Forum Discussion
bibilthaysose
Altocumulus
AltocumulusHow many layers is too many layers of Virtual Servers?
I am trying to set up a multi-layered proxy in an F5 LTM. Layer 1 policy forwards requests to layer 2 virtual servers based on the first segment of the path, layer 2 policy then does more intensive examination and acts on requests and acts on them accordingly by either forwarding them to pools, redirecting, or if no other policies match, they forward to a 3rd layer which unconditionally serves a standard 404. AS3 Example:
Layer 1 policy:
...
{
"name": "w3echo_delta",
"conditions": [
{
"type": "httpUri",
"event": "request",
"path": {
"operand": "equals",
"values": [
"/w3echo/delta"
]
}
}
],
"actions": [
{
"type": "forward",
"event": "request",
"select": {
"service": {
"bigip": "/tenant/app/serviceMain"
}
}
},
{
"type": "httpHeader",
"event": "response",
"remove": {
"name": "Server"
}
}
]
}, ...
Layer 2 policy:
...
{
"name": "A_default",
"conditions": [
{
"type": "httpUri",
"event": "request",
"path": {
"operand": "starts-with",
"values": [
"/w3echo/delta/"
]
}
}
],
"actions": [
{
"type": "forward",
"event": "request",
"select": {
"pool": {
"use": "pool_0"
}
}
},
{
"type": "httpHeader",
"event": "request",
"replace": {
"name": "Host",
"value": "w3proxy-tester-delta.host.com"
}
}
]
},
...
Fall through layer 2 policy:
...
{
"name": "A_catch_all",
"conditions": [
{
"type": "httpUri",
"event": "request",
"path": {
"operand": "starts-with",
"values": [
"/w3echo/delta/"
]
}
}
],
"actions": [
{
"type": "forward",
"event": "request",
"select": {
"service": {
"bigip": "/tenant/fallthru_app/serviceMain"
}
}
}
]
}
...
My question is whether this will put undue strain on the LTMs, and whether there's a more efficient/elegant way to do this. I'm not an expert at LTM policy rules by any stretch, so please excuse my ignorance 😄
GymCirrus
Surely the 2nd layer itself could return a 404 as its default action, so you wouldn't need a 3rd layer?
bibilthaysoseHi Gym,
Yea, in short you're right, but the issue I was having was that I couldn't figure out how to determine in an iRule whether a valid pool had been selected (or a redirect response been sent) by one of the endpoint policies. What I ended up doing was adding the following condition to the iRule:
when HTTP_REQUEST { set selected_pool [lindex [LB::server] 0] if { [HTTP::has_responded] } { return } if { $selected_pool ends_with "default_pool" } { HTTP::respond 404 -version auto content [ifile get custom_404.html] noserver } }where the "default_pool" is the default pool of the VS.
Is that what you mean by "default action"? Or is there some simpler way to do this?
Thanks,
Greg