Forum Discussion
Nimbostratus"pool member IP port" doesn't select the pool member
Hello, dear colleagues!
It's already 4th hours I feel like a moron trying to understand what's happening.
I have a VIP configured on :any ports with clientssl profile which permits both SSL and non-SSL transactions.
Also the irule attached to this VIP, which tries to select pool member using URL. I can see from debugging log that "pool member" command receives correct parameters.
However it selects a random pool member.
ltm virtual PSmall-Tiscali {
destination 1.1.1.1:any
ip-protocol tcp
mask 255.255.255.255
pool Caches-ALL
profiles {
MyHTTP { }
MySSL-WithPlain {
context clientside
}
oneconnect { }
tcp { }
}
rules {
Cache-UniversalAccess
}
}
ltm rule Cache-UniversalAccess {
when RULE_INIT {
array set ::p_map {1 10.10.136.112 2 10.10.136.113 3 10.10.136.114 4 10.10.136.115 5 10.10.136.116 6 10.10.136.117 7 10.10.136.118 8 10.10.136.119 9 10.10.136.120 10 10.10.136.121 11 10.10.136.111 12 10.10.136.2 13 10.10.136.3 14 10.10.136.4 15 10.10.136.5 16 10.10.136.6 17 10.10.136.7 18 10.10.136.8 19 10.10.136.9 20 10.10.136.10 21 10.10.136.11 22 10.10.136.12 23 10.10.136.13 24 10.10.136.14 25 10.10.136.15 26 10.10.136.16 27 10.10.136.17 28 10.10.136.18 29 10.10.136.19 30 10.10.136.20 31 10.10.136.21 32 10.10.136.22 33 10.10.136.23 34 10.10.136.24 35 10.10.136.25 36 10.10.136.26 37 10.10.136.27 38 10.10.136.28 39 10.10.136.29 40 10.10.136.30 41 10.10.136.31 42 10.10.136.32 43 10.10.136.33 44 10.10.136.34 45 10.10.136.35 46 10.10.136.36 47 10.10.136.37 48 10.10.136.38 49 10.10.136.39 50 10.10.136.40 51 10.10.136.41 52 10.10.136.42 53 10.10.136.43 54 10.10.136.44 55 10.10.136.45 56 10.10.136.46 57 10.10.136.47 58 10.10.136.48 59 10.10.136.49 60 10.10.136.50 61 10.10.136.51 62 10.10.136.52 63 10.10.136.53 64 10.10.136.54 65 10.10.136.55 66 10.10.136.56 67 10.10.136.57 68 10.10.136.58 69 10.10.136.59 70 10.10.136.60 71 10.10.136.61 72 10.10.136.62 73 10.10.136.63 74 10.10.136.64 75 10.10.136.65}
}
when CLIENT_ACCEPTED {
if { (![TCP::local_port] == 80) or (![TCP::local_port] == 443)} {
drop
}
}
when LB_FAILED {
LB::reselect pool "Caches-ALL" member 10.10.136.65 80
}
when HTTP_REQUEST {
set http_host [HTTP::host]
if {[string equal -nocase $http_host "pbig.domain.com"] or [string equal -nocase $http_host "psmall.domain.com"]} {
if {[string equal -nocase [string range [HTTP::uri] 0 1] "/p"]} {
set ini_uri [HTTP::uri]
set s_end [string first "/" $ini_uri 1]
set p_num [string trimleft [string range $ini_uri 2 [expr {$s_end-1}]] "0"]
HTTP::uri [string range $ini_uri $s_end end]
if [info exists ::p_map($p_num)] {
log "pool Caches-ALL member $::p_map($p_num) 80"
pool Caches-ALL member $::p_map($p_num) 80
} else {
log "No such map defined: /p$p_num"
}
}
} else {
pool "Caches-ALL"
}
}
}
I'm running v.10.2.4. Does anybody could help me?
Thank you in advance,
Alex
SSL profile is derived from the default profile with custom cert/key and the "allow non-ssl connection" mark is set.
6 Replies
What_Lies_Bene1Cirrostratus
You're dropping port 80 and 443 traffic which seems odd. Can you explain exactly what you are trying to achieve with the rule, it's hard to know where the issue lies otherwise.
Alexey_3450It drops traffic directed NOT to ports 80/443, you missed "!" before conditions.
Customers will send GET requests like "http://domain.com/pXX/somepage.html" or "https://domain.com/pXX/somepage.html".
I want to extract /pXX part, use XX as server number, get IP-address from this number from p_map, and send the request converted to "http://domain.com/somepage.html" form.
Generally it works, but looks like "pool Caches-ALL member $::p_map($p_num) 80" command ignores IP and port parts.
Michael_YatesAccidential double post.
- Michael_YatesHi Alexey,
I would suggest putting all of your IP Addresses into a Data Group for matching. You might find it easier to manage.
You can access them by doing something like this (close example, but will require some adjustments):when HTTP_REQUEST { set redirecturl [class match -value [string tolower [HTTP::uri]] starts_with string_value_test_group ] if { $redirecturl ne "" } { HTTP::respond 301 Location $redirecturl } http://devcentral.f5.com/wiki/iRules.class.ashx } The matching Data Group: class string_value_test_group { { "/booking" { "http://www.yahoo.com" } "/contact" { "http://www.google.com" } "/parties" { "http://www.msn.com" } } }
Then look at the putting in some logging statements. I suspect that your matching statement is working out, so log your information to "log local0." and look in the /var/log/ltm log to see what is happening before your matching statement. The portions of the pool command should be space delimited "pool my_Pool member 10.1.2.200 80" so that may be your problem.
Hope this helps. - Alexey_3450
Michael, I think arrays work much faster than set of consecutive matches on data group items.
However my problem is not the selection algorithm. pool statement doesn't work. May be I use it in a wrong way?
Concerning log, I have already tried such log and I'm quite sure that pool command executes with a correct parameters.
Yours,
Alex
- Alexey_3450
Guys, I found the root of the problem. The mentioned pool consists of members with :any service configured. For some reasons known to f5 only the port parameter in pool statement leads to statement silent invalidation. Therefore VIP begins to use the default pool configured.
Many thanks to everybody who tried to help me!
