A interesting request came up today regarding a Web Service we provide to multiple clients, all of whom have peering points connecting their IP network to ours using private address. The request was to have certain clients hit a particular Web box in a Server Pool, while others hitting the other. At the same time only for certain ports. Some of our web applications use a variety of ports because of the proprietary application running. Ports include, all TCP, 80, 443, 5555, 6050. So I set off to create an iRule to handle this and have it log to show how everything is being mapped, start to finish for each connection.
A Service little info:
- Client PAT = 10.99.29.10
- PrimaryWebCluster = 10.43.1.6
- Web01 = 10.43.4.231
- Web02 = 10.43.4.232
- Ports = 80, 443, 5555, 6050
iRule: irule_SrvSelection_byClientSrcAndPort
when CLIENT_ACCEPTED { if { [TCP::local_port] == 80 } { if { [IP::addr [IP::client_addr] equals 10.99.29.10] } { pool pool_ct_primarywebcluster_80 member 10.43.4.231 80 log local0. "[IP::client_addr] is Web01" } else { pool pool_ct_primarywebcluster_80 member 10.43.4.232 80 log local0. "[IP::client_addr] is Web02" } } if { [TCP::local_port] == 443 } { if { [IP::addr [IP::client_addr] equals 10.99.29.10] } { pool pool_ct_primarywebcluster_443 member 10.43.4.231 443 log local0. "[IP::client_addr] is Web01" } else { pool pool_ct_primarywebcluster_443 member 10.43.4.232 443 log local0. "[IP::client_addr] is Web02" } } if { [TCP::local_port] == 5555 } { if { [IP::addr [IP::client_addr] equals 10.99.29.10] } { pool pool_ct_primarywebcluster_5022 member 10.43.4.231 5022 log local0. "[IP::client_addr] is Web01" } else { pool pool_ct_primarywebcluster_5022 member 10.43.4.232 5022 log local0. "[IP::client_addr] is Web02" } } } if { [TCP::local_port] == 6050 } { if { [IP::addr [IP::client_addr] equals 10.99.29.10] } { pool pool_ct_primarywebcluster_5022 member 10.43.4.231 5022 log local0. "[IP::client_addr] is Web01" } else { pool pool_ct_primarywebcluster_5022 member 10.43.4.232 5022 log local0. "[IP::client_addr] is Web02" } } } when SERVER_CONNECTED { log local0. "Connection from [IP::client_addr]:[TCP::client_port]. \ Mapped to F5 Floating IP [serverside {IP::local_addr}]:[serverside {TCP::local_port}] \ -->> [IP::server_addr]:[serverside {TCP::remote_port}]" }
And to check, SSH into the Primary F5 in the pair and type bash to give you shell access. (BIGIP v11.5+),
tailf /var/log/ltm
tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02 tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:22524. to VIP 10.43.1.6 -->> 10.43.4.232:443 tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02 tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:10972. to VIP 10.43.1.6 -->> 10.43.4.232:443 tmm[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02 tmm[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:53187. to VIP 10.43.1.6 -->> 10.43.4.232:443 tmm2[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02 tmm2[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:15709. to VIP 10.43.1.6 -->> 10.43.4.232:443 tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02 tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:62364. to VIP 10.43.1.6 -->> 10.43.4.232:443 tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02 tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:62496. to VIP 10.43.1.6 -->> 10.43.4.232:443 tmm[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02 tmm[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:42691. to VIP 10.43.1.6 -->> 10.43.4.232:443 tmm1[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02 tmm1[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:28510. to VIP 10.43.1.6 -->> 10.43.4.232:443 tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02 tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:40464. to VIP 10.43.1.6 -->> 10.43.4.232:443 tmm1[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02 tmm1[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:4082. to VIP 10.43.1.6 -->> 10.43.4.232:443 tmm[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02
Nice!!