cancel
Showing results for 
Search instead for 
Did you mean: 

SSl Offloading Content Switching

matthew_b_16251
Nimbostratus
Nimbostratus

Hi,

 

I am just in the process of setting our new big IP load balancers. We will be migrating our old cisco content switches over these in the next week to this.

 

What we require is to be able to content switch our servers based on the url.

 

ie if a user types www.mydomain.com/test1 they get redirected to one server pool if a user types www.mydomain.com/test2 they get redirected another

 

We have setup SSL offloading and our VIP is setup we just cant work out how to do the content switch part.

 

We are looking at creating an Iapp but having a look at the template creation we are not sure where to start. Is a iapp the way to do this and if so any help getting a template setup would be great.

 

Thanks Matt

 

11 REPLIES 11

MVA
Nimbostratus
Nimbostratus

Try this - https://devcentral.f5.com/wiki/iRules.http__uri.ashx

 

The sample irule should work for your use case, for example:

 

when HTTP_REQUEST {

 

if { [HTTP::uri] starts_with "/test1" } {

 

pool test1_pool

 

} elseif { [HTTP::uri] starts_with "/test2" } {

 

pool test2_pool

 

}

 

}

 

matthew_b_16251
Nimbostratus
Nimbostratus

Will this work with SSL offloading as the request will be HTTPS? Many thanks

 

MVA
Nimbostratus
Nimbostratus

Yes, just ensure you have a ssl client profile defined on the VIP to decrypt the data.

 

matthew_b_16251
Nimbostratus
Nimbostratus

Great thanks for the help will give it a try. Thanks as you can tell I am complete F5 noob

 

Kevin_Stewart
F5 Employee
F5 Employee

Will this work with SSL offloading as the request will be HTTPS? Many thanks

 

You'd necessarily have to offload the SSL at the F5 with a client SSL profile, so yes.

 

matthew_b_16251
Nimbostratus
Nimbostratus

Ok I have the above working with Pools, how would also add host URLs to this irule. I have two more URLS to get working which are running on servers which are already in my pools.

 

So if I have a node which is already in a pool that runs a forum for example so I want to redirect /forum/ to an individual server.

 

Many thanks Matt

 

Kevin_Stewart
F5 Employee
F5 Employee

At some point you may want to switch to a switch (pun intended) for an easier read. As for sending traffic to a specific node, you can use the node command directly, or a variation of the pool command if the node is a member of a pool:

 

when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/test1*" { pool pool1 } "/test2*" { pool pool2 } "/forum*" { pool pool1 member 10.80.0.1 80 node 10.80.0.1 80 } } }

matthew_b_16251
Nimbostratus
Nimbostratus

Great thank you I have switched to the switch and it is much cleaner I have allot or URLS to switch in our environment, my testing is working well.

 

Thanks Matt

 

matthew_b_16251
Nimbostratus
Nimbostratus

Hi I am having problems with this now :-/. The AppOffline url works the web Forum and IRD does not. I am trying to cut over from two old cisco content switches. Also I want all other request to go to my default web pool is this possible?

 

when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/WebForum" { pool Main-WS-Pool member 192.168.10.211 80 } "/AppOffline" { pool IIS01-IISO2-Pool } "/IRD" { pool IIS01-IISO2-Pool } "/supplier_test_F" { pool IIS01-IISO2-Pool } "/DataCapture" { pool IIS01-IISO2-Pool } "/supplierG" { pool IIS01-IISO2-Pool } "/UAT*" { pool IIS01-IISO2-Pool member 192.168.10.11 80 }

 

Kevin_Stewart
F5 Employee
F5 Employee

Two things:

 

  1. You're doing a [string tolower ] evaluation but the match URIs aren't lowercase. Not sure how the /AppOffline condition is working.

     

  2. I would probably consider using wildcard matches for these URIs. (Ex. "/webforum*").

     

As for a default condition, simply use a "default" condition at the bottom of the switch.

 

switch x { "B" { do something } "C" { do something } default { do something } }

matthew_b_16251
Nimbostratus
Nimbostratus

Thanks you so much yes it is now working with lower case wild cards.

 

The appoffline url was cached on the test pc we tried this on another computer before the change and it was not working.

 

🙂