Forum Discussion

WeaverJK's avatar
WeaverJK
Icon for Nimbostratus rankNimbostratus
Aug 09, 2016

Assistance requested with HTTPS Response Redirect - VMware Platform Services Controller

Still very new to F5 and F5 projects. Would appreciate guidance regarding a particular configuration. Working with a VMware team to set up an F5 BIG-IP load balancer for use with vSphere Platform Services Controller (PSC) 6.0.

 

VMware's knowledge base article: https://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2098006

 

Following the article's instructions was simple enough (slight snag when setting up the server profile and receiving a "key" error; but that was resolved).

 

Issue: after a workstation uses a web browser to connect to the https://psc.company.com web site, the URL in the browser changes to https://node1.company.com instead of remaining https://psc.company.com.

 

iRules and much of the Profile stuff are new to me. I read through several F5 KBase and Dev articles. While it appears that a properly constructed iRule - applied in the correct place - would resolve the issue, I noted that a 2005 question had a response from a "drteeth" that indicated that the redirect portion of the http profile could be used for this.

 

Using the Configuration Utility, I went to Local Traffic > Profiles | HTTP, clicked Create, used "http" as the parent.

 

Under Settings, changed Redirect Rewrite from None to ALL (tried Nodes as well). Named the new profile PSC_http_response_redirect. Saved changes.

 

Next, tried modifying just the main Virtual Server, the 443 virtual server. Edited the virtual server. Went under Configuration and changed HTTP Profile from None to PSC_http_response_redirect. Saved changes.

 

Tested the web site. Went to psc.company.com and node1.company.com was returned. I then modified all remaining psc-related virtual servers so that they, too, had the HTTP profile of PSC_http_response_redirect. Tested the web site. Went to psc.company.com and node1.company.com was returned.

 

Would you please help me figure out what is missing or needs to be changed?

 

Thank you very much.

 

John

 

application delivery
LTM

13 Replies

Sort By
Show More
  • WeaverJK's avatar
    WeaverJK
    Icon for Nimbostratus rankNimbostratus
    Aug 16, 2016

    4) In an attempt to better understand iRules and HTTP, I have begun writing simple logging rules. Thanks to various sources on DevCentral for the bits of code that I am using and coupling together.

    Here is an example of the iRule:

     

    when CLIENT_ACCEPTED {
log local0. "Client Accepted.  Client IP: [IP::client_addr]"
}

     

     

    when HTTP_REQUEST {
log local0. "Request from IP [IP::local_addr] for hostname [HTTP::host] and URI [HTTP::uri]"
}

     

     

    when HTTP_RESPONSE {
log local0. "Response from IP [IP::local_addr] with server IP address [IP::server_addr].  URI not valid in this context."
}

     

    Notes: Not available in HTTP_RESPONSE:

    • HTTP::host, HTTP::uri, HTTP::server

    Output from the Logs: (IPs, of course, have been replaced with substitute values) Where:

    • 192.168.2.2 is the Non-floating Self-IP of the F5 within the 192.168.2.x vlan.
    • 192.168.2.75 is the IP of the Virtual Server hosting https://www.company.com.
    • 192.168.2.91 is the IP of the "node1" back-end server that makes up one of the Members of the Pool.
    • 192.168.1.51 is the IP address of the external workstation attempting to access https://www.company.com

    Rule /Common/RL_InformationSeekingAndLogging : Client Accepted. Client IP: 192.168.1.51

    Rule /Common/RL_InformationSeekingAndLogging : Request from IP 192.168.2.75 for hostname psc2.oma.spawar.navy.mil and URI /

    Rule /Common/RL_InformationSeekingAndLogging : Request from IP 192.168.2.75 for hostname psc2.oma.spawar.navy.mil and URI /f5-w-687474703a2f2f707363322e6f6d612e7370617761722e6e6176792e6d696c$$/

    Rule /Common/RL_InformationSeekingAndLogging : Response from IP 192.168.2.2 with server IP address 192.168.2.91. URI not valid in this context.

    Rule /Common/RL_InformationSeekingAndLogging : Request from IP 192.168.1.75 for hostname and URI /f5-w-68747470733a2f2f69732d7073632d61766930312e6f6d612e7370617761722e6e6176792e6d696c$$/websso/

  • WeaverJK's avatar
    WeaverJK
    Icon for Nimbostratus rankNimbostratus
    Aug 18, 2016

    For brevity and clarity, the actual directory structure listed below is being abbreviated as /tmp.

    Executed the following command in order to see what was going on under the hood:

     

    curl [https://psc.company.com](https://psc.company.com) --anyauth --cookie-jar /tmp/psc_cookies.txt --dump-header /tmp/psc_headerdump.txt --cacert /tmp/ca.crt --output /tmp/pscout.txt --trace /tmp/psc_trace.txt

     

    The contents of pscout.txt:

    1) Am I correct that it is the HTTP_RESPONSE that includes the information depicted by pscout.txt?

    2) Let's assume the "backendnode1" information is not in the Body of the response. It is my understanding that this means that a STREAM profile will not help. Correct?

    3) How can the “meta http-equiv content” information be modified using an iRule? Would anyone please provide sample code for this function?

    Thank you for any and all input.

    John K. Weaver

     

  • Nvoisn_328227's avatar
    Nvoisn_328227
    Icon for Nimbostratus rankNimbostratus
    Jul 25, 2017

    Hi WeaverJK,

     

    In my installation of 2 PSCs behind a F5 load balancer, I have the same issue. When I open the VIP in a web browser, I'm redirected to my active PSC. Did you find the solution ?

     

    Thanks in advance.

     

    Regards,

     

    Nicolas