cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

iRule to load balance FDQNs

PG0581
Altostratus
Altostratus

I'm wondering if it's possible to have an iRule load balance (round-robin) between FQDNs. Here's the idea:

 

You would have a virtual server with no pool and use an iRule to redirect to a couple FQDNs:

 

ltm virtual abcd {   destination x.x.x.x:https   ip-protocol tcp   mask 255.255.255.255   persist {     source_addr {       default yes     }   }   rules {     forward-fqdn   }   source 0.0.0.0/0   translate-address enabled   translate-port enabled   vs-index xxx }

 

And the iRule could look something like this; would need to iron out the exact syntax - but I'm not sure if/how you could have the iRule round robin between the FQDNs?

 

ltm rule forward-fqdn { when HTTP_REQUEST {     HTTP::redirect "https://www.abc.com" HTTP::redirect "https://www.def.com"   }

 

 

2 REPLIES 2

This is a weird requirement 🙂 What exactly are you trying to achieve with this. Just trying to understand the requirement/criteria here.

 

Round robin inside the Irule is not possible as far I know, but with the rand operator you'll get random numbers. So this will drive certain users to abc & others to def

when HTTP_REQUEST { set random [expr int(rand()*100)] if { $random < "50" } { HTTP::redirect "https://www.abc.com" } else { HTTP::redirect "https://www.def.com" } }

 

PG0581
Altostratus
Altostratus

It is a weird requirement 🙂 So the pool members this traffic is being sent to is setup on a proxy server:

 

1.1.1.1 is configured with a vhost and would proxy you to 3.3.3.3:443

2.2.2.2 is configured with a vhost and would proxy you to 4.4.4.4:443

 

We wanted to use 1.1.1.1 and 2.2.2.2 as the pool members, but, the way the user had this set up was if you navigated to the IP of the server for example:

https://1.1.1.1 https://2.2.2.2

This would take you to the default webserver and not to the hosts we wanted to connect to; being 3.3.3.3 and 4.4.4.4. The way they had this configured was to reach it by FQDN and also wanted it load balanced.

 

Hopefully I explained that so it makes some sense 🙂 and thanks for your solution. They wound up changing some things on the server side so we thankfully don't need to use an iRule.