For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Old-Greg-MD's avatar
Old-Greg-MD
Icon for Nimbostratus rankNimbostratus
Dec 27, 2017

Traffic Policies and Pool Selection

Ran into a weird one with traffic policies today. I am doing a simple Host and URI match, and once matched I am forwarding the traffic to a specific pool, pretty standard. This all works fine until I...
application delivery
local traffic policy
LTM
nitass_89166's avatar
nitass_89166
Icon for Noctilucent rankNoctilucent
Dec 28, 2017

IF host=HOST-A and URI match; Forward to PoolB (works fine)

IF host=HOST-A and URI match; Forward to PoolB AND Change Host to HOST-B (this fails to send traffic to PoolB resulting in traffic flowing to the default pool, PoolA)

it seems to be okay here. the following is from big-ip 13.1.0.1.

// config

root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    policies {
        policy1 { }
    }
    pool poola
    profiles {
        http { }
        tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
    vs-index 4
}
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool poola
ltm pool poola {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool poolb
ltm pool poolb {
    members {
        200.200.200.111:80 {
            address 200.200.200.111
        }
    }
}
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm policy policy1
ltm policy policy1 {
    controls { forwarding }
    last-modified 2017-12-28:12:39:22
    requires { http }
    rules {
        rule1 {
            actions {
                0 {
                    forward
                    select
                    pool poolb
                }
                1 {
                    http-host
                    replace
                    value newtest.com
                }
            }
            conditions {
                0 {
                    http-host
                    host
                    values { test.com }
                }
                1 {
                    http-uri
                    contains
                    values { hello }
                }
            }
        }
    }
    status published
    strategy first-match
}

// test

[root@ve13a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(41688) <-> 172.28.24.10(80)
1514435984.1182 (0.0006)  C>S
---------------------------------------------------------------
GET /helloworld HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: test.com

---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(41688) <-> 200.200.200.111(80)
1514435984.1193 (0.0010)  C>S
---------------------------------------------------------------
GET /helloworld HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: newtest.com

---------------------------------------------------------------
Old-Greg-MD's avatar
Old-Greg-MD
Icon for Nimbostratus rankNimbostratus
Jan 03, 2018

Thank you for the response, interesting it works in v13.x. This is happening in v12.x