Forum Discussion
Jagadeesh
Altostratus
Altostratuswhat is the Pool limit to do URI redirection using irule
I have a VCMP guest LTM virtual box with 1 Core running on BIG-IP 15.1.9.1 Build 0.0.5 Point Release 1 I have a requirement , With Single VIP listening on Port 443 and selecting the pool using iRule...
Daniel_Wolf
MVP
MVPHi Jagadeesh,
there seems to be a wild mix of names and products.
VirtualBox is a virtualization platform by Oracle. Not officially supported. Hope you dont have that.
VCMP Guest is better, hope you are using this.
Single VIP listening on port 443 and selecting the pool based on URI with an iRule is ok too. Just to clarify - based on URI or based on Hostname/FQDN? With a lot of certificates involved and lots of ssl profiles, you might end up with a cumbersome setup.
SSL handshakes will become an issue with only one core. Try to do some performance testing in that direction.
KR
Daniel
JagadeeshAltostratus
AltostratusHi Daniel ,
Thanks for the reply , Yes it is VCMP Guest with one core. With single VIP with Port 443 and Cert.
Irule to change the pool based on the URI. The pool members in the pool could be different and the pool members would also listen on a unique port.We will have more than 200 Pools in such a way.
Will it cause any Performance issue ? Please share if any solutions for this requirement.
Thanks..!
- Paulius
Jagadeesh This depends on multiple factors but at face value it shouldn't be an issue. If it's one URI per pool you might consider using a data-group to match in an iRule rather than a long iRule with 200+ entries. Make sure to keep what Daniel_Wolf has stated into consideration.
- Jagadeesh
Thanks Paul , Yes it one URI per pool.May i know if there is any KB article that i can refer.
- Paulius
Jagadeesh I don't know of a KB article off the top of my head but I'm sure one exists. The following is what I put together assuming you have a default pool to handle all traffic that isn't defined in the data-group.
when CLIENT_ACCEPTED priority 500 { set DEFAULT_POOL [LB::server pool] } when HTTP_REQUEST priority 500 { set URI [string tolower [HTTP::uri]] if { [class match -- ${URI} eq CLASS-URI-TO-POOL] } { set TEMP_POOL [class match -- -value $URI eq CLASS-URI-TO-POOL] pool ${TEMP_URI} } else { $DEFAULT_POOL } }In your data-group called CLASS-URI-TO-POOL the string field would have the path and the value field will be the pool name that matches it.
- Daniel_Wolf
Hi Jagadeesh, the solution Paulius provided is the same way I'd recommend to solve the problem. iRules and data-groups are the way to go. This solution will perform.
For your question regarding the performace - there is not a straight yes or no answer.
Just as an example - if you use RSA certificates with a key lenght of 4096 this is much heavier on the CPU than using ECC certificates with a key length of 384. While both offer similar level of security.
Also we don't know how much troughtput and how many requests/sec you are expecting. Sizing a BIG-IP requires more than just the knowledge about one iRule.My gut feeling is - one CPU is only for lab environments. For prod a I recommend a minimum of two.
- Daniel_Wolf
For the sake of completeness, I wrote a shorter iRule. I find using SET rather unSETteling. 🙂
when RULE_INIT priority 500 { # enable (1) / disable (0) logging set static::contentswitching_debug 0 } when HTTP_REQUEST priority 500 { if {[catch {pool [class match -value [string tolower [HTTP::path]] starts_with dg_l7_routing]}]} { # default pool pool pl_default_pool } if { $static::contentswitching_debug } { log local0. "Using pool: [LB::server pool]" } }- Jagadeesh
Thanks Daniel , I will try it out and keep you posted.
