Cookie Persistence
--> Cookie Persistence Works at Layer 7 of the OSI Reference Model.
--> Cookie Persistence Mostly used for HTTP based applications as they work at Layer 7 of the OSI reference model.
--> Cookies are used to identify the pool member where the traffic from the client sent initially.
--> Cookie information is not stored on F5 System, It is stored in Client Browser mostly.
--> In order to use Cookie-based persistence the virtual server must be configured with an HTTP profile.
--> There are 4 types of cookie persistence methods are being used in F5 Big-IP system:
1) Cookie Insert:
--> The First HTTP request will be load balanced to select the pool member according to the load balancing algorithm.
--> When the selected Pool member sends the HTTP response through F5 BIG IP System then Cookie value will be added by F5 before sending the response to the client.
--> Client stores the Cookie Value in the Browser and When the client sends a new HTTP request then the cookie value is also sent in addition to an HTTP request by the client.
--> The F5 LTM sees the cookie value in the HTTP request and accordingly selects the pool member mentioned in the cookie.
--> Now all the traffic from the same client will be sent to the selected pool member in the cookie, Load Balancing does not happen after initial HTTP request.
--> No configuration changes are required on the Backend server to use Cookie Insert Method.
--> Persistence Mirroring need not be enabled as the Cookies are getting stored on the Client Browser and even failover happens the client request will go to the exact pool member.
--> This is the default Cookie Persistence Method used in F5 BIG IP System.
--> By default, the cookie is named BIGipServer<pool_name> and includes the encoded address and port of the server handling the connection.
--> The cookie contains the following information in it:
i) Name: Name of the Pool to which the client traffic is getting forwarded
ii) Server IP address in Encoded format: The IP address of the server which is only understood by BIG IP System
iii) Server Port in Encoded Format: The Port Number of the Server which is only understood by the BIG IP system.
--> We can change the Cookie Value/Name by Modify the persistence profile.
--> By default, The cookies are sent in plain-text, You can encrypt them by enabling Encryption Passphrase in Cookie Persistence Profile.
--> Cookie Encryption Use Policy need to be preferred or required in order to encrypt the cookies generated by BIG IP system( Persistent Cookies)
i) Preferred: BIG IP System will accept both encrypted and unencrypted cookies from the client.
ii) Required: BIG IP System will accept only encrypted cookies from the client.
--> We can encrypt both persistent cookies and server cookies by using HTTP Profile also.
--> The system sets the expiration date for the cookie based on the Expiration setting in the cookie persistence profile.
--> By default, the expiration time in the Cookie Insert method as session cookie that indicates whenever the browser is closed in the client machine then the cookie will be expired or lost.
--> If you do not want the cookie to expire in the client machine even the web browser is closed then you have to use Always Send Cookie feature enabled in Cookie Profile.
--> Once you enable Always Send Cookie feature then the F5 System will add a cookie for each and every HTTP response sent by the pool member towards the client.
--> To configure Cookie Persistence, Navigate to Local Traffic > Profiles > Persistence > Cookie
--> After creating the Persistence Profile then you need to associate this Persistence Profile under Virtual Server configuration.
In the next blog post, I will discuss other Cookie Persistence Methods used in BIG-IP System.
Reference:F5.com,
Md.Kareemoddin,
CCIE #54759
Super Duper Like
ReplyDeleteNice article Kareem!
ReplyDeleteFor the passphrase can you enter any password at all or the SSL certificate password used for the VS
ReplyDelete