Forum Discussion

ChrisS_DevOps_2's avatar
ChrisS_DevOps_2
Icon for Nimbostratus rankNimbostratus
Jun 05, 2015

Irule to select a pool member that's not the same as the requesting client's ip

We have pool members that will make http requests to vips with pools the requester could itself be a member of

 

I need a quick irule to make sure that if a server's http request cannot be routed back onto itself.

 

application delivery
devops
iRules
LTM
management
sap

3 Replies

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Jun 05, 2015
    how will you tie the sessions together? Is there something in the original request that would be evident in the request initiated by the server?
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Jun 05, 2015

    if you just want a client can't be server rule, that shouldn't be too challenging:

    when LB_SELECTED {
  if { [IP::client_addr] == [IP::server_addr] }
    LB::detach
    LB::reselect
  }
}

    You might want to add an escape after X number of attempts to prevent a loop in the event the same member keeps getting selected.

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 11, 2015

    this is mine. i disabled cmp because i wanted to test with one tmm.

     configuration

[root@ve11c:Active:In Sync] config  tmsh list ltm virtual bar
ltm virtual bar {
    cmp-enabled no
    destination 200.200.200.10:80
    mask 255.255.255.255
    pool foo
    profiles {
        fastL4 { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 9
}
[root@ve11c:Active:In Sync] config  tmsh list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
        200.200.200.102:80 {
            address 200.200.200.102
        }
        200.200.200.111:80 {
            address 200.200.200.111
        }
    }
}
[root@ve11c:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  log local0. "client: [IP::client_addr]:[TCP::client_port] server:"
}
when LB_SELECTED {
  log local0. "client: [IP::client_addr]:[TCP::client_port] server: [LB::server addr]:[LB::server port]"
  if { [IP::client_addr] == [LB::server addr] } {
    log local0. "client: [IP::client_addr]:[TCP::client_port] LB::reselect"
    LB::reselect
  }
}
when SERVER_CONNECTED {
  log local0. "client: [IP::client_addr]:[TCP::client_port] server: [LB::server addr]:[LB::server port]"
}
}

 /var/log/ltm

[root@ve11c:Active:In Sync] config  tail -f /var/log/ltm
Jun 11 19:41:37 ve11c info tmm[10748]: Rule /Common/qux : client: 200.200.200.101:44464 server:
Jun 11 19:41:37 ve11c info tmm[10748]: Rule /Common/qux : client: 200.200.200.101:44464 server: 200.200.200.102:80
Jun 11 19:41:37 ve11c info tmm[10748]: Rule /Common/qux : client: 200.200.200.101:44464 server: 200.200.200.102:80

Jun 11 19:41:43 ve11c info tmm[10748]: Rule /Common/qux : client: 200.200.200.101:44465 server:
Jun 11 19:41:43 ve11c info tmm[10748]: Rule /Common/qux : client: 200.200.200.101:44465 server: 200.200.200.101:80
Jun 11 19:41:43 ve11c info tmm[10748]: Rule /Common/qux : client: 200.200.200.101:44465 LB::reselect
Jun 11 19:41:43 ve11c info tmm[10748]: Rule /Common/qux : client: 200.200.200.101:44465 server: 200.200.200.111:80
Jun 11 19:41:43 ve11c info tmm[10748]: Rule /Common/qux : client: 200.200.200.101:44465 server: 200.200.200.111:80

Jun 11 19:41:49 ve11c info tmm[10748]: Rule /Common/qux : client: 200.200.200.101:44466 server:
Jun 11 19:41:49 ve11c info tmm[10748]: Rule /Common/qux : client: 200.200.200.101:44466 server: 200.200.200.102:80
Jun 11 19:41:49 ve11c info tmm[10748]: Rule /Common/qux : client: 200.200.200.101:44466 server: 200.200.200.102:80