Forum Discussion

Wasfi_Bounni's avatar
Wasfi_Bounni
Icon for Cirrocumulus rankCirrocumulus
May 04, 2021

Would the irule command: event disable all cause LTM traffic policies not to be evaluated?

Hi;

 

I know that the irule command event disable all causes any further irules not to be evaluated. My question is: What about LTM policies? Do they also not get evaluated?

 

Kindly

Wasfi

  • The evidence would suggest that Local Traffic Policies are evaluated independently from iRules. I ran a test with the following iRule and Local Traffic Policy assigned to the same virtual server:

    when CLIENT_ACCEPTED {
        event disable all
    }
     
    when HTTP_REQUEST {
        log local0. "iRule event disable all logging message"
    }
    ltm policy ltp_http_request_log {
        last-modified 2021-05-06:14:26:09
        requires { http }
        rules {
            write_log_message {
                actions {
                    0 {
                        log
                        write
                        facility local0
                        message "Logging from local policy on HTTP_REQUEST event"
                        priority info
                    }
                }
            }
        }
        status published
        strategy first-match
    }

    Here is a screen shot of the local traffic policy as well:

    When I sent multiple HTTP requests to the virtual server, the iRule did not write any log messages, but the local traffic policy did, as shown below:

    May  6 14:28:15 bigip4 info tmm[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event

    In summary then, the iRule disabled all events upon completion of the client-side connection, preventing the HTTP_REQUEST event from occurring. However, the local traffic policy still triggered at the HTTP_REQUEST (request) event and was able to write the log message.

    Hope this answers your question.

  • Not sure but check the below with iRules support LTM Policy

    https://devcentral.f5.com/s/articles/ltm-policy

  • The evidence would suggest that Local Traffic Policies are evaluated independently from iRules. I ran a test with the following iRule and Local Traffic Policy assigned to the same virtual server:

    when CLIENT_ACCEPTED {
        event disable all
    }
     
    when HTTP_REQUEST {
        log local0. "iRule event disable all logging message"
    }
    ltm policy ltp_http_request_log {
        last-modified 2021-05-06:14:26:09
        requires { http }
        rules {
            write_log_message {
                actions {
                    0 {
                        log
                        write
                        facility local0
                        message "Logging from local policy on HTTP_REQUEST event"
                        priority info
                    }
                }
            }
        }
        status published
        strategy first-match
    }

    Here is a screen shot of the local traffic policy as well:

    When I sent multiple HTTP requests to the virtual server, the iRule did not write any log messages, but the local traffic policy did, as shown below:

    May  6 14:28:15 bigip4 info tmm[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event
    May  6 14:28:15 bigip4 info tmm1[9908]: [/Common/ltp_http_request_log/write_log_message]: Logging from local policy on HTTP_REQUEST event

    In summary then, the iRule disabled all events upon completion of the client-side connection, preventing the HTTP_REQUEST event from occurring. However, the local traffic policy still triggered at the HTTP_REQUEST (request) event and was able to write the log message.

    Hope this answers your question.