For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tabish_Mirza_12's avatar
Tabish_Mirza_12
Icon for Nimbostratus rankNimbostratus
Jun 14, 2016

Set Up F5 load balancer for BRM (Oracle Communications Billing and Revenue Management MAA on Oracle Engineered Systems) CMMP Traffic

Hi Folks,

 

Can anyone please tell me what is the purpose of below iRule as we are in process to deploy Oracle BRM in our environment and Oracle ask us to configure below iRule as per pdf doc. We want to know that why we need this iRule and what is the benefit.

 

http://www.oracle.com/technetwork/database/availability/brm-maa-2217121.pdf

 

when CLIENT_ACCEPTED {

 

The current pool is derived from the virtual server's "Default Pool"

set current_pool [LB::server pool]

 

Count of reselect attempts

set reselects 0

 

}

 

when LB_FAILED {

 

Reselect another pool member if the connection fails. Limit reselects to the number of active members. To be active, a member must be enabled with status available or unknown.

if { $reselects < [active_members $current_pool] } {

 

incr reselects

 

log local0.info "Client [IP::client_addr]:[TCP::client_port]: Selected pool member [LB::server addr]:[LB::server port] not responding. Reselect attempt $reselects."

 

LB::mode rr

 

LB::reselect pool $current_pool

 

} else {

 

log local0.error "Client [IP::client_addr]:[TCP::client_port]: Failed to connect after $reselects reselects."

 

}

 

}

 

application delivery
LTM

2 Replies

  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Jun 14, 2016

    Here is the iRule in a more readable (I hope) form:

     brm
-
iRule 
when CLIENT_ACCEPTED {
 The current pool is derived from the virtual server's "Default Pool"
set current_pool [LB::server pool]
 Count of reselect attempts
set reselects 0
}
when LB_FAILED {
 Reselect another pool member if the connection fails.  
 Limit reselects to the number of active members.
 To be active, a member must be enabled with status available or 
 unknown.
if { $reselects < [active_members $current_pool] } {
incr reselects
log local0.info "Client [IP::client_addr]:[TCP::client_port]: Selected 
pool member [LB::server addr]:[LB::server port] not responding.  Reselect 
attempt $reselects."
LB::mode rr
LB::reselect pool $current_pool
} else {
log local0.error "Client [IP::client_addr]:[TCP::client_port]: Failed 
to connect after $reselects reselects."
}
}

    Basically if the connection to the pool member fails this irule causes the BigIP to go back and pick a new pool member. It keeps this up (Logging each failure) until it has tried each pool member, at which point it logs that it could not make the connection. As to why it's needed, that would be an excellent question to ask Oracle.

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Jun 16, 2016

    From the Oracle article linked to above, Oracle stipulates the use of "tcp-half-open" for the health monitor at the default polling frequency, which is really not a stringent measurement of the state of an application. I guess this irule is there simply for logging the F5 device's operation in more detail, as presumably befits the requirement of an application that is monetary in nature.