Not standard balancing

Question

Hello,&nbsp;
i have been struggling since few days with following request:&nbsp;
Here is how the switch of the ports should work.
1.  Assuming the user connects to the port 80 of the BigIP
* The BigIP will assign for instance the port 7111 on tomcat 2
* The application will automatically switch the user to the port 443 of the bigIP for authentication
* In that case the BigIP MUST connect the user to the https port 7106 that corresponds to the http port 7111 of the same tomcat
* Next once the user is authenticated, the application will automatically switch the user to the port 80 of the BigIP
* In that case the BigIP MUST connect back the user to the previous http port 7111 that corresponds to the https port 7106 of the same tomcat.
2. Assuming the user connects to the port 443 of the BigIP
* The BigIP will assign for instance the port 7104 on tomcat 1
* Once the user is authenticated, the application will automatically switch the user to the port 80 of the BigIP
* In that case the BigIP MUST connect the user to the http port 7110 that corresponds to the https port 7104 of the same tomcat&nbsp;
To summarize:
The BigIp should be able to switch from following http port to https port and vice versa.
7110 &lt;-&gt; 7104
7111 &lt;-&gt; 7106
7112 &lt;-&gt; 7108&nbsp;
Is it possible? I am trying with this irule:&nbsp;
when HTTP_REQUEST {
    set tcp_port [getfield [HTTP::cookie value "bIPs" ]  "%3" 2]
log local0. "TcP_PorT is $tcp_port"
switch -glob $tcp_port {
"7010" { pool slb_3-gems-test-eng-7110 }
"7011" { pool slb_3-gems-test-eng-7111 }
"7012" { pool slb_3-gems-test-eng-7112 }
}
   }&nbsp;
when HTTP_RESPONSE {
    HTTP::cookie insert name "bIPs" value [IP::server_addr][TCP::server_port] path "/"
log local0. "TcP_Port_response is [HTTP::cookie value "bIPs"]"
 }&nbsp;
thought it will be working, but looks like switch does not work as it should:&nbsp;
: TcP_PorT is
: TcP_Port_response is 10.217.6.15%37112
: TcP_PorT is 7112
: TcP_Port_response is 10.217.6.15%37110
: TcP_PorT is 7112
: TcP_PorT is 7110
: TcP_PorT is 7112
: TcP_Port_response is 10.217.6.15%37111
: TcP_PorT is 7110
: TcP_Port_response is 10.217.6.15%37111
: TcP_PorT is 7110&nbsp;
Any ideas, tips will be helpful.&nbsp;
Regards
Rafal&nbsp;

nitass · Answer

The BigIp should be able to switch from following http port to https port and vice versa.&nbsp;

have you ever tried match across option (irule has to be revised)?&nbsp;
sol5837: Match Across options for session persistence&nbsp;
http://support.f5.com/kb/en-us/solutions/public/5000/800/sol5837&nbsp;

dryk_00 · Answer

Well, the problem is that pool members consist from one node, what i mean:
poll http:&nbsp;
1.1.1.1:7110
1.1.1.1:7111
1.1.1.1:7172&nbsp;
Pool https
1.1.1.1:7104
1.1.1.1:7106
1.1.1.1:7108&nbsp;
So i believe that match across services gonna fail as per:&nbsp;
Because of this lack of granularity, a pool containing multiple members with the same node address may result in inconsistent load balancing behavior. For this reason, F5 recommends that pools associated with virtual servers that are configured to use the Match Across Services option should not contain multiple members using the same node address.&nbsp;
But now i have applied universal profile with an irule from https://devcentral.f5.com/wiki/iRules.HttpToHTTPsCookiePersistence.ashx with match across marked, gonna check if this helps. Thx for repsonse.&nbsp;

Forum Discussion

Not standard balancing

2 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

VIP-targeting-VIP solution using Standard and performance L4 VS

NGINXaaS for Azure: Load Balancing

Pool round Robin not working with standard virtual server

What is Load Balancing?