Forum Discussion
Telnet_178675
Nimbostratus
NimbostratusIrule to disable ASM
i have 2 servers
i want to keep forwarding traffic to server1 & in this case ASM should be disabled
once server1 is down , i want to forward to server2 & enabel ASM checking
if server1 is online a...
nitass
Employee
Employeeonce ASM is enabled ON VS it is always enabled & never goes disabled again when serevr1 comes back online
does server1 get traffic (after coming back online)?
this is my testing and it seems working correctly.
configuration
root@(B11050-R72-S12)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 100.100.100.100:http
ip-protocol tcp
mask 255.255.255.255
policies {
asm_auto_l7_policy__bar
}
profiles {
http { }
tcp { }
websecurity { }
}
rules {
qux
}
security-log-profiles {
"Log illegal requests"
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 2
}
root@(B11050-R72-S12)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm policy asm_auto_l7_policy__bar
ltm policy asm_auto_l7_policy__bar {
controls { asm }
requires { http }
rules {
default {
actions {
1 {
asm
enable
policy /Common/bar
}
}
ordinal 1
}
}
strategy first-match
}
root@(B11050-R72-S12)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when HTTP_REQUEST {
if { [active_members foo1] > 0 } {
ASM::disable
pool foo1
} elseif { [active_members foo2] > 0 } {
ASM::enable /Common/bar
pool foo2
} else {
reject
}
log local0. "Client=[IP::client_addr]:[TCP::client_port] Host=[HTTP::host] URI=[HTTP::uri] Pool=[LB::server pool]"
}
when ASM_REQUEST_DONE {
log local0. "Client=[IP::client_addr]:[TCP::client_port] Host=[HTTP::host] URI=[HTTP::uri] Pool=[LB::server pool]"
}
}
test
[root@B11050-R72-S12:Active:Standalone] config tail -f /var/log/ltm
Dec 20 03:47:06 B11050-R72-S12 info tmm2[21668]: Rule /Common/qux : Client=100.100.100.3:37773 Host=100.100.100.100 URI=/first Pool=/Common/foo1
Dec 20 03:47:16 B11050-R72-S12 info tmm3[21668]: Rule /Common/qux : Client=100.100.100.3:37774 Host=100.100.100.100 URI=/second Pool=/Common/foo1
Dec 20 03:47:23 B11050-R72-S12 notice mcpd[7215]: 01070638:5: Pool /Common/foo1 member /Common/200.200.200.101:80 monitor status down. [ /Common/fake: down ] [ was unchecked for 0hr:2mins:50sec ]
Dec 20 03:47:23 B11050-R72-S12 err tmm10[21669]: 01010028:3: No members available for pool /Common/foo1
Dec 20 03:47:23 B11050-R72-S12 err tmm6[21669]: 01010028:3: No members available for pool /Common/foo1
Dec 20 03:47:23 B11050-R72-S12 err tmm2[21668]: 01010028:3: No members available for pool /Common/foo1
Dec 20 03:47:23 B11050-R72-S12 err tmm9[21669]: 01010028:3: No members available for pool /Common/foo1
Dec 20 03:47:23 B11050-R72-S12 err tmm4[21668]: 01010028:3: No members available for pool /Common/foo1
Dec 20 03:47:23 B11050-R72-S12 err tmm5[21668]: 01010028:3: No members available for pool /Common/foo1
Dec 20 03:47:23 B11050-R72-S12 err tmm8[21669]: 01010028:3: No members available for pool /Common/foo1
Dec 20 03:47:23 B11050-R72-S12 err tmm[21668]: 01010028:3: No members available for pool /Common/foo1
Dec 20 03:47:23 B11050-R72-S12 err tmm7[21669]: 01010028:3: No members available for pool /Common/foo1
Dec 20 03:47:23 B11050-R72-S12 err tmm3[21668]: 01010028:3: No members available for pool /Common/foo1
Dec 20 03:47:23 B11050-R72-S12 err tmm1[21668]: 01010028:3: No members available for pool /Common/foo1
Dec 20 03:47:23 B11050-R72-S12 err tmm11[21669]: 01010028:3: No members available for pool /Common/foo1
Dec 20 03:47:26 B11050-R72-S12 info tmm5[21668]: Rule /Common/qux : Client=100.100.100.3:37775 Host=100.100.100.100 URI=/third Pool=/Common/foo2
Dec 20 03:47:26 B11050-R72-S12 info tmm5[21668]: Rule /Common/qux : Client=100.100.100.3:37775 Host=100.100.100.100 URI=/third Pool=/Common/foo2
Dec 20 03:47:56 B11050-R72-S12 info tmm4[21668]: Rule /Common/qux : Client=100.100.100.3:37777 Host=100.100.100.100 URI=/fourth Pool=/Common/foo2
Dec 20 03:47:56 B11050-R72-S12 info tmm4[21668]: Rule /Common/qux : Client=100.100.100.3:37777 Host=100.100.100.100 URI=/fourth Pool=/Common/foo2
Dec 20 03:48:00 B11050-R72-S12 notice mcpd[7215]: 01070638:5: Pool /Common/foo1 member /Common/200.200.200.101:80 monitor status unchecked. [ ] [ was down for 0hr:0min:37sec ]
Dec 20 03:48:00 B11050-R72-S12 err tmm2[21668]: 01010221:3: Pool /Common/foo1 now has available members
Dec 20 03:48:00 B11050-R72-S12 err tmm[21668]: 01010221:3: Pool /Common/foo1 now has available members
Dec 20 03:48:00 B11050-R72-S12 err tmm5[21668]: 01010221:3: Pool /Common/foo1 now has available members
Dec 20 03:48:00 B11050-R72-S12 err tmm11[21669]: 01010221:3: Pool /Common/foo1 now has available members
Dec 20 03:48:00 B11050-R72-S12 err tmm3[21668]: 01010221:3: Pool /Common/foo1 now has available members
Dec 20 03:48:00 B11050-R72-S12 err tmm4[21668]: 01010221:3: Pool /Common/foo1 now has available members
Dec 20 03:48:00 B11050-R72-S12 err tmm1[21668]: 01010221:3: Pool /Common/foo1 now has available members
Dec 20 03:48:00 B11050-R72-S12 err tmm9[21669]: 01010221:3: Pool /Common/foo1 now has available members
Dec 20 03:48:00 B11050-R72-S12 err tmm6[21669]: 01010221:3: Pool /Common/foo1 now has available members
Dec 20 03:48:00 B11050-R72-S12 err tmm10[21669]: 01010221:3: Pool /Common/foo1 now has available members
Dec 20 03:48:00 B11050-R72-S12 err tmm8[21669]: 01010221:3: Pool /Common/foo1 now has available members
Dec 20 03:48:00 B11050-R72-S12 err tmm7[21669]: 01010221:3: Pool /Common/foo1 now has available members
Dec 20 03:48:05 B11050-R72-S12 info tmm7[21669]: Rule /Common/qux : Client=100.100.100.3:37778 Host=100.100.100.100 URI=/fifth Pool=/Common/foo1
Dec 20 03:48:13 B11050-R72-S12 info tmm10[21669]: Rule /Common/qux : Client=100.100.100.3:37779 Host=100.100.100.100 URI=/sixth Pool=/Common/foo1
