Forum Discussion

Aldo_Peirano_17's avatar
Aldo_Peirano_17
Icon for Nimbostratus rankNimbostratus
Oct 01, 2014

Assistance required with irule for airwatch

any help anyone can provide will REALLY be appreciated. We are in the middle of an Airwatch deployment and we have setup our AWCM servers in a load balance behind an F5. We were finding lots of problems were occurring during the setup, and we have discovered it's related to the persistence.

 

The Airwatch documentation does not seem to help much but here is what they are telling me. We need to write a iRule to persist based on the awcmsessionid value, which can be either a variable in a URL or in the HTTP header depending on what is contacting AWCM.

 

an example of the value in a URL is https://aw.airwatch.com:2001/awcm?awcmsessionid=23213043-543348se

 

an example of the value in an HTTP header awcmsessionid: 293cc42-545ll2hwj2-

 

In the rule we will need to get that value put in a variable and then run the persist command on it persist carp $variable

 

Any help anyone can provide in writing this iRule would be lot of help since this is my first look at iRules.

 

Thx for your time.

 

application delivery
devops
iRules

7 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 02, 2014

    OK, this shouldn't be too hard. Any specific reason you want to use CARP? Here's a first attempt;

    when HTTP_RESPONSE {
   Check the awcmsessionid header exists
  if { [HTTP::header exists "awcmsessionid"] } {

    If it does, check it has a usable value
    if { [HTTP::header value "awcmsessionid"] != "" } {
      If it does, use it to create a persistence record
      persist add uie [HTTP::header value "awcmsessionid"] 1800
    }
    else {
      log local0. "The awcmsessionid HTTP header was found but is null"
      No luck then, will need to rely on request query string if we can
    }

  else {
    log local0. "The awcmsessionid HTTP header was not found"
    No luck then, will need to rely on request query string
  }
  }
}

when HTTP_REQUEST {
  Check the awcmsessionid header exists
  if { [HTTP::header exists "awcmsessionid"] } {

    If it does, check it has a usable value
    if { [HTTP::header value "awcmsessionid"] != "" } {
      If it does, use it to do a persistence lookup
      If you need to select a pool, do so here, before we persist
      persist uie [HTTP::header value "awcmsessionid"] 1800
      exit here to ensure we don't do two persistence lookups
      return
    }
    else {
      log local0. "The awcmsessionid HTTP header was found but is null"
      No luck then, will need to rely on request query string
    }
  }

  No header so lets use the HTTP query instead, if we can
  Check the right string exists
  if { [string tolower [HTTP::query ]] contains "awcmsessionid" } {

    The required query string is there, let's get it's value
    We'll find awcmsessionid, move one to the right (the =)
    and store data to the end of the query in our variable
    set querystring [findstr [HTTP::query] "awcmsessionid" "1"]
    Lets check its not null
    if { $querystring != "" } {
      persist uie $querystring 1800
    }
    else {
      log local0. "No header or relevant query string found - can't persist"
    }
  }   
}
  • Aldo_Peirano_17's avatar
    Aldo_Peirano_17
    Icon for Nimbostratus rankNimbostratus
    Oct 02, 2014

    Wow, thank you so much I will give it a try today and see how that works out. We are using CARP as their document outlines how to setup a Persistence profile using the CARP Hash Algorithm. Really new to the F5 so i'm just following directions on this one :).

     

    Really appreciate your help I will let you know how it works out for us.

     

    Regard.

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 02, 2014

    You're very welcome. A few things to note;

     

    • I've not used CARP in this iRule as I'm not sure it'll work in this case. I'll reconsider if you tell me the existing rule doesn't work.
    • You may need to enable OneConnect to ensure this works correctly.

    Cheers

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 02, 2014

    Just tested syntax on my AWS lab, had a few errors. Here is a corrected version;

    when HTTP_RESPONSE {
   Check the awcmsessionid header exists
  if { [HTTP::header exists "awcmsessionid"] } {

    If it does, check it has a usable value
    if { [HTTP::header value "awcmsessionid"] != "" } {
      If it does, use it to create a persistence record
      persist add uie [HTTP::header value "awcmsessionid"] 1800
    }
    else {
      log local0. "The awcmsessionid HTTP header was found but is null"
      No luck then, will need to rely on request query string if we can
    }
  }

  If no header found
  log local0. "The awcmsessionid HTTP header was not found"
}

when HTTP_REQUEST {
  Check the awcmsessionid header exists
  if { [HTTP::header exists "awcmsessionid"] } {

    If it does, check it has a usable value
    if { [HTTP::header value "awcmsessionid"] != "" } {
      If it does, use it to do a persistence lookup
      If you need to select a pool, do so here, before we persist
      persist uie [HTTP::header value "awcmsessionid"] 1800
      exit here to ensure we don't do two persistence lookups
      return
    }
    else {
      log local0. "The awcmsessionid HTTP header was found but is null"
      No luck then, will need to rely on request query string
    }
  }

  No header so lets use the HTTP query instead, if we can
  Check the right string exists
  if { [string tolower [HTTP::query ]] contains "awcmsessionid" } {

    The required query string is there, let's get it's value
    We'll find awcmsessionid, move one to the right (the =)
    and store data to the end of the query in our variable
    set querystring [findstr [HTTP::query] "awcmsessionid" "1"]
    Lets check its not null
    if { $querystring != "" } {
      persist uie $querystring 1800
    }
    else {
      log local0. "No header or relevant query string found - can't persist"
    }
  }   
}
  • syedimam_147051's avatar
    syedimam_147051
    Icon for Nimbostratus rankNimbostratus
    Aug 25, 2015

    Hi I am also in the process of deploying Airwatch. Can anyone please confirm if this iRULE works? Thanks Syed

     

  • Cory_O's avatar
    Cory_O
    Icon for Cirrus rankCirrus
    Aug 25, 2015

    We have ADCs on both the upstream and downstream sides of our AirWatch SEG environment. Since all the devices are merely MS Exchange ActiveSync clients, we used the same persistence and overall settings as detailed in the F5 Exchange Deployment Guide. Simply follow the manual process in the guide for the ActiveSync service.

    Health monitoring on the upstream side [SEG] required the following three monitors:

    ltm monitor https /Common/ActiveSync_https_monitor {
    cipherlist DEFAULT:+SHA:+3DES:+kEDH
    compatibility enabled
    defaults-from /Common/https
    destination *:*
    interval 10
    ip-dscp 0
    recv "HTTP/1.1 401 Unauthorized"
    send "GET /Microsoft-Server-Activesync HTTP/1.1\\r\\nHost: %YOUR_FQDN_HERE%\\r\\nConnec
tion: Close\\r\\n\\r\\n"
    time-until-up 0
    timeout 31
}
ltm monitor https /Common/EASIntegration_https_monitor {
    cipherlist DEFAULT:+SHA:+3DES:+kEDH
    compatibility enabled
    defaults-from /Common/https
    destination *:*
    interval 10
    ip-dscp 0
    recv "HTTP/1.1 200 OK"
    send "GET /SegConsole/management.ashx\?ping HTTP/1.1\\r\\nHost: %YOUR_FQDN_HERE%\\r\\nC
onnection: Close\\r\\n\\r\\n"
    time-until-up 0
    timeout 31
}
ltm monitor https /Common/SEGConsole_https_monitor {
    cipherlist DEFAULT:+SHA:+3DES:+kEDH
    compatibility enabled
    defaults-from /Common/https
    destination *:*
    interval 10
    ip-dscp 0
    recv "HTTP/1.1 200 OK"
    send "GET /SegConsole/default.aspx HTTP/1.1\\r\\nHost: %YOUR_FQDN_HERE%\\r\\nConnection
: Close\\r\\n\\r\\n"
    time-until-up 0
    timeout 31
}

    This is of course assuming you're using SEG and not another AW product!

    I hope that helps!

    -C

  • syedimam_147051's avatar
    syedimam_147051
    Icon for Nimbostratus rankNimbostratus
    Aug 25, 2015

    Thanks so much, currently we are deploying Device Servers and AWCM with Console Servers. Any help with AWCM persistance please. Thanks Syed