Forum Discussion
AltostratusF5 need to same data to different nodes on a same vip
can i terminate tls connections on f5 and then f5 need to send same data to 2 different nodes. Is this possible.
Hello Sam.
You have the iRule already explained here
https://devcentral.f5.com/s/articles/http-request-cloning-via-irules-part-1
The idea is to use High Speed Logging to send a clone of the initial packet to another set of servers (pool).
Other idea is to use sideband connections with the HSSR feature.
https://clouddocs.f5.com/api/irules/HTTP-Super-SIDEBAND-Requestor-Client-Handles-Redirects-Cookies-Chunked-Transfer-APM-Access-etc.html
Everything depends on your scenario.
BTW, I would appreciate if you mark my answer as the best or give me some upvotes.
Thanks.
KR,
Dario.
3 Replies
Dario_GarridoNoctilucent
Hello Sam.
ā
There are some approaches that can vary depends on your topology and goal. I recommend you to check this out.
- SSLO - https://youtu.be/AadhUC5FNGs
- Interface Mirroring/Pool Clonning - https://support.f5.com/csp/article/K13392
- IRules for Packet Duplication - (1) https://devcentral.f5.com/s/articles/http-request-cloning - (2) https://devcentral.f5.com/s/articles/udp-tcp-packet-duplication
ā
KR,
Dario.
Sam10Dario thanks for your response.
If go with this option how is cloning going to work across 2 servers. Can you help me understand the logic
rule http_request_clone_one_pool {
when RULE_INIT {
set static::hsl_debug 1
set static::hsl_pool "my_syslog_pool"
}
when CLIENT_ACCEPTED {
if {[active_members $static::hsl_pool]==0}{
log "[IP::client_addr]:[TCP::client_port]: [virtual name] $static::hsl_pool down, not logging"
set bypass 1
return
} else {
set bypass 0
}
set hsl [HSL::open -proto TCP -pool $static::hsl_pool]
if {$static::hsl_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: New hsl handle: $hsl"}
}
when HTTP_REQUEST {
if {$bypass}{
return
}
HTTP::header insert X-Forwarded-For [IP::client_addr]
if {[HTTP::method] eq "POST"}{
if { [HTTP::header Content-Length] >= 1 and [HTTP::header Content-Length] < 1048576 }{
HTTP::collect [HTTP::header Content-Length]
} elseif {[HTTP::header Content-Length] == 0}{
HSL::send $hsl "[HTTP::request]\n"
if {$static::hsl_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Sending [HTTP::request]"}
}
} else {
HSL::send $hsl "[HTTP::request]\n"
if {$static::hsl_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Sending [HTTP::request]"}
}
}
when HTTP_REQUEST_DATA {
set request_cmd "HTTP::request"
if {$static::hsl_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Collected [HTTP::payload length] bytes,\
sending [expr {[string length [eval $request_cmd]] + [HTTP::payload length]}] bytes total"}
HSL::send $hsl "[eval $request_cmd][HTTP::payload]\nf"
}
}
- Dario_Garrido
Hello Sam.
You have the iRule already explained here
https://devcentral.f5.com/s/articles/http-request-cloning-via-irules-part-1
The idea is to use High Speed Logging to send a clone of the initial packet to another set of servers (pool).
Other idea is to use sideband connections with the HSSR feature.
https://clouddocs.f5.com/api/irules/HTTP-Super-SIDEBAND-Requestor-Client-Handles-Redirects-Cookies-Chunked-Transfer-APM-Access-etc.html
Everything depends on your scenario.
BTW, I would appreciate if you mark my answer as the best or give me some upvotes.
Thanks.
KR,
Dario.
