Forum Discussion

awan_m's avatar
awan_m
Icon for Cirrostratus rankCirrostratus
Oct 08, 2023

Send data to 2 pool members in HSL pool

Hi all - i have 2 members in a HSL pool - and i want to send logs to both , meaning not load blance but send a copy to both pool members - 

is there a way of acheving that 

Thanks 

  •  Hi Awan,

    Use Distribution setting as == Replicated

     

     

    Default is Adaptive

    There are three options for this Distribution setting:

    • Adaptive == Default Setting

      This is the default method and uses the same distribution method as previous BIG-IP versions. When set to adaptive, the BIG-IP system selects one pool member from the HSL pool, establishes a connection, and sends all of the HSL traffic to this remote log server until either the rate of the HSL traffic exceeds what the remote log server is capable of accepting or the HSL connection to the remote log server is lost. When this happens, the BIG-IP system selects the next pool member from the HSL pool, establishes a new connection, and sends the rest of the HSL traffic to the next remote log server.

    • Balanced

      This method directs the BIG-IP system to use the load balancing method that is configured in the HSL pool to pick a pool member every time the system attempts to send a log.

    • Replicated

      This method replicates each log to all pool members of the HSL pool. This method is typically used when you want to have the same set of logs on another backup remote log server.

      Unless you specifically require the BIG-IP system to load balance HSL traffic between the remote log servers of the assigned HSL pool, or replicate HSL traffic to all pool members, F5 recommends that you use the default HSL traffic distribution method (adaptive).

      K17398: Configuring the High Speed Logging traffic distribution method

      https://my.f5.com/manage/s/article/K17398

      HTH

      F5 Design Engineer

      🙏

    • awan_m's avatar
      awan_m
      Icon for Cirrostratus rankCirrostratus

      Thanks for the Response - so in this case i would not be using hsl pool but publisher - is that correct 

      set hsl [HSL::open -proto $static::logProtocol -pool $static::logPool] - chaneg to publisher 

      secondly - i also need to use the same approach in clone pool - can i have replicated traffic in a clone pool 

      Thanks 

  • Hi Awan,

    replicated option is for pool only not for publisher. In tmsh here is the syntax

    create /sys log-config destination remote-high-speed-log <log destination name> distribution <adaptive|balanced|replicated> pool-name <HSL pool name> protocol <tcp|udp>

     

     

    Log Publisher is step 4, first you need to creat log pools in step 1 then only you can go for log publishers:

     

    Setting The BIG-IP into using HSL Steps.

    1. Create a Pool with the remote log server as the member.
    2. Go to System  ››  Logs : Configuration : Log Destinations and create one of these two types of Destinations depending on whether you want to use TMM or management for the traffic.
      1. For a High Speed Logging Destination Click Create Select the pool you created in step 1.
        1. Name the Log Destination.
        2. Select 'Remote High-Speed Log'.
        3. Select the pool you created in step 1.
        4. Select TCP or UDP.
        5. Select the Distribution method (leave in default if only one pool member).
        6. Click Finished.
        7. To use the management interface (only one IP can be used in this method)
          1. Enter IP and port of logging server.
          2. Select Protocol.
          3. Click Finished.
          4. Now create another Log Destination (this will in essence trick the BIG-IP to use HSL logging).
            1. Choose type Splunk.
            2. Forward to either the HSL or management interface.
            3. Click Finished.
            4. Go to System  ››  Logs : Configuration : Log Publishers
              1. Click Create.
              2. Name it.
              3. Choose the Destination from step 3.
              4. Click Finished.

                The logging traffic proceeds from top to bottom in the illustration.

                 
                 
                 
                 

                 

                https://my.f5.com/manage/s/article/K17398

                For your iRule, please refer below

                open and send for HSL

                https://clouddocs.f5.com/api/irules/HSL__open.html

                https://clouddocs.f5.com/api/irules/HSL__send.html

                https://my.f5.com/manage/s/article/K50040950

                https://my.f5.com/manage/s/article/K50040950

                 

                https://clouddocs.f5.com/cli/tmsh-reference/v15/modules/ltm/ltm_rule_command_HSL_open.html

                 

                Please note

                 The protocol is case sensitive and must be specified in all uppercase letters.

                Prior to 11.1 the protocol value is not validated when an iRule is saved, but will cause a run-time error when executed for a connection if the protocol is not valid (UDP or TCP).

                The pool name is not validated when an iRule is saved but will cause a run-time error when executed if the pool does not exist.

                 

                HTH

                F5 Design Engineer

                🙏

                 

    • awan_m's avatar
      awan_m
      Icon for Cirrostratus rankCirrostratus

      Thanks for teh response - but this does not solve my Problem 

      My use case is - 

      i have - Acive and Standby F5s in 2 Data centers - F51 - DC -A , F52 - DC-B

      i need to send all traffic to IDS appliance - so i connect one F5 interface to a switch in each datacenter that has the IDS device connected to it - and on each F5 i created a static ARP entry 

      what i want to do is create a pool that has both IDS devices in it - attach that pool to teh virtual server as client side clone pool  and send traffic to both pool members - 

      any suggestions .

      thanks