Forum Discussion

Jagadeesh's avatar
Jagadeesh
Icon for Altostratus rankAltostratus
Sep 27, 2023

what is the Pool limit to do URI redirection using irule

I have a VCMP guest LTM virtual box with 1 Core running on BIG-IP 15.1.9.1 Build 0.0.5 Point Release 1 I have a requirement , With Single VIP listening on Port 443 and selecting the pool using iRule...
application delivery
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Sep 27, 2023

Hi Jagadeesh,

there seems to be a wild mix of names and products.

VirtualBox is a virtualization platform by Oracle. Not officially supported. Hope you dont have that. 
VCMP Guest is better, hope you are using this.

Single VIP listening on port 443 and selecting the pool based on URI with an iRule is ok too. Just to clarify - based on URI or based on Hostname/FQDN? With a lot of certificates involved and lots of ssl profiles, you might end up with a cumbersome setup.

SSL handshakes will become an issue with only one core. Try to do some performance testing in that direction.

KR
Daniel

  • Jagadeesh's avatar
    Jagadeesh
    Icon for Altostratus rankAltostratus
    Sep 27, 2023

    Hi Daniel ,

    Thanks for the reply , Yes it is VCMP Guest with one core. With single VIP with Port 443 and Cert.

    Irule to change the pool based on the URI. The pool members in the pool could be different and the pool members would also listen on a unique port.We will have more than 200 Pools in such a way.

    Will it cause any Performance issue ? Please share if any solutions for this requirement.

    Thanks..!

    • Paulius's avatar
      Paulius
      Icon for MVP rankMVP
      Sep 27, 2023

      Jagadeesh This depends on multiple factors but at face value it shouldn't be an issue. If it's one URI per pool you might consider using a data-group to match in an iRule rather than a long iRule with 200+ entries. Make sure to keep what Daniel_Wolf has stated into consideration.

      • Jagadeesh's avatar
        Jagadeesh
        Icon for Altostratus rankAltostratus
        Sep 27, 2023

        Thanks Paul , Yes it one URI per pool.May i know if there is any KB article that i can refer.

    • Daniel_Wolf's avatar
      Daniel_Wolf
      Icon for MVP rankMVP
      Sep 28, 2023

      Hi Jagadeesh, the solution Paulius provided is the same way I'd recommend to solve the problem. iRules and data-groups are the way to go. This solution will perform.

      For your question regarding the performace - there is not a straight yes or no answer.
      Just as an example - if you use RSA certificates with a key lenght of 4096 this is much heavier on the CPU than using ECC certificates with a key length of 384. While both offer similar level of security.
      Also we don't know how much troughtput and how many requests/sec you are expecting. Sizing a BIG-IP requires more than just the knowledge about one iRule.

      My gut feeling is - one CPU is only for lab environments. For prod a I recommend a minimum of two. 

      • Daniel_Wolf's avatar
        Daniel_Wolf
        Icon for MVP rankMVP
        Sep 28, 2023

        For the sake of completeness, I wrote a shorter iRule. I find using SET rather unSETteling. 🙂

        when RULE_INIT priority 500 {
    # enable (1) / disable (0) logging
    set static::contentswitching_debug 0
}

when HTTP_REQUEST priority 500 {
    if {[catch {pool [class match -value [string tolower [HTTP::path]] starts_with dg_l7_routing]}]} {
        # default pool
        pool pl_default_pool
    }
    if { $static::contentswitching_debug } { log local0. "Using pool: [LB::server pool]" }
}