iRule for cloned request and response traffic

I'm afraid it doesn't work that way. I use this analogy a lot, but you almost have to think of an event like a "bucket". The bucket gets filled with an aggregate of commands and values, and then gets dumped out and readied for the next request. So in the following example:

when CLIENT_ACCEPTED {
    set default_pool [LB::server pool]
}
when HTTP_REQUEST {
    set orig_uri [HTTP::uri]

    HTTP::uri "/foo"
    clone pool clone_pool

    HTTP::uri $orig_uri
    pool $default_pool
}

It does indeed send traffic to both pools, but the resulting URI for both is the URI set in the last HTTP::uri command. Your best may be to perform a sideband call with the modified data. It'll eat up a bit more CPU, but you'll have much more flexibility.

Thank you! That helps a lot. How would I go about setting up a sideband call?

Give this a shot:

proc send_to_sideband { data server } {
    set sbserver [connect -protocol TCP -timeout 10 -idle 5 -status conn_status $server]
    send -status send_status -timeout 10 $sbserver $data
}
when RULE_INIT {
    set static::sideband_server "10.80.0.200:80"
}
when HTTP_REQUEST {
    set req [HTTP::request]
    set sb [call send_to_sideband $req $static::sideband_server]
}

I'm using a proc here. Not totally necessary, but cool nonetheless. The iRule is basically grabbing the entire HTTP request and passing it the sideband. There's no sideband receive function, so it won't listen for a response. You could alter the request data however required.

For some reason when i tried the code you initally wrote, it wouldn't get to the second set of commands. It would send to the clone pool but not the default pool. Is there some reason it wouldn't execute any code after it redirects to the clone pool?

Perhaps add a OneConnect profile to the VIP? Understand of course that it's not going to allow you to modify the URI to the clone pool.

Shoot. The prober is dependent on the URI being changed. If i made 2 separate iRules and applied them both to the VS would that work in sending the same traffic to both?

Multiple iRules applied to a VIP actually get "compiled" into a single iRule, so no. I think you would necessarily have to send clone pool traffic through another VIP and then modify it there. While technically possible to "pool to a VIP", the task is complex. Did you try the sideband?

I haven't tried the sideband yet. I'm still very green and was hesitant. I'll give it a shot now and let you know how it goes. Thank you for your help.

Since I'm using 11.3 on my LTM I couldn't make use of proc. I've tried the following, but am getting a timeout error on the send line. It does't seem to be reaching the IDS server at all.

when RULE_INIT { set static::sideband_server "x.x.x.x:7002" } when HTTP_REQUEST { set req [HTTP::request] set sbserver [connect -protocol TCP -timeout 10 -idle 5 -status conn_status $static::sideband_server] log local0. "Connect returns: <$sbserver> and conn status: <$conn_status> " send -status send_status -timeout 10 $sbserver $req pool FgmCtm_Test_pool } 

but am getting a timeout error on the send line. It does't seem to be reaching the IDS server at all.

is the server reachable from bigip (tmm interface) and is it listening on port 7002?