How to configure persistence for CloudFlare's proxy
How to set up persistence for Virtual Services published through CloudFlare
How can persistence be set up for Virtual Services when DNS is behind CloudFlare's proxy cache system without having users to be bounced between servers.
|Steps to Reproduce:|
|Cause:||CloudFlare is a CDN (content delivery network), also called a content distribution network which means that connections are multiplexed within a single TCP connection. Since multiple connections are seeing as one, users' requests can end up going to different back-end severs.|
Since CloudFlare multiplexes the connection, persistence cannot relied on methods such as Source IP Address, Active Cookie or Super HTTP since all the LoadMaster sees as the source of a request is CloudFlare's IP Address.
CloudFlare injects a HTTP header into their HTTP stream called CF-Connecting-IP which contains the original client's IP Address and can be used as a persistence value with LoadMaster due to the fact that this value is unique per client regardless of the multiplexing mechanism.
To use this header as the persistence method, the Virtual Service's persistence options (WUI > Virtual Services > Modify on the relevant VIP > Standard Options) will need to look like the following with the exception of the Timeout which can be configured as needed:
As shown above, the persistence mode is "Selected Header" and the Header field name is "CF-Connecting-IP".
A persistence record is built at the beginning of the HTTP Stream, so, once the settings are configured as recommended, in order to test this properly, any active sessions to the application will need to be closed and the LoadMaster's persistence table needs to reset as explained below: