iRuel to redirect to client IP subnet

 

 

We are going to deploy content servers in retail locations. We'd like to use one URL on our portal to access this server but we don't want traffic from the server traversing the WAN. Therefore, I've been asked if I can use the F5 to redirect HTTP requests fromt he common URL to the server on the user's local subnet (about 900+ subnets involved). The client IP address will always be in the server's subnet and the server will always be the 16th host (.17) from the gateway (.1), therefore I wrote the following rule:

 

 

when HTTP_REQUEST {

 

set redAddr [join [lreplace [split IP::client_addr .] 3 4 "17"] .]

 

logging to see iRule activity

 

log local0.NOTICE "redirected to $redAddr"

 

HTTP::redirect "http://$redAddr"

 

}

 

 

It works great. The second line splits the client's address at the ".", replaces the host octet with 17 and joins the octets with ".".

 

 

Now, I've been asked if I can send users to a generic 404 page if their server isn't available (during deployment). I don't want to use a static list based on the large number of subnets and because managing a static list is quite tedious. I'd like to be able to connect (socket), PING, DNS, etc. to the server to see if it's there. I know that you can't open a socket inside the iRule (TCL plug-in I assume), I can't find how to PING but I have found where I can do a DNS query. However, I've only seen iRules sending a DNS query with a name, not an IP address. If I can get the iRule to query with a name, the queries that receive a response will be redirected while the queries that don't receive a valid response will get the 404 page. I'm having difficulty getting this to work with the following logic:

 

 

when HTTP_REQUEST {

 

logging to see iRule activity

 

log local0.NOTICE "new redirect iRule active"

 

set redAddr [join [lreplace [split IP::client_addr .] 0 4 "192" "168" "122" "12"] .]

 

NAME::lookup $redAddr}

 

 

when NAME_RESOLVED {

 

logging to see iRule activity

 

log local0.NOTICE "Euerak!!! It resolved"}

 

 

I get the first log message, but not the second. I editted /etc/resolv.conf to include a nameserver. I did have difficulty getting a command line resolution to work, but I've since found out that it was a DNS server problem and I'm now using a different server:

 

 

[root@L47F5TST1:Active] etc dig -x 192.168.146.20

 

 

; <<>> DiG 9.3.0 <<>> -x 192.168.146.20

 

;; global options: printcmd

 

;; Got answer:

 

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8948

 

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

 

 

;; QUESTION SECTION:

 

;20.146.168.192.in-addr.arpa. IN PTR

 

 

;; ANSWER SECTION:

 

20.146.168.192.in-addr.arpa. 86400 IN PTR L17PVPORT.publix.com.

 

 

 

Is my logic incorrect? Will this work? Is there a better way to verify the server is active?