Forward using hostname as node, not IP

We here at DevCentral are the folks who work on the API (iControl) and the onboard packet inspector/scripting language (iRules). If you have a question about building iControl apps or writing iRules, this is the place for you.

 

 

Unfortunately, this isn't the place for product technical support. We simply aren't staffed to handle that side of things. You'll need to talk to the folks in our product support department for questions like these.

 

 

They can be easily contacted here: Click here - https://websupport.f5.com/csp/logon.asp

 

 

A good place to start looking for information is often Click here - http://tech.f5.com/askf5/jsp/combined/index.jsp

 

 

Best of luck,

 

 

-Colin

Sorry, i'd already contacted support and they directed me to you in the hope that an irule can help me out... i lazily pasted my support email largely verbatim. sorry if that was confusing, but i was going for an iRule angle here.

No problem...

Well, mmoeller is on the right track, if you're looking to do hostname lookups in an iRule. The NAME::lookup command will allow you to do just that.

Something like:

when RULE_INIT {
  set ::time [clock clicks -seconds]
}
when HTTP_REQUEST {
  if{ [expr {$::time + 30}] <= [clock clicks -seconds] } {
    NAME::lookup "hostnametobeused.com"
    set ::time [clock clicks -seconds]
  } else { 
    node $::node 80
  }
}
when NAME_RESOLVED {
  set ::node [NAME::response]
  node $::node 80
}

Would probably get you close to where you're trying to go, but I'd be a little concerned about the overhead it would generate, since it would have to process the current time and compare it to the previous one plus the interval (30 in this case). You could possibly set it up so that it only checked every n connections (10, 50, 100, whatever), which might help circumvent this.

Is this the sort of thing you had in mind?

-Colin

That looks seriously useful now, great! And to think i was expecting to be dissapointed.

 

 

One thing though, if you are assigning a node there, where would i see statistics about the traffic sent to it? can it not be recorded?

 

 

Cheers

 

 

Chris

Well, assuming that the node in question is not a member of a pool on the BIG-IP, you'd have to log your own stats in the rule.

 

 

If the node IS a member of a pool, then you could replace the "node $::node 80" commands with "pool member $::node 80", and you'd see the stats under the pool in question.

 

 

-Colin

Hi,

 

 

Thanks for the advice so far, but something is not working right. My iRule as it stands reads like this:

 

 

when RULE_INIT {

 

set ::hostname "example.com"

 

set ::max 10

 

set ::count 0

 

set ::server_ip "192.168.0.1"

 

}

 

 

when CLIENT_ACCEPTED {

 

node $::server_ip 80

 

incr ::count

 

if { $::count == $::max } {

 

set ::count 0

 

NAME::lookup $::hostname

 

}

 

}

 

 

when NAME_RESOLVED {

 

log local0. "NAME_RESOLVED: [NAME::response]"

 

set ::server_ip [NAME::response]

 

}

 

 

It works fine to start with, and after the max limit is reached the lookup fires off. I then get the NAME_RESOLVED event, yet NAME::response returns nothing, and the whole thing chokes. i can dig the destination hostname on the box no problem, so would assume that there is no inherent problem on the box in terms of dns resources. Additionally i would assume that that event would only be triggered on a valid resolution, not every single return value. Any clues guys?

 

 

Thanks

 

 

Chris

I was just experimenting with this, but I can't seem to get it to resolve. Anyone know if I need to restart something after modifying tmm_base.tcl?

Ok, sorry, I did a "bigstart restart tmm", and it all works. Thx.

I think i'm missing something here...

 

 

firstly that code doesn't seem to be intended to fix what i was after. It certainly looks interesting but am not sure that it relates to what i need. I've added to the tmm_base (although the tmm_init.tcl customizatin file seems liek a much nicer place to make additions. and then I commented those three lines in named.conf (it was just those 3 right?) and restarted both tmm and named via bigstart... nothing. same blank response.

 

 

From my issues, i do appear to be using the (undocumented) NAME::response command wrong, as the example uses [NAME::response address 0] to obtain the actual IP address. but still... no change.

 

 

Thanks

 

 

Chris

Hi,

 

 

seems i needed to list my forwarding addresses in named.conf and enable recursion there too, and it's now working, which is great, thanks a lot guys. Should i have to add the forwarders in there though? i'd rather not if i don't have to, and the above exmaple doesn't. my name servers are listed in resolv.conf in linux land... can we just refer to them implicitly rather than explicitly listing them?

 

 

This raise a question I have in generally... If you guys are saying we need to do x, y or z outside of an irule to achieve this, is this not invalidating my commercial support with F5? Also the fact that I have had intimate changes to bind on each box is pretty invisible to anyone else. If i end up using these changes, i will naturally document them, but when i come to upgrade... all changes will be lost right?

 

 

Thanks again

 

 

Chris