Forum Discussion

BaltoStar_12467's avatar
BaltoStar_12467
Mar 06, 2015

BIG-IP : iRule to route uri-forms for all hosts

F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi

My BIG-IP is configued with virtual-servers specific to hostname :

VIP-1 handles www.example1.com VIP-2 handles www.example2.com

DNS routes www.example1.com to VIP-1 IP and www.example2.com to VIP-2 IP

For all hostnames, I need to route certain uri-forms to a an alternate traffic-manager ( pool_alt_tm ).

My idea is to create a single iRule and add it to VIP-1 and VIP-2.

Here's my iRule : 

when HTTP_REQUEST {
  set route_to_alt_tm 0
  switch -glob [string tolower [HTTP::uri]] {
    "/best-pool*" - "/best-bar*" - "/most-romantic*" {
      set route_to_alt_tm 1
    }  
    "/about/termsandconditions.html" - "/about/yourpersonalinfo.html" - "/about/rewards.html" {
      set route_to_alt_tm 1
    }    
  }
  if {$route_to_alt_tm} {
    pool pool_alt_tm
    event disable all
  }
}

Are there any potential problems with not explicitly checking that request host matches www.example1.com --or-- www.example2.com ?

Any drawbacks to this approach ?

application delivery
design
devops
host
iRules
LTM
uri

7 Replies

Sort By
  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    Mar 06, 2015

    I don't think there's any potential problems here with not checking the Host name. It just means that if someone's accessing the site by IP address or using something like a hosts file, it'll still processes the traffic the same way.

    On another note, with the 

    event disable all
    command, all further iRule processing will be cancelled for the life of that connection, not just the that particular request necessarily. (Just wanted to mention that since I had a few issues when I first started using that command). Is that what you're trying to do? or perhaps just ignore further HTTP_REQUEST events for that request?

  • BaltoStar_12467's avatar
    BaltoStar_12467
    Mar 06, 2015

    Thanks again Michael. In my case, the goal is for certain uri-forms to be routed to an entirely separate traffic-manager ( custom code built around HAProxy ) which performs all further handling of the request. I'm not at all sure about this, but I believe the other traffic-manager sends its responses directly to the client -- I don't believe responses flow back through BIG-IP ( is this even possible ? I need to research and find out for sure ). If so, BIG-IP will never have opportunity to execute HTTP_RESPONSE event. Subsequent requests on the same keep-alive connection should be processed anew -- because might be a request for a different uri that may or may not be contained in the set of uri-forms routed to the other traffic-manager.

     

    • Michael_Jenkins's avatar
      Michael_Jenkins
      Icon for Cirrostratus rankCirrostratus
      Mar 06, 2015
      If that's the case (response skips the BIG-IP), then you may consider using a variable in your iRule and checking it in any other HTTP_REQUEST events to skip processing them. Another option in that case might be to disable events and then use `event HTTP_REQUEST_RELEASE enable` and re-enable all events (`event enable all`) in the release event, which may work for subsequent requests. To test whether the traffic is coming back through the F5, you could use `tcpdump` through the CLI and grab the traffic to see if it's getting any responses from the server.
    • BaltoStar_12467's avatar
      BaltoStar_12467
      Mar 07, 2015
      turns out I was mistaken -- the alt-tm response traffic does flow back through the F5 on its way to client
  • Santokn_189503's avatar
    Santokn_189503
    Icon for Nimbostratus rankNimbostratus
    Mar 14, 2015

    Hi Baltostar

     

    From the above irule i understood (Correct me if i am wrong as i am new to irule) that if the below URI matches

     

    "/best-pool" - "/best-bar" - "/most-romantic*" "/about/termsandconditions.html" - "/about/yourpersonalinfo.html" - "/about/rewards.html"

     

    Set the variable route_to_alt_tm to 1 and also if route_to_alt_tm is equal to 1 then choose the pool pool_alt_tm

     

    Could me please post the complete irule and explanations also bit confuse reg. the need for set route_to_alt_tm 0

     

    • Michael_Jenkins's avatar
      Michael_Jenkins
      Icon for Cirrostratus rankCirrostratus
      Mar 15, 2015
      the "set route_to_alt_tm 0" command is used so that when checking the variable for "1", it won't give a runtime error because the variable is not defined. The other option if you don't know whether a variable has been set is to use "[info exists VARNAME]"
  • Santokn_189503's avatar
    Santokn_189503
    Icon for Nimbostratus rankNimbostratus
    Mar 15, 2015

    Thanks Michael

     

    However i couldnt able to understand the below suggestions which u gave earlier, Can u please explain me with an example.

     

    but you may want to use "event disable all" in your HTTP_REQUEST, and then right after use "event HTTP_RESPONSE enable" to allow the response event to fire. You can also set a flag (variable) to tell your response event to disable processing too. In your HTTP_RESPONSE event (make sure this would be the first one that executes), you can check for that variable (you can test if a variable exists with "[info exists VARIABLE_NAME]") and then do "event enable all", "event HTTP_RESPONSE disable", and "return" to exit the iRule