Hi, I need a little help here. I have two DCs so two ltms and GTMs. On LTMs I am using an Irule which means the VS don't go down if the pool goes do gown. hence the wide IP on GTM doesnt see any change and no failover happens. is there anyway I can achieve a dynamic failover with the above setup? if not, what changes i will have to do? ~I mean, I can achieve dymaic fialover if I don;t use IRUles but then I am wasting alot of resources such as IP addresses etc. Regards,

Hi Qasim, It would help if you gave some more information on how your iRule works, are you able to share it? Lee

It would mark the virtual server down that the iRule is applied to. So if one pool member is down, it would mark it down for all pool members at a particular site. There's no easy way of getting round this if you are sharing a single virtual server for different services. With regards to the response codes, they don't really matter, it just something I added as 503 is a 'Service Unavailable' error so could be an appropriate error code.You would still need to configure the health monitor on GTM to mark the service down depending on how you configure your VS to respond on service down.

You can only mark a VS down if the default pool assigned to the VS goes down. This is why I suggested an iRule that sends a response if a pool used in the iRule is down. What you send back to GTM doesn't matter as long as the health monitor marks the VIP down. When GTM sees that a pool is down, it will mark the whole VIP down. For that reason it makes sense to send the same response for each pool like I've already suggested.

The iRule would not be able to send a 200 response and select a pool.Sending a response would stop any load balancing and pool selection. The problem you have is that everything is selected under an iRule so you have to fudge the solution to make it work. One idea would be to have a health monitor for each service on your GTM one for abc.com one for def.com, each one sending a health monitor request that matches the host header in the iRule. To Mark the VIP up, you could send a test monitor to a dummy host header that always responds with a 200. Then make sure that the VIP is marked down if one or more monitors are marked down, as your dummy host header will always be up. when HTTP_REQUEST { switch -glob [HTTP::host] { "abc.com" { if {[active_members INT_RTL_abc_8094_POOL] > 0} { pool INT_RTL_abc_8094_POOL } else { HTTP::respond 503 content "ERROR" } } "def.com " { if {[active_members INT_RTL_def_9443_POOL] > 0} { pool INT_RTL_def_9443_POOL } else { HTTP::respond 503 content "ERROR" } } "dummy.host.com" { HTTP::respond 200 content "OK" } } }A better solution would be to redesign your solution to use a dedicated VIP for each service

GTM + LTM-VS+Irule and dynamic failover

11 Replies

Lee_Sutcliffe
Nacreous
Jun 12, 2019
Hi Qasim,

It would help if you gave some more information on how your iRule works, are you able to share it?

Lee

Lee_Sutcliffe

Nacreous

Jun 12, 2019

You could customise your health monitor on GTM to mark the server down if it receives a certain response such as "ERROR" or status code of 503. Then Modify your iRule to something like this

when HTTP_REQUEST {
    switch -glob [HTTP::host] {
        "abc.com" {
            if {[active_members INT_RTL_abc_8094_POOL] > 0} {
                pool INT_RTL_abc_8094_POOL
            } else {
                HTTP::respond 503 content "ERROR"
            }
        }
        "def.com " {
            if {[active_members INT_RTL_def_9443_POOL] > 0} {
                pool INT_RTL_def_9443_POOL
            } else {
                HTTP::respond 503 content "ERROR"
            }
        }
    }
}

Lee_Sutcliffe
Nacreous
Jun 17, 2019
It would mark the virtual server down that the iRule is applied to. So if one pool member is down, it would mark it down for all pool members at a particular site. There's no easy way of getting round this if you are sharing a single virtual server for different services.

With regards to the response codes, they don't really matter, it just something I added as 503 is a 'Service Unavailable' error so could be an appropriate error code.
You would still need to configure the health monitor on GTM to mark the service down depending on how you configure your VS to respond on service down.
- Qasim
  Cirrostratus
  Jun 19, 2019
  ok make sense thanks.
  
  however, can I add another http error code to the above IRULE example? e.g. If I want to monitor 2 http error codes i.e. 503 and 403? also can we not amend the IRULE to mark the VS down if all the nodes in a single pool are responding with error or not available? if so, can you show us an example please?
  
  Many thanks for your help so far.
  
  Regards,
  - Lee_Sutcliffe
    Nacreous
    Jun 20, 2019
    You can only mark a VS down if the default pool assigned to the VS goes down.
    This is why I suggested an iRule that sends a response if a pool used in the iRule is down. What you send back to GTM doesn't matter as long as the health monitor marks the VIP down.
    
    When GTM sees that a pool is down, it will mark the whole VIP down. For that reason it makes sense to send the same response for each pool like I've already suggested.
Qasim
Cirrostratus
Jun 12, 2019
here is the example of the rule:

when HTTP_REQUEST {
  switch -glob [HTTP::host] {
   abc.com         { pool INT_RTL_abc_8094_POOL }
   def.com         { pool INT_RTL_def_9443_POOL }

  }
}

basically as there is no default pool so the VS don't go down if one of the Pool is down and as result GTM doesn't detect any change therefore no failover. Is there a way around this?

Kind regards,
Qasim
Cirrostratus
Jun 14, 2019
thanks Lee, this is highly appreciated. so based on this if all the servers in the pool return http error code 503, the relevant VS will go down hence will force GTM to change W-IP. if so, can I add more error codes to this rule? how would it look like with another error code e.g. 403?

Regards,
Qasim
Cirrostratus
Sep 16, 2019
Hi Lee,

I hope you are well? I have used the above Irule and it has been working OK however I have come across a minor problem and was wondering if you will be able to help?

I want to use the IRULE now for a service that needs presenting externally as well and the LTM is local to the GTM i.e. same box.

using your IRULE I can track the LTM side VS and if theLTM pool is down and basically marks the GTM pool as down which is as expected however, I cant use the same monitor for Translation VS in GSLB and as the LTM VS status is always unknown the failover will not happen for a public IP.

Wondering if there is anything I can do track the status of LTM VS from the Transaltion VS in GSLB or the GSLB pool for the translation VS?

I hope the above make sense but let me know if you have any questions?

your help will be highly appreciated.

Regards,
Qasim

Forum Discussion

GTM + LTM-VS+Irule and dynamic failover

11 Replies

Recent Discussions

Wildcard SSL Certificate Deployment on F5 LTM

URL

Big-IP Next 20.2.0-2.375.1+0.0.43 iRule count problem

Problems connecting to vpn after upgrading to ubuntu 24.04

iRule resulting in too many redirects

Related Content

Configuring AWS HA Failover Across AZs Without EIPs Using F5 Cloud Failover Extension (CFE)

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

Using Distributed Cloud DNS Load Balancer with Geo-Proximity and failover scenarios

LTM Traffic Policies vs iRules: Which runs first?

Improve BIG-IP APM VPN speed with TLS dynamic record size