Forum Discussion
winston_85158
Nimbostratus
Nimbostratusclone pool using irule
I have a setup where a clone pool is sending cloned HTTP traffic to a set of servers. On these servers I have a little process that captures incoming http request/responses and inserts them in a no-sql database for analysis purposes.
This works fine if I define the clone pool on the virtual server (client side clone pool). However, if I try to do the same using an irule I see no cloned traffic:
when CLIENT_ACCEPTED {
clone pool my_clone_pool
}
Questions:
- Any idea's what I am doing wrong?
- Is the clone command supposed to do client or server side cloning?
5 Replies
sirwinstonI just did some more testing and this may not be irule related. When I use a client side clone pool defined on the virtual server I see traffic on the clone pool members. If I use a server side clone pool I don't see the traffic. I don't understand why this doesn't work.My assumption is that the irule clone command works on server side. I tried the following :
when CLIENT_ACCEPTED {
clientside {clone pool my_clone_pool}
}
but this did not change the behavior.
any ideas/suggestions?
Michael_YatesClone Pooling is a two part process on a Virtual Server so you have to configure the ClientSide and the ServerSide.
I think that you need to configure the ServerSide clone pooling.when CLIENT_ACCEPTED { clientside { clone pool my_clone_pool } } when HTTP_RESPONSE { serverside { clone pool my_clone_pool } }- sirwinstonThat didn't work as well. I would also expect that you would clone both request and response on the same side (client or server) but that didn't do much either.
- Michael_YatesHave you tried removing the Clone Pool iRule and setting it on the Virtual Server to see if it provides you with the results you are looking for?
I would also expect that you would clone both request and response on the same side (client or server) but that didn't do much either.
Clone Pooling works by sending the traffic to two different MAC Addresses, so anything coming FROM the Client is sent to the destination Pool configured on the Virtual Server or via iRule routing AND to the MAC Address of the server (after a Load Balancing Decision is made) Pool configured on the Virtual Server (Clone Pool (Client)) or iRule. When the response traffic is sent back to the BigIP from the Server the same type of process is followed.
So you can split your Clone Pool Traffic to different server pools. This could be used by IDS (Intrusion Detection Systems) or other systems like TeaLeaf. - sirwinstonHave you tried removing the Clone Pool iRule and setting it on the Virtual Server to see if it provides you with the results you are looking for?
Yes, as I said earlier. Configuring it on the virtual server works if I define it as client side clone pool. I see the traffic on the clone pool member. If I change it to a server side clone pool I see no traffic. This is probably a setup problem on my side, but I don't understand why.
However, since the client side clone pool is working when defined on the VS I would like to see the same behavior when using an iRule. The reason for the iRule is that I would like to be able to do selective cloning (only specific request).
