Forum Discussion

Michaelyang's avatar
Michaelyang
Icon for Cirrostratus rankCirrostratus
Dec 13, 2022

About iRule

Hello,

I was sorting through my predecessor's F5 and accidentally came across this string of iRule

 

when CLIENT_ACCEPTED {
    switch [IP::protocol] {
          6{
             persist carp [string map {" " "_"} [lsort "[IP::client_addr] [IP::local_addr] [TCP::local_port] [IP::protocol]"]]
           }
      }
}

 

But I don't quite understand what it is writing ......
Can someone help me translate it?

Any help is appreciate.

 

  • Hi Michaelyang,

    the iRule triggers on each TCP connection attempt a code, which:

    • Checks if [IP::protocol] say that the protocol used is TCP (ID 6)
    • It would then create a [list] based on "Client_IP VS_IP VS_Port TCP_ID"
    • It would then sort the list in an increasing order 
    • It would then concatenate the list with "_" (basically a [join "x y" "_"] but he used [string map])
    • It will then use the concatenated string as input for CARP based load balaing. 
    • Done

    Slightly over engineered if you ask me. CARP hashes the input anyway, so you basically just need entrophy. Sorting something, and adding fixed values (like VS IP, Port and TCP Protocol) wont increase the entrophy of the resulting string. So the iRule below would probaly easier to unterstand and doing exactly the same task...

     

    when CLIENT_ACCEPTED {
        if { [IP::protocol] == 6 } then {
            persist carp [IP::client_addr]
            
        }
    }

     

    What it finally does, it makes sure that whenever ClientA connects to your VS, then the VS will forward the ClientA always to the same pool member (lets say MemberX) based on an internal carp based hash algorythm. If MemberX will be marked offline, then carp will elect a new destination based on the remaining members (lets say MemberY). If MemberX comes back online, then ClientA will automatically fallback to MemberX...

    Note: Why your predecessor checks for Protocol ID = 6 at the beginning of the script probably remains secret. The information is somehow lost... 😉

    Cheers, Kai

  • Hi Michaelyang,

    the iRule triggers on each TCP connection attempt a code, which:

    • Checks if [IP::protocol] say that the protocol used is TCP (ID 6)
    • It would then create a [list] based on "Client_IP VS_IP VS_Port TCP_ID"
    • It would then sort the list in an increasing order 
    • It would then concatenate the list with "_" (basically a [join "x y" "_"] but he used [string map])
    • It will then use the concatenated string as input for CARP based load balaing. 
    • Done

    Slightly over engineered if you ask me. CARP hashes the input anyway, so you basically just need entrophy. Sorting something, and adding fixed values (like VS IP, Port and TCP Protocol) wont increase the entrophy of the resulting string. So the iRule below would probaly easier to unterstand and doing exactly the same task...

     

    when CLIENT_ACCEPTED {
        if { [IP::protocol] == 6 } then {
            persist carp [IP::client_addr]
            
        }
    }

     

    What it finally does, it makes sure that whenever ClientA connects to your VS, then the VS will forward the ClientA always to the same pool member (lets say MemberX) based on an internal carp based hash algorythm. If MemberX will be marked offline, then carp will elect a new destination based on the remaining members (lets say MemberY). If MemberX comes back online, then ClientA will automatically fallback to MemberX...

    Note: Why your predecessor checks for Protocol ID = 6 at the beginning of the script probably remains secret. The information is somehow lost... 😉

    Cheers, Kai

    • Michaelyang's avatar
      Michaelyang
      Icon for Cirrostratus rankCirrostratus

      Hi Kai_Wike,

      Thanks for the explanation
      I have learned a lot

      Thank you

  • Hi Michael,

    That iRule can be used in conjunction with a hash persistence profile based on CARP - take a look at K11362.

    The CARP algorithm in this case takes as its base value a string created by client address, the F5 address and port (destination address:port the client is connecting to), and the IP protocol, which is always 6 because of the switch command.

    The "string map" part just replaces " " with "_" in the string that CARP will use to create the hash.

    Makes sense for the VS where it is used?

    /Mike

    * edit * seems Kai did a very complete answer while I was writing! Kudos, Kai!