Back to basics - redirect to a virtual server

Question

We're working on an irule to send connections to another virtual server based on a match on the X-forwarded header.  The reason for this is so we can rate-limit the number of connections (by using Connection Limit on the virtual server) to the web servers if we need to.   
  
 So we have a 'dummy' pool that consists of a virtual server which has a pool of web servers and this irule:   
 when HTTP_REQUEST {   
 if { [HTTP::header "X-Forwarded-For"] == "4.4.4.0" }  {   
 pool webcrawler.dummy.pool   
 event disable   
 }   
 }  
   
 When testing with a client and injecting an X-Forwarded-For address like this:  "GET -seUd -H "X-Forwarded-For: 4.4.4.0" www.mysite.com" all I receive is "500 Server closed connection without sending any data back"   
  
 I also tried using node and the IP of the virtual server ie:  node x.x.x.x 80 instead of pool, but that doesn't work either.   
  
 The only thing that does work is if I use pool webserver.pool or node webserver.ip 80   
  
 I discovered:  "In version 9.4.0 and higher, 'virtual ' can be used to route the connection to another virtual server, without leaving the BIG-IP. This functionality did not exist in previous versions."   We happen to be using 9.3.0   
  
 But we were told by F5 that we should be able to route the existing connection to a pool containing a virtual server (on the same ltm) containing a pool.   
  
 Any ideas?

the_bhattman · Answer

As a test can you try setting the snat to automap on virtual server that you are trying to? 
&nbsp; Thanks, 
&nbsp; CB

josepht · Answer

I tried snat automap on the primary vs, then tried it on the other vs, then tried it on both vs's, but I get the same behavior.

the_bhattman · Answer

If F5 is saying it should then I would talk to F5 tech support to see if you are running to a specific bug or some kind of limitation. 
&nbsp;  
&nbsp; CB &nbsp;

nat_thirasuttakorn · Answer

another idea is setting static arp using bigpipe (not linux arp command) 
&nbsp;  
&nbsp; b arp   
&nbsp;  
&nbsp; let say vip matches address of vlan x, use bigpipe command to get mac address of that vlan 
&nbsp;  
&nbsp; b vlan show all  
&nbsp;  
&nbsp; btw, you may put log in LB_SELECTED to see if it has been called 
&nbsp;  
&nbsp; log local0. [LB::server] 
&nbsp;  
&nbsp; also check b arp to see if you can see entry for virtual address that said "incomplete"

hooleylist · Answer

If you can't upgrade to 9.4.0+, you should be able to use a loopback plug on two LTM switch ports and then specify a VIP as another VIP's pool member.  Here are a few related posts where at least one person said they were able to get it working: 
&nbsp;  
&nbsp; http://devcentral.f5.com/Default.aspx?tabid=53&amp;view=topic&amp;forumid=5&amp;postid=46384643 
&nbsp;  
&nbsp; http://devcentral.f5.com/Default.aspx?tabid=53&amp;forumid=5&amp;tpage=1&amp;view=topic&amp;postid=1245312475 
&nbsp;  
&nbsp; http://devcentral.f5.com/Default.aspx?tabid=53&amp;forumid=5&amp;tpage=1&amp;view=topic&amp;postid=1321813218 
&nbsp;  
&nbsp; If you do get this working, can you post a sample configuration for future reference? 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Aaron

Forum Discussion

Back to basics - redirect to a virtual server

6 Replies

Recent Discussions

LDAPS and renegotiation

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

Related Content

URL/URI redirect for virtual server without http profile.

Tmsh command - virtual address list vs virtual server IP list (discrepancy)

Migrate configuration from physical LTM to virtual

iRule assistance for subfolder redirect

Redirection with datagroup and irule