Forum Discussion
kleis_oenema_67
Nimbostratus
Nimbostratuspassive monitoring all tcp ports by Irule
A customer requested for a Bip IP config with all ports open
for the environment will be a dynamic one where services can be added or deleted
on any port
Consequently no active tcp monitor can be applied
The config is like this
vip address ( all ports accepted) pointing to a pool(all ports allowed) with two nodes.
One node needs to get 30 % of the load the other one 70% of the load.
Active monitoring on service level is not possible but maybe passive monitoring with an I-rule. However I got no clue how to do it.
Below two examples:
Incoming requesthttp://mysite.com:28401/prSiebelAgreements/ExecutePortType
checkhttp://mysite.com:28401/index.htm
if code 200 use sitehttp://mysite.com:28401/prSiebelAgreements/ExecutePortType
els try other node
The portnumber is the differentiator
another site can be like below and we should apply the same irule
http://mysite.com:18501/getInvoiceRechargeResponse/ExecutePortType
http://mysite.com:18501/index.html
http://mysite.com:18501/getInvoiceRechargeResponse/ExecutePortType
who got an idée how to solve this
kleis
hoolioCirrostratus
Hi Kleis,
Is this only HTTP traffic that would be passing through the VIP? Would the VIP be defined on a single IP address or a subnet? Is it production traffic, or a test environment? How often would new web apps be added/removed?
You could potentially use a cookie to track whether the index page on that port had been checked for that session. If you need to use a 70/30 split for traffic you could use ratio load balancing. You would need to look for the cookie in HTTP_REQUEST, if it wasn't there, save the request headers (assuming no POSTs could be sent for the first request), rewrite the URI to /index.htm, force a load balancing decision using LB::select, make a request to the selected pool member, check the response, and for a 200 use HTTP::retry to send the original request headers to the same pool member. If the first pool member didn't respond with a 200, you could use HTTP::retry to retry the request to the other pool member. If the request was a 200, use HTTP::retry again to make the original request to the new pool member.
If the client does receive a 200 response for a particular port for index.html, you would want to set a cookie with the port number and pool member details so you could avoid the 200 test for subsequent requests. You would need to add logic to the above scenario to look for the cookie and bypass the checks if the client presents a valid cookie.
If the web apps aren't changing often, I'd suggest it would be easier to set up separate VIPs for each web app and do standard load balancing. I think an iRule as described might be possible, but not very efficient.
Aaron
kleis_oenema_67thanks so far
Here the info I got from the customer with regard to your questions
it should be only http and https
The vip is a IP address and there will be a production and development site both with two hosts in the respective pool but each with there own VIP address.
From the information as I have gained so far:
the url will be http(s)://mysite.com:port/
at the start there would be approx 5 sites but this can grow up to 20 or more.
The customer wants flexibility to set up site or tear them down without having to request for BigIp changes
kleis- hoolioHi Kleis,
Assuming the HTTPS is all being requested to the same hostname, I think it's possible to do. I don't have the time to do an example for this as it's fairly complicated. You can take a look at the HTTP::retry wiki page as well as a very helpful article from Deb:
HTTP::retry
http://devcentral.f5.com/wiki/default.aspx/iRules/http__retry
Conditioning iRule Logic on External Information - 1 - HTTP::retry
http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=105
Aaron