Forum Discussion

newf5learner_13's avatar
newf5learner_13
Icon for Nimbostratus rankNimbostratus
Oct 27, 2017

something wrong with host header redirection irule - please correct me

Hi Experts

I'm trying to use a irule to direct the traffic to appropriate pool based on the URL Host header information. Its strange that I'm not able to browse the site though the backend server are up and reachable. If I remove the irule and choose the resource to be a pool, the site loads! I have configured this irule on F5 2600i model with software version 12.1, similar irules are working on the other model 3900 on version 11.6

A little more information: Backend servers and the VIP address are in same network 10.120.1.0/24 and also has SNAT Automap turned on! 

when HTTP_REQUEST {
switch -glob [ string tolower [HTTP::host]] {
    "nexustest.deccanchargers.net" { pool Pool_DATA_DC_8184 }
    "nexustest1.deccanchargers.net" { pool Pool_DATA_DC_8185 }
    "nexustest2.deccanchargers.net" { pool Pool_DATA_DC_8186 }
    "nexustest3.deccanchargers.net" { pool Pool_DATA_DC_8187 }
    default { HTTP::respond 404 noserver }
  }
}

Can someone advise if there are any changes with the irule translator / compiler in the version 12.1 or something wrong with my F5 2600i platform? Please suggest.

Thanks.

application delivery
iRules
LTM

19 Replies

Sort By
  • RaghavendraSY's avatar
    RaghavendraSY
    Icon for Altostratus rankAltostratus
    Oct 27, 2017

    Please try this: when HTTP_REQUEST { if {([HTTP::host] equals "nexustest.deccanchargers.net") } { pool Pool_DATA_DC_8184 } elseif { ([HTTP::host] equals "nexustest1.deccanchargers.net") } { pool Pool_DATA_DC_8185 } elseif { ([HTTP::host] equals "nexustest2.deccanchargers.net") } { pool Pool_DATA_DC_8186 } elseif { ([HTTP::host] equals "nexustest3.deccanchargers.net") } { pool Pool_DATA_DC_8187 } else { HTTP::respond 404 noserver } } }

     

    Hope this helps

     

    • newf5learner's avatar
      newf5learner
      Icon for Nimbostratus rankNimbostratus
      Oct 27, 2017

      Tried this. But no change, the page doesn't load. 

      when HTTP_REQUEST { 
if {([HTTP::host] equals "nexustest.apdc.net") } { pool Pool_DATA_DC_8184 } 
elseif { ([HTTP::host] equals "nexustest1.apdc.net") } { pool Pool_DATA_DC_8185 } 
elseif { ([HTTP::host] equals "nexustest2.apdc.net") } { pool Pool_DATA_DC_8186 } 
elseif { ([HTTP::host] equals "nexustest3.apdc.net") } { pool Pool_DATA_DC_8187 } 
else { HTTP::respond 404 noserver } 
}
  • RaghavendraSY_7's avatar
    RaghavendraSY_7
    Icon for Cumulonimbus rankCumulonimbus
    Oct 27, 2017

    Please try this: when HTTP_REQUEST { if {([HTTP::host] equals "nexustest.deccanchargers.net") } { pool Pool_DATA_DC_8184 } elseif { ([HTTP::host] equals "nexustest1.deccanchargers.net") } { pool Pool_DATA_DC_8185 } elseif { ([HTTP::host] equals "nexustest2.deccanchargers.net") } { pool Pool_DATA_DC_8186 } elseif { ([HTTP::host] equals "nexustest3.deccanchargers.net") } { pool Pool_DATA_DC_8187 } else { HTTP::respond 404 noserver } } }

     

    Hope this helps

     

    • newf5learner's avatar
      newf5learner
      Icon for Nimbostratus rankNimbostratus
      Oct 27, 2017

      Tried this. But no change, the page doesn't load. 

      when HTTP_REQUEST { 
if {([HTTP::host] equals "nexustest.apdc.net") } { pool Pool_DATA_DC_8184 } 
elseif { ([HTTP::host] equals "nexustest1.apdc.net") } { pool Pool_DATA_DC_8185 } 
elseif { ([HTTP::host] equals "nexustest2.apdc.net") } { pool Pool_DATA_DC_8186 } 
elseif { ([HTTP::host] equals "nexustest3.apdc.net") } { pool Pool_DATA_DC_8187 } 
else { HTTP::respond 404 noserver } 
}
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Oct 27, 2017

    Hi,

    First, with this requirement, 

    switch
    is better than multiple 
    if
    !

    There is no changes in version 12.1 or no specific behavior on i2600!

    Your Irule seems ok and I guess there is an issue with the real switch values! Are all tested value lower case?

  • RaghavendraSY's avatar
    RaghavendraSY
    Icon for Altostratus rankAltostratus
    Oct 27, 2017

    Right. Irules are very basic ones.

     

    Can you please post virtual and pool configurations (hide your confidential information).

     

    • newf5learner's avatar
      newf5learner
      Icon for Nimbostratus rankNimbostratus
      Oct 27, 2017

      Note : For time being I have removed the irule, so you will not find the references for it in the VIP config. However, I have added the irule to the VIP while testing my connection. And the configuration is created using iApps. 

      ltm virtual /Common/test_deccan_charges_http.app/test_deccan_charges_http_vs {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    destination /Common/10.241.11.201:80
    fallback-persistence /Common/test_deccan_charges_http.app/test_deccan_charges_http_source-addr-persistence
    ip-protocol tcp
    mask 255.255.255.255
    persist {
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_cookie-persistence {
            default yes
        }
    }
    profiles {
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_http { }
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_oneconnect { }
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_optimized-caching { }
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_tcp-lan-optimized {
            context serverside
        }
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_tcp-wan-optimized {
            context clientside
        }
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_wan-optimized-compression { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port enabled
    vlans {
        /Common/internal
    }
    vlans-enabled
}

ltm persistence source-addr /Common/test_deccan_charges_http.app/test_deccan_charges_http_source-addr-persistence {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    mirror disabled
}
ltm profile http /Common/test_deccan_charges_http.app/test_deccan_charges_http_http {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    defaults-from /Common/http
    insert-xforwarded-for enabled
    redirect-rewrite none
}

ltm profile one-connect /Common/test_deccan_charges_http.app/test_deccan_charges_http_oneconnect {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    defaults-from /Common/oneconnect
    source-mask 255.255.255.255
}
ltm profile tcp /Common/test_deccan_charges_http.app/test_deccan_charges_http_tcp-lan-optimized {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    defaults-from /Common/tcp-lan-optimized
}
ltm profile tcp /Common/test_deccan_charges_http.app/test_deccan_charges_http_tcp-wan-optimized {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    defaults-from /Common/tcp-wan-optimized
}
ltm profile web-acceleration /Common/test_deccan_charges_http.app/test_deccan_charges_http_optimized-caching {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    applications none
    cache-object-max-size 2000000
    cache-size 10mb
    defaults-from /Common/optimized-caching
}

ltm pool /Common/Pool_DATA_DC_8184 {
    load-balancing-mode least-connections-member
    members {
        /Common/10.241.11.56:8184 {
            address 10.241.11.56
        }
        /Common/10.241.11.57:8184 {
            address 10.241.11.57
        }
        /Common/10.241.11.58:8184 {
            address 10.241.11.58
        }
    }
    • Stanislas_Piro2's avatar
      Stanislas_Piro2
      Icon for Cumulonimbus rankCumulonimbus
      Oct 27, 2017

      Hi,

      how this VS works when you remove the irule? the parameter 

      translate-address disabled
      will send the packet without changing the destination address from the VS address to the pool member address.

    • newf5learner's avatar
      newf5learner
      Icon for Nimbostratus rankNimbostratus
      Oct 27, 2017

      what I meant was, I have included the irule when was testing. As I was doing multiple testings (with and without irule) I pasted here the config of the VIP. I have copied the config when I removed the irule, but when I test with irule I had it included under the VIP..

       

  • RaghavendraSY_7's avatar
    RaghavendraSY_7
    Icon for Cumulonimbus rankCumulonimbus
    Oct 27, 2017

    Right. Irules are very basic ones.

     

    Can you please post virtual and pool configurations (hide your confidential information).

     

    • newf5learner's avatar
      newf5learner
      Icon for Nimbostratus rankNimbostratus
      Oct 27, 2017

      Note : For time being I have removed the irule, so you will not find the references for it in the VIP config. However, I have added the irule to the VIP while testing my connection. And the configuration is created using iApps. 

      ltm virtual /Common/test_deccan_charges_http.app/test_deccan_charges_http_vs {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    destination /Common/10.241.11.201:80
    fallback-persistence /Common/test_deccan_charges_http.app/test_deccan_charges_http_source-addr-persistence
    ip-protocol tcp
    mask 255.255.255.255
    persist {
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_cookie-persistence {
            default yes
        }
    }
    profiles {
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_http { }
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_oneconnect { }
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_optimized-caching { }
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_tcp-lan-optimized {
            context serverside
        }
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_tcp-wan-optimized {
            context clientside
        }
        /Common/test_deccan_charges_http.app/test_deccan_charges_http_wan-optimized-compression { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port enabled
    vlans {
        /Common/internal
    }
    vlans-enabled
}

ltm persistence source-addr /Common/test_deccan_charges_http.app/test_deccan_charges_http_source-addr-persistence {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    mirror disabled
}
ltm profile http /Common/test_deccan_charges_http.app/test_deccan_charges_http_http {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    defaults-from /Common/http
    insert-xforwarded-for enabled
    redirect-rewrite none
}

ltm profile one-connect /Common/test_deccan_charges_http.app/test_deccan_charges_http_oneconnect {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    defaults-from /Common/oneconnect
    source-mask 255.255.255.255
}
ltm profile tcp /Common/test_deccan_charges_http.app/test_deccan_charges_http_tcp-lan-optimized {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    defaults-from /Common/tcp-lan-optimized
}
ltm profile tcp /Common/test_deccan_charges_http.app/test_deccan_charges_http_tcp-wan-optimized {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    defaults-from /Common/tcp-wan-optimized
}
ltm profile web-acceleration /Common/test_deccan_charges_http.app/test_deccan_charges_http_optimized-caching {
    app-service /Common/test_deccan_charges_http.app/test_deccan_charges_http
    applications none
    cache-object-max-size 2000000
    cache-size 10mb
    defaults-from /Common/optimized-caching
}

ltm pool /Common/Pool_DATA_DC_8184 {
    load-balancing-mode least-connections-member
    members {
        /Common/10.241.11.56:8184 {
            address 10.241.11.56
        }
        /Common/10.241.11.57:8184 {
            address 10.241.11.57
        }
        /Common/10.241.11.58:8184 {
            address 10.241.11.58
        }
    }
    • Stanislas_Piro2's avatar
      Stanislas_Piro2
      Icon for Cumulonimbus rankCumulonimbus
      Oct 27, 2017

      Hi,

      how this VS works when you remove the irule? the parameter 

      translate-address disabled
      will send the packet without changing the destination address from the VS address to the pool member address.

    • newf5learner's avatar
      newf5learner
      Icon for Nimbostratus rankNimbostratus
      Oct 27, 2017

      what I meant was, I have included the irule when was testing. As I was doing multiple testings (with and without irule) I pasted here the config of the VIP. I have copied the config when I removed the irule, but when I test with irule I had it included under the VIP..