F5 Load Balancer Persistence Profile How to determine Timeout setting Value
We are using F5 Load Balancer in our ASP.net Application and are using Source address affinity persistence persistence profile. The default value of timeout setting for this profile is 180 seconds. But because of that user getting session time out after 3 minutes(180) in case of being idle. Now question here is what should be value of timeout setting ? I think it should be same as Session Timeout (default 20 minutes) of asp.net application but not sure about that.
Answer
Persistence timeouts should be slightly larger than the applications session timeouts. You are correct. The persistence timeout will start once the session goes idle (no traffic). The session persistence timer countdown will reset if traffic received. If it expires, the LB method is reapplied and the session will be most likely be routed to another server (there are ways around this but by default this is how it's supposed to work).
The standard default timeout is 300 seconds but should be bumped up to over 20 minutes if your application times out at 20 minutes.
This can get dangerous with source affinity specifically when client/source connections aggregate over a single IP or pool of addresses because multiple client sessions would show up as one session to the persistence profile.
People can forget that Session != Connection
Multiple connections coming in as the same IP would technically staple the persistence session up permanently unless the destination server node was restarted. For web applications we recommend cookie persistence so the client can control it's own session. This requires the client to be able to receive cookies.
This of course is dependent on the application and if you're NAT'ing traffic to BIG-IP. Otherwise, you're off to the races with your correct assumption.
And Per F5 Support LTM Concepts:
Source address affinity persistence Source address affinity persistence, also known as simple persistence, tracks sessions based only on the source IP address. When a client requests a connection to a virtual server that supports source address affinity persistence, Local Traffic Manager checks to see if that client previously connected, and if so, returns the client to the same pool member.
You might want to use source address affinity persistence and SSL persistence together. In situations where an SSL session ID times out, or where a returning client does not provide a session ID, you might want Local Traffic Manager to direct the client to the original pool member based on the client’s IP address. As long as the client’s source address affinity persistence record has not timed out, Local Traffic Manager can successfully return the client to the appropriate pool member.
Persistence settings apply to all protocols. When the persistence timer is set to a value greater than 0, persistence is on. When the persistence timer is set to 0, persistence is off.
The persistence mask feature works only for virtual servers that implement source address affinity persistence. By adding a persistence mask, you identify a range of source IP addresses to manage together as a single source address affinity persistent connection when connecting to the pool.