Forum Discussion
Telnet_178675
Nimbostratus
NimbostratusIrule to disable ASM
i have 2 servers i want to keep forwarding traffic to server1 & in this case ASM should be disabled once server1 is down , i want to forward to server2 & enabel ASM checking if server1 is online again , i should forward to it & disable ASM as it was initially Created VS , Created two pools , each with one pool member under it Below Irule is now working , once ASM is enabled ON VS it is always enabled & never goes disabled again when serevr1 comes back online
when HTTP_REQUEST { Check Pool-1 status , if Up forward to it & make sure ASM is disabled Otherwsie Forward to Pool-2 & enable ASM if { [active_members Pool-1] >= 1 } {
pool Pool-1
ASM::disable
} elseif {[active_members Pool-2] >= 1 } {
pool Pool-2
ASM::enable policy-name
}
}
6 Replies
Telnet_178675i have 2 servers i want to keep forwarding traffic to server1 & in this case ASM should be disabled once server1 is down , i want to forward to server2 & enabel ASM checking if server1 is online again , i should forward to it & disable ASM as it was initially Created VS , Created two pools , each with one pool member under it Below Irule is now working , once ASM is enabled ON VS it is always enabled & never goes disabled again when serevr1 comes back onlinewhen HTTP_REQUEST {
Check Pool-1 status , if Up forward to it & make sure ASM is disabled Otherwsie Forward to Pool-2 & enable ASMif { [active_members Pool-1] >= 1 } {
pool Pool-1 ASM::disable } elseif {[active_members Pool-2] >= 1 } { pool Pool-2 ASM::enable policy-name }}
- nitass
Employee
once ASM is enabled ON VS it is always enabled & never goes disabled again when serevr1 comes back online
does server1 get traffic (after coming back online)?
this is my testing and it seems working correctly.
configuration root@(B11050-R72-S12)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 100.100.100.100:http ip-protocol tcp mask 255.255.255.255 policies { asm_auto_l7_policy__bar } profiles { http { } tcp { } websecurity { } } rules { qux } security-log-profiles { "Log illegal requests" } source 0.0.0.0/0 source-address-translation { type automap } vs-index 2 } root@(B11050-R72-S12)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm policy asm_auto_l7_policy__bar ltm policy asm_auto_l7_policy__bar { controls { asm } requires { http } rules { default { actions { 1 { asm enable policy /Common/bar } } ordinal 1 } } strategy first-match } root@(B11050-R72-S12)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when HTTP_REQUEST { if { [active_members foo1] > 0 } { ASM::disable pool foo1 } elseif { [active_members foo2] > 0 } { ASM::enable /Common/bar pool foo2 } else { reject } log local0. "Client=[IP::client_addr]:[TCP::client_port] Host=[HTTP::host] URI=[HTTP::uri] Pool=[LB::server pool]" } when ASM_REQUEST_DONE { log local0. "Client=[IP::client_addr]:[TCP::client_port] Host=[HTTP::host] URI=[HTTP::uri] Pool=[LB::server pool]" } } test [root@B11050-R72-S12:Active:Standalone] config tail -f /var/log/ltm Dec 20 03:47:06 B11050-R72-S12 info tmm2[21668]: Rule /Common/qux : Client=100.100.100.3:37773 Host=100.100.100.100 URI=/first Pool=/Common/foo1 Dec 20 03:47:16 B11050-R72-S12 info tmm3[21668]: Rule /Common/qux : Client=100.100.100.3:37774 Host=100.100.100.100 URI=/second Pool=/Common/foo1 Dec 20 03:47:23 B11050-R72-S12 notice mcpd[7215]: 01070638:5: Pool /Common/foo1 member /Common/200.200.200.101:80 monitor status down. [ /Common/fake: down ] [ was unchecked for 0hr:2mins:50sec ] Dec 20 03:47:23 B11050-R72-S12 err tmm10[21669]: 01010028:3: No members available for pool /Common/foo1 Dec 20 03:47:23 B11050-R72-S12 err tmm6[21669]: 01010028:3: No members available for pool /Common/foo1 Dec 20 03:47:23 B11050-R72-S12 err tmm2[21668]: 01010028:3: No members available for pool /Common/foo1 Dec 20 03:47:23 B11050-R72-S12 err tmm9[21669]: 01010028:3: No members available for pool /Common/foo1 Dec 20 03:47:23 B11050-R72-S12 err tmm4[21668]: 01010028:3: No members available for pool /Common/foo1 Dec 20 03:47:23 B11050-R72-S12 err tmm5[21668]: 01010028:3: No members available for pool /Common/foo1 Dec 20 03:47:23 B11050-R72-S12 err tmm8[21669]: 01010028:3: No members available for pool /Common/foo1 Dec 20 03:47:23 B11050-R72-S12 err tmm[21668]: 01010028:3: No members available for pool /Common/foo1 Dec 20 03:47:23 B11050-R72-S12 err tmm7[21669]: 01010028:3: No members available for pool /Common/foo1 Dec 20 03:47:23 B11050-R72-S12 err tmm3[21668]: 01010028:3: No members available for pool /Common/foo1 Dec 20 03:47:23 B11050-R72-S12 err tmm1[21668]: 01010028:3: No members available for pool /Common/foo1 Dec 20 03:47:23 B11050-R72-S12 err tmm11[21669]: 01010028:3: No members available for pool /Common/foo1 Dec 20 03:47:26 B11050-R72-S12 info tmm5[21668]: Rule /Common/qux : Client=100.100.100.3:37775 Host=100.100.100.100 URI=/third Pool=/Common/foo2 Dec 20 03:47:26 B11050-R72-S12 info tmm5[21668]: Rule /Common/qux : Client=100.100.100.3:37775 Host=100.100.100.100 URI=/third Pool=/Common/foo2 Dec 20 03:47:56 B11050-R72-S12 info tmm4[21668]: Rule /Common/qux : Client=100.100.100.3:37777 Host=100.100.100.100 URI=/fourth Pool=/Common/foo2 Dec 20 03:47:56 B11050-R72-S12 info tmm4[21668]: Rule /Common/qux : Client=100.100.100.3:37777 Host=100.100.100.100 URI=/fourth Pool=/Common/foo2 Dec 20 03:48:00 B11050-R72-S12 notice mcpd[7215]: 01070638:5: Pool /Common/foo1 member /Common/200.200.200.101:80 monitor status unchecked. [ ] [ was down for 0hr:0min:37sec ] Dec 20 03:48:00 B11050-R72-S12 err tmm2[21668]: 01010221:3: Pool /Common/foo1 now has available members Dec 20 03:48:00 B11050-R72-S12 err tmm[21668]: 01010221:3: Pool /Common/foo1 now has available members Dec 20 03:48:00 B11050-R72-S12 err tmm5[21668]: 01010221:3: Pool /Common/foo1 now has available members Dec 20 03:48:00 B11050-R72-S12 err tmm11[21669]: 01010221:3: Pool /Common/foo1 now has available members Dec 20 03:48:00 B11050-R72-S12 err tmm3[21668]: 01010221:3: Pool /Common/foo1 now has available members Dec 20 03:48:00 B11050-R72-S12 err tmm4[21668]: 01010221:3: Pool /Common/foo1 now has available members Dec 20 03:48:00 B11050-R72-S12 err tmm1[21668]: 01010221:3: Pool /Common/foo1 now has available members Dec 20 03:48:00 B11050-R72-S12 err tmm9[21669]: 01010221:3: Pool /Common/foo1 now has available members Dec 20 03:48:00 B11050-R72-S12 err tmm6[21669]: 01010221:3: Pool /Common/foo1 now has available members Dec 20 03:48:00 B11050-R72-S12 err tmm10[21669]: 01010221:3: Pool /Common/foo1 now has available members Dec 20 03:48:00 B11050-R72-S12 err tmm8[21669]: 01010221:3: Pool /Common/foo1 now has available members Dec 20 03:48:00 B11050-R72-S12 err tmm7[21669]: 01010221:3: Pool /Common/foo1 now has available members Dec 20 03:48:05 B11050-R72-S12 info tmm7[21669]: Rule /Common/qux : Client=100.100.100.3:37778 Host=100.100.100.100 URI=/fifth Pool=/Common/foo1 Dec 20 03:48:13 B11050-R72-S12 info tmm10[21669]: Rule /Common/qux : Client=100.100.100.3:37779 Host=100.100.100.100 URI=/sixth Pool=/Common/foo1 - Telnet_178675
What version have you tested with
- nitassSys::Version Main Package Product BIG-IP Version 11.5.1 Build 6.0.159 Edition Hotfix HF6 Date Wed Nov 26 15:08:40 PST 2014
- Telnet_178675
Mine is 11.3 sothat i'm using "ASM::enable" without policy name is it a must that i upgrade to 11.5 ?
- nitassi do not think it is a good idea to upgrade without knowing a root cause (upgrade will not help if the problem is not caused by version). have you tried to add irule logging command to see if traffic matches the if-condition correctly?
