Forum Discussion
Daddy_73321
Nimbostratus
NimbostratusIrule issue
Hello All,
I have an issue with the below irule written to direct the traffic to a node or a pool.
I have a pool CMS-http-pool with below two members.
pool CMS-http-pool {
monitor all http
member 10.103.42.100:http
member 10.103.42.101:http
}
I am redirecting an url to a specific node of the conditions matches are else move to the pool for load balancing.
Below is the irule
when HTTP_REQUEST {
if { ([HTTP::uri] starts_with "/citsitdocumentation") or ([HTTP::uri] starts_with "/psoftdms") or ([HTTP::uri] starts_with "/cso") } {
node 10.103.42.100 80
} else {
pool CMS-http-pool
}
}
I have noticed the redirect to node is working and if the condition is not met it is moving to the pool. Here is my issue now, when the condition is not met and the Load balancing is done and pool member 10.103.42.101 is serving in the pool, if i try to reach a URL in the condition with the same browser. I get cookie errors and the login page is not loading.
I am using the below cookie.
profile persist CMS_Cookie {
defaults from cookie
mode cookie
cookie mode insert
cookie name CMS
cookie expiration 0d 00:00:00
}
virtual CMS-http-vip {
destination 10.103.42.121:http
ip protocol tcp
profile http tcp
persist CMS_Cookie
rule CMS-http-pool-irule
}
Thanks in advance.
Renith
IPsoft, Inc.
Could someone please help me with this case.
15 Replies
hoolioCirrostratus
Hi Renith,
Do you think the problem is due to persistence failing after the node command is used? If so, check this post for some additional info:
Specifying node kills cookie persistence
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=1166691
Aaron- Daddy_73321Hi Aaron,
Thanks for the reply. I tried to keep the pool member option but it doesnot work. Yes this issue seems to be like cookie is preserved when the irule criteria is not matching and going to the pool. Once this url is reaching the pool for load balancing and select server ip .101 and then when i try to meet the criteria of irule it gives me error.
Below is the current irule.
when HTTP_REQUEST {
if { ([HTTP::uri] starts_with "/citsitdocumentation") or ([HTTP::uri] starts_with "/psoftdms") or ([HTTP::uri] starts_with "/cso") } {
pool CMS-http-pool member 10.103.42.100 80
} else {
pool CMS-http-pool
}
}
Could you please let me know if i can put something in the irule which will delete the cookie if user tries the url which will meet the irule conditions.
Thanks in advance,
Renith - hoolioWhat cookie error do you see? Is the error coming from the application or LTM?
Which cookie do you want to delete? Do you want to delete the cookie from requests which hit the else clause in the iRule and go to the CMS-http-pool?
Thanks,
Aaron - Daddy_73321Hi Aaron,
Let me explain what is the issue exactly.
First i am trying to reach the URL which is not the the irule condition, it takes me the pool member 10.103.42.101 in the below pool.
pool CMS-http-pool {
monitor all http
member 10.103.42.100:http
member 10.103.42.101:http
}
Secondly, from the same browser which i have tried the above, i am trying to hit the URL which is in the irule condition. Now it takes me to the URL and when i click on login buttton the the url, i get error " Server ERROR in "/" Application. Description of the error is HTTP 404.
I think this is because of persistance since 10.103.42.101 is holding the connection, so is there a way we can clear the cookies before the next condition in run to match the irule conditions.
Thanks in advance,
Renith - hoolioHi Renith,
I would guess the problem is the opposite: when a client makes a request and is load balanced to the 10.103.42.101:http member, they establish a session and are sent a persistence cookie by LTM. Then when they make a request which matches the URI checks, they are sent to the 10.103.42.100:http server where they don't have a valid session.
Another possibility is that they are sent to the 10.103.42.100:http server first by the URI check in the iRule, but aren't sent a persistence cookie by LTM. Then when they make a request which is load balanced, they end up being sent to the 10.103.42.101:http server where they don't have a session.
Does either option sound possible?
I'd suggest opening a case with F5 Support on this to find out why LTM doesn't set a persistence cookie when using the pool command to specify a pool member.
As a workaround, you can manually insert a persistence cookie from the iRule using the method described in the post I linked to:
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=1166691
Aaron - Daddy_73321Hi Aaron,
Thanks for the updates, could you please let me know how to insert a persistance cookie manually. I have not done this till now, please help me.
Here is my cookie and current settings.
profile persist CMS_Cookie {
defaults from cookie
mode cookie
cookie name CMS
cookie expiration 0d 00:00:00
}
when HTTP_REQUEST {
if { ([HTTP::uri] starts_with "/citsitdocumentation") or ([HTTP::uri] starts_with "/psoftdms") or ([HTTP::uri] starts_with "/cso") } {
node 10.103.42.100 80
} else {
pool CMS-http-pool
}
}
And while inserting the same do i need to use node option or the pool member with member/port option.
Thanks in advance,
Renith - hoolioHi Renith,
Before trying to fix the issue with an iRule, can you try testing to confirm when the failure occurs? You can use a browser plugin like HttpFox for Firefox or Fiddler for IE to view the HTTP headers and payloads in requests and responses. This should help us determine what the iRule should do.
Can you start recording the browser session, reproduce the problem and then reply with the anonymized URI's you've accessed, the persistence cookies sent/received for each request and the server response?
Thanks,
Aaron - Daddy_73321I have got few session taken w.r.t the irule conditions, unable to trace anything from this.
Thanks,
Renith - hoolioThanks for that. Can you add details of the pool member selected to the browser logs?
You can add a line to the iRule to log this:when SERVER_CONNECTED { log local0. "[IP::client_addr]:[TCP::client_port]: Connected to server [IP::server_addr]:[TCP::server_port]" }
Thanks,
Aaron - Daddy_73321Thanks Aaron.
I am getting the below from the logs.
Feb 9 08:54:34 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.80:1229: Connected to server 10.103.42.101:80
Feb 9 08:54:34 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.80:1230: Connected to server 10.103.42.101:80
Feb 9 08:54:37 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.80:1236: Connected to server 10.103.42.100:80
Feb 9 08:54:38 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.80:1237: Connected to server 10.103.42.100:80
Feb 9 08:54:40 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.80:1242: Connected to server 10.103.42.101:80
Feb 9 08:54:40 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.80:1243: Connected to server 10.103.42.101:80
Feb 9 08:54:57 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.2.22:2470: Connected to server 10.103.42.101:80
Feb 9 08:54:58 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.2.22:2472: Connected to server 10.103.42.101:80
Feb 9 08:55:00 tmm tmm[1097]: Rule xserver_header_insert_2 : XServer 10.68.32.199:8002
Feb 9 08:55:00 tmm tmm[1097]: Rule xserver-insert-cookie-prod-443 : XServer 10.68.20.103:8002
Feb 9 08:55:01 tmm tmm[1097]: Rule xserver_header_insert_2 : XServer 10.68.32.199:8002
Feb 9 08:55:01 tmm tmm[1097]: Rule xserver_header_insert_2 : XServer 10.68.32.199:8001
Feb 9 08:55:02 tmm tmm[1097]: Rule xserver-insert-cookie-prod-443 : XServer 10.68.20.103:8002
Feb 9 08:55:02 tmm tmm[1097]: Rule xserver_header_insert_2 : XServer 10.68.32.199:8001
Feb 9 08:55:08 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.68.0.48:32565: Connected to server 10.103.42.100:80
Feb 9 08:55:14 tmm tmm[1097]: Rule xserver-insert-cookie-prod-443 : XServer 10.68.20.103:8003
Feb 9 08:55:14 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.20:1603: Connected to server 10.103.42.100:80
Feb 9 08:55:15 tmm tmm[1097]: Rule xserver-insert-cookie-prod-443 : XServer 10.68.20.103:8003
Feb 9 08:55:18 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.20:1606: Connected to server 10.103.42.100:80
Feb 9 08:55:23 tmm tmm[1097]: Rule CMS-http-pool-irule : 146.184.39.109:9096: Connected to server 10.103.42.100:8
0
Feb 9 08:55:23 tmm tmm[1097]: Rule CMS-http-pool-irule : 146.184.39.109:9097: Connected to server 10.103.42.100:8
0
Feb 9 08:55:23 tmm tmm[1097]: Rule CMS-http-pool-irule : 146.184.39.109:9098: Connected to server 10.103.42.101:8
0
Feb 9 08:55:23 tmm tmm[1097]: Rule CMS-http-pool-irule : 146.184.39.109:9099: Connected to server 10.103.42.101:8
0
Feb 9 08:55:23 tmm tmm[1097]: Rule CMS-http-pool-irule : 146.184.39.109:9100: Connected to server 10.103.42.100:8
0
Feb 9 08:55:37 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.16:1918: Connected to server 10.103.42.100:80
Feb 9 08:55:37 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.16:1919: Connected to server 10.103.42.100:80
Feb 9 08:55:39 tmm tmm[1097]: Rule CMS-http-pool-irule : 146.184.39.109:9102: Connected to server 10.103.42.101:8
0
Feb 9 08:55:50 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.6.58:1706: Connected to server 10.103.42.101:80
