Forum Discussion

BaltoStar_12467's avatar
BaltoStar_12467
Mar 08, 2015

BIG-IP : iRule event appropriate to log final pool destination

F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi

For a virtual-server assigned a complex stack of iRules, I need to log the final route destination pool ( if any ). So, this would the final pool set within any event ( i'm not clear on whether destination pool can be set in events other than HTTP_REQUEST ) :

pool my-pool-nn

Does BIG-IP provide an event that fires only after processing has completed for all HTTP_REQUEST events processed in an iRule stack ?

LB_SELECTED seems promising - but this event only fire afte all HTTP_REQUEST event processing has completed ?

NOTE: the virtual-server does not have an assigned OneConnect profile

application delivery
design
devops
irule
iRules
LTM
virtual server
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Mar 09, 2015

    SERVER_CONNECTED appears a good candidate but command behavior is as if serverside command has been issued -- but what exactly does serverside do ?

     

    it means serverside connection has been established e.g. 3-way handshake between bigip and server.

     

    • BaltoStar_12467's avatar
      BaltoStar_12467
      Mar 09, 2015
      thanks nitass. so if inside SERVER_CONNECTED , LB::server gives the destinated server that traffic will definitely will be routed to ? what system var gives the associated pool ?
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 09, 2015

    SERVER_CONNECTED appears a good candidate but command behavior is as if serverside command has been issued -- but what exactly does serverside do ?

     

    it means serverside connection has been established e.g. 3-way handshake between bigip and server.

     

    • BaltoStar_12467's avatar
      BaltoStar_12467
      Mar 09, 2015
      thanks nitass. so if inside SERVER_CONNECTED , LB::server gives the destinated server that traffic will definitely will be routed to ? what system var gives the associated pool ?
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Mar 09, 2015

    so if inside SERVER_CONNECTED , LB::server gives the destinated server that traffic will definitely will be routed to ? what system var gives the associated pool ?

    e.g.

     configuration

[root@ve11c:Active:In Sync] config  tmsh list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 8
}
[root@ve11c:Active:In Sync] config  tmsh list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
[root@ve11c:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  log local0. "\[IP::client_addr\]:\[TCP::client_port\]=[IP::client_addr]:[TCP::client_port] \
    \[LB::server pool\]=[LB::server pool] \
    \[LB::server addr\]=[LB::server addr]"
}
when HTTP_REQUEST priority 100 {
  pool foo
  log local0. "pool foo"
}
when HTTP_REQUEST priority 1000 {
  log local0. "\[IP::client_addr\]:\[TCP::client_port\]=[IP::client_addr]:[TCP::client_port] \
    \[LB::server pool\]=[LB::server pool] \
    \[LB::server addr\]=[LB::server addr] \
    \[HTTP::host\]\[HTTP::uri\]=[HTTP::host][HTTP::uri]"
}
when LB_SELECTED {
  log local0. "\[IP::client_addr\]:\[TCP::client_port\]=[IP::client_addr]:[TCP::client_port] \
    \[LB::server pool\]=[LB::server pool] \
    \[LB::server addr\]=[LB::server addr]"
}
when SERVER_CONNECTED {
  log local0. "\[IP::client_addr\]:\[TCP::client_port\]=[IP::client_addr]:[TCP::client_port] \
    \[LB::server pool\]=[LB::server pool] \
    \[LB::server addr\]=[LB::server addr] \
    \[IP::server_addr\]:\[TCP::server_port\]=[IP::server_addr]:[TCP::server_port]"
}
when HTTP_RESPONSE {
  log local0. "\[IP::client_addr\]:\[TCP::client_port\]=[IP::client_addr]:[TCP::client_port] \
    \[LB::server pool\]=[LB::server pool] \
    \[LB::server addr\]=[LB::server addr] \
    \[IP::server_addr\]:\[TCP::server_port\]=[IP::server_addr]:[TCP::server_port] \
    \[HTTP::status\]=[HTTP::status]"
}
}

 /var/log/ltm

[root@ve11c:Active:In Sync] config  tail -f /var/log/ltm
Mar  9 13:30:21 ve11c info tmm1[15262]: Rule /Common/qux : [IP::client_addr]:[TCP::client_port]=192.168.206.73:63213  [LB::server pool]=  [LB::server addr]=172.28.24.10
Mar  9 13:30:21 ve11c info tmm1[15262]: Rule /Common/qux : pool foo
Mar  9 13:30:21 ve11c info tmm1[15262]: Rule /Common/qux : [IP::client_addr]:[TCP::client_port]=192.168.206.73:63213  [LB::server pool]=/Common/foo  [LB::server addr]=  [HTTP::host][HTTP::uri]=172.28.24.10/
Mar  9 13:30:21 ve11c info tmm1[15262]: Rule /Common/qux : [IP::client_addr]:[TCP::client_port]=192.168.206.73:63213  [LB::server pool]=/Common/foo  [LB::server addr]=200.200.200.101
Mar  9 13:30:21 ve11c info tmm1[15262]: Rule /Common/qux : [IP::client_addr]:[TCP::client_port]=192.168.206.73:63213  [LB::server pool]=/Common/foo  [LB::server addr]=200.200.200.101  [IP::server_addr]:[TCP::server_port]=200.200.200.101:80
Mar  9 13:30:21 ve11c info tmm1[15262]: Rule /Common/qux : [IP::client_addr]:[TCP::client_port]=192.168.206.73:63213  [LB::server pool]=/Common/foo  [LB::server addr]=200.200.200.101  [IP::server_addr]:[TCP::server_port]=200.200.200.101:80  [HTTP::status]=200
    • BaltoStar_12467's avatar
      BaltoStar_12467
      Mar 09, 2015
      within LB_SELECTED , do [LB::server pool] and [LB::server addr] provide the final destination pool+server ? in other words, it's no longer possible to change destination pool within HTTP_REQUEST ( in any iRule ) ?
    • BaltoStar_12467's avatar
      BaltoStar_12467
      Mar 09, 2015
      event sequence perhaps confusing because it also makes sense that in higher-priority ( lower numerical value ) irule-01 HTTP_REQUEST sets destination then LB_SELECTED fires in irule-01 but then in lower-priority ( higher numerical value ) irule-02 pool is reset to different destination pool
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 09, 2015

    so if inside SERVER_CONNECTED , LB::server gives the destinated server that traffic will definitely will be routed to ? what system var gives the associated pool ?

    e.g.

     configuration

[root@ve11c:Active:In Sync] config  tmsh list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 8
}
[root@ve11c:Active:In Sync] config  tmsh list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
[root@ve11c:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  log local0. "\[IP::client_addr\]:\[TCP::client_port\]=[IP::client_addr]:[TCP::client_port] \
    \[LB::server pool\]=[LB::server pool] \
    \[LB::server addr\]=[LB::server addr]"
}
when HTTP_REQUEST priority 100 {
  pool foo
  log local0. "pool foo"
}
when HTTP_REQUEST priority 1000 {
  log local0. "\[IP::client_addr\]:\[TCP::client_port\]=[IP::client_addr]:[TCP::client_port] \
    \[LB::server pool\]=[LB::server pool] \
    \[LB::server addr\]=[LB::server addr] \
    \[HTTP::host\]\[HTTP::uri\]=[HTTP::host][HTTP::uri]"
}
when LB_SELECTED {
  log local0. "\[IP::client_addr\]:\[TCP::client_port\]=[IP::client_addr]:[TCP::client_port] \
    \[LB::server pool\]=[LB::server pool] \
    \[LB::server addr\]=[LB::server addr]"
}
when SERVER_CONNECTED {
  log local0. "\[IP::client_addr\]:\[TCP::client_port\]=[IP::client_addr]:[TCP::client_port] \
    \[LB::server pool\]=[LB::server pool] \
    \[LB::server addr\]=[LB::server addr] \
    \[IP::server_addr\]:\[TCP::server_port\]=[IP::server_addr]:[TCP::server_port]"
}
when HTTP_RESPONSE {
  log local0. "\[IP::client_addr\]:\[TCP::client_port\]=[IP::client_addr]:[TCP::client_port] \
    \[LB::server pool\]=[LB::server pool] \
    \[LB::server addr\]=[LB::server addr] \
    \[IP::server_addr\]:\[TCP::server_port\]=[IP::server_addr]:[TCP::server_port] \
    \[HTTP::status\]=[HTTP::status]"
}
}

 /var/log/ltm

[root@ve11c:Active:In Sync] config  tail -f /var/log/ltm
Mar  9 13:30:21 ve11c info tmm1[15262]: Rule /Common/qux : [IP::client_addr]:[TCP::client_port]=192.168.206.73:63213  [LB::server pool]=  [LB::server addr]=172.28.24.10
Mar  9 13:30:21 ve11c info tmm1[15262]: Rule /Common/qux : pool foo
Mar  9 13:30:21 ve11c info tmm1[15262]: Rule /Common/qux : [IP::client_addr]:[TCP::client_port]=192.168.206.73:63213  [LB::server pool]=/Common/foo  [LB::server addr]=  [HTTP::host][HTTP::uri]=172.28.24.10/
Mar  9 13:30:21 ve11c info tmm1[15262]: Rule /Common/qux : [IP::client_addr]:[TCP::client_port]=192.168.206.73:63213  [LB::server pool]=/Common/foo  [LB::server addr]=200.200.200.101
Mar  9 13:30:21 ve11c info tmm1[15262]: Rule /Common/qux : [IP::client_addr]:[TCP::client_port]=192.168.206.73:63213  [LB::server pool]=/Common/foo  [LB::server addr]=200.200.200.101  [IP::server_addr]:[TCP::server_port]=200.200.200.101:80
Mar  9 13:30:21 ve11c info tmm1[15262]: Rule /Common/qux : [IP::client_addr]:[TCP::client_port]=192.168.206.73:63213  [LB::server pool]=/Common/foo  [LB::server addr]=200.200.200.101  [IP::server_addr]:[TCP::server_port]=200.200.200.101:80  [HTTP::status]=200
    • BaltoStar_12467's avatar
      BaltoStar_12467
      Mar 09, 2015
      within LB_SELECTED , do [LB::server pool] and [LB::server addr] provide the final destination pool+server ? in other words, it's no longer possible to change destination pool within HTTP_REQUEST ( in any iRule ) ?
    • nitass's avatar
      nitass
      Icon for Employee rankEmployee
      Mar 09, 2015
      yes LB_SELECTED is triggered after HTTP_REQUEST, isn't it?
    • BaltoStar_12467's avatar
      BaltoStar_12467
      Mar 09, 2015
      event sequence perhaps confusing because it also makes sense that in higher-priority ( lower numerical value ) irule-01 HTTP_REQUEST sets destination then LB_SELECTED fires in irule-01 but then in lower-priority ( higher numerical value ) irule-02 pool is reset to different destination pool
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Mar 09, 2015

    I could see within a specific iRule LB_SELECTED firing following setting a destination pool in HTTP_REQUEST , but then in another lower-priority ( higher numerical value ) iRule , pool is reset to a different destination pool

    are you looking at one connection (e.g. same source ip and port)? if yes, can you add oneconnect profile?

     configuration without oneconnect

[root@ve11c:Active:In Sync] config  tmsh list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 8
}
[root@ve11c:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  log local0. "[IP::client_addr]:[TCP::client_port]"
}
when HTTP_REQUEST {
  pool foo
  log local0. "[IP::client_addr]:[TCP::client_port] [HTTP::host][HTTP::uri]"
}
when LB_SELECTED {
  log local0. "[IP::client_addr]:[TCP::client_port]"
}
when SERVER_CONNECTED {
  log local0. "[IP::client_addr]:[TCP::client_port]"
}
}

 /var/log/ltm

[root@ve11c:Active:In Sync] config  tail -f /var/log/ltm
Mar  9 14:07:35 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283
Mar  9 14:07:35 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283 172.28.24.10/
Mar  9 14:07:35 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283
Mar  9 14:07:35 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283
Mar  9 14:07:36 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283 172.28.24.10/
Mar  9 14:07:36 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283 172.28.24.10/
Mar  9 14:07:36 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283 172.28.24.10/

 configuration with oneconnect

[root@ve11c:Active:In Sync] config  tmsh list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        oneconnect { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 8
}

 /var/log/ltm

[root@ve11c:Active:In Sync] config  tail -f /var/log/ltm
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284 172.28.24.10/
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284 172.28.24.10/
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284 172.28.24.10/
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284 172.28.24.10/
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284
    • BaltoStar_12467's avatar
      BaltoStar_12467
      Mar 09, 2015
      thanks very much for the info ( as always ) but i'm still not confident in an answer to my question. i'm still not clear on how to ensure that i am logging the final destination pool : i want to log the pool-name when it's no longer possible for any event in any iRule to set the pool. please note that none of my virtual-servers are assigned a OneConnect profile.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 09, 2015

    I could see within a specific iRule LB_SELECTED firing following setting a destination pool in HTTP_REQUEST , but then in another lower-priority ( higher numerical value ) iRule , pool is reset to a different destination pool

    are you looking at one connection (e.g. same source ip and port)? if yes, can you add oneconnect profile?

     configuration without oneconnect

[root@ve11c:Active:In Sync] config  tmsh list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 8
}
[root@ve11c:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  log local0. "[IP::client_addr]:[TCP::client_port]"
}
when HTTP_REQUEST {
  pool foo
  log local0. "[IP::client_addr]:[TCP::client_port] [HTTP::host][HTTP::uri]"
}
when LB_SELECTED {
  log local0. "[IP::client_addr]:[TCP::client_port]"
}
when SERVER_CONNECTED {
  log local0. "[IP::client_addr]:[TCP::client_port]"
}
}

 /var/log/ltm

[root@ve11c:Active:In Sync] config  tail -f /var/log/ltm
Mar  9 14:07:35 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283
Mar  9 14:07:35 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283 172.28.24.10/
Mar  9 14:07:35 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283
Mar  9 14:07:35 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283
Mar  9 14:07:36 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283 172.28.24.10/
Mar  9 14:07:36 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283 172.28.24.10/
Mar  9 14:07:36 ve11c info tmm1[15262]: Rule /Common/qux : 172.28.24.1:52283 172.28.24.10/

 configuration with oneconnect

[root@ve11c:Active:In Sync] config  tmsh list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        oneconnect { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 8
}

 /var/log/ltm

[root@ve11c:Active:In Sync] config  tail -f /var/log/ltm
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284 172.28.24.10/
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284 172.28.24.10/
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284 172.28.24.10/
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284 172.28.24.10/
Mar  9 14:09:33 ve11c info tmm[15262]: Rule /Common/qux : 172.28.24.1:52284
    • BaltoStar_12467's avatar
      BaltoStar_12467
      Mar 09, 2015
      thanks very much for the info ( as always ) but i'm still not confident in an answer to my question. i'm still not clear on how to ensure that i am logging the final destination pool : i want to log the pool-name when it's no longer possible for any event in any iRule to set the pool. please note that none of my virtual-servers are assigned a OneConnect profile.