Forum Discussion

DamonL_356592's avatar
DamonL_356592
Icon for Nimbostratus rankNimbostratus
Mar 23, 2018

Creating a protocol converter and data splitter with iRule and high speed logging

We have an application that can only send TCP to one destination and we’d like to have the F5 do two things with each incoming packet: 1. Send original TCP packet to original destination. 2. Convert the TCP packet to UDP and send to a copy of the packet to a "mirror" destination.

 

This virtual server would be a protocol converter and “splitter” at the same time.

 

The client application we want to work on creates 4 TCP connections to the server on different TCP ports.

 

Clients 1 sends TCP from 10.10.10.10 to Server 1 at 20.20.20.20 on TCP port 8000 Clients 1 sends TCP from 10.10.10.10 to Server 1 at 20.20.20.20 on TCP port 8001 Clients 1 sends TCP from 10.10.10.10 to Server 1 at 20.20.20.20 on TCP port 8002 Clients 1 sends TCP from 10.10.10.10 to Server 1 at 20.20.20.20 on TCP port 8003

 

We would like to have this data flow after we insert the F5:

 

Client 1 sends TCP from 10.10.10.10 to F5 VIP on TCP port 8000, then F5 VIP sends to server 1 at 20.20.20.20 on TCP port 8000 and then UDP to server 2 at 30.30.30.30 on UDP port 8000 Client 1 sends TCP from 10.10.10.10 to F5 VIP on TCP port 8001, then F5 VIP sends to server 1 at 20.20.20.20 on TCP port 8001 and then UDP to server 2 at 30.30.30.30 on UDP port 8001 Client 1 sends TCP from 10.10.10.10 to F5 VIP on TCP port 8002, then F5 VIP sends to server 1 at 20.20.20.20 on TCP port 8002 and then UDP to server 2 at 30.30.30.30 on UDP port 8002 Client 1 sends TCP from 10.10.10.10 to F5 VIP on TCP port 8003, then F5 VIP sends to server 1 at 20.20.20.20 on TCP port 8003 and then UDP to server 2 at 30.30.30.30 on UDP port 8003

 

The pieces I need appear to be: 1. Conversion from TCP to UDP. I found an article where someone has done this. https://devcentral.f5.com/questions/tcp-to-udp-conversion-collection 2. High speed logging. This feature seems to give me the ability to send a copy of the data of a packet.

 

I'm relatively new to F5, so here is what i was thinking the solution would be: 1. Standard TCP virtual server that forwards original TCP packet to original destination in a pool. 2. High speed logging rule in an iRule that will convert data to UDP and send to server 2, which is in a separate pool.

 

Questions: 1. Does the HSL command replace the need to include the TCP to UDP iRule commands? 2. Does the HSL command need to send to a specific type of pool? is it some kind of syslog pool or can it just be a pool i create? The documentation seems to indicate it's just a normal pool 3. How do I tell the HSL command to take all of the user data in the TCP packet? 3. Is there a better way to do this?

 

Thank you very much in advance for your help! Damon

 

application delivery
iRules
LTM

1 Reply

  • DamonL_356592's avatar
    DamonL_356592
    Icon for Nimbostratus rankNimbostratus
    Mar 25, 2018

    I've created a demo irule that achieves the goal using high speed logging.

     

    when CLIENT_ACCEPTED { set hsl [HSL::open -proto UDP -pool my_mirror_pool] log local0. "Client Accepted [IP::client_addr] [TCP::client_port]" log local0. "$hsl" TCP::collect }

     

    when CLIENT_DATA { set tcplen [TCP::payload length] log local0. "TCP Length ($tcplen)" set recvdata [TCP::payload] set hsl_send [HSL::send $hsl $recvdata] log local0. "recevied ($recvdata)" log local0. "send ok ($hsl_send)"

     

    release to move on with other processing

    TCP::release

     

    call collect again to keep this routing going

    TCP::collect }

     

    This works to pass the TCP traffic from client to server, but it will only send the output to the "mirror" server to the service port of the configured in the mirror pool's node. That means that all 4 ports worth of traffic get mirrored to the one service port of the pool's node.

     

    my problem is that for each server above, we have 8 connections and we have 32 total servers to account for. So, since I cannot control the outbound port with high speed logging, I would need to create 256 total mirror pools, each with 1 node in them to be the correct destination port. This seems like a lot of work. Then i would still need logic in the irule to find the right output mirror pool.

     

    Is there no way to control the output port of high speed logging, other than having the destination pool have the correct service port?

     

    I was reading KB articles about classes and data groups in iRules, so perhaps I could just implement a lookup system inside the irule:

     

    data group: input server X, destination port X, mirror server Y, destination port Y

     

    once i filled in this table once I could then just open a simple UDP sideband connection to send the packet to mirror server Y, destination port Y.

     

    Thoughts? Thanks, Damon