Forum Discussion
Vernon_97235
Historic F5 Account
It can. You cannot use the BIG-IP priority group activation method for this, because it has a different meaning than what you describe above, but you can define two pools, one for each "priority group". You would then select the "priority group" based on the header field. You would set the Virtual Server LB method to "Ratio" and define the pool member ratios in each pool. It would look something like this (untested!):
when HTTP_REQUEST {
if { [HTTP::header exists "iSession"] && [persist lookup uie [HTTP::header "iSession"]] } {
persist uie [HTTP::header "iSession"]
}
else {
switch [HTTP::header "iPGroup"] {
"One" {
pool pool-One
}
"Two" {
pool pool-Two
}
}
if { [HTTP::header exists "iSession"] } {
persist uie [HTTP::header "iSession"]
}
}
}
In this configuration, you should also define a default pool for the Virtual Server, which would be used if iPGroup is not set or is not a value in the set ["One", "Two"].
ppltam_183867
Mar 28, 2016Cirrus
Really Thanks Vernon for sharing the technical insight and would like to go a bit further. Traffic from the LTM Virtual Server going to the actual Node members who run web services are actually encrypted running SSL. On the LTM virtual server, we have defined two SSL profiles (One Client SSL and One Server SSL profile) as end-to-end encryption is a mandatory requirement due to confidentiality of the application. Question is can we still use the iRules suggested e.g.
<<********************>>
when HTTP_REQUEST {
if { [HTTP::header exists "iSession"] && [persist lookup uie [HTTP::header
"iSession"]] } {
persist uie [HTTP::header "iSession"]
}
else {
switch [HTTP::header "iPGroup"] {
"One" {
pool pool-One
}
"Two" {
pool pool-Two
}
}
.........
<<*****************>
in combination with the SSL profiles defined or do we have to perform encryption / decryption/ re-encryption on the iRules level and write extra iRule coding in order to achieve the end-to-end traffic encryption as well as the persistent session requirements.
Many thanks in advance.
Regards
Patrick