Forum Discussion

santoshmashetti's avatar
santoshmashetti
Icon for Nimbostratus rankNimbostratus
Jun 23, 2023

write an irule to route (not re-direct) the traffic to an URI instead of a pool.

Hi all,

I am new to F5, I need some guidance in the following situation:

In our scenario, currently we are forwarding the F5 traffic to an pool based on certain logic.
i.e pool pool_name.

In the new scenario, we have been asked to send the traffic to an URL for eg: "http://example.apps.clossc01.syst.cloud.example.com". they have been told that we have to use this URL only and we should not simply hardcode its ip. The reason is this NGNIX service is running in a openshift platform.  kindly share some solutions to route the F5 traffic to this url for further request analysis and it is not a re-direct.

1. can we able to resolve this url and get the node? if yes please share some code.

2. if there are any other way to acheive this please guide.

  • Hi santoshmashetti ,

    If I understood you , you need use FQDN/host names in pool members instead of Ips.

    It's applicable , configure your bigip DNS properly ( System >>> Configuration >>> Device >> DNS )
    and configure the pool members with their correct FQDNs.

    I think you mean another thing , Correct ?!

  • I see a reference to the "pool pool_name" command, is your current scenario irule-based?

    To process an iRule rewrite of this kind, you need to consider a couple things. First and foremost, you still require the basic information to craft the packet: server IP and server port. 
    You don't "have" to have it bound it into a pool object, but it's usually the nicer option. As Mohamed said, if the resource has a dynamic IP you can use a FQDN object and configure DNS resolution so it will always stay up-to-date. Keep in mind that this will still only be a "node" object - meaning: only server IP address is being considered.

    Next point, you need to consider routing. Fix anything that must be fixed and make sure connectivity to the object is working in both directions. 
    Now, focus on higher layers. If pool seems a good idea, lock the socket into that ; the only other opion I see will be scripting a "node" instruction in the iRule. 

    At application layer, modify the HTTP request parameters as required. If this is a forward and not a redirect, you need to replace the HTTP::host header, eventually rewrite the HTTP::path and perform any additional change that you need. Usually, all of this is an iRule work. 
    Last, check your HTTP response as well, and verify if anything needs to be fixed there as well before forwarding it back to client. 

  • I would not proxy this type of configuration. Instead of having the F5 resolve and proxy, I would redirect the client. This way, the client can then use their DNS to resolve closest resource and continue with the connection to the resolved IP address. Otherwise, you may end up with higher latency. User is West Coast, accesses an East Coast instance of F5/NGINX, and then is proxied back to West Coast. Makes no sense. Distribute the load balancer, and have client redirect to best DNS resolved resource.

     

  • If I understand what you want to do, it is to have an LTM load-balancing pool send traffic to it's pool-members via their DNS fully qualified domain names (FQDNs) rather than via their literal IP addresses. If so, see please the following for the requested information:

    Populating a LTM Pool Using DNS Resolution - F5 Networks - Steve Lyons
    https://www.youtube.com/watch?v=FDQoOmSqoJc

    K34530829: Convert pool from IPs to FQDN - F5 Networks - KB article
    https://my.f5.com/manage/s/article/K34530829

     

  • santoshmashetti - can you mark any of these as solutions? It helps others find good answers down the road.

    Thanks,
    Lief

    (side note : I removed the extremely complete-looking but ultimately unreliable GenAI reply that was then edited with a SPAM link in it)