Forum Discussion
NimbostratusTraffic Policies and Pool Selection
Ran into a weird one with traffic policies today. I am doing a simple Host and URI match, and once matched I am forwarding the traffic to a specific pool, pretty standard. This all works fine until I try to to an http host replace in addition to the pool forward, which results in the pool selection not occurring within the traffic policy and traffic flowing to the default pool. In addition, the Traffic Policy stats indicate that the pool selection and host replace was successful, even though traffic still flowed to the default pool.
So it looks like this:
IF host=HOST-A and URI match; Forward to PoolB (works fine) IF host=HOST-A and URI match; Forward to PoolB AND Change Host to HOST-B (this fails to send traffic to PoolB resulting in traffic flowing to the default pool, PoolA)
Once I remove the host replace action, all traffic flows to the pool within the policy as desired. Has anyone run into this before?
nitass_89166Noctilucent
IF host=HOST-A and URI match; Forward to PoolB (works fine)
IF host=HOST-A and URI match; Forward to PoolB AND Change Host to HOST-B (this fails to send traffic to PoolB resulting in traffic flowing to the default pool, PoolA)
it seems to be okay here. the following is from big-ip 13.1.0.1.
// config root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 policies { policy1 { } } pool poola profiles { http { } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 4 } root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool poola ltm pool poola { members { 200.200.200.101:80 { address 200.200.200.101 } } } root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool poolb ltm pool poolb { members { 200.200.200.111:80 { address 200.200.200.111 } } } root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm policy policy1 ltm policy policy1 { controls { forwarding } last-modified 2017-12-28:12:39:22 requires { http } rules { rule1 { actions { 0 { forward select pool poolb } 1 { http-host replace value newtest.com } } conditions { 0 { http-host host values { test.com } } 1 { http-uri contains values { hello } } } } } status published strategy first-match } // test [root@ve13a:Active:In Sync] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.24.1(41688) <-> 172.28.24.10(80) 1514435984.1182 (0.0006) C>S --------------------------------------------------------------- GET /helloworld HTTP/1.1 User-Agent: curl/7.29.0 Accept: */* Host: test.com --------------------------------------------------------------- New TCP connection 2: 200.200.200.14(41688) <-> 200.200.200.111(80) 1514435984.1193 (0.0010) C>S --------------------------------------------------------------- GET /helloworld HTTP/1.1 User-Agent: curl/7.29.0 Accept: */* Host: newtest.com ---------------------------------------------------------------
Old-Greg-MDThank you for the response, interesting it works in v13.x. This is happening in v12.x
- nitass
Employee
IF host=HOST-A and URI match; Forward to PoolB (works fine)
IF host=HOST-A and URI match; Forward to PoolB AND Change Host to HOST-B (this fails to send traffic to PoolB resulting in traffic flowing to the default pool, PoolA)
it seems to be okay here. the following is from big-ip 13.1.0.1.
// config root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 policies { policy1 { } } pool poola profiles { http { } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 4 } root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool poola ltm pool poola { members { 200.200.200.101:80 { address 200.200.200.101 } } } root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool poolb ltm pool poolb { members { 200.200.200.111:80 { address 200.200.200.111 } } } root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm policy policy1 ltm policy policy1 { controls { forwarding } last-modified 2017-12-28:12:39:22 requires { http } rules { rule1 { actions { 0 { forward select pool poolb } 1 { http-host replace value newtest.com } } conditions { 0 { http-host host values { test.com } } 1 { http-uri contains values { hello } } } } } status published strategy first-match } // test [root@ve13a:Active:In Sync] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.24.1(41688) <-> 172.28.24.10(80) 1514435984.1182 (0.0006) C>S --------------------------------------------------------------- GET /helloworld HTTP/1.1 User-Agent: curl/7.29.0 Accept: */* Host: test.com --------------------------------------------------------------- New TCP connection 2: 200.200.200.14(41688) <-> 200.200.200.111(80) 1514435984.1193 (0.0010) C>S --------------------------------------------------------------- GET /helloworld HTTP/1.1 User-Agent: curl/7.29.0 Accept: */* Host: newtest.com ---------------------------------------------------------------- Old-Greg-MD
Thank you for the response, interesting it works in v13.x. This is happening in v12.x
