Send transaction to all the members of a pool

Hello Alan,

 

 

There isn't a mechanism within iRules that would allow you to send a TCP request simultaneously to multiple destinations. Out of curiosity, what type of application would this be used for? Would mirroring work for your requirement? This is a network level option available. You can get more details in the manuals on AskF5.

 

 

Aaron

Hi, Aaron,

 

 

I don't mind if the TCP request is sent to multiple destinations in serial. I just don't know whether that is feasible in the iRule, and how.

 

 

What we are trying to do is send the incoming transaction to an application for safekeeping after forwarding it to the real destination. I have been looking into the clone pool function. But, what I have read from this forum and user manuals indicates that the destination of a clone pool must be some kind of IDS system, which doesn't work in my case as the application is only designed to listen to a specific port for incoming TCP transaction. The transaction forwarded to a clone pool apparently does not target any port, therefore, the application is unable to capture any cloning traffic from the Big IP. I think this is different from connection mirror, which is used for maintaining the connection in case of failover.

 

 

Thanks,

 

Alan

Sorry, I meant clone pool--not mirroring. And no, I don't think there is a way to replay a TCP packet simultaneously or serially.

 

 

I'm not sure how it would work even if you could "multiplex" the requests in the way you describe. How would LTM know which response to send back to the client. I can also imagine replaying the same request to multiple destinations would add a significant amount of latency to the response.

 

 

Can you sync the data between the servers at the app layer?

 

 

Aaron

Well, we only intend to send back the response from the real destination. Also, the client will wait for one response only. Once it receives it, it will simply close the connection and initiate a new transaction. Maybe this will terminate the session so quickly that we couldn't even forward the request to another server.

 

 

We are aware of the latency introduced to the process. But since the client is only expecting one response (and the Big IP is supposed to send only one response back to the client), the latency might not be visible to the client, I think. But, all these are just what we could image. They don't seem to be archiveable.

 

 

Our goal is provide independent audit on the incoming transction at the Big IP level. Sync the data between servers is not really an option.

 

 

Thanks,

 

Alan

That make sense. I just don't know of any method for doing it in an iRule. I don't think there is a mechanism that would allow you to replay a TCP request to multiple nodes. Any one else have some magic up their sleeve which would work?

 

 

Aaron

Hi,

 

 

i agree with Hoolio, i'm afraid it's not possible through TCP.

 

 

Clone pool uses MAC Addresses of its pool members to send the packet to it. The destination IP address/port for this packet will be the IP address/port of the pool member selected (in the pool configured in the VS/iRule) to receive its transaction so that's why we say it's for IDS because IDS works in promiscious mode and listen for all traffic on its interface.

Thank you all! I guess I am going to have to find an alternative. Or maybe someday I will find the magic iRule that can do this crazy job. :D

 

 

Alan