NimbostratusHi Team,
I have one doubt and will appreciate your feedback.
If there is an iRule matching some URI and redirect to some pool (other than the default one), what will happen for any request with that URI if the pool members are down. It will be dropped or will be forwarded to the default pool ?
Thanks in advance.
BR,
Cirrostratus
Nimbostratus
Now the complain is with server guys saying that they are receiving URI i.e /xyz*, /YwZ*, and /AbC* on the default pool servers, and we have the below iRule defined. In addition, Pool_X sometimes has no members (all are down).
when HTTP_REQUEST priority 10 {
switch -glob [HTTP::path] {
"/xyz*" -
"/YwZ*" -
"/AbC*" { pool Pool_X}
default { pool Default_Pool }
}
}
Just want to confirm, does F5 drop these URIs or just pass it to the default pool in case of Pool_X has no members available.
Thanks again
Cirrostratus
priority 10
when HTTP_REQUEST {
if { switch -glob [HTTP::path] } {
If HTTP path contains the following;
"/xyz*" -
"/YwZ*" -
"/AbC*"
if { [active_members Pool_X] < 1 } {
If Pool X has no members up;
pool Default_Pool
else {
If Pool X does have members up;
pool Pool_X }
}
}
else {
Everything else;
pool Default_Pool }
}
NimbostratusHi Steve,
Thanks for your continuous support.
Actually I don't want to change any iRules, I need to know why some requests which supposed to go to pool_X are going to default pool. Giving that we have some logs showing pool_X members are down (monitor status' flapping).
This issue is intermittent and not permenant.
Employee
anyway, just a quick confirm. when Pool_X is down, bigip won't send traffic to Default_Pool and client will receive reset.
[root@ve10:Active] config b virtual bar list
virtual bar {
snat automap
destination 172.28.19.79:80
ip protocol 6
rules myrule
profiles {
http {}
tcp {}
}
}
[root@ve10:Active] config b rule myrule list
rule myrule {
when HTTP_REQUEST {
switch -glob [HTTP::path] {
"/xyz*" -
"/YwZ*" -
"/AbC*" {
pool Pool_X
}
default {
pool Default_Pool
}
}
}
}
[root@ve10:Active] config b pool Pool_X list
pool Pool_X {
monitor all fake
members 200.200.200.111:80 {}
}
[root@ve10:Active] config b pool Default_Pool list
pool Default_Pool {
members 200.200.200.101:80 {}
}
[root@ve10:Active] config b pool Pool_X
POOL Pool_X LB METHOD round robin MIN/CUR ACTIVE MEMBERS 0/0
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pkts,bits) in = (0, 0), out = (0, 0)
+-> POOL MEMBER Pool_X/200.200.200.111:80 inactive,down
| session enabled priority 0 ratio 1
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pkts,bits) in = (0, 0), out = (0, 0)
| requests (total) = 0
[root@ve10:Active] config tcpdump -nni 0.0 not host 200.200.200.10 and port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
01:50:36.809874 IP 172.28.20.11.59060 > 172.28.19.79.80: S 2018743163:2018743163(0) win 5840
01:50:36.809921 IP 172.28.19.79.80 > 172.28.20.11.59060: S 1900520667:1900520667(0) ack 2018743164 win 4380
01:50:36.810630 IP 172.28.20.11.59060 > 172.28.19.79.80: . ack 1 win 46
01:50:36.810720 IP 172.28.20.11.59060 > 172.28.19.79.80: P 1:171(170) ack 1 win 46
01:50:36.810842 IP 172.28.19.79.80 > 172.28.20.11.59060: R 1:1(0) ack 171 win 4550
Hi nitass,
Thanks for your inputs and confirmation for resetting the connection when all members are down.
I have another iRule - not within the iRule I shared so priority won't differ here.
let's say the iRule I shared before is iRule-2, and the other iRule is iRule-1. The name reflect their orders to the VS.
iRule-1 has more specific conditions to match i.e the URI will be /xyz/string-1 instead of /xyz*, and when match is there it will redirect, select the same pool (Pool_X) and disable all the events - preventing any further irules processing.
From the above, is there any thing causing F5 to forward /xyz* to the default pool.
iRule-1
when HTTP_REQUEST {
if {([HTTP::header exists "X-Forwarded-For"]) and ([string tolower [HTTP::uri]] contains "/xyz/string-1")} {
switch -glob [HTTP::header values "X-Forwarded-For"] {
"some-value" {
HTTP::redirect "http://www.example.com/xyz/string-2"
pool Pool_X
event disable all
}
}
}
}
iRule-2
when HTTP_REQUEST priority 10 {
switch -glob [HTTP::path] {
"/xyz*" -
"/YwZ*" -
"/AbC*" { pool Pool_X }
default { pool Default_Pool }
}
}
NimbostratusTo be more specific, let's look to the actions in iRule-1
HTTP::redirect "http://www.example.com/xyz/string-2"
pool Pool_X
event disable all
If there is a match, will any subsequent requests be forwarded to Pool_X ?
This is what I want to make sure about.
it's ok for me to stop processing other iRules, but it's a must for subsequent requests to go to Pool_X.
BR,
CirrostratusEmployeeNimbostratusSteve/nitass,
Really appreciate your efforts.
Sorry I wasn't clear about descripting the issue clearly.
when HTTP_REQUEST {
if {([HTTP::header exists "X-Forwarded-For"]) and ([string tolower [HTTP::uri]] contains "/xyz/string-1")} {
switch -glob [HTTP::header values "X-Forwarded-For"] {
"some-value" {
HTTP::redirect "http://www.example.com/xyz/string-2"
pool Pool_X
event disable all
}
}
}
}
Issue: "event disable all" is the cause of URI leaking. The initial request forwarded to Pool_X while subsequent requests are not.
Resolution: using "return" instead which will keep processing subsequent requests but exits from the currently executing event in the currently executing iRule.
Thanks again ,,
https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/aft/1174233/asg/50/Default.aspx
BR,