Forum Discussion
xin_li_90490
Nimbostratus
Nimbostratushow to realized some clients persistence acording to source ip, but their src ip are not in one subnet?
there are 3 groups of clients accessed my telnet vs.
their ip is
group1:10.1.1.1, 192.168.1.1, 172.16.1.1
group2:10.1.1.2, 192.168.1.2, 172.16.1.2
group3:10.1.1.3, 192.168.1.3, 172.16.1.3
I need persist every group according to their ip,but obviously every group ip is not in one subnet. how can I persist them with rule?
4 Replies
xin_li_90490anybody can answer me? if we resolve the problem, f5 will get a big deal about 500K $, pls give me a help.
Kirk_Bauer_1018First, one alternative: Instead of having everybody connect to the same VIP, could they possibly connect to three different VIPs (i.e. group1 uses a different VIP than group2 which uses a different one from group3)? If so, you can change your virtual server to listen on a network and use destination address affinity.
If that won't work then it is certainly possible to write an iRule to do custom persistence and group these IPs together as you want. It would not be trivial to write otherwise I'd whip it up for you. Are you a current or potential customer? Where do you live? Definitely contact your F5 systems engineer for help.
hoolioCirrostratus
If using separate virtual servers isn't an option, you could create a datagroup for each set of client IP addresses. You could then use an if/elseif/else to find which datagroup the client is a part of. You could then use 'persist uie' with an alias for the particular datagroup the client is a part of to use the existing persistence record or have a new record created automatically once a load balancing decision is made.class group1 { host 10.1.1.1 host 192.168.1.1 host 172.16.1.1 }class group1 { host 10.1.1.2 host 192.168.1.2 host 172.16.1.2 }class group1 { host 10.1.1.3 host 192.168.1.3 host 172.16.1.3 }when CLIENT_ACCEPTED { check to see if client IP is in one of the datagroups if {[matchclass [IP::client_addr] equals $::group1]}{ client IP is in first datagroup, use existing persistence record or create a new one persist uie "group1" } elseif {[matchclass [IP::client_addr] equals $::group2]}{ check to see if client IP is in the second datagroup client IP is in second datagroup, use existing persistence record or create a new one persist uie "group2" } elseif {[matchclass [IP::client_addr] equals $::group3]}{ check to see if client IP is in the second datagroup client IP is in third datagroup, use existing persistence record or create a new one persist uie "group3" } else { client IP is not defined in any datagroup, so take some default action or perhaps just use source address persistence? } }
If you have more than a few datagroups, you could replace the if/elseif/else with a loop to go through each datagroup by name.
Note that I didn't test this rule but hopefully it gives you some direction.
Aaron
[edited the rule description...]- Nice job, hoolio. Very creative use of univeral persistence.
If the match will always be on single IPs rather than subnet ranges, a slight refinement might offer better performance & scalability:when CLIENT_ACCEPTED { check to see if client IP is in one of the datagroups set group [findclass [IP::client_addr] $::groups] if { $group != "" }{ you can either specify the timeout value here or apply the iRule under a universal persistence profile and specify timeout there persist uie $group 500 } else { client IP is not defined in any group, so take some default action or perhaps just use source address persistence? } }
Regardless of which version you use, you'll also either want to add a timeout to the "persist uie" command or be sure this rule is applied under a persistence profile of type "universal" to make sure stale persistence entries are reaped, otherwise you run the risk of memory exhuastion over time.class groups { 10.1.1.3 group1 192.168.1.3 group1 172.16.1.3 group1 10.1.1.2 group2 192.168.1.2 group2 172.16.1.2 group2 10.1.1.3 group3 192.168.1.3 group3 172.16.1.3 group3 }
/deb
