For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

abailey_1418's avatar
abailey_1418
Icon for Nimbostratus rankNimbostratus
Oct 01, 2010

iRules Disable CMP for Virtual

I know IRules and CMP compatibility is a well-documented subject, but even after a lot of reading and input from tech support, I'm stuck on a couple of things. Maybe someone has some quick answers. ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 19, 2010
Here is a quick test without any iRules and CMP enabled on 10.2.0:

 

 

[root@b3900:Active] config b virtual b39_http_vs cmp show

 

VIRTUAL b39_http_vs - CMP: enable

 

 

[root@b3900:Active] config b virtual b39_http_vs cmp mode show

 

VIRTUAL b39_http_vs - CMP mode: all

 

 

And here is the output after adding an iRule which references a global variable:

 

 

[root@b3900:Active] config b virtual b39_http_vs cmp show

 

VIRTUAL b39_http_vs - CMP: enable

 

 

[root@b3900:Active] config b virtual b39_http_vs cmp mode show

 

VIRTUAL b39_http_vs - CMP mode: single

 

 

So you should be able to use 'b virtual vs_name cmp mode show' to check whether CMP can be used for the VS. If you're not seeing this on 9.4.7, I'd guess it's due to a bug. A simple way to test whether the iRule is executing on multiple TMM instances is to add a log statement to RULE_INIT. If you see it being run by more than one TMM, then you know it's using CMP.

 

 

If you've added functionality that isn't CMP compatible, but isn't triggering an automatic demotion, you could manually disable CMP or update the iRule/VS config to not use the CMP incompatible functions. For details on this, you can check this wiki page:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/CMPCompatibility.html

 

 

Aaron