Forum Discussion
dehinde_21599
Feb 17, 2011Nimbostratus
Here is the irule (OAM_MUX):
when CLIENT_ACCEPTED {
log "Client access from [IP::client_addr]"
TCP::collect 300
}
when CLIENT_DATA {
log "OAM request received [TCP::payload 300]"
if { [TCP::payload 300] contains "testService.mycompany.com" } {
log "OAM request contains testService. mycompany.com - using oam_test_pool"
pool OAM_TEST_POOL
} elseif {
[TCP::payload 300] contains "prodService. mycompany.com " } {
log "OAM request contains prodService. mycompany.com - using oam_prod_pool"
pool OAM_PROD_POOL
}
TCP::release
}
Here is a sample TCP stream:
Ngrep port 6021
T 192.168.17.14:42506 -> 172.29.48.102:6021 [AP]
.......L..ro=t%3d0%20o%3d%20no%3d%20r%3d%20nr%3d%20wu%3d/kpi/%20wh%3dprodService.mycompany.com%20wo%3d1%20wa%3d0%20ws%3d st=ma%3d2%20mi%3d2%20sg%3d0%20sm%3d version=3 pd=
T 172.29.48.102:6021 -> 192.168.17.14:42506 [AP]
.......L..ro=t%3d0%20o%3d%20no%3d%20r%3d%20nr%3d%20wu%3d/kpi/%20wh%3dprodService.mycompany.com %20wo%3d1%20wa%3d10%20ws%3d20100518T16372370920 ri=SDID%3d20144909T11535290825%20WRORID%3d%20AUTHENTSCHEMEID%3d20200558T16f72370920 st=ma%3d
4%20mi%3d2%20sg%3d1750%20sm%3d rt=1
T 192.168.17.14:42506 -> 172.29.48.102:6021 [AP]
..."...M..ri=SDID%3d20100909T11235990825%20WRORID%3d%20AUTHENTSCHEMEID%3d20100518T16372370920%20AGID%3dtest au=ACL%3d1%20AuthId%3dDn%253duid%25253dUSERNAME,ou%25253dmycompany,dc%25253dusers,dc%25253dmycompany,dc%25253dcom%20Ip%3d%20SS
T%3d0%20SRT%3d0%20MIST%3d3600%20LIST%3d0%20SessionToken%3dRXOQzXzzEnhXuR0IiW57Ri7LSEJuYvp0b7taow5WuxdLlvdfyf3zTvDQLytjn4Avpi43+EHXpJvrSrM5dw5/6E2auO4oMFTgUGkpMQsRK2OvWZIrCF6SCaw+l66aJy6SU+3/xxERjIXFLp5HdpyNjcl7DMf5gac2Js7S3gk6UMNyBj
/kjYuG8vXC85b5bWP1O2YE+7EYRFqwSdyL+TwYCisqfDuCbUMtsbHZ+SOB4BO+T6jEUOS4G1q0CuVRfDEcrCeerfM+4LCwhZmM/Tb80g%253d%253d ro=t%3d0%20o%3d%20no%3d%20r%3d%20nr%3d%20wu%3d/kpi-0.4c/%20wh%prodService.mycompany.com%20wo%3d1%20wa%3d10%20ws%3d20100518
T16372370920 rc=rl%3dsc%253d7%2520mi%253d35%2520hr%253d17%2520dy%253d17%2520mn%253d1%2520yr%253d111%2520wd%253d4%2520yd%253d47%20ru%3d1297964107%20rr%3d//prodService.mycompany.com/kpi/%20ro%3dGET%20rc%3dtest%20rt%3dhttp%20al%3d
0 ai= aa=ey%3d4%20ci%3dtest%20go%3dZ%20ts%3d7%20tm%3d35%20th%3d17%20td%3d17%20to%3d1%20ty%3d111%20tw%3d4%20tx%3d47%20ti%3d0
T 172.29.48.102:6021 -> 192.168.17.14:42506 [AP]
...Y...M..pa=APP_NAME%3dKPI%20HTTP_OBLIX_UID%3dUSERNAME%20APP_USER%3dUSERNAME au=ACL%3d1%20AuthId%3dDn%253duid%25253dUSERNAME,ou%25253dmycompany,dc%25253dusers,dc%25253dmycompany,dc%25253dorg%20Ip%3d%20SST%3d1297964107%20SRT%3d1297964107%20MIS
T%3d3600%20LIST%3d0%20SessionToken%3dRXOQzXzzEnhXuR0IiW57Ri7LSEJuYvp0b7taow4Wuxdnlvdfyf3zTvDQLytjn4Avpi43+EHXpJvrSrM5dw5/6E2auO4oMFTgUGkpMQsRK2OvWZIrCF6SCaw+l66aJy6SU+3/xxERjIXFLp5HdpyNjcl7DMf5gac2Js7S3gk6UMNyBj/kjYuG8vXC85b5bWP1O2Y
E+7EYRFqwSdyL+TwYCisqfDuCbUMtsbHZ+SOB4BO+T6jEUOS4G1q0CuVRfDEcrCeerfM+4LCwhZmM/Tb80g%253d%253d st=ma%3d8%20mi%3d2%20sg%3d1750%20sm%3d rt=1
AND here is a sample of my bigIP conf:
monitor OAM_monitors {
defaults from tcp
interval 30
up interval 300
time until up 91
dest *:6021
}
aaa oam server OAMTEST01_AAA {
accessgate name oamname
access server hostname "oam01.my-company.com"
access server name AS01
accessgate password crypt "***********"
access server retry count 1
}
sso config test_oam01_sso {
external access mgmt oam
aaa oam server OAMTEST01_AAA
}
profile access mycompany-oam-access {
access policy name mycompany-oam-access
sso config test_oam01_sso
domain cookie ".mycompany.com"
secure cookie disable
default language "en"
logout uri timeout 5
}
pool OAM_PROD_POOL {
monitor all OAM_monitors
members {
172.29.48.123:6021 {}
172.29.48.124:6021 {}
}
}
pool OAM_TEST_POOL {
monitor all OAM_monitors
members 172.29.32.102:6021 {}
}
rule oam_mux_request {
when CLIENT_ACCEPTED {
log "Client access from [IP::client_addr]"
TCP::collect 300
}
when CLIENT_DATA {
log "OAM request received [TCP::payload 300]"
if { [TCP::payload 300] contains "swstest.mycompany.com" } {
log "OAM request contains swstest.mycompany.com - using oam_test_pool"
pool OAM_TEST_POOL
}
TCP::release
}
}
virtual mycomp_oam_vs {
snat automap
fallback persist source_addr
destination xxx.xxx.xxx.101:https
ip protocol tcp
rules mycomp_oam_vs_https_checkaccess
persist mycompany_cookie
profiles {
client_https_mycompany_org_profile {
clientside
}
mycompany-oam-access {}
eam {}
https_mycompany_org_profile {
serverside
}
tcp {}
weblogic {}
websso {}
}
}
virtual oam_test_vs {
snat automap
pool OAM_TEST_POOL
rules oam_mux_request
destination 192.168.17.13:26021
ip protocol tcp
}
I BELIEVE THAT THE RULE DOES NOT WORK BECAUSE THE TCP CONNECTION TO THE OAM VIRTUAL SERVER IS KEPT OPEN ALL THE TIME AND IS NEVER CLOSED PER TRANSACTION OR ACCESS