Forum Discussion

David_G__33241's avatar
David_G__33241
Icon for Nimbostratus rankNimbostratus
Aug 18, 2016

APM for Global Remote Access

I need to load balance Edge Client sessions over multiple internet connections in two data centers. I am first using GTM to respond with the IP of a dedicated virtual in one of the data centers and this virtual will do a 302 redirect to a new FQDN of one of the local APM virtual servers using an iRule. I am essentially doing the High Availability configuration from https://www.f5.com/pdf/deployment-guides/f5-apm-gtm-dg.pdf

User launches the Edge client which points to vpn.company.com. GTM responds to vpn.company.com with IP 1.2.3.4 which is the “redirect” virtual in Data Center-1. DC-1 has two distinct internet connections, each with its own virtual and each virtual shares the same Access Policy, etc. The two virtuals have FQDNs, us-1.company.com and us-2.company.com. The only job of the “redirect” virtual is to respond with a HTTP redirect to one of the two APM related virtuals in that Data Center using an iRule:

when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
    HTTP::respond 302 Location "https://[HTTP::uri]"
}

I would like as close as possible to a 50/50 split between dc1-1.company.com and dc1-2.company.com but I do not know how to select which one to respond with. This information does not seem to be in the attached white paper.

Each virtual does have an associated internet connection with its own dedicated router which means I can health check on the router, but I was not sure if I could simply make a pool of these routers (links) given that the virtual does not have an associated pool.

Any help is appreciated.

Thanks

APM 12.1

APM
application delivery
iRules

1 Reply

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Aug 19, 2016

    Hi,

    you do not need to create a dedicated VS but use the following irule on the APM virtual server:

    when RULE_INIT {
    set static::apm_local us-1.company.com
}

when HTTP_REQUEST {
    if {[HTTP::host] equals vpn.company.com } {
        HTTP::respond 302 Location "https://$static::apm_local[HTTP::uri]"
}

    in this configuration, GTM will load balance to both datacenter, then the irule will redirect to the local URL.

    another advice, your irule does not need 

    ACCESS::restrict_irule_events disable
    , and disabling irule restriction may cause different behavior. do not use this command if not necessary.

    this command allow to raise events like HTTP_REQUEST even for APM URI :

    • /my.policy
    • /vdesk/*
    • ...