iRule to Hunt on SIP 503 Response

Question

Hello,&nbsp;
&nbsp;In the telephony world, if an SBC receives a SIP 503 from one telco provider, it can hunt to the next one.&nbsp;
&nbsp;I have two servers in a pool that is associated with a virtual server with a SIP profile.  Normally, if one of the servers responds with a SIP 503 error, it forwards that back to the caller.&nbsp;
&nbsp;I would like to set it up so that, if one server in the pool responds with a 503 error, the LTM goes on to try the other server in the pool.&nbsp;
&nbsp;F5 support didn't have any answer on this, but they thought it might be able to be done with an iRule and suggested DevCentral.&nbsp;
&nbsp;Thx,&nbsp;
&nbsp;Paul   &nbsp;

chris_miller · Answer

While we could probably do something with an iRule, why not just create a SIP health monitor that considers the pool member down if it returns a 503 and set your Pool's "Action on Service Down" to reselect? Or were you looking for something else? 
&nbsp;  
&nbsp; I can see some options from SIP::response to look for the code but am not entirely sure how to trigger LB::reselect from there...

pgermain_71805 · Answer

Apparently, the SIP monitor keepalive uses the OPTIONS method, which doesn't always return a 503 in the same cases where a call from an external caller would.  If  that could be customized we would be in business.

chris_miller · Answer

How about an Inband monitor?

hooleylist · Answer

I think an inband monitor will only detect connection failures (or with an HTTP profile no response failures): 
&nbsp;  
&nbsp;  
&nbsp; Manual Chapter: Health and Performance Monitors 
&nbsp;  
&nbsp; http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_1/ltm_appendixa_monitor_types.html?sr=138265381192393 
&nbsp;  
&nbsp; With an Inband type of monitor, the BIG-IP system performs passive monitoring as part of client requests. Replacing the need to write an iRule to perform passive monitoring, an Inband monitor works with either a Standard or a Performance (Layer 4) type of virtual server. 
&nbsp; When you configure an Inband type of monitor, the monitor, when acting as a client, attempts to connect to a pool member and behaves as follows: 
&nbsp;  
&nbsp; If the pool member does not respond to a connection request after a user-specified number of tries within a user-specified time period, the monitor marks the pool member as down. 
&nbsp;  
&nbsp; After the monitor has marked the pool member as down, and after a user-specified amount of time has passed, the monitor tries again to connect to the pool member (if so configured). 
&nbsp;  
&nbsp; ... 
&nbsp;  
&nbsp; Standard with no HTTP profile 
&nbsp;  
&nbsp; If you configure an Inband monitor and associate it with a Standard type of virtual server that does not reference an HTTP type of profile, a passive failure occurs when a connection is established with the pool member, or the pool member is responding to requests (or both), and the maximum retransmit times specified in the TCP profile are exceeded. 
&nbsp;  
&nbsp; After a pool member has been marked down by the Inband monitor for the number of seconds specified in the Retry Time setting (if the value is non-zero), the pool member becomes eligible to receive a request. If the client is able to successfully establish a connection with the pool member, the pool member is marked up when the connection is completed.  
&nbsp;  
&nbsp;  
&nbsp; How about using Chris' idea of checking the response status in SIP_RESPONSE, calling LB::down and then having the pool action on service down set to reselect?   
&nbsp;  
&nbsp; Else, you could try using a external monitor to send the exact SIP request you'd need to to trigger a failure like the client would receive.  This wouldn't reselect on a client request getting a 503, but would take the pool member out of load balancing if the member was giving 503's for all clients. 
&nbsp;  
&nbsp; Here's a template you could try for an external monitor: 
&nbsp; http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/TemplateForExternalLtmMonitors.html 
&nbsp;  
&nbsp; Aaron

james_thomson · Answer

I'm just starting to work on a project to accomplish this same thing. 
&nbsp;In our scenario, the 403 or 404 error doesn't mean that the server is down, it just means that the server does not own that session.&nbsp;
&nbsp;Imagine I have 10 sip servers behind a vip. I start a session and set up a chat session with chat id 1234. Our software assigns that chat session to server 4.  BIG-IP didn't see this request, it was done on that backend.&nbsp;
&nbsp;I tell someone to come chat with me at the vip IP and chat id 1234.
&nbsp;The BIG-IP then sends this request for chat session 1234 to server 1, server 1 doesn't have it so it responds with 404.  
&nbsp;I need to get the BIG-IP to see the 404, then send the sip request to server 2, then 3, etc.. on down the line until it gets a valid response and pass that response on to the client.&nbsp;
&nbsp;Essentially, SIP::retry.
&nbsp;This earlier message had the same problem with no resolution:
&nbsp;http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/1171557/showtab/groupforums/Default.aspx&nbsp;

Forum Discussion

iRule to Hunt on SIP 503 Response

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Http response irule for server address with TLSv1.2

Decode SAML Response from IDP Server

Return ASM Violation in Response

Devcentral email response adds the entire signature to the response!

SSL Orchestrator Response Inspection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS