Using iRule on F5 LTM to Redirect Lync Web Services Traffic to Different Pools Based on Client IP Address

This article provide step-by-step instructions on how to use iRule to redirect Lync Web Services traffic to different pools based on the client IP address.

 

These are the steps involved in configuring BIG-IP LTM to redirect Lync Web Services traffic to different polls based on the client IP address:

  • Creating a new TCP Monitor
  • Creating a new Lync Front End Pool (port 4443)
  • Creating a new client-side TCP profile
  • Creating a new iRule
  • Creating a new Persistence profile
  • Creating a new Virtual Server

 

1. Create a new TCP Monitor

1.1  From the main menu, navigate to Local TrafficVirtual ServersProfilesProtocolTCP

1.2  Click Create on the top right

1.3  Type in the name of the profile (e.g., Lync-tcp-monitor-fe)

1.4  Select TCP as the Type and the tcp as the Parent Monitor

       Note: This will import all the values from the tcp baseline(parent) profile.

1.5  Enter 30 seconds for the Interval

1.6  Enter 91 seconds for the Timeout

1.7  Click Finished at the bottom of the screen 

  

2. Create a new Pool

2.1  From the main menu, navigate to Local TrafficVirtual ServersPoolsPool List

2.2  Click Create on the top right

2.3  Type in the name of the pool (e.g., LyncFEPool_4443)

2.4  Select the Health Monitor that you created in Step 7 and move it over to Active

2.5  Select Least Connections (member) as the Load Balancing Method

       Note: The Least Connections load balancing method determines the member/node with the least connections to pass the service request. Thus, the service requests are evenly distributed among poor members. This method is recommended for supporting long-lived connections.

2.6  Select Node List to see the list of available nodes (click New Node and enter the IP address of each Office Web Apps Server if the servers are not in the list)

2.7  Select the IP address of each Office Web Apps Server

2.8  Enter 4443 as the Service Port and click Add

2.9  Click Finished at the bottom of the screen once all the servers have been added 

  

3. Create a new client-side TCP profile

3.1  From the main menu, navigate to Local TrafficVirtual ServersProfilesProtocolTCP

3.2  Click Create on the top right

3.3  Type in the name of the profile (e.g., Lync-tcp-fe)

3.4  Select tcp as the Parent Profile

       Note: This will import all the values from the tcp baseline(parent) profile.

3.5  Enter 1800 seconds for the Idle Timeout 

3.6  Click Finished at the bottom of the screen 

  

4. Create a new iRule

4.1  From the main menu, navigate to Local Traffic – Virtual Servers – iRule – iRule List

4.2  Click Create on the top right

4.3  Type in the name of the profile (e.g., LyncWebServices)

4.4  Type in the following rule (modify the IP address/subnet to reflect your network environment) in the Definition field:

when CLIENT_ACCEPTED {
 if { [IP::addr [IP::client_addr] equals 172.16.1.0/24] } {
  pool LyncWebServices_443
 } elseif { [IP::addr [IP::client_addr] equals 10.0.0.0/24] } {
  pool LyncWebServices_443
 } else {
  pool LyncWebServices_4443
 }
}

Note: This rule will redirect internal users (source network 172.16.1.0/24 or 10.0.0.0/24) to the Lync Front End servers on port 443 (Internal Web Services). All other traffic coming in from other network will be redirected to the Lync Front End servers on port 4443 (External Web Services).

 

4.5  Click Finished at the bottom of the screen

 

 

5. Create a new Cookie Persistent profile

5.1  From the main menu, navigate to Local TrafficVirtual ServersProfiles – Persistence

5.2  Click Create on the top right

5.3  Type in the name of the profile (e.g., Lync-source-fe)

5.4  Select Source Address Affinity as the Persistent Type

5.4  Select source_addr as the Parent Profile

       Note: This will import/keep all the values from the source_addr baseline(parent) profile.

5.6  Enter 1800 seconds for the Timeout

5.7  Click Finished at the bottom of the screen

  

6. Create a new Virtual Server

6.1  From the main menu, navigate to Local TrafficVirtual ServersVirtual Server List

6.2  Click Create on the top right

6.3  Type in the name of the virtual server (e.g., LyncWebServices_443)

6.4  Select Host as the Destination Type

6.5  Enter the IP address of the external URL

6.6  Enter 443 as the Service Port

6.7  From Configuration, select Advanced

6.8  Select the TCP client profile that you created in Step 3 as the Protocol Profile (Client) (e.g., Lync-tcp-fe)

6.9  Select Auto Map for the Source Address Translation

6.10  From the Resources section, select the iRule that you created in Step 4 (e.g., LyncWebServices)

6.11  Do not select any pools as the Default Pool

6.12  Select the Source Persistent profile that you created in Step 5 as the Default Persistent Profile (e.g., Lync-source-fe)

6.13  Click Finished at the bottom of the screen

 

You can validate the configuration by examining the IIS logs on the Front End servers.