Forum Discussion
Altostratuschange irule destined pool1 to pool2 while oneconnect is enabled in HTTP virtual server
Abstract from ASK F5 iRules
When a local traffic configuration object or behavior is modified by an iRule, changes to that iRule will only apply to new connections. In these situations, existing connections will be subject to the conditions defined in the iRule at the time the connection was first associated with the rule.
Note: iRules modification may have broader affects beyond load balancing configuration options, depending on the complexity of a given iRule. For more information about the ramifications of modifying iRules, refer to DevCentral. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).
In the following example iRule, a load balancing decision is made depending on the URI of the HTTP request:
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/baduri" } { HTTP::respond 200 content { 404 This Page is not available. } } else { pool MyPool1 } }
If the iRule is modified and the destination pool is changed, the connection table will display existing connections established to pool members that are not members of the pool currently referenced by the iRule.
For example, the following excerpted connection table entries demonstrate that two connections are extant on the same virtual server, but only one references a pool and pool member currently defined in the iRule:
Sys::Connections
10.1.1.20:1068 - 10.1.1.2:80 - 10.2.2.4:80 ClientSide ServerSide
Client Addr 10.1.1.20:1068 10.2.2.1:1068 Server Addr 10.1.1.2:80 10.2.2.4:80 Bits In 10.4K 5.3K Bits Out 4.9K 10.4K Packets In 6 4 Packets Out 3 6
10.1.1.20:1069 - 10.1.1.2:80 - 10.2.2.5:80
ClientSide ServerSide Client Addr 10.1.1.20:1069 10.2.2.1:1069 Server Addr 10.1.1.2:80 10.2.2.5:80 Bits In 3.6K 3.0K Bits Out 2.6K 3.7K Packets In 4 3 Packets Out 2 4Total records returned: 2
I have one question: if oneconnect is enabled in this virutal server,and I changed the destined pool in irule,whether it affect the existing connections Suppose there are keep alive connection between client and F5 LTM
11 Replies
- Kevin_Stewart
Employee
Refer to: sol7964: Persistence may fail for subsequent requests on Keep-Alive connections:
If a OneConnect profile is associated with the virtual server, the BIG-IP system selects a pool member when the client-side connection is first established. When the response is complete, the BIG-IP system automatically detaches the server-side connection. When a subsequent request arrives on the same Keep-Alive connection, a new load balancing decision is made, using persistence information if it is available. When an HTTP client sends multiple requests within a single Keep-Alive connection, the BIG-IP system is able to load balance and persist each HTTP request individually, and sends each HTTP request to the appropriate destination server.
So essentially, yes. OneConnect will disconnect the server side connection between requests regardless of the client side keep-alive.
Robert_47833Hi,Kevin thx for your answer Actually I am confused by whether change on irule will affect the current connection if oneconnect is enabled suppose Client sends multiple requests within a single keep-alive connection
such as uri /xyz ---> pool1 now I change it to uri /xyz----->pool2 in irule
in the same tcp conneciton,whether it will goes to pool2 or still hit pool2 since the abstract from ASK F5: "changes to that iRule will only apply to new connections. In these situations, existing connections will be subject to the conditions defined in the iRule at the time the connection was first associated with the rule."
- Kevin_Stewart
That's what OneConnect is supposed to do - disconnect the server side connection between requests. Are you seeing a different behavior?
- Robert_47833
yes,I saw a different behavior
even I changed the pool from pool1 to pool2,it kept going to pool1 this behavior matches what is said in ASK F5:changes on irule affect new CONNECTION it seems ltm has remembered the last pool selected ,even server side connection is detached.
it doesn't mention the behavior if VIP with oneconnect
I am a little confused by this and want to know the answer
Hope I can get confirmation from you:)
- Kevin_Stewart
Well, OneConnect should be allowing subsequent requests to be rerouted. Can you share your iRule, config, and version? Maybe something else is going on.
- Robert_47833
b virtual test list virtual testvip { snat automap destination 10.130.4.118:http ip protocol tcp rules rule1 profiles { http {} oneconnect {} serverssl { serverside } tcp-lan-optimized {} } } rule rule1 when HTTP_REQUEST { switch -glob [HTTP::path] { "/xyz/*" { SSL::disable serverside pool pool1 return } default { HTTP::respond 404 content " Nothing found at that URL. " return } } } ~ b conn server 10.130.4.118 10.80.35.140:35448 <-> 10.130.4.118:http <-> any6 tcp 1/0 10.80.35.150:50890 <-> 10.130.4.118:http <-> any6 tcp 1/0 - Kevin_Stewart
Okay, now I'm confused. Where are you sending traffic to pool2?
- Robert_47833
/xyz/_---->pool1
if I change it as:
/xyz/_------->pool2
traffic still goes to pool1
client connection still be there since it is keep alive connection
- JRahm
Admin
active connections will remain on the previous version of that iRule. Only new connections engage when the iRule is updated.
- Robert_47833
ah,so even with oneconnect,if client side connection still be there,it will still use the old version irule,right?
- Kevin_StewartCorrect.
