Cloned traffic incomplete when forwarding to another virtual?
Hi I am trying to copy traffic to packet capture device using a clone pool. The setup is as follows: I have an external VIP that terminates SSL traffic on the client side, forwards the traffic to an internal VIP that re-encrypts traffic to the backend server. Forwarding of traffic is done via an irule: when CLIENT_ACCEPTED { virtual internal-vip } When I configure server side cloning on the external VIP I get incomplete traffic on the capture device. When I check a packet capture with wireshark it complains for every request: 'TCP Previous segment not captured'. Note that cloning works fine if I a replace the trafic forwarding to another virtual by a normal pool. Any thoughts on what may cause this behavior? Winston
Use HTTP::respond and clone together
I am attempting to host a virtual page using HTTP::respond that can have data posted to it, but will still clone that posted data even though HTTP::respond keeps it from ever even going though pool selection. So I have cobbled together an iRule that checks for a POST and the correct phrase in the URI. If that's all true I collect the data, try to clone it, and then use HTTP::respond to give a 200 message. The clone infrastructure is working correctly, I just can not clone this traffic I am using HTTP::respond on. Any Ideas on what I cam missing here? when HTTP_REQUEST { if {[HTTP::method] eq "POST" && [string tolower [HTTP::path]] contains "abc123" }{ if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } if { $content_length > 0} { HTTP::collect $content_length } } } when HTTP_REQUEST_DATA { clone pool abc123 set count [string length [HTTP::payload]] set response "received a total of $count of a planned $content_length bytes" HTTP::respond 200 content $response }
Duplicate HTTPS traffic to another VIP on a different F5
Is it possible to duplicate HTTPS from one VIP on an F5 to another VIP on a different F5? We have a customer with a VIP on a 3900 with 8 members in the pool. All members are acting as web-servers and this is the Production side. They want to duplicate HTTPS traffic originating from their Production VIP, to their Staging (development) VIP. The Staging VIP is on a different F5 (Vipiron) and has 3 different pool members acting as web-servers as well. Is this possible to accomplish?
Irule - Destination mismatch for clone traffic
Hi, Im working on a solution to use clone pool to forward traffic to another server but it reject the traffic due to destination IP address mismatch. Is there any irule that can be worked out to change the destination IP address for the cloned traffic or is there any other solution in Version 11 ? I saw reference in regards to "sideband" but not sure how to implement this. Please help if anyone have solved this situation. we are running Version 11
