BIG-IP : completely delete data-group
F5 BIG-IP 11.4.1 Build 635.0 Hotfix HF2 LTM VE ESXi via admin browser I perform following steps : Main > Local Traffic > iRules > Data Group List > select data group > delete "my-data-group" Main > System > File Management > Data Group File List > select data-group file > delete "my-data-group" Then ssh to f5-device server and navigate to this dir : /config/filestore/files_d/Common_d/data_group_d/ I expect to not find any file with name my-data-group ... but instead I see : -rw-r--r-- 1 root apache 62 Sep 8 22:25 :Common:my-data-group_64015_18 For some reason BIG-IP is retaining an underlying data-group file of same name as the external data-group & associated file that I deleted. Why is this ? Can I safely delete this file ?446Views0likes1CommentBIG-IP : create data-group fails with format error
f5 BIG-IP LTM VE v11.4.0 on ESXi I am attempting to create a new data-group : Type = "(External File)" File Contents = "String" Key/Value Pair Separator = ":=" My external data-file 'test.txt' : "test-1" := "test-1", "test-2" := "test-2", What is strange is that I've previously successfully loaded data in exactly this format. However, now I receive this error : 0107169a:3: The data group external file (/config/filestore/.stage_d/107479_d/Common_d/data_group_d/:Common:test_57194_1) has an invalid format, line: 2. I've tried removing the final comma on line 2 : "test-1" := "test-1", "test-2" := "test-2" but receive the same error. With a single row : "test-1" := "test-1", the data loads with no error.552Views0likes3CommentsBIG-IP : deleted data-group/file contents are re-appearing in re-created data-group/file of same name
f5 BIG-IP LTM VE v11.4.0 on ESXi Does BIG-IP somewhere retain contents of deleted data-files - perhaps in a hidden cache file or a database ? Consider the following sequence : Via BIG-IP browser admin , I delete a data-group and then its related data-file. When I peruse BIG-IP's data dirs, the corresponding data-file is no longer present : /config/filestore/files_d/Common_d/data_group_d/:Common:test_data_file_57958_1 This is as expected. Also not present are any other data-files with names of the form : /:Common:test_data_file_* This is also as expected. Next via the iControl API I create a brand new data-group/file of same name test_data_file Via browser admin, I open the newly created data-file, and I'm very surprised to see remnants of the previous deleted data-file’s data ( at the top of the file ), along with some, but not all, of the data I supplied in the new external data-file ( the one that was pointed to with the Browse button during the Create sequence ). This is completely unexpected. Really weird. Somehow BIG-IP is remembering the contents of a deleted data-file and then co-mingling that data with the new data supplied for a new data-file of same name.285Views0likes1CommentBIG-IP : iControl LocalLBDataGroupFile.set_local_path()
F5 BIG-IP LTM VE v11.4.0 on ESXi iControl re-cache data-group operation : LocalLBDataGroupFile.set_local_path() For a live prod BIG-IP cluster with a VIP iRule that is actively reading data from the data-group , is the above considered a risky operation ? e.g. attempt live-swap of data-group's data-file, fails due to locks or other systems-level issues, data-group now unavailable to iRule I've attempted live-update of a data-file's contents via BIG-IP browser admin ( copy/paste new contents and click “Update” ) and seen the corresponding data-group become unavailable to the iRule. The paranoid approach is to create a new data-group/file and a copy of the iRule modified to point to this new data-group , and then in the VIP’s iRule list swap old/new iRules – so that never actually update a “live” data-group. So now I am concerned about performing similar operation via iControl LocalLBDataGroupFile.set_local_path() –- although apparently this API is not actually live-updating a cached data-file but rather re-pointing data-group to a new cached data-file ?184Views0likes2CommentsBIG-IP : iRule class match fails to find data-group
F5 BIG-IP 11.4.1 Build 635.0 Hotfix HF2 LTM VE ESXi Starting last night, for every request processed by my irule-01 I see this error : Mon Sep 8 23:15:57 PDT 2014 err test-f5-01 tmm1[8721] 01220001 TCL error: /Common/irule-01 - Could not find class list_bots (line 2) invoked from within "class match -value [string tolower [HTTP::header User-Agent]] contains list_bots" Here's the relevant line 2 : set bot_generated [class match -value [string tolower [HTTP::header User-Agent]] contains list_bots] But the list_bots external data-group ( type string ) is present and contains properly formatted name-value pairs and in fact it always has been present and has always processed correctly in the past. Here is a sample line from list_bots : "bingbot" := "bingbot", I deleted list_bots external data-group and re-created it but still same issue. What could be going on ? What could have changed ? What can I do ?496Views0likes5CommentsIndividual Apology page with DataGroup
Hey, I'm trying to present many different apology pages based on the incoming host header. I have about 100 different hosts, and all hosts would need a different 301 redirect if the pool is unavailable. I'm having some problems with my irule: when HTTP_REQUEST { set artifactid [class match -value [string tolower [HTTP::host]] contains my_apology_dg ] if {( $artifactid ne "") and ([active_members my_web_pool] < 1) }{ HTTP::redirect $artifactid event disable } } Here is my DG: ltm data-group internal /DMZ/my_apology_dg { records { mysite { data https://www.myapologyurl.com } } type string } Requets to: https://mysite.com should redirect to https://www.myapologyurl.com when all members of my_web_pool is offline. I will add many more sites to the datagroup once i get the logic working. Any input would be much appreciated.270Views0likes1CommentiRule to check URI and Client source IP using data groups
Hi everybody, I'm trying to achieve the following with my iRule: 1. Check for URI and if its /abc/* choose pool_A 2. Check for URI and if its /abc-preprod/* also check if Client's IP is from internal pool using datagroup "internalIP" 3. If both checks under 2 are good, choose pool_b 4. Discard everything else that wasn't caught by 1 or 2 My iRule is: when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/abc/*" { log local0. "Detected [HTTP::uri] URL" pool pool_A log local0. "Production pool selected" } "/abc-preprod/*" { log local0. "Detected [HTTP::uri] URL" if { ([class match [IP::remote_addr] equals $::internalIP]) } log local0. "Client IP [IP::remote_addr] belongs to private network" pool pool_B log local0. "Pre-production pool selected" } default { discard log local0. "Wrong URI or Client connecting to Pre-prod from external, packet discarded" } } } However I'm unable to get the syntax working and it fails with: 01070151:3: Rule [/Common/***_redirect_iRule_Logging] error: /Common/***_redirect_iRule_Logging:8: error: [missing a script after "if"][ ] Can somebody help?493Views0likes4Commentsdata group iRule
Hello iExperts, I just wanted to double check with you the following irule where i want to double check that the client IP is in a determinate data group range of IPs (ecmvpn_ip_dg) and if so, return a HTTP 302 redirect to such client. Is it the correct and "optimized" way to do it? when RULE_INIT { set static::ecmvpn_flag 0 } when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals ecmvpn_ip_dg] } { set static::ecmvpn_flag 1 }} when HTTP_REQUEST { if {$static::ecmvpn_flag==1}{ HTTP::redirect http://ecmvpn.[HTTP::uri] return } switch -glob [string tolower [HTTP::host]] { "ecm.domain" { if { ([HTTP::uri] starts_with "/APPLICATION")} { HTTP::header insert USER-IP [IP::remote_addr] persist cookie insert pool DCTM_ECM_APPLICATION _APPLICATION PORT_PROD (or PREP) return } } default { return } } }Solved487Views0likes8Commentsrewrite uri with datagroup
Hi I'm new to irules and have got where I am but looking at other irules we have, but am still struggling. I have a request from marketing to host a number (40) of small websites. Rather than setting up a new vip/pool/node/website for each one I would like to inspect the hostheader, forward it to a pool, rewrite the uri and be invisible to the user. This way I can simply copy the content to a single website. e.g. nick.domain.co.uk/* -> forward to pool POC_Boxes -> uri rewritten to /nick/* alan.domain.co.uk/* -> forward to pool POC_Boxes -> uri rewritten to /alan/* lara.domain.co.uk/* -> forward to pool POC_Boxes -> uri rewritten to /lara/* I have been able to get this working using a switch irule but would prefer a datagroup as it is easier to maintain going forward. However, I am having trouble reading data from the datagroup here is my switch irule when HTTP_REQUEST { set marketingURI "[HTTP::uri]" switch -glob -- [string tolower [URI::decode [HTTP::host]]] \ "nick.domain.co.uk" { HTTP::uri "/nick$marketingURI" pool POC_boxes } switch -glob -- [string tolower [URI::decode [HTTP::host]]] \ "lara.domain.co.uk" { HTTP::uri "/lara$marketingURI" pool POC_boxes } switch -glob -- [string tolower [URI::decode [HTTP::host]]] \ "alan.domain.co.uk" { HTTP::uri "/alan$marketingURI" pool POC_boxes } else { HTTP::redirect "http://www.domain.com" } } Here is my datagroup irule when HTTP_REQUEST { if { [class match [string tolower [HTTP::host]] starts_with POC_DGL_Marketing_trades] } { set url_URI [class match -value [string tolower [HTTP::host]] starts_with POC_DGL_Marketing_trades] set marketingURI "$url_uri[HTTP::uri]" HTTP::uri "$marketingURI" pool POC_boxes } else { HTTP::redirect "http://www.domain.com" } log local0. "Marketing Trades [HTTP::host]" } Here is my datagroup Name Value nick.domain.co.uk /nick alan.domain.co.uk /alan lara.domain.co.uk /lara Thanks Nick646Views0likes7CommentsUsing iRules to conserve public IP addresses
Hello all, I've been tasked with coming up with a solution using one public IP address and laod balancing it to multiple pools using iRules and host-headers. Currently, we're doing a one to one NAT. I created a virtual server and used the iRule below, which is using Data Groups. I was able to successfully accomplish this for http but I cannot get https to work. If anyone can provide some input, I'd much appreciate it. when HTTP_REQUEST { if { [class match [string tolower [HTTP::host]] equals TestRedirect] } { set usepool [class match -value [string tolower [HTTP::host]] equals TestRedirect] pool $usepool } } Here is the Data Group for the http pools. ltm data-group internal /Common/TestRedirect { records { TESTA.net { data TESTA_80_pool } TESTB.org { data TESTB_80_pool } TESTC.com { data TESTC_80_pool } } type string }Solved418Views0likes4Comments