I want to pull some percentage of the traffic off and send it to one web server pool and send everything else to a different pool.
Simplest way to do it would seem to be by the last digit of the number of seconds -- that gives me granularity of 10% at a time. To start off, I'm doing just 10% of the traffic, so I'll pick requests with seconds ending in "0"
when HTTP_REQUEST {
if { [HTTP::uri] equals "/directme" } {
set foobaz [clock seconds]
if { $foobaz ends_with "0"} {
pool special
}
else {
pool normal
}
}
}
Showing posts with label f5. Show all posts
Showing posts with label f5. Show all posts
Sunday, November 7, 2010
Wednesday, November 3, 2010
A bit more about the F5
The F5 local traffic manager (LTM) is a load balancer. Here's a quick overview of how it does its basic thing:
Individual web servers are defined as "nodes". Each node can be part of one or more "pools" of web servers. These pools are then assigned as a resource to any of the "virtual servers" that you define.
When you set up a virtual server, you have to indicate what port and protocol you're using. If it's for SSL connectivity and the F5 is handling the encryption, you'll need to indicate what certificates you should be using.
You can specify what healthchecks it should use to determine if a node is up, and what metrics the F5 should use to figure out who to hand the next connection off to when it uses a pool containing several members.
Individual web servers are defined as "nodes". Each node can be part of one or more "pools" of web servers. These pools are then assigned as a resource to any of the "virtual servers" that you define.
When you set up a virtual server, you have to indicate what port and protocol you're using. If it's for SSL connectivity and the F5 is handling the encryption, you'll need to indicate what certificates you should be using.
You can specify what healthchecks it should use to determine if a node is up, and what metrics the F5 should use to figure out who to hand the next connection off to when it uses a pool containing several members.
Sunday, October 31, 2010
Writing an F5 iRule to block traffic by user-agent
So, the F5's can do all kinds of swoopy things using the iRule scripting language. I've been playing around with simple ones.
Suppose I want to block all the traffic from a certain robot that advertises itself as having the user-agent field "AnnoyingRobot". I could use an iRule like this to block it:
The "contains" operator looks for a substring, so it'll catch "AnnoyingRobot/4.5" and "AnotherAnnoyingRobotButDifferent/mozilla".
The next step would be to have it search against a list of user-agents. The way to do this is with a "class" or "datagroup" (the terms appear to be interchangeable in F5-speak). So you can use the GUI to create a "string" type datagroup named "userAgentsToBlock" that contains:
and then change the rule to be like this:
Then apply that iRule to a given virtual server, and you're all set to drop traffic from user-agents you don't like.
Suppose I want to block all the traffic from a certain robot that advertises itself as having the user-agent field "AnnoyingRobot". I could use an iRule like this to block it:
when HTTP_REQUEST {
if { [HTTP::header "User-Agent"] contains "AnnoyingRobot" } {
drop
return }
}
The "contains" operator looks for a substring, so it'll catch "AnnoyingRobot/4.5" and "AnotherAnnoyingRobotButDifferent/mozilla".
The next step would be to have it search against a list of user-agents. The way to do this is with a "class" or "datagroup" (the terms appear to be interchangeable in F5-speak). So you can use the GUI to create a "string" type datagroup named "userAgentsToBlock" that contains:
AnnoyingRobot RegisCustomUseragent OtherStuffWeBlock
and then change the rule to be like this:
when HTTP_REQUEST {
if { [matchclass [HTTP::header "User-Agent"] contains $::userAgentsToBlock ] } {
drop
return }
}
Then apply that iRule to a given virtual server, and you're all set to drop traffic from user-agents you don't like.
Subscribe to:
Comments (Atom)
About Me
- regis
- Regis has worked as a network engineer since 1994 for small companies and for large companies.
