Jump to content
Welcome to our new Citrix community!

Need help on below F5 iRules to convert into Netsclaer Policy


Ashutosh Padhi

Recommended Posts

1) irule 1 

==========

 

when HTTP_REQUEST {
        if {[HTTP::header value "service-version"] equals "3.4"} {
        #        log local0. "Header service-verion contain value 2.4.. \n Incoming URI = [HTTP::uri]"
    set uri [string map -nocase {"\digital-services-3.3" "\digital-services-3.4"} [HTTP::uri]]
   # log local0. "New URI = $uri"
    HTTP::uri $uri

        } else {

         #       log local0. "HTTP Header service-version value is : "
         #       log local0.  [HTTP::header service-version]
        }
}
 

 

2) IRule2

========

 

when HTTP_REQUEST {

if { [active_members AVIS_Web_Pool] == 0 } {
   HTTP::header replace HTTP:uri "/sorrypage.htm" 
   pool sorry_server_pool 

# if matches avislease then go to A1..A9 web servers pool on port 271
 } elseif { [string tolower [HTTP::host]] equals "www.jkl.com" } {
    pool web_lease_pool

# if matches avispreferred then go to A1..A9 web servers pool on port 270
 } elseif { [string tolower [HTTP::host]] equals "www.cde.eu" } {
    pool web_preferred_pool

 } elseif { [string tolower [HTTP::uri]] starts_with "/secure/preferred/" } {
    pool web_preferred_pool

# for everything else go to standard Web Server pool.
 } else {
    pool ABC_Web_Pool
 }
}

Link to comment
Share on other sites

Rule 1: this looks like simple Rewrite policy with User Customizable Log Message.

 

Rule 2: this is Content Switching.

  • For the first "if" statement, I suspect you'd need to configure each of the Content Switching Action LB vServers with the Backup vServer or Redirect URL.
  • The other pools are standard Content Switching Policies with LB Actions.
  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...

Hi,

I am not clear on this, please help me with example for below.

 

irule 1

====

There is no action for this " else " statement. how we can create the action then ?

 } else {

         #       log local0. "HTTP Header service-version value is : "
         #       log local0.  [HTTP::header service-version]
        }
}

 

irule2

=====

I am not sure to how to make a policy for below.

 

if { [active_members AVIS_Web_Pool] == 0 } {
   HTTP::header replace HTTP:uri "/sorrypage.htm" 
   pool sorry_server_pool 

# if matches avislease then go to A1..A9 web servers pool on port 271
 } elseif { [string tolower [HTTP::host]] equals "www.jkl.com" } {
    pool web_lease_pool

# if matches avispreferred then go to A1..A9 web servers pool on port 270
 } elseif { [string tolower [HTTP::host]] equals "www.cde.eu" } {
    pool web_preferred_pool

 } elseif { [string tolower [HTTP::uri]] starts_with "/secure/preferred/" } {
    pool web_preferred_pool

Link to comment
Share on other sites

Is all traffic on this coming in to appliance on one port like 80 and then being directed to services (aka pools) on different ports?

Or is the inbound traffic on a specific port to begin with. If the latter, you just load balance on each port. If the former, you need a combination of content switching and load balancing.

 

Service pools/members in f5 will be handled usually as services or servicegroups.  Load Balancing vservers (LB vservers) will usually handle the inbound vip/port and the lb method/persistence).

 

When you want to sort traffic to different destinations aka pools, then you need to use content switching vservers to receive traffic on the inbound port/vip and then use cs policies to identify traffic of interest to send to each lb vserver (which can be non-addressable) and then its services.  In this case your cs vserver is sorting based on HOST headers or path elements.  

And then you have header replace actions would be handled by REWRITE or RESPONDER depending on context.

 

Basic explanations first (I won't be able to mock this up until later, unless someone gets to it first):

### This first IF clause, is if there are no members up, redirect to the "/sorrypage". In LB this can be done with protection method: redirect URL that applies only when down. If we do this on the cs vserver side, you would need the "state update" enabled but there may be other factors that affect this behavior.  I think you could set this per lb vserver for the same result.

if { [active_members AVIS_Web_Pool] == 0 } {
   HTTP::header replace HTTP:uri "/sorrypage.htm" 
   pool sorry_server_pool 

 

## You would need a lb vserver non-addressable (no vip, no port) pointing to you servicegroup A1-A9 on port HTTP:271.  Expression for content switching is:  http.req.header("host").set_text_mode(ignorecase).eq("www.jkl.com") to direct traffic to this cs vserver.  

# if matches avislease then go to A1..A9 web servers pool on port 271. 
 } elseif { [string tolower [HTTP::host]] equals "www.jkl.com" } {
    pool web_lease_pool

 

##   This would be a non-addressable lb vserver pointing to a different servicegroup for A1-A9 on port 270.  Expression for content switching for this set is, I think: http.req.header("host").set_text_mode(ignorecase).eq("www.cde.eu") || http.req.url.path.set_text_mode(ignorecase).startswith("/secure/preferred")  But if the /secure/preferred path CAN overlap with other hostnames, this might need to be done differently.

# if matches avispreferred then go to A1..A9 web servers pool on port 270
 } elseif { [string tolower [HTTP::host]] equals "www.cde.eu" } {
    pool web_preferred_pool

 } elseif { [string tolower [HTTP::uri]] starts_with "/secure/preferred/" } {
    pool web_preferred_pool

 

 

 

 

 

 

Link to comment
Share on other sites

Basic explanations first (I won't be able to mock this up until later, unless someone gets to it first):

### This first IF clause, is if there are no members up, redirect to the "/sorrypage". In LB this can be done with protection method: redirect URL that applies only when down. If we do this on the cs vserver side, you would need the "state update" enabled but there may be other factors that affect this behavior.  I think you could set this per lb vserver for the same result.

if { [active_members AVIS_Web_Pool] == 0 } {
   HTTP::header replace HTTP:uri "/sorrypage.htm" 
   pool sorry_server_pool 

 

 

I tried to enable "state update" on CS Vserver, but did not get the option to add the redirect URL.

Followed below documentation , but i believe it says about the normal load balancing server instead of a CS Vserver. 

 

https://docs.citrix.com/en-us/citrix-adc/current-release/getting-started-with-citrix-adc/load-balancing/protect-load-balancing-configuration.html

Link to comment
Share on other sites

If not, then do all backup methods on the lb vservers instead. If traffic affects an lb vserver, then either a backup vserver (preferred) or redirect url should work.  But there are some aspects to consider.

If your cs is such that all traffic matches a policy or there's no place to send it, then the default lb vserver can be a placeholder vserver with the error redirect as well. There's just a couple of details that need to be confirmed to know the best way to solve the problem.

 

Back to CS though, and how did you try to set the redirect url (which part of gui)?

Which version are you on?

If you are in GUI on cs vserver, go to "protection" section and see if "redirect url" is there or if it is just backup vserver.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...