Forum Discussion
Check to see if [RADIUS::avp 31 string] exists
Hi. I found out about some unexpected behavior today as a result of this iRule:
when CLIENT_ACCEPTED {
persist uie "[RADIUS::avp 31 string]" 900
}
The problem I found is that the LTM sends an ICMP - Port Unreachable response when the RADIUS request doesn't contain the [RADIUS::avp 31] attribute. I need to edit this iRule in a way that checks to see if that AVP exists first. Seems simple enough, but using a simple "exists" doesn't seem to work. What's a good way to check for the existence of this parameter before attempting to use it for persistence?
Thanks.
Does [RADIUS::avp 31] possibly return as an empty string, "", if it returns nothing? I would add a log local0. "radius 31 is [RADIUS::avp 31]." And test the scenario to see if returns an empty string. If it is, your if can be
If { not ([RADIUS::avp 31 string] equals "") } { persist uie "[RADIUS::avp 31 string]" 900 } }
- Brad_ParkerCirrus
Will this work for you?
if { [info exists [RADIUS::avp 31]] } { persist uie "[RADIUS::avp 31 string]" 900 }
- smp_86112Cirrostratus
Ugh, I am very bad at this iRule syntax.
It seems to compile...I'll try it and post the results. Thanks a lot for the quick response!
- smp_86112Cirrostratus
Well, that certainly did not have the effect I intended. I caused a widespread outage as soon as I added the additional statement. Here's how the logic was implemented. See anything wrong with it? I didn't get any errors in the ltm log after it was implemented, but the service appeared to behave as though there was no persistence. That makes me suspect that the if statement prevented the persist statement fired at all.
when CLIENT_ACCEPTED { if {not ([RADIUS::avp 1 string] starts_with "radius-test")} { if { [info exists [RADIUS::avp 31]] } { persist uie "[RADIUS::avp 31 string]" 900 } } }
- Brad_ParkerCirrus
Does [RADIUS::avp 31] possibly return as an empty string, "", if it returns nothing? I would add a log local0. "radius 31 is [RADIUS::avp 31]." And test the scenario to see if returns an empty string. If it is, your if can be
If { not ([RADIUS::avp 31 string] equals "") } { persist uie "[RADIUS::avp 31 string]" 900 } }
- smp_86112Cirrostratus> Does [RADIUS::avp 31] possibly return as an empty string, "", if it returns nothing? You were exactly right. That logic does exactly what I wanted it to do, which is persist on AVP 31 only if the value "exists". Thanks a lot for your help!!!
- Brad_Parker_139Nacreous
Does [RADIUS::avp 31] possibly return as an empty string, "", if it returns nothing? I would add a log local0. "radius 31 is [RADIUS::avp 31]." And test the scenario to see if returns an empty string. If it is, your if can be
If { not ([RADIUS::avp 31 string] equals "") } { persist uie "[RADIUS::avp 31 string]" 900 } }
- smp_86112Cirrostratus> Does [RADIUS::avp 31] possibly return as an empty string, "", if it returns nothing? You were exactly right. That logic does exactly what I wanted it to do, which is persist on AVP 31 only if the value "exists". Thanks a lot for your help!!!
- smp_86112Cirrostratus
The original iRule fails like this:
- attempt to use empty persistence key (line 2) invoked from within "persist uie "[RADIUS::avp 31 string]" 900
I'm not experienced enough to know if that translates to being an empty string or not. In any case, I have lots of explaining to do to lots of business people now. It'll be awhile before I'm allowed to try and fix this. I should have done a better job of isolating my test of this change from other traffic, and I will do that next time.
I'll post an update when I have something. Thanks for your willingness to help.
- Jeff_Nguyen_449Nimbostratus
have you found a fix for this? I'm running into similar issue. Getting the following error in the LTM log.
TCL error: /Common/callid_uie-ver2 - attempt to use empty persistence key (line 6) invoked from within "persist uie $CALLID"
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com