Forum Discussion
NimbostratusLoad Balance Friendly URL to two unfriendly URL's
Hey Everyone,
Still being new to the F5 (It was pretty much thrown in my lap) some basic configuration items still go over my head.
I was wondering if it would be possible to create an iRule to load balance 1 friendly URL between 2 pool members.
Basically what I'm trying to accomplish is sending traffic to http://myfriendlyurl.com to be load balanced between two unfriendly URL's that are in the same pool on different pool members such as http://myunfriendlyurl1.com and http://myunfriendlyurl2.com.
I understand that I can redirect to a specific pool when the HTTP request for http://myfriendlyurl.com is sent, but how would I accomplish load balancing to the two specific unfriendly URL's on the seperate servers?
Thanks for the help!
12 Replies
Max_Q_factorCirrocumulus
I think this might be useful:
Manual Chapter: Configuring the BIG-IP System as a Reverse Proxy Server- nitass
Employee
e.g.
configuration [root@ve11c:Active:In Sync] config tmsh list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 12 } [root@ve11c:Active:In Sync] config tmsh list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } 200.200.200.111:80 { address 200.200.200.111 } } } [root@ve11c:Active:In Sync] config tmsh list ltm data-group internal node2name ltm data-group internal node2name { records { 200.200.200.101 { data myunfriendlyurl1.com } 200.200.200.111 { data myunfriendlyurl2.com } } type string } [root@ve11c:Active:In Sync] config tmsh list ltm rule qux ltm rule qux { when HTTP_REQUEST_SEND { if { [class match -- [LB::server addr] equals node2name] } { clientside { HTTP::header replace Host [class match -value [LB::server addr] equals node2name] } } } } 1st trace [root@ve11c:Active:In Sync] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.24.1(52504) <-> 172.28.24.10(80) 1426159661.7394 (0.0008) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: myfriendlyurl.com --------------------------------------------------------------- New TCP connection 2: 200.200.200.14(52504) <-> 200.200.200.111(80) 1426159661.7433 (0.0037) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: myunfriendlyurl2.com --------------------------------------------------------------- 2nd trace [root@ve11c:Active:In Sync] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.24.1(52506) <-> 172.28.24.10(80) 1426159691.3216 (0.0017) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: myfriendlyurl.com --------------------------------------------------------------- New TCP connection 2: 200.200.200.14(52506) <-> 200.200.200.101(80) 1426159691.3496 (0.0279) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: myunfriendlyurl1.com ---------------------------------------------------------------please be noted that this irule does rewrite host header in request only. it does nothing on response.
- nitass
I am still having trouble with getting the friendlyurl to connect properly and from what I can tell my configuration is correct:
host header does not include uri (e.g. /iam/im/TBCQAIME/ui7/index.jsp). it should be something like myunfriendlyurl1.com:8080 or myunfriendlyurl2.com:8080.
if you want to change uri, use HTTP::uri command.
natewood70Hi nitass - where exactly do I implement the HTTP:uri command? I tried putting it in the iRule but the device rejected it.
- nitass
where exactly do I implement the HTTP:uri command?
e.g.
config root@(ve11b)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm data-group internal QATEST ltm data-group internal QATEST { records { 200.200.200.101 { data myunfriendlyurl1.com:8080 } 200.200.200.111 { data myunfriendlyurl2.com:8080 } } type string } root@(ve11b)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::uri "/iam/im/TBCQAIME/ui7/index.jsp" } } when HTTP_REQUEST_SEND { if { [class match -- [LB::server addr] equals QATEST] } { clientside { HTTP::header replace Host [class match -value [LB::server addr] equals QATEST] } } } } trace [root@ve11b:Active:In Sync] config ssldump -Aed -nni 0.0 port 80 or port 8080 New TCP connection 1: 172.28.24.1(53952) <-> 172.28.24.10(80) 1427117900.1645 (0.0014) C>S --------------------------------------------------------------- GET / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: myfriendlyurl.com --------------------------------------------------------------- New TCP connection 2: 200.200.200.14(53952) <-> 200.200.200.111(8080) 1427117900.1663 (0.0017) C>S --------------------------------------------------------------- GET /iam/im/TBCQAIME/ui7/index.jsp HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: myunfriendlyurl2.com:8080 --------------------------------------------------------------- - natewood70
Hi Nitass:
Thanks again for your input but I still cannot get a connection established to the two seperate servers when navigating to the VIP via DNS name.
Is there anything else I can provide to you for assistance, or do you suggest I open a case with F5?
Thanks,
Nate
StephanMantheyNacreous
Hi Nate,
not sure, if I got your question right.
First of all we need to clarify terms and requirements.
A pool is a resource behind a virtual server. The virtual server accepts traffic from the client and applies destination address translation and forwards the incoming traffic to the real servers.
If required, the host header and the request path and query (uri) can be modified.
Is it this, what you try to accomplish?
Are your real servers directly accessible for your clients?
Alternatively the question can be understood as an attempt to redirect traffic to other hosts. With a redirect you send a message to the client containing a URL (protocol, host and uri).
Based on the redirect the client can establish a direct connection to the target. The clients request will no contain the real servers hostname and the uri. These requests may bypass the load balancer.
If this one meets your requirements you can check this thread and just replace the ratio settings.
Thanks, Stephan- natewood70
Hi Stephan,
Thanks for chiming in. To clarify what I am trying to accomplish please see the below explanation:
We have an internal DNS entry that points to the VIP. Behind this VIP we host two servers in the pool. What I'm trying to accomplish is to balance the traffic that goes to the VIP between two specific URI's.
So, when a person enters into their browser http://myfriendlyurl.tbccorp.com they will be sent to either of the two following URI's depending on the current load balance state (setup for least connection):
1) http://unfriendly1.tbccorp.com:8080/iam/im/TBCQAIME/ui7/index.jsp
2) http://unfriendly2.tbccorp.com:8080/iam/im/TBCQAIME/ui7/index.jsp
I currently have a rule in place to change the URL to just one of the servers in the pool and that works just fine, but I would like to load balance between the two servers.
Thanks again for your help.
- nitass
I still cannot get a connection established to the two seperate servers when navigating to the VIP via DNS name.
have you checked tcpdump? what did you get?
do you suggest I open a case with F5?
i understand they do breakfix only but you can try.
- Henrik_Gyllkran
Hi Nate,
A couple of things to make note of. First is that nitass had the right idea, but I would make a slight modification of his iRule:
when HTTP_REQUEST { if { ([HTTP::uri] equals "/") || ([HTTP::uri] equals "") } { HTTP::uri "/iam/im/TBCQAIME/ui7/index.jsp" } } when HTTP_REQUEST_SEND { if { [class match -- [LB::server addr] equals QATEST] } { clientside { HTTP::header replace Host [class match -value [LB::server addr] equals QATEST] } } }People tend to be lazy and skip that trailing slash, so this iRule catches that as well.
The second thing that I noted was that the Data Group that you displayed earlier will cause some issues. If you look at the values in nitass' Data Group, the Value contains only the Host part of the URL, whereas in your config it contained the entire URL. I don't know if you've already changed this, but the Value should be the Host only.
