Forum Discussion

Ram_T_S's avatar
Ram_T_S
Icon for Altostratus rankAltostratus
Aug 29, 2018

Help required to construct Irule for Source based Http redirection

Hi Team,

 

I need a help to construct the Irule for the following requirement.

 

We have a application called finance running in 2 different servers located on different location.

 

Site A: https://site1.xyz.com/finance/home/?locale=en_uk

 

Site B: https://site2.xyz.com/finance/home/?locale=en_uk

 

Now customer want to create a common VIP for both the sites with following requirements.

 

Users from 192.168.53.x/24 should always reach site A Users from 192.168.1.x/21 and 192.168.16.x/21 should always reach site B Any users other than this subnet should reach any of the available members.

 

I created the site like this:

 

Virtual server: Finanace_VIP 192.168.223.1:443 Pool: Finance_Pool Pool members: SiteA:443 SiteB:443 HealthMonitor Https

 

Irule:

 

when HTTP_REQUEST { if {([active_members Finance_Pool] == 1) and ([IP::addr [IP::client_addr] equals 192.168.53.x/24]) } { HTTP::redirect "https://site1.xyz.com/finance/home/?locale=en_uk"; } else if {([active_members Finance_Pool] == 1) and ([IP::addr [IP::client_addr] equals 192.168.1.x/21 or ([IP::addr [IP::client_addr] equals 192.168.16.x/21]) }

 

{ HTTP::redirect "https://site2.xyz.com/finance/home/?locale=en_uk"; } else { pool finance_pool }

 

}

 

Will this help to fulfill my requirement. Please provide suggestion to implement this successfully.

 

iRules
security

3 Replies

Sort By
  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Icon for Nacreous rankNacreous
    Aug 29, 2018

    There a few issues with the iRule you've provided, I've re-written it to fulfill what I understand to be your requirements. To use this iRule there are three pools, siteA_pool containing site A members, siteB_pool containing site B members, and siteAB_pool containing members from both previous pools.

    The iRule is quite basic and could be replaced with an LTM traffic policy. 

    when HTTP_REQUEST { 
    if {[IP::addr [IP::client_addr] equals 192.168.53.0/24]} {
        pool siteA_pool
    } elseif {([IP::addr [IP::client_addr] equals 192.168.1.0/21) || ([IP::addr [IP::client_addr] equals 192.168.16.0/21)} {
        pool siteB_pool
    } else {
        pool siteAB_pool
    }
}
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Aug 29, 2018

    It looks fine, except for maybe this,

    [active_members Finance_Pool] == 1

    You're looking at pool status, but which pool status, and why? Presumably you'd want to know the pool status of the other site's pool before redirecting traffic to it, but that's not information you're going get here. I'd offer three suggestions:

    • Simply HTTP redirect to the other site, regardless of its availability, though you run the risk of redirecting to a failed site.
    • Create some out-of-band mechanism to feed availability state to each peer, though you still run the risk of not getting this message in time.
    • Set up active global availability with an F5 DNS service. This way the peers have real-time knowledge of peer availability and will provide appropriate DNS resolution based on source address.
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Aug 29, 2018

    Hi,

    Hope it can help you:

    when HTTP_REQUEST {
    if { [IP::addr [IP::client_addr] equals 192.168.53.0/24] && !([active_members [LB::server pool]] < 1 ) } {
        HTTP::redirect "https://site1.xyz.com/finance/home/?locale=en_uk"
    }

    elseif { ( [IP::addr [IP::client_addr] equals 192.168.1.0/21] or [IP::addr [IP::client_addr] equals 192.168.16.0/21] ) && !([active_members [LB::server pool]] < 1 )  } {
        HTTP::redirect "https://site2.xyz.com/finance/home/?locale=en_uk"
    } else {
         default
    }
}