search

F5Networks / f5-openstack-agent

The F5 Agent for OpenStack Neutron allows you to deploy BIG-IP services in an OpenStack environment.
http://clouddocs.f5.com/products/openstack/agent/latest
Apache License 2.0
14 stars 38 forks source link

session-persistence type=APP_COOKIE implements cookie insert #345

Closed alonsocamaro closed 7 years ago

alonsocamaro commented 7 years ago

Agent Version

ii python-f5-icontrol-rest 1.0.9-1 all F5 BIG-IP iControl REST API client ii python-f5-openstack-agent 9.0.2-1 all F5 Networks Agent for OpenStack services ii python-f5-openstack-lbaasv2-driver 9.0.2-1 all F5 Networks Driver for OpenStack LBaaSv2 service ii python-f5-sdk 1.2.0-1 all F5 Networks Python SDK

Operating System

Mirantis 9.0

OpenStack Release

Mitaka

Description

Hi

After creating a pool with APP_COOKIE persistence 

root@node-1:~# neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --listener ha-5 --protocol HTTP --name ha-5 --session-persistence type=APP_COOKIE,cookie_name=TEST
Created a new pool:
+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| healthmonitor_id    |                                                |
| id                  | 47d66630-dc00-46d8-8a74-83ccc22efdc3           |
| lb_algorithm        | ROUND_ROBIN                                    |
| listeners           | {"id": "53ab6c3a-950b-433b-bee0-046d987765b1"} |
| loadbalancers       | {"id": "c74bfb81-b53f-43ff-a318-9f564b37ea39"} |
| members             |                                                |
| name                | ha-5                                           |
| protocol            | HTTP                                           |
| session_persistence | {"cookie_name": "TEST", "type": "APP_COOKIE"}  |
| tenant_id           | 1bcf7ba13bcb496196d72f481bfebb5c               |
+---------------------+------------------------------------------------+

The implementation in the BIG-IP is instead cookie insert:


root@(bigip1)(cfg-sync Changes Pending)(Standby)(/Project_1bcf7ba13bcb496196d72f481bfebb5c)(tmos)# list ltm virtual ha-5 
ltm virtual ha-5 {
    destination 10.0.2.185:http
    ip-protocol tcp
    mask 255.255.255.255
    partition Project_1bcf7ba13bcb496196d72f481bfebb5c
    persist {
        /Common/cookie {
            default yes
        }
    }
    pool ha-5
    profiles {
        /Common/http { }
        /Common/tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
    vs-index 13
}

which I don't think is the expected behavior

jgruber commented 7 years ago

Do you have multiple pools created with the same listener?

I've labeled this as a bug.

As of 9.0.3, L7 routing is not supported, so there should only be 1 pool created per listener.

When disassociated pools are allowed with L7 routing, we'll have the policy rule to have distinct session persistence per pool.

alonsocamaro commented 7 years ago

I only had a single pool:

root@node-1:~# neutron lbaas-loadbalancer-show c74bfb81-b53f-43ff-a318-9f564b37ea39
+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| id                  | c74bfb81-b53f-43ff-a318-9f564b37ea39           |
| listeners           | {"id": "53ab6c3a-950b-433b-bee0-046d987765b1"} |
| name                | ha-5                                           |
| operating_status    | ONLINE                                         |
| pools               | {"id": "47d66630-dc00-46d8-8a74-83ccc22efdc3"} |
| provider            | f5networks                                     |
| provisioning_status | ACTIVE                                         |
| tenant_id           | 1bcf7ba13bcb496196d72f481bfebb5c               |
| vip_address         | 10.0.2.185                                     |
| vip_port_id         | 7e724735-4cd6-47eb-bba0-0fe197fe20bf           |
| vip_subnet_id       | d02c8267-30be-4cdc-aa4a-a7c1ca6504b8           |
+---------------------+------------------------------------------------+