Big-IP LTM - load balancing incoming request to 2 different 'paths' on Member Pool

chris_wood · ‎26-Jun-2023

Hi,

A strange request has come in :). I donlt think it's possible but thought I'd reach out just encase some has an answer.

We have a VS setup that load balances to 2 different servers.

In this example we need the incoming request to load balance to a different path on each server, e.g.

incoming request > VS

VS re-writes/redirects the URL to:

Load balance to server 1 path (https://example1/folder/folder/server1)

Load balance to server 2 path (https://example1/folder/folder/server2)

Many thanks in advance!

Chris

Mohamed_Ahmed_Kansoh · ‎26-Jun-2023

Hi @chris_wood ,

What I understood , you need to redirect any incoming request ( http://example1 )
to (https://example1/folder/folder/server1) and (https://example1/folder/folder/server2)
at the same time and forward it to two different servers at the same time as well.

Interesting , could you please clarify more , to figure out your request

_______________________
Regards
Mohamed Kansoh

chris_wood · ‎26-Jun-2023

Hi Mohamed,

Thanks for your reply.

Basically, we want to load balance (round robin for e.g) to 2 servers in the member pool - but before passing it on to the servers, we need the Virtual Server to re-write the URL path to a different specific folder on each server:

if going to server 1 (https://server1/folder/folder/server1)
if going to server 2(https://server1/folder/folder/server2)

The reading I've done so far suggests when we use the HTTP::redirect iRule, the F5 replies directly to the client and doesn't load balance (even then sending to 2 different locations is a big ask).

In the mean time, we are looking into completing this task using re-directs on the individual servers, as I think that makes more sense.

Mohamed_Ahmed_Kansoh · ‎26-Jun-2023

Thanks @chris_wood ,

> So you have a pool has two ( servers/pool members )
> and Roundrobin Load balancing technique.
> After selecting server1 for example , modify request from ( http://example ) to (https://server1/folder/folder/server1) and same for Server2 but with server2 path.

That's all ?

Let me try to test it in my lab and reply back to you

_______________________
Regards
Mohamed Kansoh

chris_wood · ‎26-Jun-2023

Yes - that's everything!

CA_Valli · ‎26-Jun-2023

Might be as easy as this:
Not sure if LB::server name returns the correct information

when LB_SELECTED {
#  log local0. "server [LB::server name]"
  set path "/folder/folder/[LB::server name]"
  HTTP::host "[LB::server name].local.domain"
  HTTP::path $path
}

CA_Valli · ‎26-Jun-2023

It's not optimal, but technically it should be possible.
If you want to have it work dinamically, I'd suggest to configure the objects with a specific naming convention , for example referencing the path.

I haven't tested this code, but you could try something like this:

when LB_SELECTED {
  set path "/folder/folder/[LB::server name]"
}
when SERVER_CONNECTED {
  HTTP::path "$path"
}

Mohamed_Ahmed_Kansoh · ‎26-Jun-2023

Ok @chris_wood ,

This Irule Code should meet your need :

when LB_SELECTED {
if { [IP::addr [LB::server addr] equals x.x.x.x] } { 
log local0. " Server 1 selected , Change path to ( http://example/folder/folder/server1 ) "
HTTP::uri "http://[HTTP::host]/folder/folder/server1"
} elseif { [IP::addr [LB::server addr] equals x.x.x.x] } {
log local0. " Server 2 selected , Change path to ( http://example/folder/folder/server2 ) "
HTTP::uri "http://[HTTP::host]/folder/folder/server2"
}
}

#Replace "x.x.x.x" Ips by your servers/poolmembers IPs. 
#First "x.x.x.x" server1 and second "x.x.x.x" server2

>> I have tested it and it works as expected , after capturing the traffic in both sides , I observerd the chaning in URI paths according to selected pool member inside the pool.

<< Why I used this method >> ?
Because you need to use round Robin loadbalance technique and modify the request to servers at the same time.

try it and let me know.
Goodluck 🙂

_______________________
Regards
Mohamed Kansoh

CA_Valli · ‎26-Jun-2023

This works, I was wondering if there was a way to make it dynamic so it was scalable ..
I've looked into [LB::server] instruction and tested it, but it only returns server IP and pool name.

@chris_wood if you have control on the server environment and it's possible to edit the URLs, you might want to set it up this way:
- assign any IP address you want
- if possible, try configuring server hostname to match the last octect ex. apache30 for IP 10.10.10.30 or apache12 for 10.10.10.12
- if possible, configure server URL to match the hostname, ex. /path/to/apache15
This way, iRule might support service scalability as server farm grows,

when LB_SELECTED {
  set selected [getfield [LB::server addr] "." 4]
  set server "apache$selected"
#  log local0. "server $server"
  set path "/path/to/$server" ; set host "$server.local.domain"

  HTTP::host $host 
  HTTP::path $path
}

This will rewrite http(s)://<virtual server url> to http(s)://apacheXX.local.domain/path/to/apacheXX for any given XX , without redirects (client transparent)

chris_wood · ‎26-Jun-2023

Thank you! I will test this afternoon and let you know!

chris_wood · ‎27-Jun-2023

Hi!

I tried your script - and looks good in the F5 logs - however the server logs aren't showing showing any connections.

Tried on both http/https - with the http & http-transparent profile. I'm thinking along the lines of SSL/TLS getting in the way - might need to add

Removing the http profile and only using 1 server in the pool worked as expected.

Mohamed_Ahmed_Kansoh · ‎27-Jun-2023

Hi @chris_wood ,

While assinging my iRule script in your virtual server, did you assign the correct pool in Virtual server resources ?

you sould assign a pool has 2 pool members ( and only replace first "x.x.x.x" by first pool member IP and do the same with the second pool member ip )

Please Take this Packet capture to see the server and client side connections , and see the effect from F5 Bigip

tcpdump -nnni 0.0:nnnp -vvv -w /var/tmp/path_test.pcap host x.x.x.x

#put Client_ip address instead of "x.x.x.x"

I will be waiting your response

_______________________
Regards
Mohamed Kansoh

chris_wood · ‎29-Jun-2023

Thanks very much for your help! Really appreciated.

I added the web server certificate as a client/server SSL profile, this helped the F5 load balance as expected - however it still wasn't re-writing the URI (this was most likely a config issue on my end)

During out T/Shooting - we decided to go down the web server redirect route as this easy to implement.

Mohamed_Ahmed_Kansoh · ‎29-Jun-2023

HI @chris_wood ,

Take Packet capture in both sides Client/server sides you will be able to see that Bigip rewrites your URI ,
Look at this from my enviroment after testing the iRule that I shred it with you :

where :
10.1.10.199 >>> Client address
10.1.10.100 >>> Virtual server
10.1.20.240 >>> F5 Bigip selfip address in server side/ ( intrtnal vlan)
10.1.20.11 >>> Server 1
Do you observe the rewriting of the uri , according to choose server 1 in loadbalancing.

Also this when Loadbalancing algorithm chose server 2 :

10.1.20.12 >>> server 2

So that take a packet capture that I sent in my last reply and the the change through F5 bigip first.
if the rewriting goes well , send it to the server owner and tell him that he needs some modification from his side as bigip did it's job.

Let me know if you need somthing

_______________________
Regards
Mohamed Kansoh

DevCentral

Big-IP LTM - load balancing incoming request to 2 different 'paths' on Member Pool

MFA required on DevCentral