Adding Port Range For Members

Question

Hello,
I am attempting to add pool members that are listening/balancing on multiple ports while the VIP listens on a single port.  e.g.:
VIP:2000
    node1:2000
    node1:2001
    node1:2002
    node2:2000
    node2:2001
    node2:2002

In the past requests have been small enough I've been able to add each node:port combination as individual nodes, however, a new request has come in that requires several hundred "pool members" in this fashion.
I could probably brute force it through the CLI, but was hoping for a more elegant solution with an iRule.  I found a tutorial[1] on how to allow the VIP to listen on a range of ports, but I only want the VIP listening on one port and balancing between a range of ports.
Thanks in advance.
[1] http://support.f5.com/kb/en-us/solutions/public/6000/000/sol6018.html

stephanmanthey · Answer

How about configuring your poolmembers to port :0?
With an iRule you can modify the destination port.
Here is a working example:  
when LB_SELECTED {
    if {[LB::server port] == 0} {
            LB::reselect
            node [LB::server addr] 80
    }
}

stephanmanthey · Answer

Hi, 
the node command can be applied only once in the context of the connection and event.
The assigned port number will be used for the particular connection only.
That´s why I would recommend to use a decission matrix first (whatever your criteria is to pick a specific destination port [poolmember]) and set i.e. the $port variable.
$port will be used as follows:   
node [LB::server addr] $port
Due to setting your poolmembers to port 0, the initial server port will be 0 as well.
That´s why your syntax will not have the expected result.
In case you can provide a more specific description about pool member selection in your current deployment I´m happy to have a look at it after I´m done with my customers appointment in appr. 10 hours.

foobar01010101_ · Answer

Hello Stephan,
Thanks for your quick reply.  Would I then add all of my ports?  This seems to redirect any request on the VIP to port 80 (or maybe only requests on port 0).
To apply this to my specific situation, would something like the following work?
when LB_SELECTED {
    if {[LB::server port] == 2000} {
        LB::reselect
        node [LB::server addr] 2000
        node [LB::server addr] 2001
        node [LB::server addr] 2002
    }
}

stephanmanthey · Answer

I never saw something like this. Anyway, to craft a destination port one can go by doing a modulo 300 (range of ports) on the client source port with an offset (port range start).&nbsp;
I´m still on customer site and will provide a sample when being on my way home ... &nbsp;

alex__applebaum · Answer

As you mentioned, CLI (bash) is probably easiest way to populate your pools appropriately to leverage all the LB methods properly:&nbsp;
ex. from bash&nbsp;

for ((i=2000;i&lt;2301;i++)); do tmsh modify ltm pool example_member_range members add { 10.1.1.1:$i }; done&nbsp;

Obviously having different services on different ports on the same node is very common but out of curiosity, why have the exact same service on 300 ports on the same node? LB'ing a service usually attempts to distribute load but if distributing traffic to the same node, how does that node benefit? That just seems like a lot of overhead (administration,security,etc.) for not a lot of gain.  Just interested in the use case. &nbsp;

Forum Discussion

Adding Port Range For Members

6 Replies

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

adding pool members in cli

Assistance with iRule using port ranges

Policy to forward to a range of ports

Adding or deleting a pool member

DevCentral's Featured Member for February - Edouard Zorrilla