This article describes difference between LB_PERSIS_HASH_SRC_ADDR and LB_PERSIS_SRC_ADDR persistence.
FortiADC, FortiADC VM.
Persistence rules help to send traffic to the Real server which was handling the previous request from the same user instead of load-balancing it between other available servers.
As mentioned in the Document: https://docs.fortinet.com/document/fortiadc/7.2.0/handbook/932874/configuring-persistence-rules
There are some predefined rules in FortiADC that can be used according to the requirement of what is needed to achieve.
This article basically explains the difference between the working and behavior of LB_PERSIS_HASH_SRC_ADDR and LB_PERSIS_SRC_ADDR persistence.
LB_PERSIS_SRC_ADDR records the client IP and the Real Server assigned to it when the client accesses the Virtual Server for the first time.
When the next access occurs, the Real server that should be assigned is queried through the IP.
It should be noted that this kind of method needs memory to record the corresponding relationship between the IP address and the Real server, so it needs to consume a certain amount of memory.
If there are many IP addresses, more memory will be wasted.
On the other hand, LB_PERSIS_HASH_SRC_ADDR uses a consistent hash algorithm to map the client's IP address to a Real server.
Because the algorithm is consistent, it can be guaranteed that the same IP address will always be assigned to the same Real server.
This method does not consume any memory.It can be seen that, in general, if the IP addresses faced by the Virtual server are not special, and there are a lot of them.
It is necessary to use LB_PERSIS_HASH_SRC_ADDR_port instead of LB_PERSIS_SRC_ADDR, which is generally recommended.
Unless the number of IP addresses faced by the customer is small, it cannot be better distributed to the back-end server through the HASH algorithm.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.