ltm rule command persist
iRule(1) BIG-IP TMSH Manual iRule(1)
persist
Sets the connection persistence type.
SYNOPSIS
persist none
persist cookie (('insert' (COOKIE_NAME (EXPIRATION)?)?) | ('rewrite' (COOKIE_NAME (EXPIRATION)?)?) |
('passive' (COOKIE_NAME)?) | ('hash' COOKIE_NAME ( ()? (TIMEOUT)?)?))?
persist source_addr (IPV4_MASK)? (TIMEOUT)?
persist simple (IPV4_MASK)? (TIMEOUT)?
persist dest_addr (IPV4_MASK)? (TIMEOUT)?
persist sticky (IPV4_MASK)? (TIMEOUT)?
persist msrdp (TIMEOUT)?
persist ssl (TIMEOUT)?
persist uie PERSIST_UIE (TIMEOUT)?
persist universal PERSIST_UIE (TIMEOUT)?
persist hash ANY_CHARS (TIMEOUT)?
persist carp ANY_CHARS (TIMEOUT)?
persist sip ANY_CHARS (TIMEOUT)?
persist host (TIMEOUT)?
persist add (source_addr | simple | dest_addr | host | sticky | ssl | uie | universal | hash | sip)
(TIMEOUT)?
persist lookup (source_addr | simple | dest_addr | host | sticky | ssl | uie | universal | hash | sip)
(all | node | port |
pool)?
persist delete (source_addr | simple | dest_addr | host | sticky | ssl | uie | universal | hash | sip)
DESCRIPTION
Causes the system to use the named persistence type to persist the connection. Also allows direct inspection
and manipulation of the persistence table.
Syntax
Note: Items marked with - are meant to be replaced with a value.
Arguments bracketed by [ ] are used to note they are optional. They
should not be confused with Tcl command evaluation.
= The timeout in seconds.
persist simple [] [] persist source_addr [] [] persist sticky []
[] persist dest_addr [] [] persist host [] persist ssl [] persist
msrdp [] persist cookie [insert [] [] |
rewrite [] [] |
passive [] |
hash [ { []} []] ] persist uie []
persist hash [] persist carp persist none
These permutations are used to manipulate the persistence table
directly:
persist add []
= | { [any virtual|service|pool] [pool ] }
the latter key specification is used to add persistence entries that can be used across virtuals,
services, or pools.
persist lookup [all|node|port|pool]
"all" or no specification returns a list containing the node, port and pool name.
Specifying any of the other return types will return the specified item only.
= | { [any virtual|service|pool] [pool ] }
the latter key specification is used to access persistence entries across virtuals, services, or pools.
persist delete
= simple | source_addr | sticky | dest_addr | ssl | uie | hash
= | { [any virtual|service|pool] [pool ] }
the latter key specification is used to delete persistence entries regardless of virtual, service, or
pool association.
Note: When using the latter key specification above (e.g. = { any
virtual }), the persist command expects the key (the data and
associated "any virtual" commands) to be a single argument; in other
words, a list. Often, users will want to specify some variable data in
such a command. However, the usual way of creating a list (via braces,
as shown above) will inhibit variable and command expansion. See iRules
Optimization 101 - #4 - Delimiters: Braces, Brackets, Quotes and more for more information on this.
To use variables and commands with these key specifications, users should
either use the list command to construct a list, or use double quotes,
which Tcl will interpret as a list. See the last two examples below.
Note: 'persist none' disables persistence (whether enabled via profile
or iRule) until the current connection is closed or another persist
iRule command is used.
Note: The following persistence methods require a corresponding
persistence profile be added to the virtual server: ssl, msrdp, cookie
RETURN VALUE
VALID DURING
AUTH_ERROR, AUTH_FAILURE, AUTH_RESULT, AUTH_SUCCESS, AUTH_WANTCREDENTIAL, CACHE_REQUEST, CACHE_RESPONSE,
CACHE_UPDATE, CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, CLIENT_LINE, CLIENTSSL_CLIENTCERT,
CLIENTSSL_HANDSHAKE, HTTP_CLASS_FAILED, HTTP_CLASS_SELECTED, HTTP_REQUEST, HTTP_REQUEST_DATA,
HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_CONTINUE, HTTP_RESPONSE_DATA, LB_FAILED, LB_SELECTED,
NAME_RESOLVED, PERSIST_DOWN, RTSP_REQUEST, RTSP_REQUEST_DATA, RTSP_RESPONSE, RTSP_RESPONSE_DATA,
SERVER_CLOSED, SERVER_CONNECTED, SERVER_DATA, SERVER_LINE, SERVERSSL_HANDSHAKE, SIP_REQUEST, SIP_REQUEST_SEND,
SIP_RESPONSE, SIP_RESPONSE_SEND, STREAM_MATCHED, USER_REQUEST, USER_RESPONSE, XML_BEGIN_DOCUMENT,
XML_BEGIN_ELEMENT, XML_CDATA, XML_END_DOCUMENT, XML_END_ELEMENT, XML_EVENT
EXAMPLES
when CLIENTSSL_HANDSHAKE {
# Persist the client connection based on the SSL session ID
persist ssl
}
when HTTP_REQUEST {
# Look up the UIE persistence record for 11111111
persist lookup uie {11111111 pool pool_1}
}
when HTTP_REQUEST {
# Look up the client IP in UIE persistence records for any virtual server
set lookup_key [list [IP::client_addr] any virtual]
set value [persist lookup uie $lookup_key]
}
when HTTP_REQUEST {
# Save the value of the UIE persistence record for this client for any pool
set value [persist lookup uie "[IP::client_addr] any pool"]
}
when HTTP_REQUEST {
# Save the value of the UIE persistence record for a generic token for any virtual server
set value [persist lookup uie [list $myVar any virtual]]
}
# Select different persistence methods by HTTP URI
when HTTP_REQUEST {
# Check the requested URI
switch -glob [HTTP::uri] {
"/path1/*" -
"/path2/*" {
# Request was for an IIS URI so select the pool and set a pool-specific cookie
pool iis_pool
persist cookie insert iis_persist 0
}
default {
# Request was for an iPlanet URI so select the pool and source addresspersistence with a /24 source mask
pool iplanet_pool
persist source_addr 255.255.255.0 0
}
}
}
Use CARP persistence to ensure connections between two hosts are hashed
to the same firewall pool member in an LTM firewall sandwich regardless
of which host initiates a connection.
when CLIENT_ACCEPTED {
# Persist on the client and destination IP addresses
# Use lsort to order them the same regardless of which host is originating the connection
# Replace the space with an underscore so the persist command is given a single string
persist carp [string map {" " "_"} [lsort "[IP::client_addr] [IP::local_addr]"]]
}
HINTS
See SOL11362 for more complete details: FORMATTER ERROR (":" and "&" not supported in Page Names)
SEE ALSO
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2020-06-23 iRule(1)