having a little trouble persisting through many vips to pool members on a specific host

I'm fairly certain there isn't a built in profile that will allow me to group members of different pools into a logical unit and allow me to persist a source IP that has used a pool member in that logical unit to only use other pool members in that same logical unit. I think this can be done with a universal profile across vips that calls an irule that can iterate through a data grouping of all pool members and determine which members belong to logical unit A, B, C. Then depending on the service they are requesting, send them to the pool member associated with the logical unit in which they are already assigned. I'm quite new to writing irules and have only written a few simple ones. If there is something similar that I can take a look at I can use that to build this rule.

Hi Adam,

 

 

So do you have three pools where each pool member has a corresponding server in the other two pools that need to be used? Is it the same IP address for each pool member but a different port? Or is there another way to automatically correlate the members of the three different pools? If not, I guess you would need to map these in a datagroup.

 

 

Also, what do you want to happen if one of the three pool members in the three pools goes down? Should the request be reload balanced? Do you want to mark the other two servers down if the third isn't available?

 

 

Thanks,

 

Aaron

Hi Aaron,

 

 

Yes I have three pools where each pool member has a corresponding server in the other two pools. The IP addresses and ports are different (when this was originally designed the application took care of this so there wasn't a lot of thought that went into giving the IPs on the same server a unique characteristic that would distinguish ownership by a single server).

 

I think mapping them in a data group sounds exactly like what I'm looking for but I'm not sure exactly how to go about doing it.

 

What needs to happen from top to bottom would be to check for a current session and if nothing just load balance to any of the 3 pool members for the requested service. If there is a session it will be tied to a particular pool member that should be mapped to a particular group of pool members that all reside on the same physical server. If the mapping directs the request to a grouping where the pool member is dead the session should be killed and the request can be re-load balanced.

 

I hope that makes sense, I'm not great with iRules but I'm the only one not on vacation this week

 

 

Thanks,

 

Adam

Sorry about that, read it quick on my phone and didn't realize you were referencing 3 different pools...

this is a rule that would do this for v10.1 platforms:

 
 use a class list to tie pool member ips to a physical node: 
  
 class cluster_list { 
    { 
       "10.200.30.12" { "1" } 
       "10.200.30.13" { "2" } 
       "10.200.30.15" { "1" } 
       "10.200.30.16" { "2" } 
       "10.200.30.17" { "1" } 
       "10.200.30.18" { "2" } 
    } 
 }  
  
  ++++ then put the rule on all virtual servers 
  ++++ change the virtual server and pool member names 
  
 when CLIENT_ACCEPTED { 
 switch [string tolower [virtual name]] { 
 http_test_2 {set p http_pool_2} 
 http_test_3 {set p http_pool_3} 
 } 
 if {[table lookup -subtable [IP::client_addr] "cluster"] ne "" } { 
 foreach m [lindex [active_members -list $p] {} ] { 
 if { [getfield [class lookup [getfield $m " " 1] cluster_list] " " 1] eq [table lookup -subtable [IP::client_addr] "cluster"] } { 
 pool $p member [getfield $m " " 1] 
 log local0. "[virtual name] 3b. found a match - previous visit for [IP::client_addr] to cluster [table lookup -subtable [IP::client_addr] "cluster"] and pool member $m in cluster [getfield [class lookup [getfield $m " " 1] cluster_list] " " 1]" 
 return  
 } else { 
 log local0. "FAIL: can't match the remembered cluster to an active pool member [getfield [class lookup [getfield $m " " 1] cluster_list] " " 1]:[table lookup -subtable [IP::client_addr] "cluster"]" 
 } 
 } 
 } else { 
 if {[active_members $p] > "0" } { 
 pool $p 
 } else { log local0. "[virtual name] FAIL:  there are no active members in pool $p" } 
 } 
 } 
 when LB_SELECTED { 
 table add -subtable [IP::client_addr] "cluster" [class lookup [LB::server addr] cluster_list] 
 } 
 

When you say ""corresponding server" does the mapping ever change or is it static? if not, what exactly are you looking to key on in the session?

The rule has two data points that matter -

 

 

1. the data group, which matches pool member IP addresses to cluster identifiers (i.e. which physical server do pool members share?)

 

2. the table entry, which records whether or not a client IP has visited any cluster in the last timeout interval (300 seconds by default )

 

 

During the iteration where the table entry is compared to the pool member's cluster ID, if it finds a match, then the client is sent to the pool member in the correct cluster.

 

 

If a match can't be found, it interprets that as a down cluster member and makes an LB decision based on the default pool (in the vs config; which may or may not break the application), and it logs an error.

 

 

 

The mappings are in an internal data group, which is about the most static place to store them; you could use iControl to update and re-initialize the group, but that seems excessive when your list is 9 or 10 pool members spread across 3 or 4 servers.

 

 

You could replace the class lookup with a DNS PTR query where the answer is a cluster ID and then store the results in an array, making all of the comparisons from the array if you wanted to do something like this in a very large or dynamic environment.

 

 

If a client arrives and there is no corresponding table entry for that IP, then an LB decision is made and a table entry is made to prepare for traffic on other virtuals.

 

Adam,

 

 

Which LTM version are you running? Are you, or do you have the option for running 10.1? If so, Ian's example looks like a great start for your scenario. If not, you could backport it using the session commands.

 

 

Aaron

Thanks Ian, Pretty slick. Adam, did this work for you?

 

 

I don't have v10 running yet, soon though, waiting on a vm.. I'll have to switch out those table commands and see how it goes..

 

 

so many enhancements in v10.1, I'd really like to get us off of 9 sooner than later....

 

 

Have you guys seen any glooming issues in upgrading/running on the 10 branch vs the 9? Just making use of Cluster Multi-processing is almost enough for me to get excited about it..

 

 

 

Hey is there a defacto list of what’s new/different in v10?

 

 

I did find this:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules.NewinVersion10

 

 

but it doesn't seem to be complete

 

Hi iRuleYou,

 

 

The table command was added in v10.1 and that wiki page was for 10.0. The DC people cover a lot of new features in their blogs and articles. And the LTM release notes should have some info on new iRule commands.

 

 

It would be very useful to have a wiki page for new iRule features in each feature release though...

 

 

Aaron