Jump to content
Welcome to our new Citrix community!

iRules to Citrix Policy


Vijay Sriram

Recommended Posts

Hi All

 

Just wanted to see if some one can help convert the below F5 iRules  to Netscaler Policy. I believe both iRules will be tranformed in to Netscaler Content Switching? 

 

my ADC version is 12.X

 

iRule 1

 

when HTTP_REQUEST {
if {[HTTP::uri] contains "CTLPB" } {
pool WL_PBT-pool
LB::detach
persist none
}
elseif {[HTTP::uri] contains "CONWS" } {
pool WL_WST-pool
LB::detach
persist none
}
elseif {[HTTP::uri] contains "CONFR" or [HTTP::uri] contains "PaymentQueryProxy" } {
pool WL_FRT-pool
LB::detach
persist none
}
elseif {[HTTP::uri] contains "DPBNE"} {
pool WL_BNE-pool
LB::detach
persist none
}
elseif {[HTTP::uri] contains "Manual_Gate_CONWS_PS" or [HTTP::uri] contains "GEK" or [HTTP::uri] 
contains "GOS" or [HTTP::uri] contains "RFID" } {
pool WL_WST_GATE-pool
LB::detach
persist none
}
}

 

 

iRule 2

 

when HTTP_REQUEST {
if {[HTTP::uri] contains "CTLPB" } {
pool WL_PBT-pool
}
elseif {[HTTP::uri] ends_with "SN4VBSMessagingPS_CONWS" or [HTTP::uri] ends_with 
"BulkRunPRAMessageProxyService_CONWS" or [HTTP::uri] ends_with "SN4VBSMessagingPS_CONWI" or 
[HTTP::uri] ends_with "Manual_Gate_CONWS_PS" or [HTTP::uri] contains "GEK" } {
pool WL_WST-pool
}
elseif {[HTTP::uri] contains "CONFR" or [HTTP::uri] contains "DPWStorageQuery" } {
pool WL_FRT-pool
}
elseif {[HTTP::uri] contains "DPBNE"} {
pool WL_BNE-pool
}
}

 

Thank you in Advance

 

 

 

Link to comment
Share on other sites

Yes, as Carl said.  For each "pool" define an LB vserver with the necessary destinations (services or service groups). The lb tier can be non-addressable with no VIPs assigned.

 

Each IRULE based on if URL contains, can be made into a CS policy whose action is the target lb vserver for that traffic destination.

Create a cs vserver with the VIP and PORT/Protocol you require - probably HTTP:80 or SSL:443 (for HTTPS).

Use CS Policies with actions to define the destinations.

 

Example CS Policies to sort based on URL contains (or URL path contains) are the following, if not in path, you can do do http.req.url.contains below too:

http.req.url.path.set_text_mode(ignorecase).contains("CTLPB")  ## Example: case-insensitive comparison

http.req.url.path.contains("CONWS")  ## EXample case-sensitive comparison

 

So, for your first scenario, the cs policies and actions that point to pre-defined lb vservers of the names specified, would be like this:

# 1 - create cs vserver

add cs vserver cs_vsrv_demo1 HTTP <VIP1> 80

 

# 2 - create necessary cs actions (lb destinations) and cs policies

# NOTE: lb_vs_pbt and lb_vs_wst refers to lb vservers that are not created in these command samples.  They would need to already exist.

add cs action cs_act_toPBT -targetlbvserver lb_vs_pbt

add cs action cs_act_toWST -targetlbvserver lb_vs_wst

add cs policy cs_pol_toPBT -rule 'http.req.url.path.contains("CTLPB")' -action cs_act_toPBT

add cs policy cs_pol_toWST -rule 'http.req.url.path.contains("CONWS")' -action cs_act_toWST

 

# 3 - bind policies to cs vserver in priority order

bind cs vserver cs_vsrv_demo1 -policyName cs_pol_toPBT -priority 100

bind cs vserver cs_vsrV_demo2 -policyName cs_pol_toWST  -priority 200

 

# for any unmatched traffic, you can specificy a default destination which is used last; which be another lb vserver you would set up for these requests. 

# If no default destination provided, then any unmatched traffic with no destination will return a 503/Service Unavailable response.

bind cs vserver cs_vsrv_demo1 -lbvserver <lb_vsrv_defaultname>

 

# Example 2 above

On 2/25/2022 at 11:39 PM, Vijay Sriram said:

when HTTP_REQUEST {
if {[HTTP::uri] contains "CTLPB" } {
pool WL_PBT-pool
}
elseif {[HTTP::uri] ends_with "SN4VBSMessagingPS_CONWS" or [HTTP::uri] ends_with 
"BulkRunPRAMessageProxyService_CONWS" or [HTTP::uri] ends_with "SN4VBSMessagingPS_CONWI" or 
[HTTP::uri] ends_with "Manual_Gate_CONWS_PS" or [HTTP::uri] contains "GEK" } {
pool WL_WST-pool
}
elseif {[HTTP::uri] contains "CONFR" or [HTTP::uri] contains "DPWStorageQuery" } {
pool WL_FRT-pool
}
elseif {[HTTP::uri] contains "DPBNE"} {
pool WL_BNE-pool
}

 

The if/else...if statments, are just policies in a specific priority  order.

Note in the below, if you know the string in question is specific to the URL path or specific to the URL query, you can use http.req.url.path or http.req.url.query to search a specific substring of the URL instead of the http.req.url I used below.  Narrower is more efficient, but there are multiple ways to do this.  Also, remember contains (and other comparison operators) are case-sensitive by default. You can use the set_text_mode(ignorecase) in the earlier examples to force a case-insensitive match for any comparison operator: equals, contains, beforestr, afterstr, startswith, endswith, etc.  I'm omitting it below for readability.

 

Basic expressions to do what the irules are doing would be:

a) if {[HTTP::uri] contains "CTLPB" } {

http.req.url.contains("CTLPB")

 

b) elseif {[HTTP::uri] ends_with "SN4VBSMessagingPS_CONWS" or [HTTP::uri] ends_with 
"BulkRunPRAMessageProxyService_CONWS" or [HTTP::uri] ends_with "SN4VBSMessagingPS_CONWI" or 
[HTTP::uri] ends_with "Manual_Gate_CONWS_PS" or [HTTP::uri] contains "GEK" } {
pool WL_WST-pool

http.req.url.endswith("SN4VBSMessagingPS_CONWS") || http.req.url.endswith("BulkRunPRAMessagePRoxyService_CONWS") || http.req.url.endswith("SN4VBSMessagingPS_CONWI") || http.req.url.endswith("Manual_Gate_CONWS_PS") || http.req.url.contains("GEK")

 

That should help you with the rest of your queries.

The else ifs, would just require you to match on policy1 at priority 100, if no match, then it will try policy2 at 200 etc, so use the priorities to order the processing.

 

If you still have questions about the load balancing or content switching beyond the policy examples, feel free to ask.

 

 

 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...