Hi Daniel,

Firstly thank you very much for responding to this question!

And that is correct, the VS has a dns record in place for example lets say abc.aeltc.com so if they type that it it hits the VS.

However I would like the policy to push the traffic to a specific node depending on the second part of the string.

So abc.aeltc.com/football -> 10.10.10.1

abc.aeltc.com/tennis -> 10.10.10.2

abc.aeltc.com/hockey -> 10.10.10.3

The beginning host header will always be the same its just the /*** that will change and depending on that /*** the F5 will push it to a specific node.

below is the snippet, I just want to also state that these are running on two different partitions. One is common and the other is a created partition DMZ

Working Policy:

(cfg-sync Changes Pending)(Active)(/Common)(tmos)# list ltm policy Wifi-Proxy

ltm policy Wifi-Proxy {

  controls { forwarding }

  last-modified 2020-11-17:14:28:30

  requires { http }

  rules {

    wifi-Redirect-test {

      actions {

        0 {

          forward

          select

          node 167.98.43.131

          snat automap

        }

      }

      conditions {

        0 {

          http-uri

          values { /cloud-authorizeMAC.php }

        }

      }

    }

    wifi-Redirect-testPT {

      actions {

        0 {

          forward

          select

          node 10.11.1.103

          snat disable

        }

      }

      conditions {

        0 {

          http-uri

          values { /api/v1/venues/aeltc/locations/last_known.json }

        }

      }

      ordinal 1

    }

  }

  status published

  strategy best-match

}

Not working config policy:

(cfg-sync Changes Pending)(Active)(/DMZ)(tmos)# list ltm policy Azure-URI-Pool-Selection-V2

ltm policy Azure-URI-Pool-Selection-V2 {

  controls { forwarding }

  draft-copy Drafts/Azure-URI-Pool-Selection-V2

  last-modified 2021-01-27:12:31:25

  partition DMZ

  requires { http }

  rules {

    aegis {

      actions {

        0 {

          forward

          select

          node 10.110.64.123

        }

      }

      conditions {

        0 {

          http-uri

          values { /aegis/tt/api/ }

        }

      }

    }

    catering {

      actions {

        0 {

          forward

          select

          node 10.110.64.123

        }

      }

      conditions {

        0 {

          http-uri

          values { /catering/tt/api/ }

        }

      }

      ordinal 1

    }

    stringers {

      actions {

        0 {

          forward

          select

          node 10.110.64.130

        }

      }

      conditions {

        0 {

          http-uri

          values { /stringers/tt/api/ }

        }

      }

      ordinal 2

    }

  }

  status published

  strategy /Common/best-match

}

I also want to point out that I am using profile rewrites to modify the backend servers uri.

Once again I really appreciate the help!

I see some differences in the SNAT actions. Again I'd recommend to add some logging to the actions and also to do a tcpdump to see if SNAT might be the cause already.

I see that Snat Actions but I do not know how they got there, for example: 

Where did these even come from, I will attempt to do the logging but I have tried to read on how to do a TCP dump and cant find any straight forward guides?

So piece by piece. You would have to edit the policy in order to see the SNAT options. See here:

The log could be:

tcl: client [IP::client_addr]:[TCP::client_port] -> URL: [HTTP::host][HTTP::uri]

And the tcpdump command could look like this:

tcpdump -i 0.0:nnnp -w /shared/tmp/troubleshooting.cap host <your_node_IP_here> AND port <your_node_Port_here>

Hi Daniel,

Thank you for the above, I am starting to suspect that the issue isn't the policy.

I believe it could be the profile rewrites not working which is why it is not matching the policy.

Is there a method to test the rewrite profiles to see if they are working as expected?

could using the profile rewrite in a different partition cause issues as it is using the common parent profile?

I have checked the configs of both profile rewrites the one that works and the one that doesn't and I couldn't see any issues to why the rewrite wont work in the new partition.

Hi Kalido,

did you try to add some logging logic to the Traffic Policy or did you perform a tcpdump?

Are your Traffic Policy conditions matched or not?

Once you have that clear, you can continue to investigate in other directions.

How is the Rewrite Profile configured and what is it supposed to do?

Hi Daniel,

I created a TCP dump but I will be honest it is not making sense or I am not reading it correctly and struggling to see where the issue is.

so the profile rewrite are set as follows:

The VS has an IP of 1.2.3.4 and we have given it a DNS name of abc.aeltc.com

We have 3 nodes in a pool all running different services.

So the point of the rewrite for us was we can always use the same hostname and depending on the uri after the host it will forward the traffic to the correct node.

So for example:

if when browsing to abc.aeltc.com they add /aegis/tt/api/ then send the traffic to node one always.

If when browsing to abc.aeltc.com they add /catering/tt/api/ then send the traffic to node two always.

I haven't done the logging I will do that now.

The reason I feel like it could be the rewrite is because if it is not rewriting properly it won't understand the policy.

Ok, so if I understand you correct, you are replacing part of the URI.

As an example, the users browses https://abc.aeltc.com/aegis/tt/api/, then the request should be sent to node1 and "/aegis/tt/api" should be replaced with "/AEGIS10/api".

I think you could do that within that same Traffic Policy or with an iRule.

This is a very basic example

The tcl code in my example is:

tcl:/test[HTTP::uri] 

Found a better example:

tcl:[string map {"/aegis/tt/api/" "/AEGIS10/api/"} [HTTP::uri]]