Forum Discussion
Piotr_Lewandows
Altostratus
AltostratusOneConnect, no HTTP profile, still per HTTP request LB?
Hi,
My understanding was that one of the functions of service or protocol profiles is to allow LTM to decode, understand and manipulate protocol data at given layer.
In Overview of the OneConnect p...
nitass
Employee
EmployeeWith OC first TCP connection (and in turn first HTTP request) will be LB to first server, second HTTP request in the same TCP connection to second server and so on
i do not think so. i think without http profile, bigip will not know when to detach server-side connection.
with http profile
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.24.10:80
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
http { }
oneconnect { }
tcp { }
}
rules {
qux
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 29
}
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
members {
200.200.200.101:80 {
address 200.200.200.101
}
200.200.200.111:80 {
address 200.200.200.111
}
}
}
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when HTTP_REQUEST {
set host [HTTP::host]
set uri [HTTP::uri]
}
when HTTP_RESPONSE {
log local0. "client=[IP::client_addr]:[TCP::client_port] \
host=$host uri=$uri \
status=[HTTP::status] \
snat=[IP::local_addr]:[TCP::local_port] \
server=[IP::server_addr]:[TCP::server_port]"
}
}
/var/log/ltm
[root@ve11c:Active:In Sync] config tail -f /var/log/ltm
Apr 21 17:29:13 ve11c info tmm1[5649]: Rule /Common/qux : client=172.28.24.8:33073 host=172.28.24.10 uri=/ status=200 snat=200.200.200.14:33073 server=200.200.200.101:80
Apr 21 17:29:13 ve11c info tmm1[5649]: Rule /Common/qux : client=172.28.24.8:33073 host=172.28.24.10 uri=/ status=200 snat=200.200.200.14:33073 server=200.200.200.111:80
Apr 21 17:29:13 ve11c info tmm1[5649]: Rule /Common/qux : client=172.28.24.8:33073 host=172.28.24.10 uri=/ status=200 snat=200.200.200.14:33073 server=200.200.200.101:80
Apr 21 17:29:13 ve11c info tmm1[5649]: Rule /Common/qux : client=172.28.24.8:33073 host=172.28.24.10 uri=/ status=200 snat=200.200.200.14:33073 server=200.200.200.111:80
Apr 21 17:29:13 ve11c info tmm1[5649]: Rule /Common/qux : client=172.28.24.8:33073 host=172.28.24.10 uri=/ status=200 snat=200.200.200.14:33073 server=200.200.200.101:80
Apr 21 17:29:13 ve11c info tmm1[5649]: Rule /Common/qux : client=172.28.24.8:33073 host=172.28.24.10 uri=/ status=200 snat=200.200.200.14:33073 server=200.200.200.111:80
without http profile
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.24.10:80
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
http { }
tcp { }
}
rules {
qux
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 29
}
/var/log/ltm
[root@ve11c:Active:In Sync] config tail -f /var/log/ltm
Apr 21 17:30:02 ve11c info tmm[5649]: Rule /Common/qux : client=172.28.24.8:33086 host=172.28.24.10 uri=/ status=200 snat=200.200.200.14:33086 server=200.200.200.101:80
Apr 21 17:30:02 ve11c info tmm[5649]: Rule /Common/qux : client=172.28.24.8:33086 host=172.28.24.10 uri=/ status=200 snat=200.200.200.14:33086 server=200.200.200.101:80
Apr 21 17:30:02 ve11c info tmm[5649]: Rule /Common/qux : client=172.28.24.8:33086 host=172.28.24.10 uri=/ status=200 snat=200.200.200.14:33086 server=200.200.200.101:80
Apr 21 17:30:02 ve11c info tmm[5649]: Rule /Common/qux : client=172.28.24.8:33086 host=172.28.24.10 uri=/ status=200 snat=200.200.200.14:33086 server=200.200.200.101:80
Apr 21 17:30:02 ve11c info tmm[5649]: Rule /Common/qux : client=172.28.24.8:33086 host=172.28.24.10 uri=/ status=200 snat=200.200.200.14:33086 server=200.200.200.101:80
Apr 21 17:30:02 ve11c info tmm[5649]: Rule /Common/qux : client=172.28.24.8:33086 host=172.28.24.10 uri=/ status=200 snat=200.200.200.14:33086 server=200.200.200.101:80
dragonflymr
Cirrostratus
CirrostratusBTW, in your test described as without HTTP profile, it looks like it is with http profile but without OC profile - Am I wrong?
Piotr