Custom persistence allows the NSX Advanced Load Balancer to stick a client to a server for a custom duration of time based on user-defined criteria.

The following use case is configured through a DataScript which provides flexible options to find custom data for persistence.

DataScript

A DataScript can be used to close the connection to the client. This can be done through a TCP RST or a graceful TCP FIN, which is determined by a flag in the avi.http.close_conn command.

Example 1

Persist clients based on their source IP and port.

-- HTTP Request Event --
pool = "my_pool"
client = avi.vs.client_ip() .. avi.vs.client_port()
server = avi.vs.table_lookup(client)
timeout = "300"

if server then
   avi.pool.select(pool, client)
end


-- HTTP Response Event --
if not server then
   avi.vs.table_insert(client, avi.pool.server_ip(), timeout)
end

Example 2

Persist clients based on the referer header in the client request.

-- HTTP Request Event --
pool = "my_pool"
timeout = "300"
client = avi.http.get_header("referer")
server = avi.vs.table_lookup(client)


if server then
   avi.pool.select(pool, client)
end


-- HTTP Response Event --
if not server then
   if 
   avi.vs.table_insert(avi.vs.client_ip(), avi.pool.server_ip(), timeout)
end

Policy

The Network Security and the HTTP Security policies can be used to discard a client based on its IP address.  You can create a configured policy rule which refers to an IP group called Blocklist.  When this policy is triggered, a significant log will be generated, indicating that the policy dropped this client.  With enough frequency, this can also incur a penalty on the security row of the health score.

IP Group

The IP group is configured and maintained separately from the DataScript or policy referencing it.  The group can contain lists of addresses or country codes. For more detail on this feature, see IP Group.