Forum Discussion

john_waterworth's avatar
john_waterworth
Icon for Nimbostratus rankNimbostratus
Jun 02, 2011

I need Irule for app to use only one node at a time

I got this VIP 10.5.165.121 used for a both of services, with 2 active nodes (01/02), on both http/https (no offload).

 

We are taking a service online that can only run on one node (at a time, sorta cold high availability if you like)

 

 

So I would like an irule so that traffic to apps-geoworkerz.lionbridge.com only goes to the 01 node (http/s). Is that possible without messing up high availability for the other apps on the servers.

 

6 Replies

  • Hi John,

     

     

    Here's a copy of your post as it got munged:

     

     

     

    I got this VIP 10.5.165.121 used for a both of services, with 2 active nodes (01/02), on both http/https (no offload).

     

    We are taking a service online that can only run on one node (at a time, sorta cold high availability if you like)

     

     

    So I would like an irule so that traffic to apps-geoworkerz.example.com only goes to the 01 node (http/s). Is that possible without messing up high availability for the other apps on the servers.

     

     

     

    Aaron
  • Hi John,

    If you're not offloading the SSL, you could configure a single VS and pool on port 0, use an iRule to restrict access to port 80 and port 443 and use the priority setting on the pool to ensure requests only go to one server first unless it's down. If you want to ensure requests don't flip back automatically to server1 if server1 goes down and then comes back up, you could use this iRule:

    http://devcentral.f5.com/wiki/default.aspx/iRules/SingleNodePersistence.html

    Here's an example of the port restriction iRule as well:

    
    when CLIENT_ACCEPTED {
    
       switch [TCP::local_port] {
          80 -
          443 {
              Do nothing and allow the connection to continue
          }
          default {
              Send a reset
             reject
          }
       }
    }
    

    Aaron
  • You could also configure the pool with both servers in it with Port 0 and configure the pool on both 80/443 Virtual Servers, but configure the servers to use Priority Activation Groups in an Active/Standby configuration.
  • Yep, that would give you more flexibility for tailoring the virtual server properties. Nice idea Michael.

     

     

    Aaron
  • ok but how would you do this so it is only for one url (service or app) and does not do this for the other url's (service or apps) running on the VS or nodes ? I am trying to avoid creating a new VS with a different IP if that is possible

     

     

    Thanks
  • You could create a separate pool configured with Priority Activation Groups in an Active/Standby configuration that you do not tie directly to the Virtual Server. If you have other traffic hitting this Virtual Server you can create a different default pool for them.

    You can then use an iRule to redirect / filter the traffic that requires the special pool with an iRule.

    You could do it based on the Host or the URI:

     
    BY HOST:
    when HTTP_REQUEST {
      if { ([HTTP::host] equals "www.myspecialdomain") } {
    pool specially.configured.pool
      }
    }
    
    BY URI:
    when HTTP_REQUEST {
      if { ([HTTP::uri] starts_with "/specialuri") } {
    pool specially.configured.pool
      }
    }