Forum Discussion
Brian_69413
Nov 06, 2012Nimbostratus
Direct Server Access
I have the following iRule which seems to work at first, but then I see traffic to other pool members as well...not sure what I am missing here?
when RULE_INIT {
Log debug to /var/log/ltm? 1=yes, 0=no.
set ::debug_code 1
set ::server_direct 0
}
when HTTP_REQUEST {
Only apply rule if this request is coming from a internal addresses
if { [matchclass [IP::client_addr] equals $::internal_address_dg]} {
if { ([HTTP::uri] contains "?srv=") and ([HTTP::uri] contains "?port=") }{
set server_ip [URI::query [HTTP::uri] srv]
set server_port [URI::query [HTTP::uri] port]
set ::server_direct 1
if {$::debug_code}{log local0. "[IP::client_addr] is attempting to send [HTTP::host] traffic to $server_ip:$server_port"}
pool [LB::server pool] member $server_ip $server_port
}
}
}
when LB_FAILED {
If the selection fails and t
if {$::debug_code}{log local0. "Pool member selection failed, using default pool..."}
if { $::server_direct }{
HTTP::respond 200 content {
Invalid Direct Server Access: [HTTP::host][HTTP::uri]
}
}
}
- What_Lies_Bene1CirrostratusI think you might need to use LB::detach before the pool command.
- Brian_69413NimbostratusI added the LB::detach command and I applied a OneConnect profile. The persistence mode is session cookie. I can even close my browser, verify that there are no connection on the LB for my client before opening a new connection to a different server and the traffic still goes to the same server.
- What_Lies_Bene1CirrostratusA new connection to a different server? Do you mean Virtual Server? What's the load balancing method?
- Brian_69413NimbostratusThe idea here is that I would like to be able to pick which backend pool member my traffic goes to, so I send the server/port via URI parameters. Same virtual server, different parameters. Observed is the load balancing method.
- What_Lies_Bene1CirrostratusCan you add a log line after the pool command which includes 'LB::server addr' and 'LB::persist' please. Also, are you sure you are including the relevant parameters in every request? I wonder if you need to disable persistence when you do?
- Brian_69413NimbostratusAdded the log line and it shows the correct server and cookie persistence. I am sure each request has the parameters, but the tcpdump clearly shows the traffic going to a different server. Any idea how to disable cookie persistence for this case?
- What_Lies_Bene1CirrostratusYou could add the 'persist none' command, the earlier in the rule the better I would have thought. Make sure OneConnect is applied.
- Brian_69413NimbostratusI added the persist none to the rule, but the traffic still goes to other servers. I am really starting to wonder what is going on now...
- What_Lies_Bene1CirrostratusI'm pretty much out of ideas I'm afraid. My last random suggestion is to use the node command instead of the pool command; https://devcentral.f5.com/wiki/iRules.node.ashx and see if that helps.
- Brian_69413Nimbostratusyeah, I had tried that, but it has similar behavior...something is still at play here that I cannot figure out.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects