Forum Discussion
AltocumulusLooking for best practices on creating iRules for pool members redirection
Hi,
I am new to F5 BIG-IP LTM and creating iRules. I came from the Citrix Netscaler world. Creating redirect policies seemed to be a lot easier on the Netscaler when using their content switching feature. With F5, you don't have the logical virtual servers for each pool members, it is all tied to one VIP using iRules. I haven't found an article that really references some best practices on how many number of lines or policies you can have in a single iRule.
My goal is to have a single VIP and use either 1 or multiple iRules to redirect different HTTP requests based on the host header information to different back end pool members. I don't plan on having hundreds of if statements for pool member redirection but I am wondering what limitations might be.
Here is a real basic example of what I am looking to achieve below on using the iRules to perform content switching. For every new app, I will append the HTTP_REQUEST with an if statement condition. Is there a better way to shorten what I have below? I wanted to use HTTP::uri so I can take advantage of the caching but could not get it to work using it. Will it still cache the request using HTTP::host? I know in the HTTP caching profile it referenced uri, that's why I am wondering if the host value will not be cacheable.
when HTTP_REQUEST {
if { [HTTP::host] equals "remotedesktop.host.com" } { pool remotedesktop-pool-443 persist source_add }
if { [HTTP::host] contains "blue" } { SSL::disable serverside pool blue-pool-9041}
if { [HTTP::host] contains "red" } { SSL::disable serverside pool red-pool-9051 }
if { [HTTP::host] contains "orange" } { SSL::disable serverside pool orange-pool-9081 }
if { [HTTP::host] contains "yellow" } { SSL::disable serverside pool yellow-pool-8080 }
if { [HTTP::host] contains "green" } { SSL::disable serverside pool green-pool-9051
} }
5 Replies
Yes, using the switch command is much more efficient. You might also look at the http class profile which allows you to assign pools based on uris without an irule.
https://devcentral.f5.com/wiki/iRules.switch.ashx
JG_249184Thanks for the reply. Is there way you can add ssl::disabled serverside and contains using the switch command? I like the way I had it before, it allowed me specify everything under one statement for each the specific pools (e.g.. ssl disabled was under each if statement & the word contains). I need to be able to disable SSL serverside to the backend without globally shutting this off at the profile level. Can you take my example before and convert it to the switch commands and show me how this will look?- Yeah, the switch command can use pattern matching. Even some of the examples at the link I posted do this: "/uri/for/pool2/*" { log local0. "Matched pool 2 paths for [HTTP::uri]" pool pool2 }
- JG_249184Thank you. I've just tested out using traffic policy in version 11.6. I've created generic1-vip-443_policy and nested all of my rules which pertain to each separate application. I wanted to make sure going forward, that I can keep adding separate rules to this policy for different applications to be forwarded to different backend pools and if it make sense to create multiple policies for common applications. If it's going to check a top down order and it doesn't matter, then I'll just use generic1 for all of my forwarding decisions. Is the new traffic-policy the preferred method over iRules based on performance or just ease of use without writing complex iRules? Thanks again for your help.
