Forum Discussion

Bob_Vance_75936's avatar
Bob_Vance_75936
Icon for Altostratus rankAltostratus
Apr 17, 2012

Global redirect

Hello,

 

 

We are looking to complete a maintenance that will essentially take all the virtuals down for a period of time. What we would like to be able to do is provide a redirect for all virtuals to a maintenance page without having to go thru and configure an irule on each one. There are approximately 2000 of them of various types and many already have irules, snats, etc that would complicate the configuration.

 

 

Has anyone ever encountered this before and have a strategy that they'd be willing to share? My first thought is to disable all VIPs and use the any/any virtual that we have to host the redirect irule. I am not sure if this will work as it's untested and I do not know if the any/any VIP would field the http requests in order to redirect them. Would disabling all VIPs cause all traffic to be handled by the any/any VIP?

 

 

Thanks in advance for any help.

 

 

Current version:

 

Version 10.2.1

 

Build 473.0

 

Edition Hotfix HF1

 

 

 

Regards,

 

 

Bob

 

config
design

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 17, 2012
    Hi Bob,

     

     

    I think you could set TM.ContinueMatching database variable to true, configure a 0.0.0.0:80 virtual server and 0.0.0.0:443 virtual server with the redirects. If you have a single SSL cert valid for all of the HTTPS hostnames you could apply that in a client SSL profile to the HTTPS virtual server. If you don't, you could still use a client SSL profile, but clients would get prompted to accept the mismatched certificate. With all the HTTP/HTTPS virtual servers disabled, TMM should match those requests to the wildcard virtual servers and you can send a redirect from those using an iRule or fallback host.

     

     

    For details on the TM.ContinueMatching variable you can check this SOL:

     

     

    sol8009: Change in Behavior: The bigpipe db TM.ContinueMatching variable is now set to false

     

    https://support.f5.com/kb/en-us/solutions/public/8000/000/sol8009.html

     

     

    I'd test this on a test unit or virtual edition to make sure the process works before trying it on a production unit.

     

     

    Aaron
  • Bob_Vance_75936's avatar
    Bob_Vance_75936
    Icon for Altostratus rankAltostratus
    Apr 17, 2012
    Thanks Aaron for the reply. This is great info. I'll try and test in out in out sandbox and post the results. It'll be tricky handling the redirect for the SSL VIPs as all the SSL termination is done at the server. I believe users will be stuck with SSL warnings to click thru.