Forum Discussion
NimbostratusI rule
Can some give me an Irule to loadbalance multiple pools for the same VIP
pool x 443 would be default
Pool y 5222
pool z 5223
37 Replies
G_romano_187703Hi,
Try this,
when CLIENT_ACCEPTED { if { [TCP::server_port equals 5223}{ Pool pool-tcp-port-5223 } elseif {[TCP::server_port] equals 5222} {pool pool-tcp-port-5222} elseif{ [TCP::server_port equals 443}{ pool pool-tcp-port-443 } } Bye!!!
Giorgio
abi1980_184094thanks romano will try and let you know- abi1980_184094germano one more quick question Can i use a single SNAT for all these pools
- nitass
Employee
when CLIENT_ACCEPTED { if { [TCP::server_port equals 5223}{ Pool pool-tcp-port-5223 } elseif {[TCP::server_port] equals 5222} {pool pool-tcp-port-5222} elseif{ [TCP::server_port equals 443}{ pool pool-tcp-port-443 } }
i understand serverside connection is not available in CLIENT_ACCEPTED, so you may use TCP::local_port instead of TCP::server_port.
Can i use a single SNAT for all these pools
of course.
- abi1980_184094Thanks for the reply Nitass Can you explain me the difference between server_port and local_port
- G_romano_187703Hi nitass, Soru but I don't understand when you said: "i understand serverside connection is not available in CLIENT_ACCEPTED, so you may use TCP::local_port instead of TCP::server_port." At this link (https://clouddocs.f5.com/api/irules/TCP__server_port.html) the event CLIENT_ACCEPTED is a valid event! Where do I wrong? Thanx Giorgio
nitass_89166Noctilucent
when CLIENT_ACCEPTED { if { [TCP::server_port equals 5223}{ Pool pool-tcp-port-5223 } elseif {[TCP::server_port] equals 5222} {pool pool-tcp-port-5222} elseif{ [TCP::server_port equals 443}{ pool pool-tcp-port-443 } }
i understand serverside connection is not available in CLIENT_ACCEPTED, so you may use TCP::local_port instead of TCP::server_port.
Can i use a single SNAT for all these pools
of course.
- abi1980_184094Thanks for the reply Nitass Can you explain me the difference between server_port and local_port
- G_romano_187703Hi nitass, Soru but I don't understand when you said: "i understand serverside connection is not available in CLIENT_ACCEPTED, so you may use TCP::local_port instead of TCP::server_port." At this link (https://clouddocs.f5.com/api/irules/TCP__server_port.html) the event CLIENT_ACCEPTED is a valid event! Where do I wrong? Thanx Giorgio
- nitass_89166
Can you explain me the difference between server_port and local_port
iRules Concepts: Considering Context part 1 by Colin Walker
https://devcentral.f5.com/articles/irules-concepts-considering-context-part-1TCP::local_port
https://devcentral.f5.com/wiki/iRules.TCP__local_port.ashxTCP::server_port
https://devcentral.f5.com/wiki/iRules.TCP__server_port.ashx- abi1980_184094thanks for sharing
- nitass
Can you explain me the difference between server_port and local_port
iRules Concepts: Considering Context part 1 by Colin Walker
https://devcentral.f5.com/articles/irules-concepts-considering-context-part-1TCP::local_port
https://devcentral.f5.com/wiki/iRules.TCP__local_port.ashxTCP::server_port
https://devcentral.f5.com/wiki/iRules.TCP__server_port.ashx- abi1980_184094thanks for sharing
- nitass
At this link (https://devcentral.f5.com/wiki/iRules.TCP__server_port.ashx) the event CLIENT_ACCEPTED is a valid event!
Where do I wrong?i understand serverside connection is not established when CILENT_ACCPETED is triggered, so TCP::server_port won't be available at that time.
e.g.
configuration [root@ve11c:Active:Sync Failed] config tmsh list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 7 } [root@ve11c:Active:Sync Failed] config tmsh list ltm rule qux ltm rule qux { when CLIENT_ACCEPTED { log local0. "[TCP::server_port]" } when SERVER_CONNECTED { log local0. "" } } client [root@centos1 ~] curl -I http://172.28.24.10 curl: (52) Empty reply from server [root@centos1 ~] /var/log/ltm [root@ve11c:Active:Sync Failed] config tail -f /var/log/ltm Mar 8 16:55:22 ve11c err tmm[15262]: 01220001:3: TCL error: /Common/qux - no serverside connection established (line 1) invoked from within "TCP::server_port"- G_romano_187703Thanks you very much nitass! Giorgio
- abi1980_184094for 443 should i be doing SSL offloading on the cleint and server aswell or only client side offloading would work
- nitass_89166
At this link (https://devcentral.f5.com/wiki/iRules.TCP__server_port.ashx) the event CLIENT_ACCEPTED is a valid event!
Where do I wrong?i understand serverside connection is not established when CILENT_ACCPETED is triggered, so TCP::server_port won't be available at that time.
e.g.
configuration [root@ve11c:Active:Sync Failed] config tmsh list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 7 } [root@ve11c:Active:Sync Failed] config tmsh list ltm rule qux ltm rule qux { when CLIENT_ACCEPTED { log local0. "[TCP::server_port]" } when SERVER_CONNECTED { log local0. "" } } client [root@centos1 ~] curl -I http://172.28.24.10 curl: (52) Empty reply from server [root@centos1 ~] /var/log/ltm [root@ve11c:Active:Sync Failed] config tail -f /var/log/ltm Mar 8 16:55:22 ve11c err tmm[15262]: 01220001:3: TCL error: /Common/qux - no serverside connection established (line 1) invoked from within "TCP::server_port"- G_romano_187703Thanks you very much nitass! Giorgio
- abi1980_184094for 443 should i be doing SSL offloading on the cleint and server aswell or only client side offloading would work
