Problem with map class to node

This is very strange behavior indeed. And, no, we have not seen this behavior before.

 

 

I would like you to open a support case so we can collect more detailed information about your system.

 

 

A couple of items that would be helpful are (and you could post them here):

 

a) Did you edit/enter the rule using the GUI or command line?

 

b) Can you provide an example of an entry in the class?

 

c) Did the rule fail the same way when using the "pool xxx member a.b.c.d" command?

 

d) Does the rule fail when not using findclass (eg, using node with a specific value provided)?

 

e) Does the rule fail if the first line after the if is a comment () and the next line is the node command?

 

f) Are there any extra whitespace characters at the end of any of the lines (try removing them if there are)?

 

g) Are there any other rules that might be interfering on this virtual (rules are evaluated in a specific order and each time you edit the rule might be changing the order)?

 

 

It's very hard for us to debug problems through posts on the forum which is why I recommend you ultimately contact support.

Hi,

 

 

first thanks for your answere.

 

Here are the requested informations.

 

 

a) Did you edit/enter the rule using the GUI or command line?

 

We entered the rule in the GUI.

 

 

b) Can you provide an example of an entry in the class?

 

The class looks like this:

 

 

class internet_resinwww_10445 {

 

"a 10.3.36.22:10445"

 

"b 10.3.36.23:10445"

 

"c 10.3.36.24:10445"

 

"d 10.3.36.25:10445"

 

}

 

 

c) Did the rule fail the same way when using the "pool xxx member a.b.c.d" command? d) Does the rule fail when not using findclass (eg, using node with a specific value provided)?

 

Yes, the rule also fails when we use the "pool netbank-banking member" command. It doesn´t matter if we use "node" or "member".

 

 

d) Does the rule fail when not using findclass (eg, using node with a specific value provided)?

 

No we didn´t checked that.

 

 

e) Does the rule fail if the first line after the if is a comment () and the next line is the node command?

 

We did a lot testing but unfortunately not with only the in front of the node command.

 

We always have had some log statements together with the in the complete rule.

 

 

f) Are there any extra whitespace characters at the end of any of the lines (try removing them if there are)?

 

No, we precisely checked if there are whitespaces.

 

 

g) Are there any other rules that might be interfering on this virtual (rules are evaluated in a specific order and each time you edit the rule might be changing the order)?

 

Yes, we have a second rule on this virtual server which inserts a cipher:

 

 

virtual vs_proxy_XXX_443 {

 

destination a.b.c.d:443

 

ip protocol tcp

 

profile pool_insert_client_ip proxy_clientssl_www_netbank-money_de proxy_serverssl_www_netbank-money_de tcp

 

persist pool_persist_simple

 

pool netbank-banking

 

rule rule_vs_proxy_insert_cipher

 

rule pool_select_node_netbank-banking

 

vlans AZI WHZ WSZ disable

 

 

It's very hard for us to debug problems through posts on the forum which is why I recommend you ultimately contact support.

 

I tried to open a case for that because this thing seems to be a kind of a bug and that was the answere from support:

 

 

"Hello Joerg.

 

 

Thank you for contacting F5 in regards to your issue with an iRule. DevCentral is the avenue we offer to our customers for building iRules and iControl applications. To assist DevCentral members, F5 provides technical documentation, tips, free sample downloads, and a confidential discussion Forum for posting technical questions and receiving answers. The Forum is also monitored by F5 engineers and technical experts that offer assistance on technical questions including design, architecture, troubleshooting, and general assistance with building iRules and iControl applications. In addition, many experienced members post answers based upon their personal experience. http://devcentral.f5.com/

 

 

If you are not registered, simply register on the site and then click forums and post your question there so an F5 Developer can assist you.

 

 

Thank you,

 

 

Michelle Murray"

 

 

I will give it a try again with your instruction.

 

 

Once again thanks for helping me.

 

 

Regards

 

 

Joerg

 

 

 

 

 

Joerg,

I think the problem might have to do with the fact you have multiple rules. The syntax of what you posted for the virtual server doesn't look right. There should only be one "rule" line with both rules listed on that line. Like this:

 
 virtual vs_proxy_XXX_443 {  
    destination a.b.c.d:443  
    ip protocol tcp  
    profile pool_insert_client_ip proxy_clientssl_www_netbank-money_de proxy_serverssl_www_netbank-money_de tcp  
    persist pool_persist_simple  
    pool netbank-banking  
    rule rule_vs_proxy_insert_cipher pool_select_node_netbank-banking  
    vlans AZI WHZ WSZ disable  
 } 
 

Can you try editing the bigip.conf file to put both rules together on the same line?

This may be a problem with how the GUI manages the multiple rules and each time you edit the rule it changes the order of the two rule statements, thus alternating between only running one of the two rules.

Hi,

 

 

sorry that was my fault.

 

I put in the wrong rule syntax from an older tech-out where I have tried to configure the bigip.conf file manually.

 

In fact the virtual server config looks exactly like this:

 

 

virtual vs_proxy_XXXX_443 {

 

destination e.f.g.h:443

 

ip protocol tcp

 

profile pool_insert_client_ip proxy_clientssl_www_netbank-money_de serverssl tcp

 

persist pool_persist_simple

 

pool netbank-banking

 

rule rule_vs_proxy_insert_cipher pool_select_node_netbank-banking

 

vlans a b c disable

 

}

 

 

Sorry for providing the wrong syntax.

 

 

Regards

 

 

Joerg