For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

N_67263's avatar
N_67263
Icon for Nimbostratus rankNimbostratus
Aug 27, 2017

Node autoselection using DNS

Team, We are working on some designs which will help us choose a node directly of an F5 VIP once the VIP is hit.   e.g. externally a user will hit our F5 using URL "; the F5 needs to procees this ...
application delivery
BIG-IP
iRules
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Aug 28, 2017

Hi N,

you should add some additional error handlings to your iRule in the case the browser doesn't send a HOST-Header value or in the case the DNS Server can't resolve the provided HOST-Name.

when HTTP_REQUEST { 
    if { [HTTP::host] ne "" } then {
        set ips [lindex [RESOLV::lookup -a [getfield [HTTP::host] ":" 1]] 0]
        log local0.debug "Debug: Resolved address for \"[getfield [HTTP::host] ":" 1]\" = \"$ips\"" 
        if { $ips ne "" } then {
            node $ips [TCP::local_port]
        } else {
            HTTP::respond 504 content "Bad Request - non-existent HOST value"
        }
    } else {
        HTTP::respond 504 content "Bad Request - empty HOST value"
    }
}

Note: If the iRule above reports a "Bad Request - non-existent HOST value" in your environment, then make sure you've followed the steps outlined in K12225 [click me]. Alternatively to K12225 you could also setup a dedicated DNS Virtual Server and Pool to access and balance your DNS resolvers. Then use 

[RESOLV::lookup @VS_MyDNS -a [getfield [HTTP::host] ":" 1]] 0]
to perform the DNS resolution via your just created Virtual Server...

Cheers, Kai