How can I create member with name using powershell cmdlet?
How can you create pool members with descriptive names? When I create a new vm, I'm able to automatically add it to a pool. Add-F5.LTMPoolMember -Pool $PoolName -Member "${VMIP}:${Port}" However the name of the node is its ip address. I've also tried using the more low level way of adding a node $PoolList = @($PoolName) $Node = New-Object -TypeName iControl.CommonAddressPort; $Node.address = $VMIP $Node.port = $Port (Get-F5.iControl).LocalLBPool.add_member_v2($PoolList, $Node) I can't find any way to change the node name with add_member_v2
Query Current Connections at the Node Level
I am working on Powershell scripts to do automated deployments to our servers behind our BIG-IP LTM. I have simple scripts that use the iControl powershell cmdlets Disable-F5.LTMNodeAddress -Node xxx.xxx.xxx.xxx These work quite well, however, what I need next is a way to query the Current Connections to the node as they bleed off so that my automation doesn't begin the deployment until current connections = 0. I'm assuming I'm just not formatting my searches right as someone must have figured this out by now. Any help would be greatly appreciated. Thanks!
Persist based on query string
Our QA team needs a way to specify a backend node via a query string and have all subsequent queries persist to that node for testing purposes. I have written the following irule which send the request to a specified node - the problem is that associated requests to things like images, javascript, style sheets don't match the irule and thus get sent to a random backend web server: DESCRIPTION: This if the URI contains a query parameter named server this irule attempts to match the server name to a datagroup named servername2ip_datagroup and use that to send the user to the appropriate back end server. 1) This rule relies on the servername2ip_datagroup datagroup. Which is a server name to IP datagroup on the load balancer. This needs to be maintained / updated as server IPs or names change. when HTTP_REQUEST { If the uri contains a query parameter named server if { [HTTP::uri] contains "server" } { Define a lowercase variable to store the server name set webserver [URI::query [string tolower [HTTP::uri]] server] Define a variable to store the port to make this rule https/http agnostic set prt [TCP::local_port] If the server query parameter matches an entry in the datagroup if { [class match $webserver equals servername2ip_datagroup] } { Direct traffic to that node. node [class lookup $webserver servername2ip_datagroup] $prt } } } I think perhaps I need to add persistence after: node [class lookup $webserver servername2ip_datagroup] $prt I tried adding persist source_addr 1800 But that's not working. Can any irule guru's out there help me get this working. Is persistence what I need - if so what's wrong with how I'm using it? Thanks Brad
Send Post/GET to all nodes regarless of status
I am trying to send a POST or a GET to all nodes in a pool regardless of the node status. I pieced together the following code. The issue is that the website is not ready yet so I am working with 404 and checking IIS logs. We want the request to be sent to each node once regardless of the return code. Then we want to display a page to the user with some status. I use curl to send data it post to each node. But I get "curl: (56) Recv failure: Connection reset by peer" If I visit the page in a browser (GET) it sends 250 request to each node. works but creates a 250 request when page is visited in browser send 1 POST to each node if curl is used to post data curl --data "cacheclear=1" http://site.robert.com/clear when HTTP_REQUEST { set variables set pool [LB::server pool] set memberslist {} set members [members -list [LB::server pool]] set posturl "http://[HTTP::host][HTTP::uri]" save original request set req [HTTP::request] set reqcount to the total number of servers in assigned pool set reqcount [active_members [LB::server pool]] look for the trigger in the URL/URi if { [string tolower [HTTP::uri]] eq "/clear" } { send request to the vip default pool pool $pool } } http retry only works in http_response when HTTP_RESPONSE { since no test page existing working with 404 status. we can change this later and add error checking if { [HTTP::status] equals 404 } { if request count is greater than 0, decrement variable and retry request if { $reqcount > 0 } { incr reqcount -1 HTTP::retry $req } respond to user set response "URL: $posturl Pool: $pool Members List: $memberslist Current Member: [LB::server addr] Reguest Info: $req Active Members:" HTTP::respond 200 content $response "Content-Type" "text/html" } }
Error when I try to assign a member to a Pool
When I execute this piece of code: pool = bigip.tm.ltm.pools.pool.create(name="Pool Name", partition='Common', description="First Pool", monitor="/Common/" + monitor.name) Create the Members node = pool.members_s.members.create(name="Node name", address=ip_address, partition='Common', description='First Node', monitor="/Common/icmp_tid") UpdatePool pool.update() I get the next error: Text: '{"code":400,"message":"01070587:7: The requested monitor rule (/Common/icmp_tid on pool ) can only be applied to node addresses. Can anyone explain what is the issue? When I try to create the node itself with th command mgmt.tm.ltm.nodes.node.create() and attach the monitor to it I don't have any problem. But when I create it as a member of an existing pool the error appears. Is there any way this can work or is there any way of assigning an existing node as a member of an pool? Thanks
Dynamic port selection not working
Hello All. I'm trying to compose an irule that will direct the traffic to a dynamically chosen port in a pool, according to the URL the user uses. After much searching I got to the point where the node and the port are correctly selected, but the NLB disregards the node command and directs the traffic to the original port. The URL is made of 3 letters of the service and 3 digits of the wanted inside-component. Together they compose the destination port. The user uses HTTPS(443), but the NLB has to direct the traffic to the "member:composed-port" according to the URL. The VIP has address and port translation enabled. To be sure of that I included those commands in the irule. The member in the pool is defined with "port=all services". when RULE_INIT { 0 = none, 1 = debug, 2 = verbose set static::APsp_Debug 2 } when CLIENT_ACCEPTED { translate address enable translate port enable } when HTTP_REQUEST priority 1 { Extract the last 3 chars from the hostname (e.g. 200 from ADM200.company.com) set APsp_inside_code [string range [getfield [HTTP::host] "." 1] end-2 end] Extract the first 3 chars from the hostname (e.g. ADM from ADM200.company.com) set APsp_service_code [string range [getfield [HTTP::host] "." 1] 0 2 ] switch -glob [string tolower $APsp_service_code] { "adm" {set APsp_dest_port "60$APsp_inside_code" } "rst" {set APsp_dest_port "64$APsp_inside_code" } default { log local0.error "service code not found. [HTTP::host][HTTP::uri]" HTTP::respond 404 "Not Found" } } } when LB_SELECTED priority 1 { set APsp_dest_node [LB::server addr] replace the host header so the server will think that this is the original request HTTP::header replace Host "company.co.il" go to load balanced member, but with the needed port if {$static::APsp_Debug > 0} { log local0.info "LBserver= [LB::server addr] node=$APsp_dest_node port=$APsp_dest_port" } node $APsp_dest_node:$APsp_dest_port log local0.info "after node command LBserver= [LB::server]" } when LB_FAILED { log local0.error "Selected server $APsp_dest_node:$APsp_dest_port is not responding" HTTP::respond 404 "Not Found" } when SERVER_CONNECTED { if {$static::APsp_Debug > 0} { log local0.info "serverport: [TCP::server_port]" } } Here are the Debug messages: Rule /Common/Event_Logger : Client 10.99.99.99:54565 requested http(s)://adm200.company.com/appbuilder/forms?code=8. Rule /Common/Event_Logger : Client 10.99.99.99:54565 request DIDN'T match any policy rule. Rule /Common/MY_select_port : LBserver= 10.237.214.28 node=10.237.214.28 port=60200 Rule /Common/MY_select_port : after node command LBserver= 10.237.214.28 60200 Rule /Common/Event_Logger : Client 10.99.99.99:54565 farwarded to 10.237.214.28 60200 /appbuilder/forms?code=8. Rule /Common/Event_Logger : Client 10.99.99.99:54565 connected from 10.237.214.253:54565 to node 10.237.214.28:443. Rule /Common/MY_select_port : serverport: 443 Rule /Common/Event_Logger : Client 10.99.99.99:54565 sending request to 10.237.214.28:443. Rule /Common/Event_Logger : Client 10.99.99.99:54565 releasing request to 10.237.214.28:443. Rule /Common/Event_Logger : Client 10.99.99.99:54565 got a response from 10.237.214.28:443. Rule /Common/Event_Logger : Client 10.99.99.99:54565 404 response released from 10.237.214.28:443 Rule /Common/Event_Logger : Connection from 10.237.214.253:54565 to Server 10.237.214.28:443 has closed. As you can see, the node command did the correct selection but the server connect went on with port 443. The pool definition: ltm pool /Common/service_pool { description load-balancing-mode observed-member members { /Common/10.237.214.28:0 { address 10.237.214.28 } /Common/10.237.214.29:0 { address 10.237.214.29 } } monitor /Common/gateway_icmp } Thanks in advance. Gil.Backend nodes goes unreachable from active F5
Hi Team , We are facing node reachability issue from Active f5 on evryweeknd (sunday ) but this happens only from the Active F5 and for few VIP/pools only .. We simply failover the f5 to standby and issue resolves and then failback to standby .. Has anyone faced such issue ? We have virtual appliance configured on the ESXi host . Before opening a TAC case , Can anyone confirm if you have faced similar problem ? I did not find anything on the audit logs which indicates some sceduled jobs running at tht time ..What else can be checked ?
Naming servers using AS3 Declaration
How do you name servers in an AS3 declaration? The following declaration names the server the IP address in the F5. { "class":"AS3", "action":"deploy", "declaration":{ "class":"ADC", "schemaVersion":"3.12.0", "id":"0", "shortlived":{ "class":"Tenant", "myhui1085_dev":{ "class":"Application", "template":"default", "myhui1085_dev":{ "class":"Service_HTTPS", "snat":"self", "serverTLS":{ "bigip":"/Common/digistar.spectrum-health.org" }, "virtualAddresses":[ "2.2.2.20" ], "pool":"myhui1085_dev_pool" }, "myhui1085_dev_pool":{ "class":"Pool", "monitors":[{ "bigip":"/Common/http_monitor" }], "loadBalancingMode":"least-connections-member", "members":[ { "adminState":"enable", "servicePort":80, "serverAddresses":[ "2.2.2.2" ], "hostname":"test_server2" } ] } } } } }Layer 2 nodes migration to Layer 3
Hello, i have 2400 nodes, over 1200 VLANs. my F5s (cluster of two 7050) has direct leg in the VLANs. i need to move this communication to a L3 path. i already have the path and routes ready. now here are my questions: will i experience a hiccup? how do i avoid saturation of port+IP for the backend traffic? i have some dev envs that i can test the solution first. please help
