Irule issue

Hi Renith,

 

 

Do you think the problem is due to persistence failing after the node command is used? If so, check this post for some additional info:

 

 

Specifying node kills cookie persistence

 

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=1166691

 

 

Aaron

Hi Aaron,

 

 

Thanks for the reply. I tried to keep the pool member option but it doesnot work. Yes this issue seems to be like cookie is preserved when the irule criteria is not matching and going to the pool. Once this url is reaching the pool for load balancing and select server ip .101 and then when i try to meet the criteria of irule it gives me error.

 

 

Below is the current irule.

 

 

when HTTP_REQUEST {

 

if { ([HTTP::uri] starts_with "/citsitdocumentation") or ([HTTP::uri] starts_with "/psoftdms") or ([HTTP::uri] starts_with "/cso") } {

 

pool CMS-http-pool member 10.103.42.100 80

 

} else {

 

pool CMS-http-pool

 

}

 

}

 

 

 

Could you please let me know if i can put something in the irule which will delete the cookie if user tries the url which will meet the irule conditions.

 

 

Thanks in advance,

 

 

Renith

 

What cookie error do you see? Is the error coming from the application or LTM?

 

 

Which cookie do you want to delete? Do you want to delete the cookie from requests which hit the else clause in the iRule and go to the CMS-http-pool?

 

 

Thanks,

 

Aaron

Hi Aaron,

 

 

Let me explain what is the issue exactly.

 

 

First i am trying to reach the URL which is not the the irule condition, it takes me the pool member 10.103.42.101 in the below pool.

 

 

pool CMS-http-pool {

 

monitor all http

 

member 10.103.42.100:http

 

member 10.103.42.101:http

 

}

 

 

Secondly, from the same browser which i have tried the above, i am trying to hit the URL which is in the irule condition. Now it takes me to the URL and when i click on login buttton the the url, i get error " Server ERROR in "/" Application. Description of the error is HTTP 404.

 

 

I think this is because of persistance since 10.103.42.101 is holding the connection, so is there a way we can clear the cookies before the next condition in run to match the irule conditions.

 

 

Thanks in advance,

 

 

Renith

Hi Renith,

 

 

I would guess the problem is the opposite: when a client makes a request and is load balanced to the 10.103.42.101:http member, they establish a session and are sent a persistence cookie by LTM. Then when they make a request which matches the URI checks, they are sent to the 10.103.42.100:http server where they don't have a valid session.

 

 

Another possibility is that they are sent to the 10.103.42.100:http server first by the URI check in the iRule, but aren't sent a persistence cookie by LTM. Then when they make a request which is load balanced, they end up being sent to the 10.103.42.101:http server where they don't have a session.

 

 

Does either option sound possible?

 

 

I'd suggest opening a case with F5 Support on this to find out why LTM doesn't set a persistence cookie when using the pool command to specify a pool member.

 

 

As a workaround, you can manually insert a persistence cookie from the iRule using the method described in the post I linked to:

 

 

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=1166691

 

 

Aaron

Hi Aaron,

 

 

Thanks for the updates, could you please let me know how to insert a persistance cookie manually. I have not done this till now, please help me.

 

 

Here is my cookie and current settings.

 

 

profile persist CMS_Cookie {

 

defaults from cookie

 

mode cookie

 

cookie name CMS

 

cookie expiration 0d 00:00:00

 

}

 

 

when HTTP_REQUEST {

 

if { ([HTTP::uri] starts_with "/citsitdocumentation") or ([HTTP::uri] starts_with "/psoftdms") or ([HTTP::uri] starts_with "/cso") } {

 

node 10.103.42.100 80

 

} else {

 

pool CMS-http-pool

 

}

 

}

 

 

 

And while inserting the same do i need to use node option or the pool member with member/port option.

 

 

Thanks in advance,

 

Renith

 

 

Hi Renith,

 

 

Before trying to fix the issue with an iRule, can you try testing to confirm when the failure occurs? You can use a browser plugin like HttpFox for Firefox or Fiddler for IE to view the HTTP headers and payloads in requests and responses. This should help us determine what the iRule should do.

 

 

Can you start recording the browser session, reproduce the problem and then reply with the anonymized URI's you've accessed, the persistence cookies sent/received for each request and the server response?

 

 

Thanks,

 

Aaron

I have got few session taken w.r.t the irule conditions, unable to trace anything from this.

 

 

Thanks,

 

 

Renith

 

Thanks for that. Can you add details of the pool member selected to the browser logs?

You can add a line to the iRule to log this:

 
 when SERVER_CONNECTED { 
    log local0. "[IP::client_addr]:[TCP::client_port]: Connected to server [IP::server_addr]:[TCP::server_port]" 
 } 
 

Thanks,

Aaron

Thanks Aaron.

 

 

I am getting the below from the logs.

 

 

 

Feb 9 08:54:34 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.80:1229: Connected to server 10.103.42.101:80

 

Feb 9 08:54:34 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.80:1230: Connected to server 10.103.42.101:80

 

Feb 9 08:54:37 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.80:1236: Connected to server 10.103.42.100:80

 

Feb 9 08:54:38 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.80:1237: Connected to server 10.103.42.100:80

 

Feb 9 08:54:40 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.80:1242: Connected to server 10.103.42.101:80

 

Feb 9 08:54:40 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.80:1243: Connected to server 10.103.42.101:80

 

Feb 9 08:54:57 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.2.22:2470: Connected to server 10.103.42.101:80

 

Feb 9 08:54:58 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.2.22:2472: Connected to server 10.103.42.101:80

 

Feb 9 08:55:00 tmm tmm[1097]: Rule xserver_header_insert_2 : XServer 10.68.32.199:8002

 

Feb 9 08:55:00 tmm tmm[1097]: Rule xserver-insert-cookie-prod-443 : XServer 10.68.20.103:8002

 

Feb 9 08:55:01 tmm tmm[1097]: Rule xserver_header_insert_2 : XServer 10.68.32.199:8002

 

Feb 9 08:55:01 tmm tmm[1097]: Rule xserver_header_insert_2 : XServer 10.68.32.199:8001

 

Feb 9 08:55:02 tmm tmm[1097]: Rule xserver-insert-cookie-prod-443 : XServer 10.68.20.103:8002

 

Feb 9 08:55:02 tmm tmm[1097]: Rule xserver_header_insert_2 : XServer 10.68.32.199:8001

 

Feb 9 08:55:08 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.68.0.48:32565: Connected to server 10.103.42.100:80

 

Feb 9 08:55:14 tmm tmm[1097]: Rule xserver-insert-cookie-prod-443 : XServer 10.68.20.103:8003

 

Feb 9 08:55:14 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.20:1603: Connected to server 10.103.42.100:80

 

Feb 9 08:55:15 tmm tmm[1097]: Rule xserver-insert-cookie-prod-443 : XServer 10.68.20.103:8003

 

Feb 9 08:55:18 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.20:1606: Connected to server 10.103.42.100:80

 

Feb 9 08:55:23 tmm tmm[1097]: Rule CMS-http-pool-irule : 146.184.39.109:9096: Connected to server 10.103.42.100:8

 

0

 

Feb 9 08:55:23 tmm tmm[1097]: Rule CMS-http-pool-irule : 146.184.39.109:9097: Connected to server 10.103.42.100:8

 

0

 

Feb 9 08:55:23 tmm tmm[1097]: Rule CMS-http-pool-irule : 146.184.39.109:9098: Connected to server 10.103.42.101:8

 

0

 

Feb 9 08:55:23 tmm tmm[1097]: Rule CMS-http-pool-irule : 146.184.39.109:9099: Connected to server 10.103.42.101:8

 

0

 

Feb 9 08:55:23 tmm tmm[1097]: Rule CMS-http-pool-irule : 146.184.39.109:9100: Connected to server 10.103.42.100:8

 

0

 

Feb 9 08:55:37 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.16:1918: Connected to server 10.103.42.100:80

 

Feb 9 08:55:37 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.14.16:1919: Connected to server 10.103.42.100:80

 

Feb 9 08:55:39 tmm tmm[1097]: Rule CMS-http-pool-irule : 146.184.39.109:9102: Connected to server 10.103.42.101:8

 

0

 

Feb 9 08:55:50 tmm tmm[1097]: Rule CMS-http-pool-irule : 10.103.6.58:1706: Connected to server 10.103.42.101:80