Forum Discussion
How does the BIG-IP process multiple LTM policies on a virtual server?
I have a LTM traffic policy on a virtual server that I use to perform hostname-based routing for 10 different applications. There is a rule for each app, and once there is a match on the hostname, no further rules are evaluated and traffic is forwarded appropriately.
Hypothetically, let's say that instead of using a single policy and multiple rules, I created a new policy for each of the 10 apps, with each policy having only one rule to route traffic for a single app. If a request for App_1 comes through and the hostname matches the rule in Policy_1, would the rules in policies 2-10 be evaluated, or would the evaluation stop similar to what happens with a single policy and multiple rules?
I'd love to hear any thoughts on this. I've been reading through the BIG-IP documentation but I haven't found anything yet, so any help would be greatly appreciated. :)
- AmritkpAltocumulus
I beleive all the 10 Policies will be evaluated irrespective of a match found or not. So, keeping all the 10 options under a single policy will be a better approach.
- Cory_BlankenshiAltostratus
I figured that was the case, but I wanted to verify before splitting up my policy. :)
Thanks!
- adandoNimbostratus
Just a public service announcement in case other people land at this page:
One thing to be aware of with multiple LTM policies is that you cannot attach multiple policies to a VS if those policies have 'conflicting controls' - this means that the policies use the same controls.
I was setting up a tier 1 VS (in the "VIP targeting VIP style", see this Subreddit post for more info) where the HTTP Host field would be used to forward traffic to a different VS. For various reasons our organisation wanted to use one LTM policy on the tier 1 VS per 'child' virtual server, rather than one policy with multiple rules (i.e. one rule per child VS). So I did the following on a dev box:
- Create a VS "T1" acting as the tier 1. Create two dummy VSes "A" and "B".
- Create two datagroups "A" and "B". "A" contains "test.com", "B" contains "google.com"
- Create & publish LTM policy "A" with rule to match the HTTP Host header against datagroup A, action: forward to virtual server "A".
- Create & publish LTM policy "B" with rule to match the HTTP Host header against datagroup B, action: forward to virtual server "B".
- Attach LTM policy A to VS "T1"
- Attach LTM policy B to VS "T1"
When you attempt step 6, this will fail with the following error:
"010716fd:3: Virtual Server /build_test/T1' cannot contain policies with conflicting controls."
This is documented by F5 here: https://my.f5.com/manage/s/article/K55864758Because we have our reasons for not wanting to use the rule-per-VS approach we will fall back to using an iRule which targets a datagroup.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com