Persistence based on IMAP-User

Hi Christian,

 

 

I think under the STREAM_MATCHED event you could set the login name+$client to a variable, such as $persistantX

 

Then after the event STREAM_MATCHED enable command you can write up something like

 

 

if { $persistantX !="" } { persistant uie $persistantX 1800 }

 

 

 

When the node goes down then the record will be updated for the new new chosen.

 

 

NOTE: This is untested suggestion. Hopefully it will lead you down the path to the right solution

 

 

Hope this helps

 

CB

 

 

I tried something similar using a stream profile and iRule to add a persistence record based on the server response content. You could try using a similar approach for the request content.

 

 

Persist Client On Response Content With Stream

 

http://devcentral.f5.com/Wiki/default.aspx/iRules/Persist_client_on_response_content_with_stream.html

 

 

Note that the iRule parser doesn't allow use of the persist command in the STREAM_MATCHED event, but hiding it using eval seemed to work. If you test this further, could you reply here and/or update the Codeshare example with your iRule?

 

 

Thanks,

 

Aaron

Thanks to the both of you !!!

 

You are a great help.

 

I will try the solutions and give you feedback asap.

 

 

Bye

 

Chris

Hi Chris,

 

 

Using 'eval $persist_cmd' should work. Have you been able to test it?

 

 

Also you shouldn't need to enable the STREAM_MATCHED event in CLIENT_ACCEPTED as it couldn't have been disabled for that TCP connection yet. That was for use with HTTP responses only.

 

 

Aaron

 
 when CLIENT_ACCEPTED { 
  
    Clear the variable imap_login if it exists already on this TCP connection    
       if {[info exists imap_login]}{    
          unset imap_login    
       }    
       Define STREAM-expression and enable STREAM 
          STREAM::expression @LOGIN\.*@ 
          STREAM::enable    
        
           Enable the STREAM_MATCHED event as it could have been disabled if there was a prior     
           response on this TCP connection    
          event STREAM_MATCHED enable    
    
    }    
    when STREAM_MATCHED {    
        
       Save the matched value     
      set imap_login [getfield [STREAM::match] " " 2] 
   
   Check if $imap_login isn't empty  
  if { $imap_login != "" }{  
  
    $imap_login isn't empty...so let's continue 
    log local0. "IMAP Login Information found...continuing"   
  
           The iRule parser doesn't allow the persist command in STREAM_MATCHED.      
           It works though, so hide the command from the parser    
          set persist_cmd "persist add uie $imap_login" 
           log local0. "[IP::client_addr]:[TCP::client_port]: Parsed: $imap_login \$persist_cmd: $persist_cmd"    
        
          eval $persist_cmd 
          persist add uie $imap_login 
  
           log local0. "[IP::client_addr]:[TCP::client_port]: Added persistence record for $imap_login on server [IP::server_addr]:[TCP::server_port]. Exiting event for this response."    
          event STREAM_MATCHED disable    
      } else { 
     $imap_login is empty...let's stop this here  
     log local0. "no IMAP Login Information found...aborting"   
       
  }    
    } 
 

I tried to include it as a universal persistence profile into the VIP

and I simply addes the iRule to the VIP.

But there was no difference.

Is it possible that it doesn't work because of the " " around the user@domain.com ?

Some more debug logging would be great!

Thanks in advance!

doesn't work:

/var/log/ltm :

 
 Aug 26 13:33:41 tmm tmm[1698]: Rule persistence_imap_login_new : IP:49174: New TCP connection with persistence record:  
 Aug 26 13:33:41 tmm tmm[1698]: Rule persistence_imap_login_new : IP:49174: Selected server IMAP-NEW IP 1430 
 Aug 26 13:33:41 tmm tmm[1698]: Rule persistence_imap_login_new : IP:49174: Connected server IP 
 Aug 26 13:33:41 tmm tmm[1698]: Rule persistence_imap_login_new : IP:49174: Matched: LOGIN 
 Aug 26 13:33:41 tmm tmm[1698]: Rule persistence_imap_login_new : no IMAP Login Information found...aborting 
 

$imap_login seems to be empty here:

 
  Check if $imap_login isn't empty  
     if { $imap_login != "" }{  
 

Can you test multiple requests? Previously, the ltm log showed a match for the LOGIN of user1... I'm wondering if the request may have changed? Else, maybe the wrapping of the regex in curly braces broke this? Can you retry with the STREAM::expression set to:

 

 

STREAM::expression @LOGIN\.*@

 

 

Thanks,

 

Aaron

The removal of the braces helped...but persistence still doesn't work...

 
 Aug 26 15:26:26 tmm tmm[1698]: Rule persistence_imap_login_new : IP:48776: New TCP connection with persistence record:  
 Aug 26 15:26:26 tmm tmm[1698]: Rule persistence_imap_login_new : IP:48776: Selected server IMAP-NEW IP 1430 
 Aug 26 15:26:26 tmm tmm[1698]: Rule persistence_imap_login_new : IP:48776: Connected server IP 
 Aug 26 15:26:26 tmm tmm[1698]: Rule persistence_imap_login_new : IP:48776: Matched: LOGIN "user1@sampledomain.com" "password"  
 Aug 26 15:26:26 tmm tmm[1698]: Rule persistence_imap_login_new : IP:48776: Parsed: "user1@sampledomain.com" $persist_cmd: persist add uie "user1@sampledomain.com" 1800 
 Aug 26 15:26:26 tmm tmm[1698]: Rule persistence_imap_login_new : IP:48776: Added persistence record for "user1@sampledomain.com" on server IP:1430. Exiting event for this response. 
 

Hope you still have any good ideas?

Thanks!

Chris

That's looking better. So do you see the persistence record lookup succeed on a subsequent request in the first log line of the rule? If you check on the command line, using 'b persist all show all', do you see the persistence record listed?

 

 

Aaron

Hi,

I see the records for all tested users. (example)

  
 |     Mode universal   Value user1@sampledomain.com  
 |        virtual IP:imap   node IP:1430   age 1631sec  
 

Should we add a debug-logging here?

  
 if {$persist_lookup != ""}{   
 persist uie $persist_lookup $timeout   
 }   
 

I tested with a user and all requests landed on different servers