passive monitoring all tcp ports by Irule

Question

&nbsp; A customer requested for a Bip IP config with all ports open 
&nbsp; for the environment will be a dynamic one where services can be added or deleted 
&nbsp; on any port 
&nbsp; Consequently no active tcp monitor can be applied 
&nbsp;  
&nbsp; The config is like this 
&nbsp; vip address ( all ports accepted) pointing to a pool(all ports allowed) with two nodes. 
&nbsp; One node needs to get 30 % of the load the other one 70% of the load. 
&nbsp; Active monitoring on service level is not possible but maybe passive monitoring with an I-rule. However I got no clue how to do it. 
&nbsp;  
&nbsp; Below two examples: 
&nbsp;  
&nbsp; Incoming requesthttp://mysite.com:28401/prSiebelAgreements/ExecutePortType 
&nbsp; checkhttp://mysite.com:28401/index.htm 
&nbsp; if code 200 use sitehttp://mysite.com:28401/prSiebelAgreements/ExecutePortType 
&nbsp; els try other node 
&nbsp;  
&nbsp; The portnumber is the differentiator 
&nbsp; another site can be like below and we should apply the same irule 
&nbsp;  
&nbsp; http://mysite.com:18501/getInvoiceRechargeResponse/ExecutePortType 
&nbsp; http://mysite.com:18501/index.html 
&nbsp; http://mysite.com:18501/getInvoiceRechargeResponse/ExecutePortType 
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp; who got an idée how to solve this 
&nbsp;  
&nbsp; kleis 
&nbsp;

hooleylist · Answer

Hi Kleis, 
&nbsp;  
&nbsp; Is this only HTTP traffic that would be passing through the VIP?  Would the VIP be defined on a single IP address or a subnet?  Is it production traffic, or a test environment?  How often would new web apps be added/removed?   
&nbsp;  
&nbsp; You could potentially use a cookie to track whether the index page on that port had been checked for that session.  If you need to use a 70/30 split for traffic you could use ratio load balancing.  You would need to look for the cookie in HTTP_REQUEST, if it wasn't there, save the request headers (assuming no POSTs could be sent for the first request), rewrite the URI to /index.htm, force a load balancing decision using LB::select, make a request to the selected pool member, check the response, and for a 200 use HTTP::retry to send the original request headers to the same pool member. If the first pool member didn't respond with a 200, you could use HTTP::retry to retry the request to the other pool member.  If the request was a 200, use HTTP::retry again to make the original request to the new pool member.   
&nbsp;  
&nbsp; If the client does receive a 200 response for a particular port for index.html, you would want to set a cookie with the port number and pool member details so you could avoid the 200 test for subsequent requests.  You would need to add logic to the above scenario to look for the cookie and bypass the checks if the client presents a valid cookie. 
&nbsp;  
&nbsp; If the web apps aren't changing often, I'd suggest it would be easier to set up separate VIPs for each web app and do standard load balancing.  I think an iRule as described might be possible, but not very efficient. 
&nbsp;  
&nbsp; Aaron

kleis_oenema_67 · Answer

thanks so far 
&nbsp;  
&nbsp; Here the info I got from the customer with regard to your questions 
&nbsp; it should be only http and https 
&nbsp; The vip is a IP address and there will be a production and development site both with two hosts in the respective pool but each with there own VIP address. 
&nbsp; From the information as I have gained so far: 
&nbsp; the url will be http(s)://mysite.com:port/ 
&nbsp;  
&nbsp; at the start there would be approx 5 sites but this can grow up to 20 or more. 
&nbsp; The customer wants flexibility to set up site or tear them down without having to request for BigIp changes 
&nbsp;  
&nbsp; kleis

hooleylist · Answer

Hi Kleis, 
&nbsp;  
&nbsp; Assuming the HTTPS is all being requested to the same hostname, I think it's possible to do.  I don't have the time to do an example for this as it's fairly complicated.  You can take a look at the HTTP::retry wiki page as well as a very helpful article from Deb: 
&nbsp;  
&nbsp; HTTP::retry 
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/http__retry 
&nbsp;  
&nbsp; Conditioning iRule Logic on External Information - 1 - HTTP::retry  
&nbsp; http://devcentral.f5.com/Default.aspx?tabid=63&amp;articleType=ArticleView&amp;articleId=105  
&nbsp;  
&nbsp; Aaron

Forum Discussion

passive monitoring all tcp ports by Irule

3 Replies

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

Http monitor on different port

Why use mgmt port to monitor ?

Especial Load Balancing Active-Passive Scenario (I)

Especial Load Balancing Active-Passive Scenario (II)

Health monitor question