Forum Discussion

Nimbostratus

Dec 04, 2013

TCL error logged when two irules are applied to HTTP and/or HTTPS vservers

Hi.

We have applied two irules to HTTP and HTTPS vservers with the same virtual IP. Both irules works fine individually. However sometimes or sporadically we are obtaining this kind of errors on /var/log/ltm:

Dec 4 13:14:51 slot1/LTMINTERNET2 err tmm[7744]: 01220001:3: TCL error: /Common/PERSISTENCE_LTCPROD - no such pool: (line 11) invoked from within "active_members -list [LB::server pool]"

First Irule is used in order to maintain persistence between HTTP and HTTP services. Pool member is inserted in a cookie, and this cookie value is used to force client requests to the same pool member for HTTP or HTTPS traffic:

    when HTTP_REQUEST {

    set need_cookie 1
    if {[string match {*[a-zA-Z]*} [HTTP::host]]} {
            set dominio [domain [HTTP::host] 2]
        } else {
            set dominio ""
    }
    if { [HTTP::cookie exists "FLTCPROD"] } {
        set decrypted [HTTP::cookie decrypt "FLTCPROD" "beautifulday"]
        if { ($decrypted ne "") } {
            set persist_node [HTTP::cookie "FLTCPROD"]
            foreach member [active_members -list [LB::server pool]] {
                set node [lindex $member 0]
                if { $node eq $persist_node } {
                    set need_cookie 0
                    node $persist_node [lindex $member 1]
                }
            }
        }
    }
}

when LB_FAILED {
    set need_cookie 1
    LB::reselect
}

when HTTP_RESPONSE {
   if { $need_cookie } {
       HTTP::cookie insert name "FLTCPROD" value [IP::remote_addr] path / domain $dominio
       HTTP::cookie encrypt "FLTCPROD" "beautifulday"
       HTTP::cookie expires "FLTCPROD" 14400
   }
}

The second irule is used to manage some redirecctions depending on the URI of the request:

when HTTP_REQUEST {
    if {[TCP::local_port] == 443} {
        set protocolo "https"
    } else {
        set protocolo "http"
    }
    if {[string tolower [HTTP::uri]] equals "/tienda/lt/browse/productdetail.jsp?productid=a10074735&categoryid=2013.1319449414&trail=9004%3a2013.1319449414&brandid=&ancestorid=&pcproduct=true&navcount=0&isproduct=true&trailsize=1&navaction=push&groupname="} {
        HTTP::respond 301 noserver Location "$protocolo://[HTTP::host]/2-con-gel-dualuxe/product/A10074735/"
    } elseif {[string tolower [HTTP::uri]] equals "/tienda/lt/index.jsp"} {
        HTTP::respond 301 noserver Location "$protocolo://[HTTP::host]/"
    } elseif {[string tolower [HTTP::uri]] equals "/tienda/lt/browse/category.jsp?navaction=push&navcount=0&categoryid=2013.1319445491&menu=top"} {
        HTTP::respond 301 noserver Location "$protocolo://[HTTP::host]/electronica/2013.5094016/category/"
    } elseif {[string tolower [HTTP::uri]] equals "/tienda/lt/browse/category.jsp?navaction=push&navcount=0&categoryid=2013.1319446230&menu=top"} {
        HTTP::respond 301 noserver Location "$protocolo://[HTTP::host]/television-y-video/2013.5097016/category/"   
    } elseif {[string tolower [HTTP::uri]] equals "/tienda/lt/browse/category.jsp?navaction=push&navcount=0&categoryid=2013.1319446255&menu=top"} {
        HTTP::respond 301 noserver Location "$protocolo://[HTTP::host]/informatica/2013.5098016/category/"
    } elseif {[string tolower [HTTP::uri]] equals "/tienda/lt/browse/category.jsp?navaction=push&navcount=0&categoryid=2013.1319452459&menu=top"} {
        HTTP::respond 301 noserver Location "$protocolo://[HTTP::host]/salud/2013.5231016/category/"
    } elseif {[string tolower [HTTP::uri]] equals "/tienda/lt/browse/category.jsp?navaction=push&navcount=0&categoryid=2013.1319446302&menu=top"} {
        HTTP::respond 301 noserver Location "$protocolo://[HTTP::host]/hogar/2013.5099016/category/"
    } elseif {[string tolower [HTTP::uri]] equals "/tienda/lt/browse/category.jsp?navaction=push&navcount=0&categoryid=2013.1319446354&menu=top"} {
        HTTP::respond 301 noserver Location  $protocolo://[HTTP::host]/cocina/2013.5100016/category/"
    } elseif {[string tolower [HTTP::uri]] equals "/tienda/lt/browse/category.jsp?navaction=push&navcount=0&categoryid=2013.1319446375&menu=top"} {
        HTTP::respond 301 noserver Location "$protocolo://[HTTP::host]/deportes/2013.5101016/category/"
    } elseif {[string tolower [HTTP::uri]] equals "/tienda/lt/browse/category.jsp?navaction=push&navcount=0&categoryid=2013.1319528446&menu=top"} {
        HTTP::respond 301 noserver Location "$protocolo://[HTTP::host]/tv/2013.5238016/category/"
    }
}

We notice this error is logged when you try one of the redirections using web browser, and you already have surfed across our site (we already have a cookie assigned inserted by BIG-IP, using our first iRule). If you try to get one of our redirections for the first time (with browser cache and cookies cleared) error is not logged. Anyway all seems to work fine besides tcl message error has been logged.

anybody could help us to troubleshoot or find explanation about why this error message is being logged?

Thanks.

11 Replies

Philippe_CLOUP
Employee
Dec 04, 2013
Hi franco, my thought is that you use [LB::server pool] command in a context where it is not already popuplated.

When someone is coming again to your website (new TCP connection in that case), the cookie is presented in the HTTP_REQUEST event (clientside event), but the "LB::server" is not populated because no "LB decision" has been made at that time. I would recommend putting a conditional testing like using "catch" command, to check that.
- U_franco_117956
  Nimbostratus
  Dec 04, 2013
  Thanks very much for your response. The question is, I don´t understand why LB decission has not been made, if previously access to our website has been done, and I assume in that momment (when end users reach our website for the first time) load balance decission has been made. B.R.
Thomas_Gobet
Nimbostratus
Dec 04, 2013
Hi,

When you call [LB::server pool] it returns the default pool name. You can ask for it everywhere but what is mandatory is to define a default pool on your virtual server before.

Can you log the pool name before your if condition ?
- Philippe_CLOUP
  Employee
  Dec 04, 2013
  yes thomas, you are right, i missed that one ;-)
Thomas_Gobet_91
Cirrostratus
Dec 04, 2013
Hi,

When you call [LB::server pool] it returns the default pool name. You can ask for it everywhere but what is mandatory is to define a default pool on your virtual server before.

Can you log the pool name before your if condition ?
- Philippe_CLOUP
  Employee
  Dec 04, 2013
  yes thomas, you are right, i missed that one ;-)

Kevin_Stewart

Employee

Dec 04, 2013

A long shot, but try this:

add:
when CLIENT_ACCEPTED {
    set default_pool [LB::server pool]
}

In your HTTP_REQUEST event, change:

    foreach member [active_members -list [LB::server pool]] {

to 

    foreach member [active_members -list $default_pool] {

Philipp_Stadler
Nimbostratus
Dec 04, 2013
Hi,

first of all, you have a syntax error in second iRule:

HTTP::respond 301 noserver Location $protocolo://[HTTP::host]/cocina/2013.5100016/category/"

should be:

HTTP::respond 301 noserver Location "$protocolo://[HTTP::host]/cocina/2013.5100016/category/"

maybe there is an influence, if second iRule is used first by the system. (and there is a syntax error).

You should set priorities on events, if you use one event twice. (The Code for the event HTTP_REQUEST is evaluated in the order of its priority. Without setting priorities) - with priorities you can control, which code part is used first and which second.

see: https://community.f5.com/t5/technical-articles/getting-started-with-irules-events-amp-priorities/ta-p/290543

regards, Philipp
Philippe_CLOUP
Employee
Dec 04, 2013
Hi Franco, i did some tests in my lab, and as mentioned by Thomas, as far as you have a default pool position on your VS, the [LB::server pool] is fine. If it is positioned by an iRule (and there is no default in your Pool, Resources), then the result can be "" (empty). And in that case, here is the log i have when doing the "active_members -list [LB::server_pool]"

no such pool: (line 1) invoked from within "active_members [LB::server pool]"

So can you confirm that you are not setting the pool from an iRule ?
- U_franco_117956
  Nimbostratus
  Dec 04, 2013
  Thanks Philou for your tests. However one pool is configured for each vserver in GUI, and then both irules have been added in Resource section. So I assume default pool for each vserver has been configured. Shall I configure default pool on the top of persistence iRule?? Bear in mind in this momment We are using the same persistence irule for HTTP and HTTPS services with the same virtual IP (both services have the same members too, but with different port ;-)). If you are suggesting me to configure default pool at the top of the irule, I had to configure a different irule for HTTP and HTTPS services. Am I wrong??
U_franco_117956
Nimbostratus
Dec 05, 2013
Hi to everybody.

I´m trying propossed solution provided by Kevin, I´m testing and error message is not being logged now in /var/log/ltm file. .-)))

The question is we are obtaining pool name before to execute HTTP_REQUEST event code, and I don´t know why sometimes [LB::server pool] doesn´t have any value in HTTP_REQUEST event.

Anybody could give detailed explanation about this issue, bearing in mind a default pool is always configured on Resources section of the virtual servers?

Thanks.

Forum Discussion

TCL error logged when two irules are applied to HTTP and/or HTTPS vservers

11 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

About custome Response Blocking Page

About IPI check ip list

Related Content

After applied ASM Policy to Virtual Server, connections will reset with Internal error in log

Big-IP Reporting? Vserver traffic stats, etc.?

ASM logs

Trouble applying GoDaddy certificate to a virtual server

Applying APM on an iframe