Forum Discussion

Sam10's avatar
Sam10
Icon for Altostratus rankAltostratus
Jul 10, 2019
Solved

F5 need to same data to different nodes on a same vip

can i terminate tls connections on f5 and then f5 need to send same data to 2 different nodes. Is this possible.

  • Hello Sam.

     

    You have the iRule already explained here

    https://devcentral.f5.com/s/articles/http-request-cloning-via-irules-part-1

     

    The idea is to use High Speed Logging to send a clone of the initial packet to another set of servers (pool).

     

    Other idea is to use sideband connections with the HSSR feature.

    https://clouddocs.f5.com/api/irules/HTTP-Super-SIDEBAND-Requestor-Client-Handles-Redirects-Cookies-Chunked-Transfer-APM-Access-etc.html

     

    Everything depends on your scenario.

     

    BTW, I would appreciate if you mark my answer as the best or give me some upvotes.

    Thanks.

     

    KR,

    Dario.

3 Replies

  • Hello Sam.

    There are some approaches that can vary depends on your topology and goal. I recommend you to check this out.

    • SSLO - https://youtu.be/AadhUC5FNGs
    • Interface Mirroring/Pool Clonning - https://support.f5.com/csp/article/K13392
    • IRules for Packet Duplication - (1) https://devcentral.f5.com/s/articles/http-request-cloning - (2) https://devcentral.f5.com/s/articles/udp-tcp-packet-duplication

    KR,

    Dario.

  • Dario thanks for your response.

     

    If go with this option how is cloning going to work across 2 servers. Can you help me understand the logic

     

    rule http_request_clone_one_pool {

    when RULE_INIT {

    set static::hsl_debug 1

    set static::hsl_pool "my_syslog_pool"

    }

    when CLIENT_ACCEPTED {

    if {[active_members $static::hsl_pool]==0}{

    log "[IP::client_addr]:[TCP::client_port]: [virtual name] $static::hsl_pool down, not logging"

    set bypass 1

    return

    } else {

    set bypass 0

    }

    set hsl [HSL::open -proto TCP -pool $static::hsl_pool]

    if {$static::hsl_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: New hsl handle: $hsl"}

    }

    when HTTP_REQUEST {

    if {$bypass}{

    return

    }

    HTTP::header insert X-Forwarded-For [IP::client_addr]

    if {[HTTP::method] eq "POST"}{

    if { [HTTP::header Content-Length] >= 1 and [HTTP::header Content-Length] < 1048576 }{

    HTTP::collect [HTTP::header Content-Length]

    } elseif {[HTTP::header Content-Length] == 0}{

    HSL::send $hsl "[HTTP::request]\n"

    if {$static::hsl_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Sending [HTTP::request]"}

    }

    } else {

    HSL::send $hsl "[HTTP::request]\n"

    if {$static::hsl_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Sending [HTTP::request]"}

    }

    }

    when HTTP_REQUEST_DATA {

    set request_cmd "HTTP::request"

    if {$static::hsl_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Collected [HTTP::payload length] bytes,\

    sending [expr {[string length [eval $request_cmd]] + [HTTP::payload length]}] bytes total"}

    HSL::send $hsl "[eval $request_cmd][HTTP::payload]\nf"

    }

    }

    • Hello Sam.

       

      You have the iRule already explained here

      https://devcentral.f5.com/s/articles/http-request-cloning-via-irules-part-1

       

      The idea is to use High Speed Logging to send a clone of the initial packet to another set of servers (pool).

       

      Other idea is to use sideband connections with the HSSR feature.

      https://clouddocs.f5.com/api/irules/HTTP-Super-SIDEBAND-Requestor-Client-Handles-Redirects-Cookies-Chunked-Transfer-APM-Access-etc.html

       

      Everything depends on your scenario.

       

      BTW, I would appreciate if you mark my answer as the best or give me some upvotes.

      Thanks.

       

      KR,

      Dario.