clone pool using irule

Question

I have a setup where a clone pool is sending cloned HTTP traffic to a set of servers. On these servers I have a little process that captures incoming http request/responses and inserts them in a no-sql database for analysis purposes.

This works fine if I define the clone pool on the virtual server (client side clone pool). However, if I try to do the same using an irule I see no cloned traffic:

when CLIENT_ACCEPTED {

clone pool my_clone_pool

}

Questions:

- Any idea's what I am doing wrong?

- Is the clone command supposed to do client or server side cloning?

sirwinston · Answer

I just did some more testing and this may not be irule related. When I use a client side clone pool defined on the virtual server I see traffic on the clone pool members. If I use a server side clone pool I don't see the traffic. I don't understand why this doesn't work.

My assumption is that the irule clone command works on server side. I tried the following :

when CLIENT_ACCEPTED {

clientside {clone pool my_clone_pool}

}

but this did not change the behavior.

any ideas/suggestions?

michael_yates · Answer

Clone Pooling is a two part process on a Virtual Server so you have to configure the ClientSide and the ServerSide. 
  
 I think that you need to configure the ServerSide clone pooling.

when CLIENT_ACCEPTED {
clientside { clone pool my_clone_pool }
}
when HTTP_RESPONSE {
serverside { clone pool my_clone_pool }
}

sirwinston · Answer

That didn't work as well. I would also expect that you would clone both request and response on the same side (client or server) but that didn't do much either.&nbsp;&nbsp;

michael_yates · Answer

Have you tried removing the Clone Pool iRule and setting it on the Virtual Server to see if it provides you with the results you are looking for? 
&nbsp;  
&nbsp;  
&nbsp;  I would also expect that you would clone both request and response on the same side (client or server) but that didn't do much either. 
&nbsp;  
&nbsp;  
&nbsp; Clone Pooling works by sending the traffic to two different MAC Addresses, so anything coming FROM the Client is sent to the destination Pool configured on the Virtual Server or via iRule routing AND to the MAC Address of the server (after a Load Balancing Decision is made) Pool configured on the Virtual Server (Clone Pool (Client)) or iRule.  When the response traffic is sent back to the BigIP from the Server the same type of process is followed. 
&nbsp;  
&nbsp; So you can split your Clone Pool Traffic to different server pools.  This could be used by IDS (Intrusion Detection Systems) or other systems like TeaLeaf.

sirwinston · Answer

Have you tried removing the Clone Pool iRule and setting it on the Virtual Server to see if it provides you with the results you are looking for?  
&nbsp;  
&nbsp; Yes, as I said earlier. Configuring it on the virtual server works if I define it as client side clone pool. I see the traffic on the clone pool member. If I change it to a server side clone pool I see no traffic. This is probably a setup problem on my side, but I don't understand why. 
&nbsp;  
&nbsp; However, since the client side clone pool is working when defined on the VS I would like to see the same behavior when using an iRule. The reason for the iRule is that I would like to be able to do selective cloning (only specific request). &nbsp;

Forum Discussion

clone pool using irule

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

IP Filtering using Xff-clientip in iRule

Using iRule to prompt for Client SSL Cert

HTTP::redirect doesn't work for multiple conditions, URL redirect doesn't work using iRule

Using irule which inspects perticular URI

How to use the ":1" in irules with HTTP:QUERY?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS