Forum Discussion
Michael_Hull_61
Nimbostratus
NimbostratusConnection verification to another pool
Pools are named Pool_1 and Pool_2 and exist on the same BigIP pair.
I want to know if an iRule can only allow a connection to Pool_2 if you already have a current connection to Pool_1?
Scenario 1:
A web client establishes a connection to a virtual tied to Pool_1.
From same host, opens up another web client and connects to another virtual tied to Pool_2. In this case, the connection to Pool_2 is successful because the host has already established a connection to Pool_1.
Scenario 2:
A web client tries to establish a connection to a virtual tied to Pool_2. The BigIP determines there is no connection already established with Pool_1 and drops/redirects the connection.
4 Replies
- JRahm
Admin
You should be able to populate a global array with client IP address when connected to Pool_1, then check the array when clients attempt connection on other vs with Pool_2, and discard if client IP is not in the array. This should get you started. You'll probably want to add some error checking and a method to clean up the array.virtual server 1 iRule (pool 1) when CLIENT_ACCEPTED { populate array with client IP address set ::pool1_clients([IP::client_addr]) use pool 1 } virtual server 2 iRule (pool 2) when CLIENT_ACCEPTED { if { [info exists $::pool1_clients([IP::client_addr])] } { use pool 2 } else { redirect "http://" } } 
Michael_Hull_61Thank you very much for your quick response!! I will get with the application owners to see when we can test these rules.- You should probably do this with the session table instead (using the "session add" and "session lookup" commands). The session table has a timeout associated with the entries, so you don't need to worry about eventually using up all the memory on your box since nothing removes entries from the global array.
- Try this rule:
virtual server 1 iRule (pool 1) when CLIENT_ACCEPTED { populate session table with client IP address for 1 hour session add source_addr [IP::client_addr] 1 3600 use pool 1 } virtual server 2 iRule (pool 2) when CLIENT_ACCEPTED { if { [session lookup source_addr [IP::client_addr]] } { use pool 2 } else { redirect "http://" } }
Note each session lookup refreshes the TTL on a session table entry, so as long as subsequent requests occur within an hour, the entry will remain active.
