For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

lunitic_56137's avatar
lunitic_56137
Icon for Nimbostratus rankNimbostratus
Sep 11, 2014

Passing a header value to lb to pool

I am trying to load balance traffic according to a server response header value. I think I may be going way too deep into the woods here. Can you help a young Padawan with a direction please?

 

Here is what I have already: when RULE_INIT { set newpool ""; }

 

when HTTP_RESPONSE { if { [HTTP::header exists "X-Pool-type"] } { set newpool [HTTP::header value "X-Pool-type" ] log local0. "Header found to be $newpool" HTTP::cookie insert name "LBcookie" value "$newpool" } else { log local0. "Header not found" return } }

 

when HTTP_REQUEST { if { [HTTP::cookie exists "LBcookie"] } { set cookie_pool [HTTP::cookie value "LBcookie" ] log local0. "Header found to be $cookie_pool" pool $cookie_pool } else { log local0. "cookie not found" return } }

 

application delivery
availability
design
devops
iRules
LTM

4 Replies

  • lunitic_56137's avatar
    lunitic_56137
    Icon for Nimbostratus rankNimbostratus
    Sep 11, 2014

    Sorry, forgot to format the code section

     

    Code
when RULE_INIT {
set newpool "";
}

when HTTP_RESPONSE {
  if { [HTTP::header exists "X-Load-Balancer-Pool"] }  { 
    set newpool [HTTP::header value "X-Load-Balancer-Pool" ]
    log local0. "Header found to be $newpool"
    HTTP::cookie insert name "Load-Balancer-Pool-cookie" value "$newpool"
  } else {
    log local0. "Header not found $newpool" 
    return 
  }
}

when HTTP_REQUEST {
  if { [HTTP::cookie exists "Load-Balancer-Pool-cookie"] }  { 
    set cookie_pool [HTTP::cookie value "Load-Balancer-Pool-cookie" ]
    log local0. "Header found to be $cookie_pool"
    pool $cookie_pool
  } else {
    log local0. "pool not found" 
    return 
  }
}
  • Chris_Wentland's avatar
    Chris_Wentland
    Icon for Nimbostratus rankNimbostratus
    Sep 11, 2014

    At first glance, you are only directing to a pool in the HTTP_Request section. You are not actually setting persistence or directing to a specific node. Take a peek at this example which demonstrates how to set the pool member. Also, what unique value will you look at in the cookie? I'd also recommend encrypting the cookie just to obscure any internal detail that does not need to be plain text!

     

    https://devcentral.f5.com/wiki/irules.manual_cookie_persistence.ashx

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Sep 11, 2014

    A few questions:

     

    1. Can you elaborate on why you're doing this?

       

    2. Do you have a default pool assigned to the VIP? Without it the initial request, without the cookie, wouldn't know where to go.

       

    3. What are the log messages you're getting, and where is it failing?

       

  • Chris_Wentland's avatar
    Chris_Wentland
    Icon for Nimbostratus rankNimbostratus
    Sep 11, 2014

    To decrypt/encrypt cookies... create values for your cookie name $ckname, and cookie password $ckpass in the client connected event.

    when CLIENT_ACCEPTED {
      Name for the cookie to be inserted to maintain client session
     set ckname 
      Encryption password to be used for encrypting / decrypting the user session cookie
     set ckpass 
  }
when HTTP_REQUEST {
     if {[HTTP::cookie exists $ckname]} {
          Decrypt the cookie so we can use the values in it
          HTTP::cookie decrypt $ckname $ckpass 128
     }
}
when HTTP_RESPONSE {
        Set up your cookie details here
        Now to encrypt your cookie
 HTTP::cookie encrypt $ckname $ckpass 128 
}