Monday, November 29, 2021

Sessions Persistent cookies on F5's

Hi, I have a query regarding the Session Persistent on F5's, forgive me if some of these queries are "soft", but I'm a novice with F5's still and still getting to grips with them. So an example I'll give is that we have 3 servers in one stack, all 3 are configured in a pool to a VIP, round robin balancing. I get a call off the head off infra/networks asking are these 3 servers being properly load balanced, so I go onto the VIP and see that the statistics for it are showing that it is load balancing perfectly across all 3 servers in the pool, he wanted to know if "sticky sessions" were enabled, after some digging I could see that there was no "Persistent Profile" attached, meaning no session load balancing surely? I have read that by default the F5's perform load balancing based off TCP connections rather than HTTP, so after the initial TCP connection is established, they send that particular TCP flow to the same pool member permeantly, could this mean that flows are still "Session Persistent" in someway?

I have a few questions regarding the options and the way the F5's use their session persistent feature to. For the "Cookie" and "SSL" profiles in particular:

Are the SSL session ID's readable without the use of an SSL proxy by the F5's?

Is the SSL session ID not the same as a "Cookie"?

Does the F5 insert its own Cookie to load balance?

All the different options on the SSL profile such as "Mirror Persistent", "Match Across Services", "Match Across Virtual Servers", "Match Across Pools" all refer to what in this context?

All the different options on the Cookie profile such as "Cookie Method", "Cookie Method", "HTTPOnly Attribute", Secure Attribute", "Always Send Cookie", "Cookie Encryption Use Policy all refer to what in this context?

Thanks again for the help everyone



No comments:

Post a Comment