LTM Policy – Matching Strategies

Introduction LTM Policy is a highly performant-feature of the Big IP which allows administrators to inspect many aspects of the system and runtime traffic, and to take custom actions in response. ...
Updated Jun 06, 2023
Version 2.0
application delivery
BIG-IP
LTM
policy
Steve_McCarthy_'s avatar
Steve_McCarthy_
Historic F5 Account
Jul 05, 2017

Starting from a high level, if no rules match then no actions should be executed. So the trick is to make sure that there is one rule that always matches.

It sounds like what you want is logic like this:

if (URI starts with 'XYZ) {
   forward to POOLA
} else {
   forward to POOLB
}

In LTM Policy, the way to do this is to have 2 rules:

  1. The first rule has a condition that compares the URI, and an action to forward to the desired pool.

  2. The second rule would be what we call a 'default' rule, that is, one that does not have a condition but has an action - in this case forwarding traffic to the other pool. In LTM Policy, when a rule has no conditions specified then it is always considered to be a match. So it is common practice to make the last rule be a default rule, one which is guaranteed to match and give predictable behavior when no other rules apply. One detail to note is that the default rule should have the highest value for the 'ordinal' parameter, which is used for ordering rules in a policy.

Here is what such a policy might look like in bigip.conf:

ltm policy /Common/Drafts/my-forwarding-policy {
controls { forwarding }
requires { http }
rules {
    default-rule {
        actions {
            0 {
                forward
                select
                pool /Common/POOLB
            }
        }
        ordinal 1
    }       
    r1 {        
        actions {
            0 { 
                forward
                select
                pool /Common/POOLA
            }
        }
        conditions {
            0 {
                http-uri
                path
                starts-with
                values { /XYZ }
            }
        }
    }       
}               
strategy /Common/first-match

}

Note that rule 'default-rule' has no conditions specified, and even though it appears in the config file ahead of rule 'r1', it will be evaluated after since it has ordinal 1, while r1 has ordinal 0 (which is a default and therefore not shown explicitly).

And here is how you'd create such a policy from tmsh:

 create ltm policy /Common/Drafts/my-forwarding-policy rules add { r1 { conditions add { 0 { http-uri path starts-with values { /XYZ } }} actions add  { 0 { forward select pool POOLA }} ordinal 0 } default-rule { actions add { 0 { forward select pool POOLB } } ordinal 1 }}

Hope this is helpful.