Forum Discussion

Peter_Baumann's avatar
Peter_Baumann
Icon for Cirrostratus rankCirrostratus
Jun 05, 2018

LTM policies only works with http profile?

Hi all, Today I found a limit when needed the following config:

A tcp-only service on one VS which does listen to any.

About 60 tcp-only listener ports which should be load balanced to two backends.

We need to monitor each of the tcp-ports of the backends, therefore we need about 60 pools for this.

I created the following objects:

1 VS ANY TCP listener

60 pools, one for each tcp listener with two backend members.

1 LTM policy with 60 rules like the following:
rule_AQ {
    actions {
        0 {
            forward
            select
            pool /Common/pool_AQ_8137
        }
    }
    conditions {
        0 {
            tcp
            port
            values { 8137 }
        }
    }
}

When I try to add the LTM policy to the VS I get the error:

010716d9:3: Virtual server /Common/AQ-domain.com_any requires a profile of type http for ltm policy /Common/pol_AQ_8137.

Since this config would be used as a tcp-only service, I cannot add a http profile to the VS.

So are LTM policies only usable for HTTP traffic?

Thanks, Peter

  • Found the problem but no solution to it...

    When I add the first rule the following tag is added:

    controls { forwarding }
    requires { http }
    rules {
    

    So "requires { http }" does mean to add a http profile to the VS.

    I cannot create any LTM policy with only "require { tcp }" in the UI.

    I tried to change the config and used "requires { tcp }", the following error shows up:

    010717bc:3: Policy '/Common/pol_AQ_8137', rule 'rule_AQ'; event 'request' is not available, add the appropriate profile type as required.
    Unexpected Error: Validating configuration process failed.

  • text
    When you create the "do the following..." change the request to be client accepted. This should match the client excepted in your "Match traffic" session and should be good. I was able to build this.

    ltm policy test-aq {
        controls { forwarding }
        last-modified 2018-06-05:09:15:03
        requires { tcp }
        rules {
            test {
                actions {
                    0 {
                        forward
                        client-accepted
                        select
                        pool poo14
                    }
                }
                conditions {
                    0 {
                        tcp
                        client-accepted
                        port
                        values { 8137 }
                    }
                }
            }
        }
        status published
        strategy first-match
    }