Applies To:
Show VersionsBIG-IP AAM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP APM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP GTM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP Analytics
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP Link Controller
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP LTM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP PEM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP AFM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP ASM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Session Persistence Profiles
Introduction to session persistence profiles
Using BIG-IP® the BIG-IP® system, you can configure session persistence. When you configure session persistence, the BIG-IP system tracks and stores session data, such as the specific pool member that serviced a client request. The primary reason for tracking and storing session data is to ensure that client requests are directed to the same pool member throughout the life of a session or during subsequent sessions.
In addition, session persistence can track and store other types of information, such as user preferences or a user name and password.
the BIG-IP system offers several types of session persistence, each one designed to accommodate a specific type of storage requirement for session data. The type of persistence that you implement depends on where and how you want to store client-specific information, such as items in a shopping cart or airline ticket reservations.
For example, you might store airline ticket reservation information in a back-end database that all servers can access, or on the specific server to which the client originally connected, or in a cookie on the client’s machine. When you enable persistence, returning clients can bypass load balancing and instead connect to the server to which they last connected in order to access their saved information.
the BIG-IP system keeps session data for a period of time that you specify.
The primary tool for configuring session persistence is to configure a persistence profile and assign it to a virtual server. If you want to enable persistence for specific types of traffic only, as opposed to all traffic passing through the virtual server, you can write an iRule.
A persistence profile is a pre-configured object that automatically enables persistence when you assign the profile to a virtual server. By using a persistence profile, you avoid having to write a program to implement a type of persistence.
Each type of persistence that the BIG-IP system offers includes a corresponding default persistence profile. These persistence profiles each contain settings and setting values that define the behavior of the BIG-IP system for that type of persistence. You can either use the default profile or create a custom profile based on the default.
Persistence profile types
You can configure persistence profile settings to set up session persistence on the BIG-IP® system. You can configure these settings when you create a profile or after profile creation by modifying the profile’s settings.
The persistence types that you can enable using a persistence profile are:
- Cookie persistence
- Cookie persistence uses an HTTP cookie stored on a client’s computer to allow the client to reconnect to the same server previously visited at a web site.
- Destination address affinity persistence
- Also known as sticky persistence, destination address affinity persistence supports TCP and UDP protocols, and directs session requests to the same server based solely on the destination IP address of a packet.
- Hash persistence
- Hash persistence allows you to create a persistence hash based on an existing iRule.
- Microsoft® Remote Desktop Protocol persistence
- Microsoft® Remote Desktop Protocol (MSRDP) persistence tracks sessions between clients and servers running the Microsoft® Remote Desktop Protocol (RDP) service.
- SIP persistence
- SIP persistence is a type of persistence used for servers that receive Session Initiation Protocol (SIP) messages sent through UDP, SCTP, or TCP.
- Source address affinity persistence
- Also known as simple persistence, source address affinity persistence supports TCP and UDP protocols, and directs session requests to the same server based solely on the source IP address of a packet.
- SSL persistence
- SSL persistence is a type of persistence that tracks SSL sessions, using the SSL session ID. Even when the client's IP address changes, the BIG-IP® system still recognizes the connection as being persistent based on the session ID.
- Universal persistence
- Universal persistence allows you to write an expression that defines what to persist on in a packet. The expression, written using the same expression syntax that you use in iRules®, defines some sequence of bytes to use as a session identifier.
Session persistence and iRules
Instead of configuring a persistence profile, which enables a persistence type for all sessions passing through the virtual server, you can write an iRule, which enables a persistence type for particular requests (for example, for HTTP traffic that includes a certain cookie version only).
You can also use an iRule to enable persistence for SSL-terminated requests, that is, requests that the BIG-IP® system terminates by performing decryption and re-encryption and by handling SSL certificate authentication. In iRules® of this type, you can use an HTTP header insertion iRule command to insert an SSL session ID as a header into an HTTP request.
HTTP requests and session persistence
When you configure a persistence profile on a virtual server, the BIG-IP® system tracks a pointer to the pool member that serviced a client request. Configuring a persistence profile for a virtual server ensures that client requests are directed to the same pool member throughout the lifetime of a session.
By default, the BIG-IP system performs load balancing for each TCP connection, rather than for each HTTP request. After the initial TCP connection is load balanced, the system sends all HTTP requests seen on the same connection to the same pool member. You can change this behavior if you want the system can make a new load balancing decision according to changing persistence information in HTTP requests. You do this by configuring a OneConnect™ profile and assigning the profile to a virtual server. A OneConnect profile causes the system to detach server-side connections so that the system can perform load balancing for each request within the TCP connection and send the HTTP requests to different destination servers if necessary.
Criteria for session persistence
For most persistence types, you can specify the criteria that the BIG-IP® system uses to send all requests from a given client to the same pool member. These criteria are based on the virtual server or servers that are hosting the client connection. To specify these criteria, you configure the Match Across Services, Match Across Virtual Servers, and Match Across Poolssettings contained within persistence profiles. Before configuring a persistence profile, it is helpful to understand these settings.
The Match Across Services setting
When you enable the Match Across Services setting within a persistence profile, the BIG-IP® system attempts to send all persistent connection requests received from the same client, within the persistence time limit, to the same node only when the virtual server hosting the connection has the same virtual address as the virtual server hosting the initial persistent connection. Connection requests from the client that go to other virtual servers with different virtual addresses, or those connection requests that do not use persistence, are load balanced according to the load balancing method defined for the pool.
For example, suppose you configure virtual server mappings where the virtual server v1:http has persistence enabled and references the http_pool (containing the nodes n1:http and n2:http), and the virtual server v1:ssl has persistence enabled and references the pool ssl_pool (containing the nodes n1:ssl and n2:ssl).
Suppose the client makes an initial connection to v1:http, and the load balancing algorithm assigned to the pool http_pool chooses n1:http as the node. If the client subsequently connects to v1:ssl, the BIG-IP® system uses the persistence session established with the first connection to determine the pool member that should receive the connection request, rather than the load balancing method. the BIG-IP system should then send the third connection request to n1:ssl, which uses the same node as the n1:http node that currently hosts the client's first connection with which it shares a persistent session.
If the same client then connects to a virtual server with a different virtual address (for example, v2:ssl), the BIG-IP system starts tracking a new persistence session, using the load balancing method to determine which node should receive the connection request. The system starts a new persistence session because the requested virtual server uses a different virtual address (v2) than the virtual server hosting the first persistent connection request (v1).
The Match Across Virtual Servers setting
You can set the BIG-IP® system to maintain persistence for all sessions requested by the same client, regardless of which virtual server hosts each individual connection initiated by the client. When you enable the Match Across Virtual Servers setting within a persistence profile, the system attempts to send all persistent connection requests received from the same client, within the persistence time limit, to the same node. Connection requests from the client that do not use persistence are load balanced according to the currently selected load balancing method.
The Match Across Pools setting
When you enable the Match Across Pools setting within a persistence profile, the BIG-IP® system can use any pool that contains a given persistence record. The default is disabled (cleared).