Forum Discussion
how to emulate webseal junctions in iRules
Could someone point me to appropriate resources that would allow us to figure out how to read Webseal junction definition config files so as to generate corresponding pool definitions to be used to loadbalance traffic to.
Here's an extract of a junction definition file as pertains to load balancing:
-JUNCTION>
-VERSION>6.1.0.3 (Build 090602)-/VERSION>
-NAME>/TEST-/NAME>
-JUCTYPE>tcp-/JUCTYPE>
-HOST>ap002-/HOST>
-PORT>6475-/PORT>
-VIRTHOSTNM>ap002:6475-/VIRTHOSTNM>
-URLQC>/cgi-bin/query_contents-/URLQC>
-HOST>ap002
-PORT>6476
-VIRTHOSTNM>ap002:6476-/VIRTHOSTNM>
-URLQC>/cgi-bin/query_contents-/URLQC>
-/JUNCTION>
The idea is to make it as straightforward as possible to maintain Webseal and F5 based loadbalancing configurations and operations in sync.
The approach we're researching is to have iRules read the set of Webseal junction config files upon startup, parse them and generate equivalent pool definitions. Of course any suggestion for alternative approaches is welcome!
Thanks.
- tweeks200_94858Nimbostratus
Hi, wondering if you ever found a solution to this? We are looking at F5 to replace TAM and hoping to do the same thing.
Thanks in advance!
- Peter_de_Beer_1Historic F5 Account
Hi, also wondering if you found a solution. We are looking to provide the same for a customer.
thx
PDB
- tlaguna1_188951Nimbostratus
Hi we are wondering the same thing?
can this be done?
- amass87_221296Nimbostratus
Wow, old thread.
I am finishing up a project where I had to replace TAM Webseal junctions with F5. The biggest challenge is that the URI is constantly changing, so a simple iRule based on URI won't work to proxy a users subsequent connections after the intial connection. This could probably be improved on. However, what ended up working was this:
-
create new hostnames and DNS entries for every junction, and point them all at the same IP address.
-
create a virtual server and pool for every junction (regardless if only 1 pool member)
-
single virtual server front-end with iRule
-
first pass through front-end virtual server, match /URI and 301 Location to corresponding hostname
-
subsequent passes, ignore URI logic (because hostname is different) and proxy using virtual statement based onhostname
-
APM Policy created based on authentication type and applied to each virtual server (junction replacement)
There were some shortcomings to this approach, and the F5 certainly doesn't handle everything the exact same way. We had issues with authentication on iFrames. TAM just sent a pop-up box, but the F5 login page won't display within a frame and breaking out of the frame was not desirable. We also had some basic pains with redirection.
At the end of the day I was just glad to get as far as we got. Would be interested to hear of anyone else who has attempted to replace Webseal with F5 APM.
-
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com