Forum Discussion

Pav_70755's avatar
Pav_70755
Icon for Nimbostratus rankNimbostratus
Feb 20, 2012

Accessing individual servers / nodes via a different port

I came accross a complete Irule which I used a few years ago which had this section in it:


when HTTP_REQUEST { 
         set srvr [findclass [TCP::local_port] $::TST_Individual_Servers " "] 
               if { $srvr ne "" } { 
                  node $srvr 80 
         } 
}

Where TST_Individual_Servers is a datagroup containing a list of node IP addresses and corresponding ports in this case:

server1:= 10.0169.128.21%3:8001

server2:= 10.0169.128.22%3:8002

So with a virtual server listening @ www.testdomain.com with 2 node members in a pool (Which are the nodes in the datagroup string)

I want to be able to go to www.testdomain.com:8001 and go to that specific node and www.testdomain.com:8002 and go to server 2

would this also work with remote desktop access directly to the server?

as we are able to do this atm but need to have seperate virtual servers and pools for each node so pools with single node members in order to do this and in our production environments this means creating a lot of extra pools for sites that have say 10 memebers.

Thanks any help much apprecaited.

Pav

4 Replies

  • Hi Pav,

     

     

    If you want to give admin access to the pool members behind LTM, I'd use a separate virtual server from your client traffic. You can do this a few ways:

     

     

    sol7229: Methods of gaining administrative access to nodes through the BIG-IP system

     

    http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7229.html

     

     

    Separating your client and admin traffic makes it simple to perform access control. It also allows you to optimize traffic based on protocol using different profiles and timeouts. ie, you probably don't want to use a very long TCP idle timeout for web traffic but do for administrator's remote desktop sessions.

     

     

    Aaron
  • Hi Hoolio,

     

     

    I think the priority is actually http access for testing as only on of environments needs admin / rdp acccess the rest of the servers just need to be browsable using ports to save having to create lots of extra virtual servers and pools for just single members.
  • when HTTP_REQUEST {
    if { [TCP::local_port] eq "80"  } {
                persist cookie insert Test_Pool
    pool TST_www.test.com-80
    } else {
    set srvr [findclass [TCP::local_port] $::TST_Individual_Servers " "]
            if { $srvr ne "" } {
               node $srvr 80
    }  else {
              HTTP::redirect "http://search.tst.co.uk/"   
    }   
      }
    }
     

    I cant seem to get this to work although the Individual_Servers is an address datagroup with the following values

    Address Value

    10.169.128.21%3 8001

    10.169.128.22%3 8002

    so essentially what i want is to go to:

    http://search.tst.co.uk:8001 and go to node 10.169.128.21%3 and http://search.tst.co.uk:8002 and go to node 10.169.128.22%3

    But when i go to the address with the port number i get a page can not be found the VS has port translation enabled and all ports enabled too.

    could it be something with the datagroup config do i need to configure it as a string?

    Pav

  • I've now managed to get this to work and have even submitted the Irule

    http://devcentral.f5.com/wiki/iRules.Accessing-individual-servers-nodes-through-different-ports.ashx?NoRedirect=1&NS=iRules

    
    when CLIENT_ACCEPTED {
       set default_pool [LB::server pool]
    }
    when HTTP_REQUEST {
    if { [TCP::local_port] eq "80"  } {
                pool $default_pool
    } else {
    set srvr [findclass [TCP::local_port] $::TST_Individual_Servers " "]
            if { $srvr ne "" } {
               node $srvr 80
    }  else {
              pool $default_pool   
    }   
      }
    }