Forum Discussion

Ryan_Primavera_'s avatar
Ryan_Primavera_
Icon for Nimbostratus rankNimbostratus
Oct 19, 2009

**** Mult-Pool Load Balancing based on Destination TCP port ****

I have a catch-all VIP (port 0) setup on my LTM. I am trying to get the destination (DST) port the client is trying to access be directed to the appropriate port specific pool. Below is what I have come up with so far in terms of logic, but doesn't seem to be working.

 

If anyone can give me a bit of direction here I would be much obliged.

 

 

thx,

 

Ryan

 

 

****************************************

 

when CLIENT_ACCEPTED {

 

switch [TCP::local_port clientside] {

 

"7300" { pool test_pool1 }

 

"7310" { pool test_pool2 }

 

"7320" { pool test_pool3 }

 

"7330" { pool test_pool4 }

 

"7340" { pool test_pool5 }

 

"7350" { pool test_pool6 }

 

"*" { pool test_pool_any }

 

}

 

}

 

****************************************
application delivery
dev
devops
iRules
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Oct 19, 2009
    You can add some logging statements to see what is being applied

     

     

    I.E.

     

    log local0. "Complete connection: [IP::client_addr]:[TCP::client_port]<->LTM<->[IP::server_addr]:[TCP::server_port]"

     

     

    I hope this helps

     

     

    CB
  • Ryan_Primavera_'s avatar
    Ryan_Primavera_
    Icon for Nimbostratus rankNimbostratus
    Oct 19, 2009
    this is what I get back in the log when I add that in:

     

    Oct 19 13:07:40 tmm tmm[1087]: 01220001:3: TCL error: Rule test_irule - Error: No serverside connection established (line 1) invoked from within "IP::server_addr"
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Oct 19, 2009
    Oops. I forgot that your event was client accepted

     

     

    Try this:

     

    log local0. "Client Connection: [IP::client_addr]:[TCP::local_port clientside]"

     

     

    CB

     

  • Ryan_Primavera_'s avatar
    Ryan_Primavera_
    Icon for Nimbostratus rankNimbostratus
    Oct 19, 2009
    Below basically is the functionality I am looking for. If there is a better way to skin the cat here I am all for it.

     

    Example:

     

    Client(REQ www.xyz.com:7300) => VirtualServer:0 (www.xyz.com:7300) => pool_7300 (poolmember:7300)

     

    Client(REQ www.xyz.com:7320) => VirtualServer:0 (www.xyz.com:7320) => pool_7320 (poolmember:7320)

     

    Client(REQ www.xyz.com:80) => VirtualServer:0 (www.xyz.com:80) => pool_any (poolmember:0)
  • Ryan_Primavera_'s avatar
    Ryan_Primavera_
    Icon for Nimbostratus rankNimbostratus
    Oct 19, 2009

     

    Try this:

     

    log local0. "Client Connection: [IP::client_addr]:[TCP::local_port clientside]"

     

    ***********************************************************

     

     

    This what I am getting when using that. You can see it is getting the port. Now the reason why it won't pass to pool is beyond me.

     

     

    Oct 19 13:16:42 tmm tmm[1087]: Rule test_irule : Client Connection: 192.168.0.100:7300
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Oct 19, 2009
    How about you rewrite it in the following manner 

     
 when CLIENT_ACCEPTED { 
 switch [TCP::local_port clientside] { 
 "7300" { 
 pool test_pool1 
 } 
 "7310" { 
 pool test_pool2 
 } 
 "7320" { 
 pool test_pool3 
 } 
 "7330" { 
 pool test_pool4 
 } 
 "7340" { 
 pool test_pool5 
 } 
 "7350" { 
 pool test_pool6 
 } 
 default { 
 pool test_pool_any 
 } 
 } 
 }

    I hope this helps

    CB

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 20, 2009
    [TCP::local_port] in any clientside event (like CLIENT_ACCEPTED) is already run in the clientside context, so you don't need to to use the clientside keyword.

     

     

    If CB's latest version isn't working, try adding logging to the switch cases to verify the request is matching the expected case. If that fails, then try a tcpdump or posting a sample of the VIP and pool config for one scenario that isn't working.

     

     

    Also note that for unmatched destination ports, you're allowing unrestricted port access to the test_pool_any pool. This may or may not be a security concern for you.

     

     

    Aaron
  • Viv_Richards's avatar
    Viv_Richards
    Icon for Cirrostratus rankCirrostratus
    Dec 10, 2019

    As per my requirement ,I have tried and it is working.

    VS has been configured for all port (*) and for each local_port, traffic is destined to specific pool

     

    =============================

     

    when CLIENT_ACCEPTED { 

     switch [TCP::local_port clientside] { 

     "2181" { 

     pool pool_abcd_2181

     log local0. "abcd port 2181 is:[TCP::local_port]"

    }

    "2182" { 

     pool pool_abcd_2182

     log local0. "abcd port 2182 is:[TCP::local_port]"

    }

    "2183" { 

     pool pool_abcd_2183

     log local0. "abcd port 2183 is:[TCP::local_port]"

    }

    "5051" { 

     pool pool_abcd_5051

     log local0. "abcd port 5051 is:[TCP::local_port]"

    }

    "6051" { 

     pool pool_abcd_6051

     log local0. "abcd port 6051 is:[TCP::local_port]"

    }

    "7051" { 

     pool pool_abcd_7051

     log local0. "abcd port 7051 is:[TCP::local_port]"

    }

    "8051" { 

     pool pool_abcd_8051

     log local0. "abcd port 8051 is:[TCP::local_port]"

    }

    "9051" { 

     pool pool_abcd_9051

     log local0. "abcd port 9051 is:[TCP::local_port]"

    }

    "9092" { 

     pool pool_abcd_9092

     log local0. "abcd port 9092 is:[TCP::local_port]"

    }

    "9093" { 

     pool pool_abcd_9093

     log local0. "abcd port 9093 is:[TCP::local_port]"

    }

    "9094" { 

     pool pool_abcd_9094

     log local0. "abcd port 9094 is:[TCP::local_port]"

    }

    "9095" { 

     pool pool_abcd_9095

     log local0. "abcd port 9095 is:[TCP::local_port]"

    }

    default { 

    reject

     log local0. "abcd port denied is:[TCP::local_port]"

    }

     }

    ==========================

    Hope it will be helpful