• BIGIP F5 iRule — Server Selection based on Client Source Address and Port

    A interesting request came up today regarding a Web Service we provide to multiple clients, all of whom have peering points connecting their IP network to ours using private address. The request was to have certain clients hit a particular Web box in a Server Pool, while others hitting the other. At the same time only for certain ports. Some of our web applications use a variety of ports because of the proprietary application running. Ports include, all TCP, 80, 443, 5555, 6050.  So I set off to create an iRule to handle this and have it log to show how everything is being mapped, start to finish for each connection.

    A Service little info:

    • Client PAT = 10.99.29.10
    • PrimaryWebCluster = 10.43.1.6
    • Web01 = 10.43.4.231
    • Web02 = 10.43.4.232
    • Ports = 80, 443, 5555, 6050

    iRule: irule_SrvSelection_byClientSrcAndPort

    when CLIENT_ACCEPTED {    
         if { [TCP::local_port] == 80 } {  
            if { [IP::addr [IP::client_addr] equals 10.99.29.10] } {        
            pool pool_ct_primarywebcluster_80 member 10.43.4.231 80
            log local0. "[IP::client_addr] is Web01"            
            } else {        
             pool pool_ct_primarywebcluster_80 member 10.43.4.232 80    
            log local0. "[IP::client_addr] is Web02"          
            }
        }
        if { [TCP::local_port] == 443 } {
            if { [IP::addr [IP::client_addr] equals 10.99.29.10] } {        
            pool pool_ct_primarywebcluster_443 member 10.43.4.231 443
            log local0. "[IP::client_addr] is Web01"            
            } else {        
             pool pool_ct_primarywebcluster_443 member 10.43.4.232 443
            log local0. "[IP::client_addr] is Web02"  
            }
        }
    if { [TCP::local_port] == 5555 } {
            if { [IP::addr [IP::client_addr] equals 10.99.29.10] } {        
            pool pool_ct_primarywebcluster_5022 member 10.43.4.231 5022
            log local0. "[IP::client_addr] is Web01"   
            } else {        
             pool pool_ct_primarywebcluster_5022 member 10.43.4.232 5022
            log local0. "[IP::client_addr] is Web02"  
            }
        }
    }
    
    if { [TCP::local_port] == 6050 } {
            if { [IP::addr [IP::client_addr] equals 10.99.29.10] } {        
            pool pool_ct_primarywebcluster_5022 member 10.43.4.231 5022
            log local0. "[IP::client_addr] is Web01"   
            } else {        
             pool pool_ct_primarywebcluster_5022 member 10.43.4.232 5022
            log local0. "[IP::client_addr] is Web02"  
            }
        }
    }
    when SERVER_CONNECTED {
      log local0. "Connection from [IP::client_addr]:[TCP::client_port]. \
        Mapped to F5 Floating IP [serverside {IP::local_addr}]:[serverside {TCP::local_port}] \
        -->> [IP::server_addr]:[serverside {TCP::remote_port}]"
    }

    And to check, SSH into the Primary F5 in the pair and type bash to give you shell access. (BIGIP v11.5+),

    tailf /var/log/ltm
    
     tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02
     tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:22524. to VIP 10.43.1.6  -->> 10.43.4.232:443
     tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02
     tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:10972. to VIP 10.43.1.6  -->> 10.43.4.232:443
     tmm[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02
     tmm[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:53187. to VIP 10.43.1.6  -->> 10.43.4.232:443
     tmm2[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02
     tmm2[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:15709. to VIP 10.43.1.6  -->> 10.43.4.232:443
     tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02
     tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:62364. to VIP 10.43.1.6  -->> 10.43.4.232:443
     tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02
     tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:62496. to VIP 10.43.1.6  -->> 10.43.4.232:443
     tmm[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02
     tmm[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:42691. to VIP 10.43.1.6  -->> 10.43.4.232:443
     tmm1[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02
     tmm1[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:28510. to VIP 10.43.1.6  -->> 10.43.4.232:443
     tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02
     tmm3[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:40464. to VIP 10.43.1.6  -->> 10.43.4.232:443
     tmm1[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02
     tmm1[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:4082. to VIP 10.43.1.6  -->> 10.43.4.232:443
     tmm[14225]: Rule /Common/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02
    

    Nice!!

     

  • Migration Completed to new Hosting

    thejimmahknows.com has been successfully migrated to new hosting. If you were experiencing any issues with browsing they should be clearing up now…

  • VoIP:101 — Building your VoIP Network — Part 2

    Welcome back to Part #2 of this series on setting up your VoIP network!. (Part #1, Part #2, Part #3)

    PART #2 — Call routing, Call numbers, SIP Trunks
    • VoIP SIP Termination — Where VoIP ends and PSTN begins
    • SIP Trunks and DID(external PTSN numbers)
    • Inbound and Outbound Call Routing
    • Optional: Install g729 codec

    As you can see we have a lot to cover, so let’s get ready for ROUND 2!!!

    [Read More…]

↓