Forum Discussion

Mark_Rinfret_64's avatar
Mark_Rinfret_64
Icon for Nimbostratus rankNimbostratus
Jan 31, 2007

iRule Syntax Error???

I must be in one of those "forest vs. the trees" situations. I've written a bunch of iRules with no problem, but one I'm currently working on is generating an error that has me stumped. (I'm running BIG-IP 9.2.3 Build 34.8.)

 

 

This much of it (a small subset) will cause "b verify load" to fail (or bigstart restart to fail, if I force it to load):

 

rule pvns_update_sdp {

 

when RULE_INIT {

 

log local0.debug "Here I am."

 

Define an array of "DESCRIBE active" flags, indexed by client IP.

 

array set ::pvnsDescribeActive { }

 

Clear the array if it was previously defined.

 

array unset ::pvnsDescribeActive

 

 

Define an array of "SDP active" flags, indexed by client IP.

 

array set ::pvnsSdpActive { }

 

Clear the array if it was previously defined.

 

array unset ::pvnsSdpActive

 

Define an array of Streamer virtual server addresses,

 

indexed by client IP.

 

array set ::pvnsStreamerVS { }

 

array unset ::pvnsStreamerVS

 

}

 

 

This event fires when the client (e.g. pvPlayer) makes a request to the

 

virtual server. We indicate that we want to collect the incoming TCP data

 

so we can examine TCP::payload.

 

when CLIENT_ACCEPTED {

 

set clientIP [IP::client_addr]

 

log local0.debug "=========================================="

 

log local0.debug "$clientIP has been accepted"

 

Get the address of the virtual server that the client came through.

 

set ::pvnsStreamerVS($clientIP} [IP::local_addr]

 

set ::pvnsDescribeActive($clientIP) 0

 

set ::pvnsSdpActive($clientIP) 0

 

TCP::collect 20

 

}

 

}

 

 

The message reported at the console indicates a problem at the penultimate right brace:

 

 

[root@sdbigip1:INOPERATIVE] config b verify load

 

BIGpipe is only validating the commands.

 

Reading configuration from /config/bigip_base.conf.

 

Reading configuration from /usr/bin/monitors/builtins/base_monitors.conf.

 

Reading configuration from /config/profile_base.conf.

 

Reading configuration from /config/daemon.conf.

 

BIGpipe: 010a0040:3: Syntax error in /config/bigip.conf line 210:

 

}

 

 

[root@sdbigip1:INOPERATIVE] config

 

 

This rule is presently unused (not referenced by any other object) and is an attempt to incrementally rewrite a previous rule which presented problems. When I added the CLIENT_ACCEPTED event, it started causing problems. I know I'm gonna feel stooopid when someone tells me what I've done wrong, but I'm stumped.

 

Thanks for your help,

 

Mark

 

  • thanks again nmenant,

     

    now,I wrote the below irule on my BIG-IP system but it seems my irule script doesn't work with HTTPS.

     

     

    What i want to do is to redirect URI beginning with some keywords to some specific pools like.

     

     

    when HTTP_REQUEST {

     

    if { [HTTP::uri] starts_with "/m-admin" } {

     

    use pool Portal_m_443

     

    }

     

    elseif { [HTTP::uri] starts_with "/myblog" } {

     

    use pool Portal_m_443

     

    }

     

    else {

     

    use pool Portal_443

     

    }

     

    }

     

     

    I name this irule portal_443.

     

     

    i applied this irule to HTTPS virtual server like 10.8.52.9:443 , resource-> irule portal_443

     

     

    Please note that the BIG-IP is not the termination of the SSL connection. the servers are..( so HTTPS encryption/decryption will happen on the pool members.) SSL keys/certificates are all installed on the pool members.

     

     

    pool Portal_443 members:

     

    10.8.52.244:443

     

    10.8.52.245:443

     

    10.8.52.246:443

     

     

    pool Portal_m_443 member:

     

    10.8.52.244:443

     

     

    The PROBLEM IS HTTPS ACCESS TO MY PORTAL SITE DOESN'T WORK.

     

     

    Does anybody know why it is not working ??

     

    is it because the BIG-IP is not the SSL termination ??

     

    do I need to install key/certificate on BIG-IP system for this iRule to work with HTTPS connections ??

     

     

    please advise.

     

     

    Sakolan

     

     

  • Hi,

     

     

    If your BIGIP is not the SSL termination then the iRule won't work.

     

     

    You need the BIGIP to be the SSL termination in order to be able to trigger your HTTP_REQUEST event

     

     

    Before working on an iRule you should first set up properly your configuration.

     

     

    Once it's done if you need to manipulate HTTP within HTTPS you'll need the BIGIP to be the SSL termination (you can activate again HTTPS between the BIGIP and the servers if you want).

     

     

  • Hi,

     

    You were right. I configured the BIG-IP as the SSL termination and installed the SSL certificate on the LB.

     

    everything was alright and the iRules work fine.

     

     

    Thank you.

     

     

    Sakolan