to n1:ssl, which uses the same node address as the n1:http node that currently hosts the client's first connection with which it shares a persistent session.

Warning: In order for this mode to be effective, virtual servers that use the same virtual address, as well as those that use TCP or SSL persistence, should include the same node addresses in the virtual server mappings.

The system control variable bigip.persist_on_any_port_same_vip turns this mode on and off. To activate the persistence mode, type:

  sysctl -w bigip.persist_on_any_port_same_vip=1

To deactivate the persistence mode, type:

  sysctl -w bigip.persist_on_any_port_same_vip=0

To activate persistence for virtual servers that use the same address in the Configuration utility

  1. In the navigation pane, click the BIG-IP logo.
    The BIG-IP System Properties screen opens.
  2. In the toolbar, click the Advanced Properties button.
    The BIG-IP System Control Variables screen opens.
  3. Click the Allow Persistence Across All Ports for Each Virtual Address checkbox to activate this persistence mode. Clear the checkbox to disable this persistence mode.
  4. Click the Apply button.

Maintaining persistence across all virtual servers

You can set the BIG-IP Controller to maintain persistence for all connections requested by the same client, regardless of which virtual server hosts each individual connection initiated by the client. When this mode is turned on, the BIG-IP Controller attempts to send all persistent connection requests received from the same client, within the persistence time limit, to the same node. Connection requests from the client that do not use persistence are load balanced according to the currently selected load balancing mode.

If a BIG-IP Controller configuration includes the following virtual server mappings, where the virtual servers v1:http and v2:http reference the http1_pool and http2_pool (both pools contain the nodes n1:http and n2:http) and the virtual servers v1:ssl and v2:ssl reference the pools ssl1_pool and ssl2_pool (both pools contain the nodes n1:ssl and n2:ssl). Each virtual server uses persistence:

  bigpipe vip v1:http use pool http1_pool
  bigpipe vip v1:ssl use pool ssl1_pool
  bigpipe vip v2:http use pool http2_pool
  bigpipe vip v2:ssl use pool ssl2_pool

Say that a client makes an initial connection to v1:http and the BIG-IP Controller's load balancing mechanism chooses n1:http as the node. If the same client subsequently connects to v1:ssl, the BIG-IP Controller would send the client's request to n1:ssl, which uses the same node address as the n1:http node that currently hosts the client's initial connection. What makes this mode different from maintaining persistence across virtual servers that use the same virtual address is that if the same client subsequently connects to v2:ssl, the BIG-IP Controller would send the client's request to n1:ssl, which uses the same node address as the n1:http node that currently hosts the client's initial connection.

Warning: In order for this mode to be effective, virtual servers that use TCP or SSL persistence should include the same member addresses in the virtual server mappings.

The system control variable bigip.persist_on_any_vip turns this mode on and off. To activate the persistence mode, type:

  sysctl -w bigip.persist_on_any_vip=1

To deactivate the persistence mode, type:

  sysctl -w bigip.persist_on_any_vip=0

To activate persistence across all virtual servers in the Configuration utility

  1. In the navigation pane, click the BIG-IP logo.
    The BIG-IP System Properties screen opens.
  2. In the toolbar, click the Advanced Properties button.
    The BIG-IP System Control Variables screen opens.
  3. Click the Allow Persistence Across All Virtual Servers checkbox to activate this persistence mode. Clear the checkbox to disable this persistence mode.
  4. Click the Apply button.

Backward compatible persistence for node list virtual servers

It is still possible to configure persistence by virtual server and port. You must configure virtual servers that reference a pool or a rule by modifying the pool.

Virtual server definitions containing a node list and persistence settings are converted into an independent pool with the name appgen_<virtual_addr>.<virtual_port> and a virtual server that references the pool. The pool persistence settings are set to mimic the behavior of a virtual server with persistence. For example, the nodelist virtual server definition.

  vip 168.1.1.1:80 { define 10.1.1.1:80 10.2.2.2:80 
special cookie rewrite 10d }

This virtual server definition is stored and written in the /etc/bigip.conf file in the following manner:

Figure 6.1 An example of an appgen_pool created from a node list virtual server

 pool  appgen_168.1.1.1.80  {    
lb_mode round_robin
persist_mode cookie
cookie_mode rewrite
cookie_expiration 10d
member 10.1.1.1:80
member 10.2.2.2:80
}
vip 168.1.1.1:80 { use pool appgen_168.1.1.1.80 }

While you can still apply vitual port simple persistence timeouts they are not saved a part of the BIG-IP Controller configuration. Defining a virtual port timeout affects the persistence configuration of pools that are directly referenced by virtual servers with a matching virtual port. When a virtual port timeout is defined, pools with a persistence mode of none are changed to simple, and the simple persistence timeouts are changed from 0 to the virtual port timeout.

The virtual server simple and sticky persistence commands operate on the pool referenced by the virtual server instead of on the virtual server itself. You cannot use commands to display information for a virtual server that does not reference a pool. Virtual server persistence modifications are:

  vip <ip>:<port> persist <value>
  vip <ip>:<port> persist mask <ip> 
  vip <ip>:<port> sticky (enable | disable | clear)
  vip <ip>:<port> sticky mask <ip>
  vip <ip>:<port> mirror persist (enable | disable)

The virtual port persistence query now returns error message.

  persist <port> show

All virtual server persistence queries now return error messages and a suggested pool persistence query. Virtual server persistence queries that now generate errors are:

  vip <ip>:<port> persist (show | dump)
  vip <ip>:<port> persist mask show 
  vip <ip>:<port> sticky (show | dump)
  vip <ip>:<port> sticky mask show 
  vip <ip>:<port> mirror persist show