Forum Discussion
Nov 17, 2010
matchclass, uri routing, and cookie persist & snat irule
Hey guys and gals, it's been a bit, I hope all is well.
Please review the below scenerio and let me know if i'm missing something, or if you would do anything differently..
I worked up the below iRule, I'd like to route traffic to one specific pool based on a class of uris, if no match, I'd like to route to another pool and use cookie persist... Simple enough.
The Virtual Server is terminating SSL and re-encrypting it.. using an client and server SSL profile..
In addition the VS is already using a snat iRule.. My thought is to juse use it first..Should I combine the snat iRule, or just keep it and use the below one after the snat iRule?
I should note, the box is running 10x on the 8900 platform.
Thanks!
iRule
when HTTP_REQUEST {
set uri [string tolower [HTTP::uri]]
log local0.notice "Incoming Request uri: $uri"
if { [matchclass [HTTP::uri] starts_with $::myclass] } {
log local0.notice "Directing to secure_pool"
pool match_pool
} else {
log local0.notice "Directing to server_pool"
pool server_pool
persist cookie
}
classclass myclass {
/myfirsturi
/myseconduri
/etcetcetc
}
[/
- Brian_Mayer_841NimbostratusHey guys - I have a similar question and am preparing to write an iRule that routes to particular pools based on the URI, however, in addition, we'll need to persist the session to an existing pool member if the cookie exists for the pool specified in the URI. If none of the URI paths matched we could just send them to a default pool, applying one of the session ID cookies if present too.
- Brian_Mayer_841NimbostratusSo I took a first stab at this.. how does this look to you guys? I opted for now class match for now... please provide your input!
- Brian_Mayer_841NimbostratusSo some other thoughts I had on the above:
- Brian_Mayer_841NimbostratusOkay, so in thinking about this, it seems that the JSESSIONID check in the outbound HTTP_RESPONSE are required so that the F5 knows to put an entry into its session table, indicating the outbound JSESSIONID as a persistence entry, thus ensuring that when it comes back in future HTTP GET requests from the client, the LTM knows to which pool member the request(s) should be sent.
- hooleylistCirrostratusHi Brian,
when HTTP_REQUEST { switch -glob [HTTP::path] { "/unica*" { set cookie_name "UMPSESSIONID" pool Unica_Platform_Test } "/plan*" { set cookie_name "PLANJSESSIONID" pool Unica_Plan_Test } "/campaign" { set cookie_name "CAMPAIGNSESSIONID" pool Unica_Campaign_Test } "/dashboard* { set cookie_name "JSESSIONID" pool Unica_Campaign_Test } default { set cookie_name "UMPSESSIONID" pool Unica_Platform_Test } } if {[HTTP::cookie $cookie_name] ne ""}{ persist uie [string tolower [HTTP::cookie $cookie_name]] 3600 } } when HTTP_RESPONSE { if {[HTTP::cookie $cookie_name] ne ""}{ persist add uie [string tolower [HTTP::cookie $cookie_name]] 3600 } }
- Brian_Mayer_841NimbostratusHere's my latest crack at it.. this is getting ugly! Any help is much appreciated.
- Brian_Mayer_841NimbostratusThanks much! I will poke around with this and see how it goes... any input on my question above about OneConnect?
- Brian_Mayer_841NimbostratusHey Aaron - I just read your note on OneConnect above. I will definitely give the profilei a go. And I have a few more questions to help clear up my thought process. I really appreciate all of your info!
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects