Forum Discussion
Brian_69413
Nimbostratus
NimbostratusDirect Server Access
I have the following iRule which seems to work at first, but then I see traffic to other pool members as well...not sure what I am missing here?
when RULE_INIT {
Log debug to /var/log/ltm? 1=yes, 0=no.
set ::debug_code 1
set ::server_direct 0
}
when HTTP_REQUEST {
Only apply rule if this request is coming from a internal addresses
if { [matchclass [IP::client_addr] equals $::internal_address_dg]} {
if { ([HTTP::uri] contains "?srv=") and ([HTTP::uri] contains "?port=") }{
set server_ip [URI::query [HTTP::uri] srv]
set server_port [URI::query [HTTP::uri] port]
set ::server_direct 1
if {$::debug_code}{log local0. "[IP::client_addr] is attempting to send [HTTP::host] traffic to $server_ip:$server_port"}
pool [LB::server pool] member $server_ip $server_port
}
}
}
when LB_FAILED {
If the selection fails and t
if {$::debug_code}{log local0. "Pool member selection failed, using default pool..."}
if { $::server_direct }{
HTTP::respond 200 content {
Invalid Direct Server Access: [HTTP::host][HTTP::uri]
}
}
}
12 Replies
What_Lies_Bene1Cirrostratus
I think you might need to use LB::detach before the pool command.
Persistence might also be an issue, you may want to apply a OneConnect profile to the Virtual Server and see if that helps first.- Brian_69413I added the LB::detach command and I applied a OneConnect profile. The persistence mode is session cookie. I can even close my browser, verify that there are no connection on the LB for my client before opening a new connection to a different server and the traffic still goes to the same server.
- What_Lies_Bene1A new connection to a different server? Do you mean Virtual Server? What's the load balancing method?
This line looks wrong: if { [matchclass [IP::client_addr] equals $::internal_address_dg] < Remove the $::
I'd also suggest you add some logging to check things are working, particularly after both of these;
set server_ip [URI::query [HTTP::uri] srv]
log local.0 "Server IP is $server_ip"
set server_port [URI::query [HTTP::uri] port]
log local.0 "Server Port is $server_port" - Brian_69413The idea here is that I would like to be able to pick which backend pool member my traffic goes to, so I send the server/port via URI parameters. Same virtual server, different parameters. Observed is the load balancing method.
The matchclass line works fine in version 10. I set up logging and it appears to be working as expected. The line "log local0. "[IP::client_addr] is attempting to send [HTTP::host] traffic to $server_ip:$server_port"" hits the ltm logfile showing the correct pool member information, but the actual traffic does not go to that server 100% of the time. - What_Lies_Bene1Can you add a log line after the pool command which includes 'LB::server addr' and 'LB::persist' please. Also, are you sure you are including the relevant parameters in every request? I wonder if you need to disable persistence when you do?
- Brian_69413Added the log line and it shows the correct server and cookie persistence. I am sure each request has the parameters, but the tcpdump clearly shows the traffic going to a different server. Any idea how to disable cookie persistence for this case?
- What_Lies_Bene1You could add the 'persist none' command, the earlier in the rule the better I would have thought. Make sure OneConnect is applied.
- Brian_69413I added the persist none to the rule, but the traffic still goes to other servers. I am really starting to wonder what is going on now...
- What_Lies_Bene1I'm pretty much out of ideas I'm afraid. My last random suggestion is to use the node command instead of the pool command; https://devcentral.f5.com/wiki/iRules.node.ashx and see if that helps.
- Brian_69413yeah, I had tried that, but it has similar behavior...something is still at play here that I cannot figure out.
