Forum Discussion

F5-Hopeful's avatar
F5-Hopeful
Icon for Nimbostratus rankNimbostratus
Oct 10, 2019

Session table with Virtual Command

Is anyone able to tell me if you can store data in the session table using an iRule on one VS then recover it on a second VS, if the second VS is called via the virtual command in an iRule on the fir...
application delivery
BIG-IP
iRules
virtual command
boneyard's avatar
boneyard
Icon for MVP rankMVP
Oct 15, 2019

not meant unkind but it helps if you explain the full situation at the start. things like the iRule events can matter in cases like this. the environment (AWS in your case) might also be related, i don't expect it, but it is good to know in general.

so i moved my previous setup to one closer to yours, please let me know the difference if there are any left.

iRule on VS1

when CLIENT_ACCEPTED {
 
  set srcip [IP::remote_addr]
  log -noname local0.info "CLIENT_ACCEPTED put $srcip with value blocked in blacklist subtable"
  table add -subtable "blacklist" $srcip "blocked" 360 360
  log -noname local0.info "CLIENT_ACCEPTED collect 15 bytes of data"
  TCP::collect 15
 
}
 
when CLIENT_DATA {
  log -noname local0.info "CLIENT_DATA     found client data"
  
  log -noname local0.info "CLIENT_DATA     send to virtual vs-test-02"
  virtual /Common/vs-test-02  
}

iRule on vs-test-02

when CLIENT_ACCEPTED {
 
    set srcip [IP::remote_addr]
    set result [table lookup -subtable "blacklist" $srcip]
    log -noname local0.info "CLIENT_ACCEPTED result for $srcip is $result."
 
}

and this works

Oct 15 09:34:19 bigip-01 info tmm[21812]: CLIENT_ACCEPTED put 192.168.64.191 with value blocked in blacklist subtable
Oct 15 09:34:19 bigip-01 info tmm[21812]: CLIENT_ACCEPTED collect 15 bytes of data
Oct 15 09:34:19 bigip-01 info tmm[21812]: CLIENT_DATA     found client data
Oct 15 09:34:19 bigip-01 info tmm[21812]: CLIENT_DATA     send to virtual vs-test-02
 
Oct 15 09:34:19 bigip-01 info tmm[21812]: CLIENT_ACCEPTED result for 192.168.64.191 is blocked.

i did some tests with the TCP::collect with bigger numbers of minimum bytes and i had once it didn't work, the lookup failed. but im unable to reproduce that. the collect which triggers a new event makes me a little worried, but then again, if you use the virtual in that _DATA event it shouldn't matter, but still is that choice required there?

im very interested in how your iRule looks (if possible to share more after cleanup of any internal only details) to see if a cause can be found there. but so far this works.

oh and if you haven't raise a ticket with F5 support, this is getting to the point where it indeed might be an internal things.