How can I evenly persist traffic from only 2 clients(Apache) against 2 application servers based on source IP address ?

Hi Aaaron,

 

 

Thanks for your reply. Didn't see it though because I'm on a little longer sick leave. Couldn't help looking in today from home. I've looked around a little on this site and made an irule similar to this. I've tested it on non encrypted traffic and it worked well. Shouldn't it work as well for SSL-passthrough as the IP-addresses are not encrypted ? Please see questions below about persistence.

 

 

when CLIENT_ACCEPTED {

 

if { [IP::addr [IP::client_addr] equals 10.0.0.1] } {

 

if { [LB::status pool pool_x member 10.100.0.1 443] eq "down" } {

 

pool pool_x

 

} else {

 

pool pool_x member 10.100.0.1 443

 

} elseif { [IP::addr [IP::client_addr] equals 10.0.0.2] } {

 

if { [LB::status pool pool_x member 10.100.0.2 443] eq "down" } {

 

pool pool_x

 

} else {

 

pool pool_x member 10.100.0.2 443

 

}

 

} else {

 

pool pool_x

 

}

 

}

 

 

Apache 1 is 10.0.0.1

 

Apache 2 is 10.0.0.2

 

 

Target server 1 is 10.100.0.1

 

Target server 2 is 10.100.0.2

 

 

Apache 1 will always go against server pool member 1 if it's up, otherwise "the pool" will choose pool member 2.

 

 

Apache 2 will always go against server pool member 2 if it's up, otherwise "the pool" will choose pool member 1.

 

 

If another unknown caller of the VIP, then one of the servers will be chosen via the pool.

 

 

What I didn't get time to test is persistence.

 

Normally I shouldn't need persistence because the irule itself persists one to one.

 

But say that the application requires 10 minutes persistence for any reason and I'll configure it by "source address affinity".

 

Will persistence be overrided by my own directing of the traffic via the pool command?

 

The only situation in which I think configuring of persistence could be good is:

 

If server 1 goes down, the irule will choose server 2 also for Apache 1. When server 1 comes back up again, if Apache 1 as a client has a persistence record against server 2, and if persistence overrides my irule, then no application user will be interruped. Server 1 will be chosen again for Apache 1 first after 10 minutes idle time.

 

The drawback is that if the traffic flows evenly during rush hours, then the persistence time will never run out for a longer time and all traffic from both Apaches will be directed to server 2. So maybe the irule works better without persistence or maybe with a couple of minutes persistence, but I'm still curious.

 

Hope the text and irule looks OK because I couldnt cut and paste it from my notepad text source. Forgot to mention that I'm running LTM 9.4.8 HF3.

 

 

Regards

 

 

Claes