Closed alonsocamaro closed 7 months ago
Created [CONTCNTR-4157] for internal tracking.
Just enabling match across pool members is not enough:
When having multiple A/B services in the same virtual server, it is required that all the services behing an A/B route to have their own persistence profile. Otherwise, requests will go always to the first persisting service no matter the route. A reproduction is shown next:
Route configuration
[cloud-user@ocp-provisioner example-weights-two-routes]$ oc get route -n eng-caas-nginx-app1
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
nginx-app1 nginx-app1.apps.f5-udf.com nginx-app1-v1(50%),nginx-app1-v2(50%) 8080 edge/Redirect None
nginx-app1-alt nginx-app1-alt.apps.f5-udf.com nginx-app1-alt-v1(50%),nginx-app1-alt-v2(50%) 8080 edge/Redirect None
These two routes are hosted in the same virtual server.
Sending to the first route:
while true ; do curl -k https://nginx-app1.apps.f5-udf.com/ ; done
[root@bigip2:Active:Not All Devices Synced] config # tmsh -c "cd /OpenShift-MultiCluster ; show ltm pool recursive members raw" | egrep "Pool Member| \| Total Connections|^Ltm::Pool"
Ltm::Pool: Shared/nginx_app1_alt_v1_8080_eng_caas_nginx_app1
| Ltm::Pool Member: 10.128.0.81:8080
| Total Connections 0 -
| Ltm::Pool Member: 10.128.0.82:8080
| Total Connections 0 -
Ltm::Pool: Shared/nginx_app1_alt_v2_8080_eng_caas_nginx_app1
| Ltm::Pool Member: 10.128.0.84:8080
| Total Connections 0 -
| Ltm::Pool Member: 10.128.0.85:8080
| Total Connections 0 -
Ltm::Pool: Shared/nginx_app1_v1_8080_eng_caas_nginx_app1
| Ltm::Pool Member: 10.128.0.74:8080
| Total Connections 0 -
| Ltm::Pool Member: 10.128.0.75:8080
| Total Connections 0 -
Ltm::Pool: Shared/nginx_app1_v2_8080_eng_caas_nginx_app1
| Ltm::Pool Member: 10.128.0.76:8080
| Total Connections 25 -
| Ltm::Pool Member: 10.128.0.80:8080
| Total Connections 0 -
[root@bigip2:Active:Not All Devices Synced] config # tmsh -c "cd /OpenShift-MultiCluster/Shared ; show ltm persistence persist-records"
Sys::Persistent Connections
source-address 10.1.10.4 10.1.10.102:443 10.128.0.76:8080 (tmm: 1)
Total records returned: 1
Sending to the second route:
while true ; do curl -k https://nginx-app1-alt.apps.f5-udf.com/ ; done
[root@bigip2:Active:Not All Devices Synced] config # tmsh -c "cd /OpenShift-MultiCluster ; show ltm pool recursive members raw" | egrep "Pool Member| \| Total Connections|^Ltm::Pool"
Ltm::Pool: Shared/nginx_app1_alt_v1_8080_eng_caas_nginx_app1
| Ltm::Pool Member: 10.128.0.81:8080
| Total Connections 0 -
| Ltm::Pool Member: 10.128.0.82:8080
| Total Connections 0 -
Ltm::Pool: Shared/nginx_app1_alt_v2_8080_eng_caas_nginx_app1
| Ltm::Pool Member: 10.128.0.84:8080
| Total Connections 0 -
| Ltm::Pool Member: 10.128.0.85:8080
| Total Connections 0 -
Ltm::Pool: Shared/nginx_app1_v1_8080_eng_caas_nginx_app1
| Ltm::Pool Member: 10.128.0.74:8080
| Total Connections 0 -
| Ltm::Pool Member: 10.128.0.75:8080
| Total Connections 0 -
Ltm::Pool: Shared/nginx_app1_v2_8080_eng_caas_nginx_app1
| Ltm::Pool Member: 10.128.0.76:8080
| Total Connections 60 -
| Ltm::Pool Member: 10.128.0.80:8080
| Total Connections 0 -
[root@bigip2:Active:Not All Devices Synced] config # tmsh -c "cd /OpenShift-MultiCluster/Shared ; show ltm persistence persist-records"
Sys::Persistent Connections
source-address 10.1.10.4 10.1.10.102:443 10.128.0.76:8080 (tmm: 1)
Total records returned: 1
Closed as completed.
Setup Details
Build: quay.io/f5networks/k8s-bigip-ctlr-devel:6acfa932091c518f87d3d71070501dd68fcebf33 BIGIP Version: Big IP 17 AS3 Version: 3.45
Agent Mode: AS3 Orchestration: OSCP
Orchestration Version: OCP 4.12 Pool Mode: Cluster Additional Setup details: OVN, single cluster or multi-cluster
Description
When using CIS in single cluster mode (note: I´m not referring to multi-cluster mode and routes in only one cluster) , persistence doesn´t prevail over a/b routes load balancing unless "Match Across Pools" toggle is set.
This toggle in the persistence profile is also required CIS is configured in multi-cluster mode
Please note that a plain http persistence is applied by default without Match Across Pools enabled, therefore when using A/B Routes an http-with-match-across-pools should be used instead of the current plain http profile.