Forum Discussion
NimbostratusAssistance required with irule for airwatch
any help anyone can provide will REALLY be appreciated. We are in the middle of an Airwatch deployment and we have setup our AWCM servers in a load balance behind an F5. We were finding lots of problems were occurring during the setup, and we have discovered it's related to the persistence.
The Airwatch documentation does not seem to help much but here is what they are telling me. We need to write a iRule to persist based on the awcmsessionid value, which can be either a variable in a URL or in the HTTP header depending on what is contacting AWCM.
an example of the value in a URL is https://aw.airwatch.com:2001/awcm?awcmsessionid=23213043-543348se
an example of the value in an HTTP header awcmsessionid: 293cc42-545ll2hwj2-
In the rule we will need to get that value put in a variable and then run the persist command on it persist carp $variable
Any help anyone can provide in writing this iRule would be lot of help since this is my first look at iRules.
Thx for your time.
7 Replies
What_Lies_Bene1Cirrostratus
OK, this shouldn't be too hard. Any specific reason you want to use CARP? Here's a first attempt;
when HTTP_RESPONSE { Check the awcmsessionid header exists if { [HTTP::header exists "awcmsessionid"] } { If it does, check it has a usable value if { [HTTP::header value "awcmsessionid"] != "" } { If it does, use it to create a persistence record persist add uie [HTTP::header value "awcmsessionid"] 1800 } else { log local0. "The awcmsessionid HTTP header was found but is null" No luck then, will need to rely on request query string if we can } else { log local0. "The awcmsessionid HTTP header was not found" No luck then, will need to rely on request query string } } } when HTTP_REQUEST { Check the awcmsessionid header exists if { [HTTP::header exists "awcmsessionid"] } { If it does, check it has a usable value if { [HTTP::header value "awcmsessionid"] != "" } { If it does, use it to do a persistence lookup If you need to select a pool, do so here, before we persist persist uie [HTTP::header value "awcmsessionid"] 1800 exit here to ensure we don't do two persistence lookups return } else { log local0. "The awcmsessionid HTTP header was found but is null" No luck then, will need to rely on request query string } } No header so lets use the HTTP query instead, if we can Check the right string exists if { [string tolower [HTTP::query ]] contains "awcmsessionid" } { The required query string is there, let's get it's value We'll find awcmsessionid, move one to the right (the =) and store data to the end of the query in our variable set querystring [findstr [HTTP::query] "awcmsessionid" "1"] Lets check its not null if { $querystring != "" } { persist uie $querystring 1800 } else { log local0. "No header or relevant query string found - can't persist" } } }
Aldo_Peirano_17Wow, thank you so much I will give it a try today and see how that works out. We are using CARP as their document outlines how to setup a Persistence profile using the CARP Hash Algorithm. Really new to the F5 so i'm just following directions on this one :).
Really appreciate your help I will let you know how it works out for us.
Regard.
- What_Lies_Bene1
You're very welcome. A few things to note;
- I've not used CARP in this iRule as I'm not sure it'll work in this case. I'll reconsider if you tell me the existing rule doesn't work.
- You may need to enable OneConnect to ensure this works correctly.
Cheers
- What_Lies_Bene1
Just tested syntax on my AWS lab, had a few errors. Here is a corrected version;
when HTTP_RESPONSE { Check the awcmsessionid header exists if { [HTTP::header exists "awcmsessionid"] } { If it does, check it has a usable value if { [HTTP::header value "awcmsessionid"] != "" } { If it does, use it to create a persistence record persist add uie [HTTP::header value "awcmsessionid"] 1800 } else { log local0. "The awcmsessionid HTTP header was found but is null" No luck then, will need to rely on request query string if we can } } If no header found log local0. "The awcmsessionid HTTP header was not found" } when HTTP_REQUEST { Check the awcmsessionid header exists if { [HTTP::header exists "awcmsessionid"] } { If it does, check it has a usable value if { [HTTP::header value "awcmsessionid"] != "" } { If it does, use it to do a persistence lookup If you need to select a pool, do so here, before we persist persist uie [HTTP::header value "awcmsessionid"] 1800 exit here to ensure we don't do two persistence lookups return } else { log local0. "The awcmsessionid HTTP header was found but is null" No luck then, will need to rely on request query string } } No header so lets use the HTTP query instead, if we can Check the right string exists if { [string tolower [HTTP::query ]] contains "awcmsessionid" } { The required query string is there, let's get it's value We'll find awcmsessionid, move one to the right (the =) and store data to the end of the query in our variable set querystring [findstr [HTTP::query] "awcmsessionid" "1"] Lets check its not null if { $querystring != "" } { persist uie $querystring 1800 } else { log local0. "No header or relevant query string found - can't persist" } } } 
syedimam_147051Hi I am also in the process of deploying Airwatch. Can anyone please confirm if this iRULE works? Thanks Syed
- Cory_O
Cirrus
We have ADCs on both the upstream and downstream sides of our AirWatch SEG environment. Since all the devices are merely MS Exchange ActiveSync clients, we used the same persistence and overall settings as detailed in the F5 Exchange Deployment Guide. Simply follow the manual process in the guide for the ActiveSync service.
Health monitoring on the upstream side [SEG] required the following three monitors:
ltm monitor https /Common/ActiveSync_https_monitor { cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from /Common/https destination *:* interval 10 ip-dscp 0 recv "HTTP/1.1 401 Unauthorized" send "GET /Microsoft-Server-Activesync HTTP/1.1\\r\\nHost: %YOUR_FQDN_HERE%\\r\\nConnec tion: Close\\r\\n\\r\\n" time-until-up 0 timeout 31 } ltm monitor https /Common/EASIntegration_https_monitor { cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from /Common/https destination *:* interval 10 ip-dscp 0 recv "HTTP/1.1 200 OK" send "GET /SegConsole/management.ashx\?ping HTTP/1.1\\r\\nHost: %YOUR_FQDN_HERE%\\r\\nC onnection: Close\\r\\n\\r\\n" time-until-up 0 timeout 31 } ltm monitor https /Common/SEGConsole_https_monitor { cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from /Common/https destination *:* interval 10 ip-dscp 0 recv "HTTP/1.1 200 OK" send "GET /SegConsole/default.aspx HTTP/1.1\\r\\nHost: %YOUR_FQDN_HERE%\\r\\nConnection : Close\\r\\n\\r\\n" time-until-up 0 timeout 31 }This is of course assuming you're using SEG and not another AW product!
I hope that helps!
-C
- syedimam_147051
Thanks so much, currently we are deploying Device Servers and AWCM with Console Servers. Any help with AWCM persistance please. Thanks Syed
