Forum Discussion
wtwagon_99154
Nimbostratus
NimbostratusAnyone use iRules with SiteSpect?
I wanted to see if anyone out there has experiencing using iRules with the SiteSpect appliance.
What I'd like to accomplish is the following (Pseudocode)
NOTE: SSLB = Cookie injected by F5 LTM
IF load balancer finds SSLB affinity cookie in request THEN:
{
IF SSLB cookie = A THEN:
Route the request to SiteSpect VIP
ELSE:
Route the request to a node in the web server pool
}
ELSE (SSLB affinity cookie isn’t found):
{
Route the request to either the web server pool or SiteSpect based on
weighting rules (for example: 50% of requests without SSLB cookie go
web server pool and 50% go to SiteSpect).
}
For requests that do not contain the SSLB affinity cookie, the HTTP response must set the
cookie according to how request was routed:
If the cookie-less request was routed to SiteSpect:
SiteSpect automatically sets the SSLB cookie to “A” with an expiration time appropriate
for the user’s test status. This ensures that not only will they continue to be routed to
SiteSpect for the remainder of their visit, but they will still be routed to SiteSpect upon
subsequent visits.
If the cookie-less request was routed to the web server pool:
The web server node should set the SSLB cookie to “B” as session-only (i.e., no
expiration time is set, so the cookie expires when the user closes their browser). This
ensures that the user continues to be routed away from SiteSpect for the duration of
their visit, but becomes fair game for a SiteSpect test upon their next visit. See Appendix
for examples of how to configure your web nodes to set the SSLB cookie.
Note that the affinity cookie’s name (“SSLB”) and value (“A”) are completely configurable within
SiteSpect.
I was also provided with a sample configuration, but it appears to be different than what we need:
monitor http_keepalive-sitespect {
defaults from http
recv "200 OK"
send "HEAD /keepalive-sitespect.html HTTP/1.0\r\n"
}
profile persist www_edc {
defaults from cookie
mode cookie
cookie mode insert
cookie name "www_edc"
}
pool pool_www.example.com {
lb method member ratio
min active members 1
members
192.168.2.30:http
ratio 75
priority 10
monitor http_web001.example.com
192.168.3.21:http
priority 20
monitor http_keepalive-sitespect
}
pool pool_www.example.com_81 {
lb method member ratio
members
192.168.2.30:81
ratio 75
monitor http_web001.example.com
}
rule persist_www_edc_80 {
when HTTP_REQUEST {
set persist_cookie "www_sid"
set pool_sitespect "192.168.3.21"
set pool_member1 "192.168.2.30"
set pool_port "80"
set pool_name [LB::server pool]
if {([LB::status pool $pool_name member $pool_sitespect $pool_port] == "down") or ([LB::status pool $pool_name member $pool_sitespect $pool_port] == "session_disabled")} {
if {[HTTP::cookie exists $persist_cookie]} {
switch [HTTP::cookie value $persist_cookie] {
1031 { if {[LB::status pool $pool_name member $pool_member1 $pool_port] == "up"} { pool $pool_name member $pool_member1 $pool_port } }
}
}
}
}
}
rule persist_www_edc_81 {
when HTTP_REQUEST {
set persist_cookie "www_sid"
set pool_member1 "192.168.2.30"
set pool_port "81"
set pool_name [LB::server pool]
if {[HTTP::cookie exists $persist_cookie]} {
switch [HTTP::cookie value $persist_cookie] {
1031 { if {[LB::status pool $pool_name member $pool_member1 $pool_port] == "up"} { pool $pool_name member $pool_member1 $pool_port } }
}
}
}
}
virtual www.example.com_http {
pool pool_www.example.com
destination 192.168.1.104:http
ip protocol tcp
rules
persist_www_edc_80
persist www_edc
}
virtual www.example.com_https {
pool pool_www.example.com
destination 192.168.1.104:https
ip protocol tcp
rules
persist_www_edc_80
persist www_edc
}
virtual www.example.com_sitespect {
snat automap
pool pool_www.example.com_81
destination 192.168.1.104:81
ip protocol tcp
rules persist_www_edc_81
}
Any feedback would be much appreciated. Thanks.
RLewis_110507Greetings
Did you ever get an answer for this? Our company is currently testing SiteSpect (appliance product) and I need to setup the cookie detection.
Thanks in advance for any information,
Ross
andrew_waldvogeI'm not sure if this is the most elegant way of doing this. Actually I am sure it is not since LB::status was not available when I wrote this,
and also because I'm a hack.
Anyhow, it works for us, and I always prefer the least complicated (in my opinion) solution.
I tried to trim it down to only what refers to the sitespect configuration. Hope it still makes sense.
external VIP
virtual vip_example_http {
pool vip_example_http
destination 1.2.3.4:http
ip protocol tcp
rules vip_example_URI
profiles
http
tcp-loadtest
}
rule vip_example_URI {
when HTTP_RESPONSE {
if { ! [HTTP::cookie exists "SSLB"] } {
HTTP::cookie insert name "SSLB" value "A" domain "my.domain.com"
}
}
when HTTP_REQUEST {
...
...
} else {
if { [HTTP::cookie exists "SSLB"] } {
set ss_cookie [HTTP::cookie "SSLB"]
if { ( $ss_cookie == "B" ) and ( [active_members vip_example_sitespect] > 0 ) } {
pool vip_example_sitespect
} else {
pool vip_internal_http
}
} else {
pool vip_example_http
}
}
}
}
this pool contains only the sitespect
pool vip_example_sitespect {
members 10.10.10.1:81
}
this pool contains sitespect and webservers and you would have your ratio here
pool vip_example_http {
members
10.10.10.1:81
10.10.10.2:81
10.10.10.3:81
10.10.10.4:81
}
internal VIP
virtual vip_internal_http {
snatpool SNAT_internal
pool vip_internal_http
destination 10.10.10.100:http
ip protocol tcp
rules vip_internal_URI
profiles
http
tcp-loadtest
}
No additional config for the sitespect in this rule
rule vip_internal_URI {
when HTTP_REQUEST {
....
....
} else {
pool vip_internal_http
}
}
}
snat for the internal VIP
snatpool SNAT_internal {
members 10.10.10.100
}
this pool contains the webservers and NOT sitespect
pool vip_internal_http {
members
10.10.10.2:81
10.10.10.3:81
10.10.10.4:81
}