Forum Discussion
Srecko_M__12636
Nimbostratus
NimbostratusPersistence mirroring with irules
Hi,
we are using iRules to direct traffic to a different pool, when traffic comes to the same VIP, but to a different HTTP host.
For example:
when HTTP_REQUEST {
switch [string tolower [HTTP::host]] {
wap.example.com {
pool Pool_2
persist source_addr 255.255.255.255 12000
}
}
}
The idea is that if "HTTP:host" is anything different form "wap.example.com", then the traffic goes to Pool_1. The iRule is assigned to a VIP. A persistence profile with Source Address Affinity is also assigned to the VIP. This persistence profile has mirroring enabled.
The question is: How to enable persistence mirroring when the iRule directs traffic to Pool_2 for host "wap.example.com"?
Whithout replicating your setup in the lab I cannot give a reliable answer. The answer might also be TMOS version dependent.
One thing I´m pretty sure about is the impact of mirroring on the virtual server. In this case traffic will be replicated to the peer anyway and it will be able to build it´s own persistence table in case of the "wap" related selection. As mirroring might have a significant performance impact this approach won´t be my first choice.You can verify persistence records on both units via tmsh command more or less in realtime:
watch –d 'tmsh show ltm persist persist-records all-properties'Take off the 'all-properties' switch from the command for less details.
Another approach would be to pick another virtual on your system which is bound to Pool_2 (instead of selecting Pool_2 directly). The 2nd virtual server has his own persistence profile with mirroring enabled and in this case there should be no grey zone.
Thanks, Stephan
Srecko_M__12636The TMOS version we use is 11.4.0. How do we introduce the 2nd virtual server for Pool_2? I guess HTTP redirect should be used so that the client browser establishes a TCP connection (and sends HTTP requests) to the correct IP - or is there a better way?
Regards, Srecko
No need to redirect.
Actually you are using the command "
" in your iRule to select the 2nd pool. Instead you can use "pool
" to forward traffic "internally" to another virtual server. So please just create a 2nd virtual server with an individual persistence profile and reference this one in your iRule via the "virtual
" command. Thanks & regards, Stephanvirtual- Srecko_M__12636
Thank you for your reply! I'll definitely try this set-up. Regards, Srecko
nitassEmployee
The question is: How to enable persistence mirroring when the iRule directs traffic to Pool_2 for host "wap.example.com"?
just wondering whether it is already working.
e.g.
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.20.111:80 ip-protocol tcp mask 255.255.255.255 persist { source-addr-mirror { default yes } } pool foo profiles { http { } tcp { } } rules { myrule } source 0.0.0.0/0 source-address-translation { type automap } vs-index 9 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm persistence source-addr source-addr-mirror ltm persistence source-addr source-addr-mirror { app-service none mirror enabled } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool qux ltm pool qux { members { 200.200.200.111:80 { address 200.200.200.111 } } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule myrule ltm rule myrule { when HTTP_REQUEST { switch [string tolower [HTTP::host]] { wap.example.com { pool qux persist source_addr 255.255.255.255 12000 } } } } active: root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records all-properties Sys::Persistent Connections source-address - 172.28.20.111:80 - 200.200.200.111:80 ------------------------------------------------------ TMM 1 Mode source-address Value 172.28.20.17 Age (sec.) 145 Virtual Name /Common/bar Virtual Addr 172.28.20.111:80 Node Addr 200.200.200.111:80 Pool Name /Common/qux Client Addr 172.28.20.17 Owner entry Total records returned: 1 standby: root@(ve11b)(cfg-sync In Sync)(Standby)(/Common)(tmos) show ltm persistence persist-records all-properties Sys::Persistent Connections source-address - 172.28.20.111:80 - 200.200.200.111:80 ------------------------------------------------------ TMM 1 Mode source-address Value 172.28.20.17 Age (sec.) 0 Virtual Name /Common/bar Virtual Addr 172.28.20.111:80 Node Addr 200.200.200.111:80 Pool Name /Common/qux Client Addr 172.28.20.17 Owner entry Total records returned: 1- Thanks nitass for the repro! Will the record persist, in case you change the hostname? Another persistence record should be created, imho. Ideally the records would be used now selectively depending on the requested hostname. Btw, in case of using Hash Mode "carp" in Source Address Affinity, a mirroring won´t be necessary anyway as long as both members of the device group see same pool member states. Thanks, Stephan
nitass_89166Noctilucent
The question is: How to enable persistence mirroring when the iRule directs traffic to Pool_2 for host "wap.example.com"?
just wondering whether it is already working.
e.g.
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.20.111:80 ip-protocol tcp mask 255.255.255.255 persist { source-addr-mirror { default yes } } pool foo profiles { http { } tcp { } } rules { myrule } source 0.0.0.0/0 source-address-translation { type automap } vs-index 9 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm persistence source-addr source-addr-mirror ltm persistence source-addr source-addr-mirror { app-service none mirror enabled } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool qux ltm pool qux { members { 200.200.200.111:80 { address 200.200.200.111 } } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule myrule ltm rule myrule { when HTTP_REQUEST { switch [string tolower [HTTP::host]] { wap.example.com { pool qux persist source_addr 255.255.255.255 12000 } } } } active: root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records all-properties Sys::Persistent Connections source-address - 172.28.20.111:80 - 200.200.200.111:80 ------------------------------------------------------ TMM 1 Mode source-address Value 172.28.20.17 Age (sec.) 145 Virtual Name /Common/bar Virtual Addr 172.28.20.111:80 Node Addr 200.200.200.111:80 Pool Name /Common/qux Client Addr 172.28.20.17 Owner entry Total records returned: 1 standby: root@(ve11b)(cfg-sync In Sync)(Standby)(/Common)(tmos) show ltm persistence persist-records all-properties Sys::Persistent Connections source-address - 172.28.20.111:80 - 200.200.200.111:80 ------------------------------------------------------ TMM 1 Mode source-address Value 172.28.20.17 Age (sec.) 0 Virtual Name /Common/bar Virtual Addr 172.28.20.111:80 Node Addr 200.200.200.111:80 Pool Name /Common/qux Client Addr 172.28.20.17 Owner entry Total records returned: 1- Thanks nitass for the repro! Will the record persist, in case you change the hostname? Another persistence record should be created, imho. Ideally the records would be used now selectively depending on the requested hostname. Btw, in case of using Hash Mode "carp" in Source Address Affinity, a mirroring won´t be necessary anyway as long as both members of the device group see same pool member states. Thanks, Stephan
- nitass
Will the record persist, in case you change the hostname? Another persistence record should be created, imho.
yes
active: root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records all-properties Sys::Persistent Connections source-address - 172.28.20.111:80 - 200.200.200.101:80 ------------------------------------------------------ TMM 1 Mode source-address Value 172.28.20.17 Age (sec.) 3 Virtual Name /Common/bar Virtual Addr 172.28.20.111:80 Node Addr 200.200.200.101:80 Pool Name /Common/foo Client Addr 172.28.20.17 Owner entry source-address - 172.28.20.111:80 - 200.200.200.111:80 ------------------------------------------------------ TMM 1 Mode source-address Value 172.28.20.17 Age (sec.) 1266 Virtual Name /Common/bar Virtual Addr 172.28.20.111:80 Node Addr 200.200.200.111:80 Pool Name /Common/qux Client Addr 172.28.20.17 Owner entry Total records returned: 2 standby: root@(ve11b)(cfg-sync In Sync)(Standby)(/Common)(tmos) show ltm persistence persist-records all-properties Sys::Persistent Connections source-address - 172.28.20.111:80 - 200.200.200.101:80 ------------------------------------------------------ TMM 1 Mode source-address Value 172.28.20.17 Age (sec.) 0 Virtual Name /Common/bar Virtual Addr 172.28.20.111:80 Node Addr 200.200.200.101:80 Pool Name /Common/foo Client Addr 172.28.20.17 Owner entry source-address - 172.28.20.111:80 - 200.200.200.111:80 ------------------------------------------------------ TMM 1 Mode source-address Value 172.28.20.17 Age (sec.) 0 Virtual Name /Common/bar Virtual Addr 172.28.20.111:80 Node Addr 200.200.200.111:80 Pool Name /Common/qux Client Addr 172.28.20.17 Owner entry Total records returned: 2- Thanks! :)
- nitass_89166
Will the record persist, in case you change the hostname? Another persistence record should be created, imho.
yes
active: root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records all-properties Sys::Persistent Connections source-address - 172.28.20.111:80 - 200.200.200.101:80 ------------------------------------------------------ TMM 1 Mode source-address Value 172.28.20.17 Age (sec.) 3 Virtual Name /Common/bar Virtual Addr 172.28.20.111:80 Node Addr 200.200.200.101:80 Pool Name /Common/foo Client Addr 172.28.20.17 Owner entry source-address - 172.28.20.111:80 - 200.200.200.111:80 ------------------------------------------------------ TMM 1 Mode source-address Value 172.28.20.17 Age (sec.) 1266 Virtual Name /Common/bar Virtual Addr 172.28.20.111:80 Node Addr 200.200.200.111:80 Pool Name /Common/qux Client Addr 172.28.20.17 Owner entry Total records returned: 2 standby: root@(ve11b)(cfg-sync In Sync)(Standby)(/Common)(tmos) show ltm persistence persist-records all-properties Sys::Persistent Connections source-address - 172.28.20.111:80 - 200.200.200.101:80 ------------------------------------------------------ TMM 1 Mode source-address Value 172.28.20.17 Age (sec.) 0 Virtual Name /Common/bar Virtual Addr 172.28.20.111:80 Node Addr 200.200.200.101:80 Pool Name /Common/foo Client Addr 172.28.20.17 Owner entry source-address - 172.28.20.111:80 - 200.200.200.111:80 ------------------------------------------------------ TMM 1 Mode source-address Value 172.28.20.17 Age (sec.) 0 Virtual Name /Common/bar Virtual Addr 172.28.20.111:80 Node Addr 200.200.200.111:80 Pool Name /Common/qux Client Addr 172.28.20.17 Owner entry Total records returned: 2- Thanks! :)
