F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

sriramgd_111845's avatar
sriramgd_111845
Icon for Nimbostratus rankNimbostratus
Dec 10, 2008

inspect start of payload

We are planning to add an 'overload' iRule in production, to allow for redirect in case of overload of our application server.     We want users who are already logged to continue with t...
application delivery
design
performance
testing
sriramgd_111845's avatar
sriramgd_111845
Icon for Nimbostratus rankNimbostratus
Dec 11, 2008
Mike,

 

 

Thanks for the pointers!

 

 

I am new to using the F5 and iRules, was given this task since IT wanted to find a way to differentiate new and logged in users to have a 'controlled brownout'. Your post is very helpful.

 

 

The problem is that we cannot uniquely identify a login event with existing cookies. We dont have an option of setting a cookie for login etc. in any near term release.

 

 

The current problem is that under some exceptional condition our backend database server freezes up, the webservers still work fine, so users keep trying to log in multiple times making the situation worse even for the existing users. When this situation occured, we were not able to login ourselves without rebooting the database server. This obviously lost all existing user sessions too and a chance for us to do some analysis.

 

 

So this is just an emergency switch to guard against this condition, not a real load balancing issue. We plan to turn it on in case we notice spike in our database which will give us a chance to debug the problem. After we hopefully resolve the issue (somehow), we would turn the 'normal' iRule on again.

 

 

The existing 'normal' iRule has pools and load balancing in place based on URIs etc.

 

 

This also means this overload emergency rule will run for a small window of time (hopefully never!).

 

 

We have several pools for handling different URIs extensions and prepends in the normal rule, which I would copy into the overload rule, so this POST inspection will happen only in the last else i.e. for a more specific set of packets.

 

 

I am now inspecting only upto the unique 57 characters using a starts_with as you suggested.

 

 

Also when we thought about it, during this error condition, having some latency for the existing users is also a good thing since we want them to slow down during the exceptional situations (but not be logged out!).

 

 

Your posts have given me some other ideas. Based on them, if we run into problems in perf tests of the emergency rule, I will be ready with more things if need be.

 

 

Thanks,

 

Sriram