Forum Discussion

adam88_359238's avatar
adam88_359238
Icon for Altostratus rankAltostratus
Apr 11, 2019

iRule to Redirect to Another VS on the same LTM

Hi guys - I'm trying to get the following scenario working:

  1. My domain "; maps to a public IP "1.1.1.1" and I have a virtual server configured on my F5 with "1.1.1.1:443"
  2. I have two unrelated applications with competing requirements running on different URIs on the same domain , one is a HR application (/abc) and the other is a inventory application (/def)
  3. I need to create a design which accomodates both applications with a single domain name, and find a way to accomodate both their conflicting requirements under the same domain name

To solve this problem, I thought that I should do something like this, on the main virtual server 1.1.1.1:443, I put in an iRule with the following code:

 

when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] starts_with "/abc" } {
        virtual VS2
    } else if { [string tolower [HTTP::uri]] starts_with "/def" } {
        virtual VS3
    } else {
        HTTP::respond 200 content "Unrecognised URI, please recheck your address"
    }
}

 

This would redirect incoming requests with "/abc" in the URI string to VS2 and incoming requests with "/def" in the URI string to VS3. Then I could create customised solutions for both applications in their respective virtual servers.

 

So drawing this flow out, I think this is how it would look:

 

 

But what I don't understand is how the Return Traffic and the Persistence Profiles work in this scenario.

 

How do I make sure that the traffic flows this way:

 

  • User to Server: User > VS1 > VS2 > Pool 2 (Server)
  • Server to User: Pool 2 (Server) > VS2 > VS1 > User

Do I do SNAT Auto Map on both VS1 and VS2 or do I just do SNAT Auto Map on VS2 with Auto Last Hop enabled?

 

And on the question of persistence, if I intend to use source_addr persistence - I would definitely not be able to do a SNAT Auto Map on VS1, how do I then ensure that when the server responds, VS2 sends the traffic back to the user via VS1?

 

  • Hello Adam,

     

    Have you instead looked into HTTP::redirect?

     

    This would change your flow so that the client sends a separate HTTP request to vs1 and vs2, making a separate connection to your other virtual servers. It might simplify your configuration a little more. That way you could do source_addr persistence, etc.

     

    Best of luck,

     

    Austin

     

    • adam88's avatar
      adam88
      Icon for Cirrus rankCirrus

      Unfortunately HTTP:redirect is not an option because in order to switch traffic to the other virtual server, I will either have to:

      1. Redirect the user to a different sub-domain that resolves to the IP address of the other virtual server (eg. https://vs2.example.com)
      2. Redirect the user to the same sub-domain but add a custom port at the back of the hostname (https://www.example.com:5000/abc)

      Both these options are unacceptable as the requirement is that the whole thing is transparent to the users and that the user's browser address bar only shows either https://www.example.com/abc or https://www.example.com/def.

  • Gotcha. I think this is what you want:

     

    1. SNAT Auto on both VS1 and VS2 to ensure traffic flow

       

    2. For source address persistence, use an xff rule on vs1 to pass original IP to vs2.

       

    3. Use a custom universal persistence profile based on the source ip on vs2. (Similar to what this config looks like )