a/b Route and persistence

[alonsocamaro]

Setup Details

Build: quay.io/f5networks/k8s-bigip-ctlr-devel:6acfa932091c518f87d3d71070501dd68fcebf33 BIGIP Version: Big IP 17 AS3 Version: 3.45
Agent Mode: AS3 Orchestration: OSCP
Orchestration Version: OCP 4.12 Pool Mode: Cluster Additional Setup details: OVN, single cluster or multi-cluster

Description

• When using CIS in single cluster mode (note: I´m not referring to multi-cluster mode and routes in only one cluster) , persistence doesn´t prevail over a/b routes load balancing unless "Match Across Pools" toggle is set.

• This toggle in the persistence profile is also required CIS is configured in multi-cluster mode

Please note that a plain http persistence is applied by default without Match Across Pools enabled, therefore when using A/B Routes an http-with-match-across-pools should be used instead of the current plain http profile.

[trinaths]

Created [CONTCNTR-4157] for internal tracking.

[alonsocamaro]

Just enabling match across pool members is not enough:

When having multiple A/B services in the same virtual server, it is required that all the services behing an A/B route to have their own persistence profile. Otherwise, requests will go always to the first persisting service no matter the route. A reproduction is shown next:

Route configuration

[cloud-user@ocp-provisioner example-weights-two-routes]$ oc get route -n eng-caas-nginx-app1 
NAME             HOST/PORT                        PATH   SERVICES                                        PORT   TERMINATION     WILDCARD
nginx-app1       nginx-app1.apps.f5-udf.com              nginx-app1-v1(50%),nginx-app1-v2(50%)           8080   edge/Redirect   None
nginx-app1-alt   nginx-app1-alt.apps.f5-udf.com          nginx-app1-alt-v1(50%),nginx-app1-alt-v2(50%)   8080   edge/Redirect   None

These two routes are hosted in the same virtual server.

Sending to the first route:

while true ; do curl -k https://nginx-app1.apps.f5-udf.com/ ; done

[root@bigip2:Active:Not All Devices Synced] config # tmsh -c "cd /OpenShift-MultiCluster ; show ltm pool recursive members raw" | egrep "Pool Member|  \|   Total Connections|^Ltm::Pool"
Ltm::Pool: Shared/nginx_app1_alt_v1_8080_eng_caas_nginx_app1
  | Ltm::Pool Member: 10.128.0.81:8080
  |   Total Connections                               0        -
  | Ltm::Pool Member: 10.128.0.82:8080
  |   Total Connections                               0        -
Ltm::Pool: Shared/nginx_app1_alt_v2_8080_eng_caas_nginx_app1
  | Ltm::Pool Member: 10.128.0.84:8080
  |   Total Connections                               0        -
  | Ltm::Pool Member: 10.128.0.85:8080
  |   Total Connections                               0        -
Ltm::Pool: Shared/nginx_app1_v1_8080_eng_caas_nginx_app1
  | Ltm::Pool Member: 10.128.0.74:8080
  |   Total Connections                               0        -
  | Ltm::Pool Member: 10.128.0.75:8080
  |   Total Connections                               0        -
Ltm::Pool: Shared/nginx_app1_v2_8080_eng_caas_nginx_app1
  | Ltm::Pool Member: 10.128.0.76:8080
  |   Total Connections                              25        -
  | Ltm::Pool Member: 10.128.0.80:8080
  |   Total Connections                               0        -
[root@bigip2:Active:Not All Devices Synced] config # tmsh -c "cd /OpenShift-MultiCluster/Shared ; show ltm persistence persist-records"
Sys::Persistent Connections
source-address  10.1.10.4  10.1.10.102:443  10.128.0.76:8080  (tmm: 1)
Total records returned: 1

Sending to the second route:

while true ; do curl -k https://nginx-app1-alt.apps.f5-udf.com/ ; done

[root@bigip2:Active:Not All Devices Synced] config # tmsh -c "cd /OpenShift-MultiCluster ; show ltm pool recursive members raw" | egrep "Pool Member|  \|   Total Connections|^Ltm::Pool"
Ltm::Pool: Shared/nginx_app1_alt_v1_8080_eng_caas_nginx_app1
  | Ltm::Pool Member: 10.128.0.81:8080
  |   Total Connections                               0        -
  | Ltm::Pool Member: 10.128.0.82:8080
  |   Total Connections                               0        -
Ltm::Pool: Shared/nginx_app1_alt_v2_8080_eng_caas_nginx_app1
  | Ltm::Pool Member: 10.128.0.84:8080
  |   Total Connections                               0        -
  | Ltm::Pool Member: 10.128.0.85:8080
  |   Total Connections                               0        -
Ltm::Pool: Shared/nginx_app1_v1_8080_eng_caas_nginx_app1
  | Ltm::Pool Member: 10.128.0.74:8080
  |   Total Connections                               0        -
  | Ltm::Pool Member: 10.128.0.75:8080
  |   Total Connections                               0        -
Ltm::Pool: Shared/nginx_app1_v2_8080_eng_caas_nginx_app1
  | Ltm::Pool Member: 10.128.0.76:8080
  |   Total Connections                              60        -
  | Ltm::Pool Member: 10.128.0.80:8080
  |   Total Connections                               0        -
[root@bigip2:Active:Not All Devices Synced] config # tmsh -c "cd /OpenShift-MultiCluster/Shared ; show ltm persistence persist-records"
Sys::Persistent Connections
source-address  10.1.10.4  10.1.10.102:443  10.128.0.76:8080  (tmm: 1)
Total records returned: 1

[trinaths]

Closed as completed.