Adding an ESD with both lbaas_perist of 'cookie' with lbaas_fallback_persist also set does not implement fallback persistence. This is the required configuration for J2EE applications and is the one of the most common combinations in LTM configurations.
Deploy the above ESD (you can leave out the irules and policy. The full BIG-IP object are available if you want them) defining both lbaas_persist and lbaas_fallback_persist tags per the default /Common/cookie and /Common/source_addr profiles on every BIG-IP.
This is what you virtual will look like before the ESD:
Agent Version
9.4.0 (and 10.1.0)
Operating System
CentOS 7
OpenStack Release
Mitaka (tested Newtron too)
Description
Adding an ESD with both lbaas_perist of 'cookie' with lbaas_fallback_persist also set does not implement fallback persistence. This is the required configuration for J2EE applications and is the one of the most common combinations in LTM configurations.
An example ESD:
"dmzmobile": { "lbaas_ctcp": "tcp-mobile-optimized", "lbaas_stcp": "tcp-lan-optimized", "lbaas_cssl_profile": "clientssl-secure", "lbaas_sssl_profile": "serverssl", "lbaas_irule": ["server_header_scrub","cve-2017-5638","cve-2015-1635","cve-2013-0156"], "lbaas_policy": ["dmz"], "lbaas_persist": "cookie", "lbaas_fallback_persist": "source_addr" }
Deployment
Deploy the above ESD (you can leave out the irules and policy. The full BIG-IP object are available if you want them) defining both lbaas_persist and lbaas_fallback_persist tags per the default /Common/cookie and /Common/source_addr profiles on every BIG-IP.
This is what you virtual will look like before the ESD:
ltm virtual prod_5a9850a2-3348-4181-a8e0-7a42db8465c0 { description test_lb01_listener: destination prod_16f35d9e-b37a-49e8-96cd-f9e720fb8391:https ip-protocol tcp mask 255.255.255.255 partition prod_d303c30a319d422097e5ab0be7b619cd persist { /Common/cookie { default yes } } pool prod_f7be74bc-2f4e-4714-963f-ba536d02c4e2 profiles { /Common/http { } /Common/oneconnect { } /Common/tcp { } } source 0.0.0.0%1/0 source-address-translation { pool prod_d303c30a319d422097e5ab0be7b619cd type snat } translate-address enabled translate-port enabled vlans { tunnel-vxlan-1089 } vlans-enabled vs-index 5 }
This is what it will look like after:
ltm virtual prod_5a9850a2-3348-4181-a8e0-7a42db8465c0 { description test_lb01_listener: destination prod_16f35d9e-b37a-49e8-96cd-f9e720fb8391:https ip-protocol tcp mask 255.255.255.255 partition prod_d303c30a319d422097e5ab0be7b619cd persist { /Common/cookie { default yes } } policies { /Common/dmz { } } pool prod_f7be74bc-2f4e-4714-963f-ba536d02c4e2 profiles { /Common/clientssl-secure { context clientside } /Common/http { } /Common/oneconnect { } /Common/serverssl { context serverside } /Common/tcp-lan-optimized { context serverside } /Common/tcp-mobile-optimized { context clientside } } rules { /Common/server_header_scrub /Common/cve-2017-5638 /Common/cve-2015-1635 /Common/cve-2013-0156 } source 0.0.0.0%1/0 source-address-translation { pool prod_d303c30a319d422097e5ab0be7b619cd type snat } translate-address enabled translate-port enabled vlans { tunnel-vxlan-1089 } vlans-enabled vs-index 5 }
There is not fallback persistence applied.