Forum Discussion
abi1980_184094
Nimbostratus
NimbostratusI rule
Can some give me an Irule to loadbalance multiple pools for the same VIP
pool x 443 would be default
Pool y 5222
pool z 5223
37 Replies
- nitass
Employee
So again does it require ssloffloading on both side cleint and server for my scnarioor only client side is enough
if you want to send traffic to pool based on destination port, ssl offloading is not needed (i.e. no ssl offloading. virtual server is tcp standard virtual server or performance layer 4 virtual server type).
abi1980_184094Thanks Nitass In my scenario we are planning to have a WILDCARD VIP for laodbalacning services 443 , 5222 & 5223 so if i create a simple TCP profile and use this Irule mentioed above would it work
nitass_89166Noctilucent
In my scenario we are planning to have a WILDCARD VIP for laodbalacning services 443 , 5222 & 5223 so if i create a simple TCP profile and use this Irule mentioed above would it work
yes.
this is another example using switch.
configuration root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:0 ip-protocol tcp mask 255.255.255.255 profiles { tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 8 } root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo* ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } ltm pool foo443 { members { 200.200.200.101:443 { address 200.200.200.101 } } } ltm pool foo5222 { members { 200.200.200.101:5222 { address 200.200.200.101 } } } ltm pool foo5223 { members { 200.200.200.101:5223 { address 200.200.200.101 } } } root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when CLIENT_ACCEPTED { switch [TCP::local_port] { 443 { pool foo443 } 5222 { pool foo5222 } 5223 { pool foo5223 } default { Do something } } } when SERVER_CONNECTED { log local0. "clientside client=[IP::client_addr]:[TCP::client_port] \ clientside server=[clientside {IP::local_addr}][clientside {TCP::local_port}] \ serverside client=[IP::local_addr]:[TCP::local_port] \ serverside server=[IP::server_addr]:[TCP::server_port] \ pool=[LB::server pool]" } } /var/log/ltm [root@ve11c:Active:In Sync] config tail -f /var/log/ltm Mar 9 19:02:05 ve11c info tmm[15262]: Rule /Common/qux : clientside client=192.168.206.73:50589 clientside server=172.28.24.10443 serverside client=200.200.200.14:50589 serverside server=200.200.200.101:443 pool=/Common/foo443 Mar 9 19:02:18 ve11c info tmm1[15262]: Rule /Common/qux : clientside client=192.168.206.73:50595 clientside server=172.28.24.105222 serverside client=200.200.200.14:50595 serverside server=200.200.200.101:5222 pool=/Common/foo5222 Mar 9 19:02:38 ve11c info tmm1[15262]: Rule /Common/qux : clientside client=192.168.206.73:50606 clientside server=172.28.24.105223 serverside client=200.200.200.14:50606 serverside server=200.200.200.101:5223 pool=/Common/foo5223- abi1980_184094Thanks NItass Guess peristence will also work with this ?
- nitass_89166yes, it should work. :)
- nitass
In my scenario we are planning to have a WILDCARD VIP for laodbalacning services 443 , 5222 & 5223 so if i create a simple TCP profile and use this Irule mentioed above would it work
yes.
this is another example using switch.
configuration root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:0 ip-protocol tcp mask 255.255.255.255 profiles { tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 8 } root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo* ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } ltm pool foo443 { members { 200.200.200.101:443 { address 200.200.200.101 } } } ltm pool foo5222 { members { 200.200.200.101:5222 { address 200.200.200.101 } } } ltm pool foo5223 { members { 200.200.200.101:5223 { address 200.200.200.101 } } } root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when CLIENT_ACCEPTED { switch [TCP::local_port] { 443 { pool foo443 } 5222 { pool foo5222 } 5223 { pool foo5223 } default { Do something } } } when SERVER_CONNECTED { log local0. "clientside client=[IP::client_addr]:[TCP::client_port] \ clientside server=[clientside {IP::local_addr}][clientside {TCP::local_port}] \ serverside client=[IP::local_addr]:[TCP::local_port] \ serverside server=[IP::server_addr]:[TCP::server_port] \ pool=[LB::server pool]" } } /var/log/ltm [root@ve11c:Active:In Sync] config tail -f /var/log/ltm Mar 9 19:02:05 ve11c info tmm[15262]: Rule /Common/qux : clientside client=192.168.206.73:50589 clientside server=172.28.24.10443 serverside client=200.200.200.14:50589 serverside server=200.200.200.101:443 pool=/Common/foo443 Mar 9 19:02:18 ve11c info tmm1[15262]: Rule /Common/qux : clientside client=192.168.206.73:50595 clientside server=172.28.24.105222 serverside client=200.200.200.14:50595 serverside server=200.200.200.101:5222 pool=/Common/foo5222 Mar 9 19:02:38 ve11c info tmm1[15262]: Rule /Common/qux : clientside client=192.168.206.73:50606 clientside server=172.28.24.105223 serverside client=200.200.200.14:50606 serverside server=200.200.200.101:5223 pool=/Common/foo5223- abi1980_184094Thanks NItass Guess peristence will also work with this ?
- nitassyes, it should work. :)
