vADC Docs

Layer 7 GLB Persistence with Traffic Script

by ebrandsberg on ‎07-01-2014 10:28 AM - edited on ‎05-29-2015 04:10 PM by PaulWallace (708 Views)

Often, customers need to provide Layer 7 persistence when using GLB, due to site level dependencies, such as shopping carts, etc.  The below TrafficScript provides the functionality necessary.  The way that the script works is that an HTTP cookie is generated with the name "STMGLB_<vserver>" with an encrypted value containing the location, vserver IP and vserver port.  These values will be inspected when received by the STM, and if the client has changed which location they are connecting to, then the connection will be proxied to the proper remote host.  By using a placeholder server pool, we are able to configure the connection parameters for connectivity to the remote vservers, including SSL re-encryption as well.

 

For this script to work, the following conditions need to be met:

 

1.  The client must support session cookies;

2.  In configuring the GLB service, the vserver and the pool, the same name should be used;

3.  A pool by the name of "<vserver>-remote" needs to be created to provide options for the remote vserver proxy;

4.  A unique passphrase needs to be configured in the script that is shared across sites;

5.  In the global settings, insure that "trafficscript!variable_pool_use" is set to true.

 

From there, this policy will be bound to the HTTP or HTTPS vserver.

 

$key = "passphrase";  # needs to be shared across all GLB nodes  
  
$sendcookie = "true";  
  
$vserver = connection.getVirtualServer(); # must match glb service name  
$ip = request.getLocalIP();  
$port= request.getLocalPort();  
$location = geo.getLocation();  
  
$localtoken = $location.":".$ip.":".$port;  
$token=string.decrypt(string.base64decode(http.getCookie( "STMGLB_".$vserver )), $key);  
  
if ( string.length($token) > 0 ) {  
   if ( $token != $localtoken ) {  
      $parts=string.split($token,':');  
      if ( glb.service.isLocationLive($parts[0], $vserver) == 1) {  
         # assuming a pool will be created named -remote to allow settings to be inherited  
         # to allow support of ssl remotes as well  
         $sendcookie = "false";  
         # following is IPv4 specific  
         pool.use( $vserver."-remote", $parts[1], $parts[2] ); # trusted due to encryption  
      } else {  
         log.warn ( "glb site down: ".$token." using local pool");  
         # fail through to use the local pool here  
      }  
   } else {  
      # comment out this to force a new cookie on every response  
      $sendcookie = "false"; # everything is good, don't worry about it  
      # fall through to use the local pool here  
   }  
}  
  
if ( $sendcookie == "true" ) {  
   # at this point the local pool will be used, prepare to send a cookie back to the client on response  
   $localtoken=string.base64encode(string.encrypt($localtoken,$key));  
   http.addResponseHeader( "Set-Cookie", "STMGLB_".$vserver."=".$localtoken );  
}  
Contributors