Easiest to answer inline:
- I have SNAT applied to the VIP, however I don't understand what you mean when you say "or does the pool member default route back through the BIG-IP?". If you could explain the difference that would be great. Also is the TCPDUMP done on the RedHat box or the F5? I've never done that.
A SNAT changes the client's source address to something that is owned by the BIG-IP (a self-IP address when using Automap, for example). This forces the client to route back through the BIG-IP for responses. You don't technically need a SNAT though if you can guarantee that the server will route back through the BIG-IP. This is usually accomplished with a default gateway setting on the server - which would affect all source addresses NOT emanating from the same subnet. The only real downside of SNAT is that you lose the client's true source in the TCP header. If that's not a concern, then SNAT makes life a lot easier. As for TCPDUMP, you can run it anywhere there's visibility. So assuming you have TWO interfaces (external and internal), the following would allow you to see the incoming and outgoing traffic for a given VIP or server:
tcpdump -lnni external host [VIP IP] [and other filters]
tcpdump -lnni internal host [server IP] [and other filters]
where "external" and "internal" are the actual names of the VLANs that you created. The MAN page for TCPDUMP (man tcpdump from the BIG-IP command line) has all of the syntax you'll need to tweak the filters so that you're looking at only the traffic that is specific to this VIP/server. What you're looking for is a) the client communicating with the VIP, and b) the BIG-IP (SNAT address) communicating with the server. You also want to look for the server to respond to the BIG-IP's request. You can also use the -Xs0 switch on TCPDUMP to see the actual HTTP payload passing back and forth. Very useful.
- I never see the statement "We are inside the if statement" in the log. I see "Request before if statement" and then 4 seconds later I see "Request before if statement". Nothing further is shown that seems to apply to the irule. Before I changed the irule to what you suggested, I did see "We are inside the if statement', but it was also stuck in a loop that ran 12 times before it gave up. I think applying your irule helped with the loop but the irule logic is still not giving the expected result.
Interesting. That leads me to believe that the condition isn't matching:
if { ( [string tolower [HTTP::host]] equals "server.domain.com" ) and ( [string tolower [HTTP::uri]] starts_with "/webapplication?frc=AO" ) }
So either the host isn't "server.domain.com" or the URI doesn't start with "/webapplication?frc=AO". Change the first log statement to read like this:
log local0. "Request Before if statement: [HTTP::host][HTTP::uri]"
What do you get?
- I've asked the application administrator if port :8006 is required in the Host header. I'm awaiting his reply.
I'm beginning to believe that 2 above is the problem - the request isn't matching the condition, but good to know what the app admin says in any case.