Forum Discussion
Chip_Hudgins_64
Nimbostratus
Nimbostratusproxy to node based on hostname
Hello,
First time posting here.
I wanted to know if anyone had an idea on how to proxy to a node/server based on hostname rather than IP. I thought maybe an iRule could be used instead of a traditional resource pool with members.
We are proxying to a server that is not managed by us. We need to preserve the hostname and the server on the backend expects that hostname so redirects will not work.
We cannot just use DNS for there are many links our users use with short names to this service (hostname rather than hostname.domain.com) and the backend server does not have our DNS server suffix within its configuration therefore cannot match the FQDN host when we send a request to it using just a DNS CNAME.
Therefore we use the LTM to convert the short name to a FQDN and then proxy the request back to the host that we do not manage. This works well except for one thing, the bigip.conf configuration saves the member as an IP, not a hostname. If the vendor changes the IP of this server, we will no longer be able to proxy to it unless we update the configuration.
I thought I could write an iRule which does a proxy based on hostname
For example:
when RULE_INIT {
Set the hostname that the client makes request to
set external_hostname "something.domain.com"
Set the hostname that the BIG-IP will proxy requests to
set internal_hostname "asp.otherdomain.com"
}
when HTTP_REQUEST {
if { [string first "." [HTTP::host] }] < 0 && [string length [HTTP::host]] >= 1} {
set host "[HTTP::host].domain.com"
HTTP::redirect "http://$[HTTP::host]$[HTTP::uri]"
}
if { [HTTP::host] == ${external_hostname} } {
proxy to internal hostname
SOMETHING "${internal_hostname}[HTTP::uri]"
}
}
where SOMETHING proxies to the server we do not manage (not redirect).
Any help is appreciated. C
Chip_Hudgins_64After some searching, I found the following code that will proxy based on hostname. Unfortunately NAME::lookup/NAME::response does not return any results. I have read through the SOL on DNS resolution and tried each but without success. The result is just empty NAME_RESOLVED:
Does anyone know why the NAME::lookup does not work in the follow code:
when RULE_INIT {
The hostname to resolve to an IP address
set ::myhostname "something.domain.com"
The number of requests to use the cached DNS answer for
set ::max 100
Force a DNS lookup on the first request to get a current answer
set ::count 100
}
when CLIENT_ACCEPTED {
Increment the count of requests
incr ::count
Only look up the address every 100 resolutions
Modify this as needed by changing $::max in RULE_INIT
if { $::count >= $::max } {
set ::count 0
NAME::lookup $::myhostname
}
Set the selected node to the current resolved IP address and the port the client requested.
The port could be hard coded to any value.
node $::server_ip [TCP::local_port]
}
when NAME_RESOLVED {
log local0. "NAME_RESOLVED: [NAME::response]"
can we just use [NAME::response 0], is the response a list?
set ::server_ip [lindex [split [NAME::response] " "] 0]
}
hooleylistCirrostratus
Which LTM version are you running? If you're on 10.1 or higher, you can use RESOLV::lookup instead of NAME::lookup. The former command is simpler to use and more efficient.
http://devcentral.f5.com/wiki/default.aspx/iRules/resolv__lookup
Aaron- Chip_Hudgins_64Hello Aaron.
We are currently running 9.3.1. We plan to upgrade in June to 10.1.
So for now, I am stuck with NAME::lookup.
I was able to get the DNS::lookup to work by configuring the named.conf on the LTM as a forwarder to our internal DNS servers. I found out that named was try to lookup the name externally which was not working. But as a forwarder, the resolution takes place internally and this is working at the moment. I still appreciate your response though.
Thanks,
C
Thanks,
C - hooleylistHi Chip,
Glad that's working now. Thanks for posting your fix.
Aaron