Forum Discussion
Jon_Strabala_46
Nimbostratus
NimbostratusOnly IRULE_INIT events are triggerred
Hello I am new to iRULES and using a system set up with two virtual servers, one is a "default_gateway" which was setup to rout all traffic to the internet. The other is a "irulestest" that is only triggered via a specific destination IP in a HTTP request.
A) I only get "log local0." messages from the RULE_INIT block, not from the CLIENT_ACCEPTED block
B) In the F5 management console under - I do get get traffic when I client makes requests
Overview : Statistics : Virtual Servers : iruletest
Overview : Statistics : Virtual Servers : default_gateway
C) Using the iRULES Editor (Statistics) I see that only IRULE_INIT for my iRULE called "production_irule" (shown below) has "executions" any other iRULE I create always has zero "Executions".
*) Of course this could be a configuration error in the base setup that I was provided (I am only trying to write an iRULE).
------------------------
My two virtual servers
------------------------
virtual default_gateway {
ip forward
destination any:any
mask none
rules production_irule
}
virtual iruletest {
pool google.com
destination 10.0.185.150:http
ip protocol tcp
rules test_irule_000
httpclass httpclass
profiles
http
tcp
}
------------------------
My two pools
------------------------
pool evdo_routers {
lb method member observed
monitor all gateway_icmp
members
10.255.252.2:any
10.255.252.3:any
}
pool google.com {
members
10.0.180.4:any
session disable
64.233.169.99:any
}
------------------------
My two iRULES
------------------------
rule production_irule {
when RULE_INIT {
this works -
logs to /var/log/ltm as it should
set ::g_prod_var 111
log local0. "production_rule initialized: $::g_prod_var"
}
when CLIENT_ACCEPTED {
this doesn't work - JAS/QSI
It should log to /var/log/ltm - perhaps nothing is
being routed/triggered to this virtual server
or somehow only RULE_INIT events are processed
log local0. "got a CLIENT_ACCEPTED production_rule"
}
}
rule test_irule_000 {
when RULE_INIT {
this works -
logs to /var/log/ltm as it should
set ::g_test_var 991
log local0. "test_irule_000 initialized: $::g_test_var"
}
when CLIENT_ACCEPTED {
log local0. "got a CLIENT_ACCEPTED test_irule_000"
}
when HTTP_REQUEST {
this doesn't work -
It should log to /var/log/ltm - perhaps nothing is
being routed/triggered to this virtual server
or somehow only RULE_INIT events are processed
log local0. "got a HTTP_REQUEST test_irule_000"
}
}
hoolioCirrostratus
What destination hosts are you testing to? Can you add a log statement like this to each iRule in the CLIENT_ACCEPTED event and then post the (anonymized) logs from /var/log/ltm?
log local0. "[IP::client_addr]:[TCP::client_port]: New connection to [IP::local_addr]:[TCP::client_port]"
Thanks,
Aaron
Jon_Strabala_46That is the issue I have log statements in each iRULE
in the "when CLIENT_ACCEPTED" code blocks
log local0. "got a CLIENT_ACCEPTED production_rule"
and
log local0. "got a CLIENT_ACCEPTED test_irule_000"
I actually had something similar to what you asked for (but I removed a lot of stuff to simplify - since nothing but the IRULE_INIT logs to /var/log/ltm - so none of my "when CLIENT_ACCEPTED" code blocks are ever called.
[jstrabala@www:Active] log tail -10 /var/log/ltm
Dec 15 08:11:56 tmm1 tmm1[1865]: Rule : test_irule_000 initialized: 991
Dec 15 08:12:03 tmm tmm[1922]: Rule : production_rule initialized: 111
Dec 15 08:12:03 tmm1 tmm1[1865]: Rule : production_rule initialized: 111
Dec 15 08:21:35 tmm tmm[1922]: Rule : production_rule initialized: 111
Dec 15 08:21:35 tmm1 tmm1[1865]: Rule : production_rule initialized: 111
Dec 15 08:23:28 tmm tmm[1922]: Rule : test_irule_000 initialized: 991
Dec 15 08:23:28 tmm1 tmm1[1865]: Rule : test_irule_000 initialized: 991
Dec 15 08:23:51 tmm tmm[1922]: Rule : production_rule initialized: 111
Dec 15 08:23:51 tmm1 tmm1[1865]: Rule : production_rule initialized: 111
Dec 15 08:25:08 www bigpipe: Completed config sync all operation
[jstrabala@www:Active] log
As you can see even though I have the above iRULEs in each "when CLIENT_ACCEPTED" code block there are never any messages in /var/log/ltm - other than those I put in the "when IRULES_INIT" code block.- hoolioI don't see anything that would prevent logging to /var/log/ltm in the syslog-ng.conf. If the log line to local0. contained AUDIT, it would go to /var/log/audit. But your log lines don't contain that string.
Can you try clearing the rule stats, running curl -v 10.0.185.150 from the LTM command line and check the logs and rule stats again?
Thanks,
Aaron - Jon_Strabala_46I started my testing after
[jstrabala@www:Active] log date
Tue Dec 15 14:36:32 HST 2009
It took a while to find a working PC version of CURL
From Traffic Summary Under the Welcome item in the F5 management web interface I hit the Button [Clear Statistics] followed by a [Refresh] button.
From a client (actualy an EVDO dongle) that is routed into the F5 to VIP iruletest (rule test_irule_000)
I ran a couple of tests and I saw the following in the statistics (Traffic Summary)
Requests
HTTP 6
TEST1 - VIP testirule RULE test_irule_000
curl.exe -v 10.0.185.150
* About to connect() to 10.0.185.150 port 80 (0)
* Trying 10.0.185.150... connected
* Connected to 10.0.185.150 (10.0.185.150) port 80 (0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.5 (i586-pc-mingw32msvc) libcurl/7.19.5 zlib/1.2.3
> Host: 10.0.185.150
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Wed, 16 Dec 2009 01:05:25 GMT
< Expires: -1
< Cache-Control: private, max-age=0
< Content-Type: text/html; charset=ISO-8859-1
< Server: gws
< X-XSS-Protection: 0
< Transfer-Encoding: chunked
<
*
*
* Allot of data removed
*
*
* Connection 0 to host 10.0.185.150 left intact
* Closing connection 0
TEST2 - VIP default_route RULE production_irule
curl.exe -v http://www.quantumsi.com/temp/
* About to connect() to www.quantumsi.com port 80 (0)
* Trying 65.203.136.33... connected
* Connected to www.quantumsi.com (65.203.136.33) port 80 (0)
> GET /temp/ HTTP/1.1
> User-Agent: curl/7.19.5 (i586-pc-mingw32msvc) libcurl/7.19.5 zlib/1.2.3
> Host: www.quantumsi.com
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Wed, 16 Dec 2009 01:05:31 GMT
< Server: Apache/1.3.31 (Unix) ApacheJServ/1.1.2 PHP/4.1.2
< Connection: close
< Content-Type: text/html
<
no info
* Closing connection 0
But once again No log file out put at all
[jstrabala@www:Active] log tail -f ltm
Dec 15 08:23:28 tmm tmm[1922]: Rule : test_irule_000 initialized: 991
Dec 15 08:23:28 tmm1 tmm1[1865]: Rule : test_irule_000 initialized: 991
Dec 15 08:23:51 tmm tmm[1922]: Rule : production_rule initialized: 111
Dec 15 08:23:51 tmm1 tmm1[1865]: Rule : production_rule initialized: 111
Dec 15 08:25:08 www bigpipe: Completed config sync all operation
Dec 15 10:33:36 tmm tmm[1922]: Rule : production_rule initialized: 111
Dec 15 10:33:36 tmm1 tmm1[1865]: Rule : production_rule initialized: 111
Dec 15 10:34:55 tmm tmm[1922]: Rule : test_irule_000 initialized: 991
Dec 15 10:34:55 tmm1 tmm1[1865]: Rule : test_irule_000 initialized: 991
Dec 15 10:35:40 www bigpipe: Completed config sync all operation
Note the F5 is not itself set to either resolve DNS or go out on the internet (security ?) So I real don't want to run curl from the F5 itself via curl (it will not work at all) - Jon_Strabala_46Oddly enough when I enable a "Default Persistance Profile" to "cookie" for (Local Traffic / Virtual Servers / iruletest ) I actually get the colkie
Set-Cookie: BIGipServergoogle.com=1672079680.0.0000; path=/
When I do the curl -v 10.0.185.150 test, so something is working BUT of course my irules in the HTTP_REQUEST or CLIENT_ACCEPTED are not.
curl.exe" -v 10.0.185.150
* About to connect() to 10.0.185.150 port 80 (0)
* Trying 10.0.185.150... connected
* Connected to 10.0.185.150 (10.0.185.150) port 80 (0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.5 (i586-pc-mingw32msvc) libcurl/7.19.5 zlib/1.2.3
> Host: 10.0.185.150
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Wed, 16 Dec 2009 01:36:17 GMT
< Expires: -1
< Cache-Control: private, max-age=0
< Content-Type: text/html; charset=ISO-8859-1
< Server: gws
< X-XSS-Protection: 0
< Transfer-Encoding: chunked
< Set-Cookie: BIGipServergoogle.com=1672079680.0.0000; path=/
<
*
* lots of lines removed
*
* Connection 0 to host 10.0.185.150 left intact
* Closing connection 0 - hoolioThis is just plain odd. I'm running out of ideas. Do you have any other iRules added to the VIP which are disabling events? If not, I'd suggest opening a case with F5 Support. I'd be quite curious to hear about the outcome if you do end up opening a case.
And sorry for the time in finding curl.exe, I was suggesting you use curl from the LTM command line. Unless you have packet filters or iRules restricting client access, you should be able to initiate a request to any VIP with ARP enabled.
Aaron - Jon_Strabala_46Aaron, by the LTM command line to you mean from a shell on the Linus system -or- do you mean from the "console" selection under "system" in the F5 web interface ?
Regardless thank you for all your help/comments, the F5 admin will upgrade to TMOS 10.X today and if the problem is still happening we will open a case with F5 support - I will definitely post an update on any resolution and/or issue that is found in our configuration.
Jon - hoolioThe GUI's console is limited to bigpipe commands. You would need SSH with advanaced shell (full command line) or serial console access to run curl from the command line.
Aaron