Forum Discussion

Karl_3130's avatar
Karl_3130
Icon for Nimbostratus rankNimbostratus
May 09, 2011

iRule for OWA, Outlook Anywhere, EWS, Outlook 2011 (Exchange 2007)

Hello,

 

 

We are running on a Big-IP LTM v9.3.1 and I am trying to properly configure our system to work with Exchange 2007. The main point is that all our 443 traffic is coming through a single Virtual Server using one pool. I need to persist differently for the three traffic types. I am new to iRules and need a little help properly identifying the traffic in the iRule to persist properly.

 

 

The services coming through there are as follows:

 

- OWA which requires Cookie persistence

 

- Outlook Anywhere which requires Universal based on the Authorization field in the HTTP header.

 

- EWS (Which includes Entourage and Outlook 2011) which I believe we will just use source affinity persistence.

 

 

I am starting with this bit of code from the deployment guide:

 

 

when HTTP_REQUEST {

 

if { [HTTP::header "User-Agent"] contains "MSRPC" } {

 

persist uie [HTTP::header "Authorization"] 3600

 

} else {

 

persist cookie

 

}

 

}

 

 

 

So I am guessing I just need to add an elseif statement to either separate out the EWS traffic or the OWA traffic. I think OWA would be easiest and hoping there is a best practice method to do that. Is there something in the header or is it best to just look at the URI?

 

 

So here is my shot at the new iRule:

 

 

when HTTP_REQUEST {

 

if { [HTTP::header "User-Agent"] contains "MSRPC" } {

 

persist uie [HTTP::header "Authorization"] 3600

 

} elseif {[HTTP::uri] starts_with "/owa")} {

 

persist cookie

 

} else {

 

persist source_addr 255.255.255.255 1800

 

}

 

 

}

 

 

 

Question:

 

1. What are the deafults when I just say persist cookie?

 

2. Is the method to ID OWA adequate?

 

3. Is there a better way to do this?

 

 

Thank you!

 

Karl

 

 

1 Reply

  • Hi Karl,

     

     

    1. What are the defaults when I just say persist cookie?

     

     

    This uses the cookie persistence profile which is added to the virtual server.

     

     

    2. Is the method to ID OWA adequate?

     

     

    That's fairly standard. You might do better to set the URI to lower case first:

     

     

    } elseif {[string tolower [HTTP::uri]] starts_with "/owa")} {

     

     

    3. Is there a better way to do this?

     

     

    That's pretty close to what I've seen deployed elsewhere. You could consider using 'persist uie [SSL::sessionid] $timeout' which persists on the SSL session ID instead of source address if you have a lot of clients connecting from behind proxies.

     

     

    Does the iRule work for you?

     

     

    Aaron