Pool member selection based on DNS entry

You can not only select individual pool members via iRule, but also non-pool "nodes" (a server out on the open Internet for example). So yes, it is possible. You might also want to consider how to maintain persistence beyond a specific request, or if you want to perform a DNS lookup on each request.

 

 

You would not need to build a pool dynamically, nor is this feasible in iRules.

Awesome, thanks! Let me know if you think I am missing the boat with the below iRULE. It does work and sends traffic to an external site based on DNS response.

when HTTP_REQUEST {
set ips [RESOLV::lookup @1.1.1.1 -a "example.com"]
 Check if the first list element was empty
if { $ips eq "" }{
 Input wasn't an IP address, using the default pool?
pool default_pool
}
else {
 Select the IP 
log local0. "IP resolved! - [lindex $ips 0]"
node [lindex $ips 0] 443
}
}

It's fine, but realize that you're making a DNS request on EACH new HTTP request. Hopefully the DNS responses are cached between requests, but you're adding some latency nonetheless. I also have to assume that 1) "example.com" is a placeholder for something more dynamic, and 2) you're doing a sort of "reverse forward proxy" here - that is if the requested host name resolves to an IP address then send the traffic there, otherwise send to the default pool.

 

 

If the above assumptions are true, then you may also benefit from a table-based DNS cache mechanism. For example:

 

 

[pseudocode]

 

if table entry doesn't exist for host name {

 

DNS lookup hostname

 

Store DNS response in table

 

Use DNS response

 

} else {

 

Use table entry

 

}

 

[/pseudocode]

 

Your assumptions are correct and I understand the DNS query latency, but we have a web app that sends data every 5 minutes and needs to send that data to the active site which is determined by a service entry in DNS. We are using the LTM for outbound data sends in order to do application layer filtering/translation. My understanding is that the RESOLV function does cache and that cache could be adjusted, but the TTL of the external DNS entry is set very low (<20 seconds). Is there some notion of expiring the cache in the table entries?

By "table entries", are you referring to the session table-based response cache that I mentioned? If so, then yes. You could technically set an idle or lifetime value for each table entry based on any arbitrary value.

Thanks for your help on this, I will see if we can afford a longer cache value in order to avoid additional DNS query latency.

Hi Brian,

 

Did you get a working solution for this ?

 

I need to forward proxy to some external web application servers and i don't want the VIPs being unavailable if the application hosting provider moves IP addresses.

 

if you could share it would be really appreciated.