passive monitoring all tcp ports by Irule

Hi Kleis,

 

 

Is this only HTTP traffic that would be passing through the VIP? Would the VIP be defined on a single IP address or a subnet? Is it production traffic, or a test environment? How often would new web apps be added/removed?

 

 

You could potentially use a cookie to track whether the index page on that port had been checked for that session. If you need to use a 70/30 split for traffic you could use ratio load balancing. You would need to look for the cookie in HTTP_REQUEST, if it wasn't there, save the request headers (assuming no POSTs could be sent for the first request), rewrite the URI to /index.htm, force a load balancing decision using LB::select, make a request to the selected pool member, check the response, and for a 200 use HTTP::retry to send the original request headers to the same pool member. If the first pool member didn't respond with a 200, you could use HTTP::retry to retry the request to the other pool member. If the request was a 200, use HTTP::retry again to make the original request to the new pool member.

 

 

If the client does receive a 200 response for a particular port for index.html, you would want to set a cookie with the port number and pool member details so you could avoid the 200 test for subsequent requests. You would need to add logic to the above scenario to look for the cookie and bypass the checks if the client presents a valid cookie.

 

 

If the web apps aren't changing often, I'd suggest it would be easier to set up separate VIPs for each web app and do standard load balancing. I think an iRule as described might be possible, but not very efficient.

 

 

Aaron