Forum Discussion

dlogsdonmd's avatar
dlogsdonmd
Icon for Nimbostratus rankNimbostratus
May 22, 2019

iRule (or ?) to Direct Traffic During Maintenance

Hello,

 

I've a need to apply an iRule (or a solution) to a VIP to block traffic to any node in the pool should a particular site not be available. There are 2 VIPs, a HTTP (port 80) VIP with a HTTP to HTTPS redirect iRule to redirect traffic to the 2nd HTTPS (port 80) VIP. the HTTPS VIP has an iRule for slow post. When traffic hits the main url, we want to allow that traffic, but when there is traffic directed to a particular path (directory/folder within IIS) we want the traffic to not be sent to any given node if that folder/path is NOT available (during maintenance).

 

Background: we can configure a basic healthcheck: https://dev.ncdr.com/dct/lb/lbtest and return string is 1-Up. If that URL isn't available on a given server in the pool, we want to ensure traffic to the path (https://dev.ncdr.com/dct) is directed to servers in the pool that do pass the healthcheck. There is a custom asp.net mvc web app that recognizes that URL path as a valid route and executes a controller action assigned to that route and renders the view associated with that action. If the application isn't running, it can't serve that URI and you get a 404.

 

In addition, we want to be sure we're following best practices for something like this. Is an iRule the appropriate solution or is there another option? Is there a rule about whether this iRule is listed first on the HTTP VIP or second? Before or after the HTTP to HTTPS redirect iRule on the HTTP VIP or should it be configured on the HTTPS VIP and before or after the slow post iRule?

 

Our iRules are pretty simple generally so this is new territory for us. My colleague was suggesting we add a healthcheck that simply removes the node from the pool, but because there is other valid traffic (going to dev.ncdr.com) that should still have access to the node, that isn't an optimal solution. We were not considering a whole separate VIP for this but perhaps that is an option, we've not created a VIP for this kind of traffic so I wasn't sure how to do that.

 

I appreciate any assistance anyone can provide to help us implement the best solution.

 

Thanks in advance.

 

Diane

application delivery
iRules
LTM

2 Replies

Sort By
  • Andy_McGrath's avatar
    Andy_McGrath
    Icon for Cumulonimbus rankCumulonimbus
    May 22, 2019

    Create a new monitor and new pool for each web application. Then forward traffic based on the path to the correct pool.

    Example:

    • App1 path = /dct/
    • App2 path = /zct/
    • App3 path = /yct/

    Create a monitor per application.

    Create a pool per application with the same pool members but assign the associated monitor.

    Using iRule or Traffic Policy to select the pool based on the URL:

    when HTTP_REQUEST {
    switch -glob [HTTP::uri] {
        /dct* {
            pool app1_dct_pool
        }
        /zct* {
            pool app2_zct_pool
        }
        /yct* {
            pool app3_yct_pool
        }
        default {
            # Using default assigned pool
            pool [LB::server pool]
        }
    }
}
    • dlogsdonmd's avatar
      dlogsdonmd
      Icon for Nimbostratus rankNimbostratus
      May 22, 2019

      Hi Andy,

       

      So, new pool/monitor for the app in question and apply the iRule for the default site and the application to the existing VIP. Is that what you are saying?

       

      I understand your iRule structure I think but will have to test it out. And where should I apply the iRule? to my HTTP or HTTPS VIP and above/below my slow post rule?

       

      Thanks for your help.

       

      Diane