Forum Discussion
Faintly_Lucky
Nimbostratus
NimbostratusiRule not triggered on target VIP after using the virtual iRule command to direct traffic to it
My company has a pair of 1600s (9.4.8 HF4) that accept and load balance all of the syslog traffic generated by our devices to several syslog pools.
Recently, we had a requirement come dow...
Faintly_LuckyNimbostratus
NimbostratusSpark/Aaron:
I figured out the pool selection issue last week and corrected it, though why the virtual command is able to be overridden by a later pool command has me scratching my head.
Thanks for mentioning the return command. I use it regularly in rules, but I guess that I got caught up in the weirdness of the catch-all pool command overriding the virtual command and didn't think about it. I just eliminated the catch-all and assigned it as the VIP's default pool.
I still have a problem though. Aaron, I took your advice and opened a case with F5 on this. I'm sorry to say it, but any progress that I've made on this issue has come from my own troubleshooting. Thus far, support hasn't been much help and they've asked me to do things that would actually be counter-productive (for instance, they told me yesterday to re-add the catch-all to the main rule.....right).
The behavior that I'm seeing now is that while I have two working rules, the secondary rule is not working as expected. As nearly as I can tell from my troubleshooting, the traffic being shunted to the secondary VIP isn't using the UDP profile applied to the secondary (which has datagram load balancing enabled), but the primary.
Spark, I'm really glad you mentioned the return command, because I plan to test and see if adding a return after the traffic is shunted to the secondary VIP will somehow un-jam the gears, so to speak, and the traffic will start using the secondary VIP's UDP profile.
Updated copies of the rules below.
Any insights or theories besides the one that I postulated would be appreciated.
Thanks again,
Lucky
[root@:Active] config br syslog-pool-select-v5 syslog-tacacs-pool-select-v2 list
rule syslog-pool-select-v5 {
when CLIENT_ACCEPTED {
set addr [IP::client_addr]
switch $addr {
xxx.xxx.xxx.xxx -
xxx.xxx.xxx.xxx { virtual seim-syslog-tacacs }
}
if { [matchclass $addr starts_with $::syslog_chan1_string] }
{ pool syslog_pool_Channel_1 }
elseif { [matchclass $addr starts_with $::syslog_chan2_string] }
{ pool syslog_pool_Channel_2 }
}
}
rule syslog-tacacs-pool-select-v2 {
when CLIENT_DATA {
set paddr [findstr [UDP::payload] Address 8 ,]
log local0.info "address $paddr"
if { [matchclass $paddr starts_with $::xxxxxsubnetstring] } { set ::xxxxx 1
log local0.info "I matched the xxxxx pool, YAY!.....addr $paddr" }
else { set ::xxxxx 0
log local0.info "selected syslog channel 1" }
}
when LB_SELECTED {
set paddr [findstr [UDP::payload] Address 8 ,]
switch $::xxxxx {
1 { LB::reselect pool syslog_pool_xxxxx
log local0.info "I selected the xxxxx pool, YAY!.....addr $paddr"
}
}
}
}