Hi, we are using iRules to direct traffic to a different pool, when traffic comes to the same VIP, but to a different HTTP host. For example: when HTTP_REQUEST { switch [string tolower [HTTP::host]] { wap.example.com { pool Pool_2 persist source_addr 255.255.255.255 12000 } } } The idea is that if "HTTP:host" is anything different form "wap.example.com", then the traffic goes to Pool_1. The iRule is assigned to a VIP. A persistence profile with Source Address Affinity is also assigned to the VIP. This persistence profile has mirroring enabled. The question is: How to enable persistence mirroring when the iRule directs traffic to Pool_2 for host "wap.example.com"?

Whithout replicating your setup in the lab I cannot give a reliable answer. The answer might also be TMOS version dependent. One thing I´m pretty sure about is the impact of mirroring on the virtual server. In this case traffic will be replicated to the peer anyway and it will be able to build it´s own persistence table in case of the "wap" related selection. As mirroring might have a significant performance impact this approach won´t be my first choice. You can verify persistence records on both units via tmsh command more or less in realtime: watch –d 'tmsh show ltm persist persist-records all-properties' Take off the 'all-properties' switch from the command for less details. Another approach would be to pick another virtual on your system which is bound to Pool_2 (instead of selecting Pool_2 directly). The 2nd virtual server has his own persistence profile with mirroring enabled and in this case there should be no grey zone. Thanks, Stephan

The TMOS version we use is 11.4.0. How do we introduce the 2nd virtual server for Pool_2? I guess HTTP redirect should be used so that the client browser establishes a TCP connection (and sends HTTP requests) to the correct IP - or is there a better way? Regards, Srecko

No need to redirect. Actually you are using the command "pool " in your iRule to select the 2nd pool. Instead you can use "virtual " to forward traffic "internally" to another virtual server. So please just create a 2nd virtual server with an individual persistence profile and reference this one in your iRule via the "virtual" command. Thanks & regards, Stephan

Thank you for your reply! I'll definitely try this set-up. Regards, Srecko

Persistence mirroring with irules

12 Replies

StephanManthey
MVP
Nov 29, 2013
Whithout replicating your setup in the lab I cannot give a reliable answer. The answer might also be TMOS version dependent.
One thing I´m pretty sure about is the impact of mirroring on the virtual server. In this case traffic will be replicated to the peer anyway and it will be able to build it´s own persistence table in case of the "wap" related selection.
As mirroring might have a significant performance impact this approach won´t be my first choice.
You can verify persistence records on both units via tmsh command more or less in realtime:

watch –d 'tmsh show ltm persist persist-records all-properties'

Take off the 'all-properties' switch from the command for less details.

Another approach would be to pick another virtual on your system which is bound to Pool_2 (instead of selecting Pool_2 directly). The 2nd virtual server has his own persistence profile with mirroring enabled and in this case there should be no grey zone.
Thanks, Stephan
Srecko_M__12636
Nimbostratus
Dec 02, 2013
The TMOS version we use is 11.4.0. How do we introduce the 2nd virtual server for Pool_2? I guess HTTP redirect should be used so that the client browser establishes a TCP connection (and sends HTTP requests) to the correct IP - or is there a better way?

Regards, Srecko
StephanManthey
MVP
Dec 02, 2013
No need to redirect.
Actually you are using the command "
pool
" in your iRule to select the 2nd pool. Instead you can use "
virtual
" to forward traffic "internally" to another virtual server.
So please just create a 2nd virtual server with an individual persistence profile and reference this one in your iRule via the "
virtual
" command.
Thanks & regards, Stephan
Srecko_M__12636
Nimbostratus
Dec 02, 2013
Thank you for your reply! I'll definitely try this set-up. Regards, Srecko

nitass

Employee

Dec 02, 2013

The question is: How to enable persistence mirroring when the iRule directs traffic to Pool_2 for host "wap.example.com"?

just wondering whether it is already working.

e.g.

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.20.111:80
    ip-protocol tcp
    mask 255.255.255.255
    persist {
        source-addr-mirror {
            default yes
        }
    }
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        myrule
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 9
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm persistence source-addr source-addr-mirror
ltm persistence source-addr source-addr-mirror {
    app-service none
    mirror enabled
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool qux
ltm pool qux {
    members {
        200.200.200.111:80 {
            address 200.200.200.111
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
  when HTTP_REQUEST {
    switch [string tolower [HTTP::host]] {
      wap.example.com {
        pool qux
        persist source_addr 255.255.255.255 12000
      }
    }
  }
}

active:

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records all-properties
Sys::Persistent Connections
source-address - 172.28.20.111:80 - 200.200.200.111:80
------------------------------------------------------
  TMM           1
  Mode          source-address
  Value         172.28.20.17
  Age (sec.)    145
  Virtual Name  /Common/bar
  Virtual Addr  172.28.20.111:80
  Node Addr     200.200.200.111:80
  Pool Name     /Common/qux
  Client Addr   172.28.20.17
  Owner entry

Total records returned: 1

standby:

root@(ve11b)(cfg-sync In Sync)(Standby)(/Common)(tmos) show ltm persistence persist-records all-properties
Sys::Persistent Connections
source-address - 172.28.20.111:80 - 200.200.200.111:80
------------------------------------------------------
  TMM           1
  Mode          source-address
  Value         172.28.20.17
  Age (sec.)    0
  Virtual Name  /Common/bar
  Virtual Addr  172.28.20.111:80
  Node Addr     200.200.200.111:80
  Pool Name     /Common/qux
  Client Addr   172.28.20.17
  Owner entry

Total records returned: 1

StephanManthey
MVP
Dec 02, 2013
Thanks nitass for the repro! Will the record persist, in case you change the hostname? Another persistence record should be created, imho. Ideally the records would be used now selectively depending on the requested hostname. Btw, in case of using Hash Mode "carp" in Source Address Affinity, a mirroring won´t be necessary anyway as long as both members of the device group see same pool member states. Thanks, Stephan

nitass_89166

Noctilucent

Dec 02, 2013

The question is: How to enable persistence mirroring when the iRule directs traffic to Pool_2 for host "wap.example.com"?

just wondering whether it is already working.

e.g.

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.20.111:80
    ip-protocol tcp
    mask 255.255.255.255
    persist {
        source-addr-mirror {
            default yes
        }
    }
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        myrule
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 9
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm persistence source-addr source-addr-mirror
ltm persistence source-addr source-addr-mirror {
    app-service none
    mirror enabled
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool qux
ltm pool qux {
    members {
        200.200.200.111:80 {
            address 200.200.200.111
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
  when HTTP_REQUEST {
    switch [string tolower [HTTP::host]] {
      wap.example.com {
        pool qux
        persist source_addr 255.255.255.255 12000
      }
    }
  }
}

active:

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records all-properties
Sys::Persistent Connections
source-address - 172.28.20.111:80 - 200.200.200.111:80
------------------------------------------------------
  TMM           1
  Mode          source-address
  Value         172.28.20.17
  Age (sec.)    145
  Virtual Name  /Common/bar
  Virtual Addr  172.28.20.111:80
  Node Addr     200.200.200.111:80
  Pool Name     /Common/qux
  Client Addr   172.28.20.17
  Owner entry

Total records returned: 1

standby:

root@(ve11b)(cfg-sync In Sync)(Standby)(/Common)(tmos) show ltm persistence persist-records all-properties
Sys::Persistent Connections
source-address - 172.28.20.111:80 - 200.200.200.111:80
------------------------------------------------------
  TMM           1
  Mode          source-address
  Value         172.28.20.17
  Age (sec.)    0
  Virtual Name  /Common/bar
  Virtual Addr  172.28.20.111:80
  Node Addr     200.200.200.111:80
  Pool Name     /Common/qux
  Client Addr   172.28.20.17
  Owner entry

Total records returned: 1

StephanManthey
MVP
Dec 02, 2013
Thanks nitass for the repro! Will the record persist, in case you change the hostname? Another persistence record should be created, imho. Ideally the records would be used now selectively depending on the requested hostname. Btw, in case of using Hash Mode "carp" in Source Address Affinity, a mirroring won´t be necessary anyway as long as both members of the device group see same pool member states. Thanks, Stephan

nitass

Employee

Dec 02, 2013

Will the record persist, in case you change the hostname? Another persistence record should be created, imho.

yes

active:

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records all-properties
Sys::Persistent Connections
source-address - 172.28.20.111:80 - 200.200.200.101:80
------------------------------------------------------
  TMM           1
  Mode          source-address
  Value         172.28.20.17
  Age (sec.)    3
  Virtual Name  /Common/bar
  Virtual Addr  172.28.20.111:80
  Node Addr     200.200.200.101:80
  Pool Name     /Common/foo
  Client Addr   172.28.20.17
  Owner entry

source-address - 172.28.20.111:80 - 200.200.200.111:80
------------------------------------------------------
  TMM           1
  Mode          source-address
  Value         172.28.20.17
  Age (sec.)    1266
  Virtual Name  /Common/bar
  Virtual Addr  172.28.20.111:80
  Node Addr     200.200.200.111:80
  Pool Name     /Common/qux
  Client Addr   172.28.20.17
  Owner entry

Total records returned: 2

standby:

root@(ve11b)(cfg-sync In Sync)(Standby)(/Common)(tmos) show ltm persistence persist-records all-properties
Sys::Persistent Connections
source-address - 172.28.20.111:80 - 200.200.200.101:80
------------------------------------------------------
  TMM           1
  Mode          source-address
  Value         172.28.20.17
  Age (sec.)    0
  Virtual Name  /Common/bar
  Virtual Addr  172.28.20.111:80
  Node Addr     200.200.200.101:80
  Pool Name     /Common/foo
  Client Addr   172.28.20.17
  Owner entry

source-address - 172.28.20.111:80 - 200.200.200.111:80
------------------------------------------------------
  TMM           1
  Mode          source-address
  Value         172.28.20.17
  Age (sec.)    0
  Virtual Name  /Common/bar
  Virtual Addr  172.28.20.111:80
  Node Addr     200.200.200.111:80
  Pool Name     /Common/qux
  Client Addr   172.28.20.17
  Owner entry

Total records returned: 2

StephanManthey
MVP
Dec 02, 2013
Thanks! :)

nitass_89166

Noctilucent

Dec 02, 2013

Will the record persist, in case you change the hostname? Another persistence record should be created, imho.

yes

active:

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records all-properties
Sys::Persistent Connections
source-address - 172.28.20.111:80 - 200.200.200.101:80
------------------------------------------------------
  TMM           1
  Mode          source-address
  Value         172.28.20.17
  Age (sec.)    3
  Virtual Name  /Common/bar
  Virtual Addr  172.28.20.111:80
  Node Addr     200.200.200.101:80
  Pool Name     /Common/foo
  Client Addr   172.28.20.17
  Owner entry

source-address - 172.28.20.111:80 - 200.200.200.111:80
------------------------------------------------------
  TMM           1
  Mode          source-address
  Value         172.28.20.17
  Age (sec.)    1266
  Virtual Name  /Common/bar
  Virtual Addr  172.28.20.111:80
  Node Addr     200.200.200.111:80
  Pool Name     /Common/qux
  Client Addr   172.28.20.17
  Owner entry

Total records returned: 2

standby:

root@(ve11b)(cfg-sync In Sync)(Standby)(/Common)(tmos) show ltm persistence persist-records all-properties
Sys::Persistent Connections
source-address - 172.28.20.111:80 - 200.200.200.101:80
------------------------------------------------------
  TMM           1
  Mode          source-address
  Value         172.28.20.17
  Age (sec.)    0
  Virtual Name  /Common/bar
  Virtual Addr  172.28.20.111:80
  Node Addr     200.200.200.101:80
  Pool Name     /Common/foo
  Client Addr   172.28.20.17
  Owner entry

source-address - 172.28.20.111:80 - 200.200.200.111:80
------------------------------------------------------
  TMM           1
  Mode          source-address
  Value         172.28.20.17
  Age (sec.)    0
  Virtual Name  /Common/bar
  Virtual Addr  172.28.20.111:80
  Node Addr     200.200.200.111:80
  Pool Name     /Common/qux
  Client Addr   172.28.20.17
  Owner entry

Total records returned: 2

StephanManthey
MVP
Dec 02, 2013
Thanks! :)

Forum Discussion

Persistence mirroring with irules

12 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

F5 Connection Mirroring question

BIG-IP connection mirroring in public cloud doesn't work, but why?

Persistence mirroring across datacenters?

XFF Universal Persistence iRule

How useful is SSL mirroring when clustering?