Forum Discussion

Farid_Lahdiri_1's avatar
Farid_Lahdiri_1
Icon for Nimbostratus rankNimbostratus
Jan 20, 2005

4.5 rule seems to sometimes fail

Hi all,

 

 

The following rule seems to fail once in a while and I don't know why?

 

Any pointers as to what could be the reason will be appreciated.

 

 

Here is an extract of my bigip.conf file:

 

 

 

-----------------------------------------------

 

constants

 

global open_ssh_port enable

 

global webadmin_port 443

 

global web aggregate none

 

global web parse all

 

global web aggregate timeout 5

 

 

server pools

 

 

pool HTTP_Pool {

 

lb_method least_conn_member

 

member 192.168.100.1:http

 

member 192.168.100.2:http

 

}

 

 

pool Pool1 {

 

lb_method least_conn_member

 

member 192.168.100.1:http

 

}

 

 

pool Pool2 {

 

lb_method least_conn_member

 

member 192.168.100.2:http

 

}

 

 

rule TEST {

 

if (http_method == "GET") {

 

if (http_uri ends_with "00") {

 

use pool Pool1

 

}

 

else if (http_uri ends_with "01") {

 

use pool Pool2

 

}

 

else {

 

use pool HTTP_Pool

 

}

 

}

 

else if (http_method == "POST") {

 

if (substr(http_content(4), 0, 3) == decode_uri("%8c%83%98") or substr(http_content(4), 0, 3) == decode_uri("%8c%85%98")) {

 

if (substr(http_content(15), 10, 2) == "00") {

 

use pool Pool1

 

}

 

else if (substr(http_content(15), 10, 2) == "01") {

 

use pool Pool2

 

}

 

else {

 

use pool HTTP_Pool

 

}

 

}

 

else {

 

use pool HTTP_Pool

 

}

 

}

 

else {

 

use pool HTTP_Pool

 

}

 

}

 

 

virtual servers

 

virtual 172.20.10.100:http unit 1 {

 

use rule TEST

 

limit 1200

 

}
dev
devops
iControl
v4

2 Replies

  • Farid_Lahdiri_1's avatar
    Farid_Lahdiri_1
    Icon for Nimbostratus rankNimbostratus
    Jan 20, 2005
    Just a detail. What I meant by the rule failing is the fact that

     

    sometimes eventhough the http_uri (on the GET Method) ends with "00"

     

    the connections gets sent to pool HTTP_Pool instead of pool Pool1.

     

     

    /Farid
  • bknotwell_12713's avatar
    bknotwell_12713
    Historic F5 Account
    Jan 26, 2005
    Hi Farid--

     

     

    While this is more of a tech supportish question, a representative manual testing strategy would be something like the following:

     

     

    1) start tcpdump (snapsize > MTU) on both sides of the traffic

     

    2) wait for an occurrence of the problem you're seeing

     

    3) verify the dumps verify that what you think you're seeing is really occurring

     

     

    Keeping things on-topic, you might use iControl to do something like the following from a test client (assumption: a pristine bigip is available as a device under test -- DUT):

     

     

    1) use iControl to reset* the configuration on the DUT

     

    2) use iControl to create a new appropriate configuration

     

    2) generate scads of requests with 00 at the end that span the DUT

     

    3) use iControl to query* the DUT's stats to ensure your numbers are reasonable

     

     

    *while there's generally adequate protection to ensure you don't lock yourself out when you do this, it's possible. Bottom line: initial testing may require a box with easy physical access.

     

     

    **theoretically, the idea of using information from the DUT to validate the rule evaluation is BAD but (unless you're explicitly testing statistics) it's surprisingly useful in practice. For those who're ideological about this, it's only slightly more cumbersome to have the servers themselves report who they are. You then coalesce the statistics yourself to verify you have the right answer. *chuckle* I suppose for extra credit you could then use iControl or SNMP to query the DUT to verify your answer.

     

     

    --Brad