Forum Discussion

jrok_47156's avatar
jrok_47156
Icon for Nimbostratus rankNimbostratus
Apr 12, 2013

Clone, what does it do technically in an iRule?

ok, maybe my previous post from a few days ago was too confusing, sorry about that.

 

"Clone single http request" https://devcentral.f5.com/community...542/asg/50

 

Let's see if I can simplify my questions. In my feeble mind, a clone is an identical copy of something, usually a fruit fly or an apple but I had convinced myself also possibly an HTTP_REQUEST. In the following block of iRule code, when the number of members is 1, what happens technically?

 

a) will a duplicate HTTP_REQUEST be sent to the warning_pool (with the response ignored)

 

b) will some other type of IDS type network traffic be sent to warning_pool

 

when HTTP_REQUEST {

 

if { [active_members app_pool] == 2 }

 

{

 

pool app_pool

 

}

 

else

 

{

 

pool app_pool

 

clone pool warning_pool

 

}

 

}

 

 

Other Clone questions about the role of the VS settings for Clone Pool (Client) and Clone Pool (Server)

 

1. in order for the iRule code to function as I expect, do I need to assign warning_pool to the VS Clone Pool (Client)?

 

2. do I need to also assign it to Clone Pool (Server)? this seems unlikely...

 

3. will an iRule "clone pool warning_pool" work for one-off requests without having any of the VS clone stuff setup?

 

 

Again, in my mind it seemed logical to me that if I setup a VS Clone Pool then ALL the traffic through the VS would go there, either client or server or both. But if I enacted a clone command in an iRule, it would only effect that particular request that triggered it. I'm sure somebody understands this much better than I do so please help.

 

 

 

application delivery
dev
devops
iRules

13 Replies

Sort By
Show More
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Apr 15, 2013
    You're welcome. I've never setup SMTP myself but I'm happy to work through it with you if need be.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 16, 2013
    Using a clone pool won't work if your clone destination is a standard web server. With a clone pool, LTM just translates the destination MAC address and leaves the destination IP address unmodified. So the original web server pool members and the clone pool members would both need to accept traffic destined for the same IP address. Clone pools are only useful for IPS-like devices which accept traffic destined for any IP address.

     

     

    Instead of clone pools, check this iRule which uses high speed logging to duplicate HTTP requests (and ignore responses to the cloned traffic):

     

    https://devcentral.f5.com/tech-tips/articles/http-request-cloning-via-irules-part-1

     

     

    Aaron
  • jrok_47156's avatar
    jrok_47156
    Icon for Nimbostratus rankNimbostratus
    Apr 17, 2013
    Ok, first of all, thank you Steve and Aaron. I didn't use SNMP/SMTP or HSL but our conversation made me realize a simpler solution that fits within my realm of control. My LTM's are not running in appliance mode so theoretically I could have created a custom SNMP trap and used SMTP out -- but I do not have command line access to our devices and my familiarity with Linux is limited to the fact that I know he always has his blanket with him. I also had read that piece about using HSL for request cloning several times but was scared off from it every time by the use at your own risk language and some events I don't normally use.

     

     

    I finally realized through our conversation that what I wanted was an extra http_request to go and do some work for me when a node in my pool was down and since my work server was a regular web/app setup that clone was not going to do it because of tcp stack/ip binding on the web server. So I created an *extra* request in my shared application header that gets included in all my applications. Along with other secondary in-line requests for jQuery, fancybox, css and all the stuff I include I added another in-line link for F5_Node_Alert.js to do my work. The node alert javascript file only contains a comment about it's purpose and is only about 40 bytes. When the client browser receives a page from the primary request that includes the common header, it then spawns additional secondary requests back to the F5 for all the necessary resources. Only if my app pool is less than it's max members then I check the uri of the dozen or so additional requests. When I find the *extra* request for the node alert file I send it over to the node down pool which decodes the domain and notifies everyone via email and sms that a node is down. If all the members are up, it just includes the little 40 byte comment file. If all the members are down, it sends the primary http request to the pool down pool which notifies everyone the whole pool is down.