Forum Discussion
NimbostratusCreating a protocol converter and data splitter with iRule and high speed logging
NimbostratusI've created a demo irule that achieves the goal using high speed logging.
when CLIENT_ACCEPTED { set hsl [HSL::open -proto UDP -pool my_mirror_pool] log local0. "Client Accepted [IP::client_addr] [TCP::client_port]" log local0. "$hsl" TCP::collect }
when CLIENT_DATA { set tcplen [TCP::payload length] log local0. "TCP Length ($tcplen)" set recvdata [TCP::payload] set hsl_send [HSL::send $hsl $recvdata] log local0. "recevied ($recvdata)" log local0. "send ok ($hsl_send)"
release to move on with other processing
TCP::release
call collect again to keep this routing going
TCP::collect }
This works to pass the TCP traffic from client to server, but it will only send the output to the "mirror" server to the service port of the configured in the mirror pool's node. That means that all 4 ports worth of traffic get mirrored to the one service port of the pool's node.
my problem is that for each server above, we have 8 connections and we have 32 total servers to account for. So, since I cannot control the outbound port with high speed logging, I would need to create 256 total mirror pools, each with 1 node in them to be the correct destination port. This seems like a lot of work. Then i would still need logic in the irule to find the right output mirror pool.
Is there no way to control the output port of high speed logging, other than having the destination pool have the correct service port?
I was reading KB articles about classes and data groups in iRules, so perhaps I could just implement a lookup system inside the irule:
data group: input server X, destination port X, mirror server Y, destination port Y
once i filled in this table once I could then just open a simple UDP sideband connection to send the packet to mirror server Y, destination port Y.
Thoughts? Thanks, Damon
