Forum Discussion
ALAN_L_8843
Nimbostratus
NimbostratusDevice-watchdog-Answer AVP
Hi all,
I'm using below irule but it cannot take effect..... the DWA avp (origin host/origin realm) cannot be changed to specified value.
Anyone can help?
when RULE_INIT {
Device Watchdog (in hex)
set DWA_head 010000400000011800000000
origin host: BIG-IP 4249472d4950
origin realm: test.com 746573742e636f6d
set DWA_avp 0000010c4000000c000007d1000001084000000e4249472d495000000000012840000010746573742e636f6d
}8 Replies
- nitass
Employee
is the irule truncated? 
ALAN_L_8843Hi nitass,
Many thanks for your reply.
But how to check if irule truncated? ( I'm newbie on F5 >_<)
My F5 version 11.2.0 build 2451.0
This is all code of irule and it stored on file which called "diameter_prod1_save_conections_irule"....
But not working...when LB_FAILED { if { [active_members [LB::server pool]] > 0 } { after 100 LB::reselect pool [LB::server pool] } } when RULE_INIT { Device Watchdog (in hex) set DWA_head 010000400000011800000000 origin host: BIG-IP 4249472d4950 origin realm: test.com 746573742e636f6d set DWA_avp 0000010c4000000c000007d1000001084000000e4249472d495000000000012840000010746573742e636f6d }- nitasssorry to confuse you. i meant the irule you posted might not be complete. i think it should have another event besides RULE_INIT and LB_FAILED.
- ALAN_L_8843Hi nitass,
I think i know what happen now...i didn't parse value to the response package....
i'm testing below irule now....rule diameter_prod1_save_conections_irule { timing on when CLIENT_ACCEPTED { log local0. "[TCP::remote_port]-[TCP::local_port]" persistent timeout set timeout 60 Device Watchdog (in hex) set DWA_head 010000400000011800000000 origin host: BIG-IP 4249472d4950 origin realm: test.com 746573742e636f6d set DWA_avp 0000010c4000000c000007d1000001084000000e4249472d495000000000012840000010746573742e636f6d TCP::collect } when CLIENT_DATA { while { [TCP::payload length] > 20 } { binary scan [TCP::payload] IIIII a b c d e set comcode [ expr $b & 0xffffff ] set rflag [expr ($b >> 31)&1 ] set mlen [ expr $a & 0xffffff ] if { [TCP::payload length] < $mlen }{ TCP::collect return } switch $comcode { 280 { if { $rflag } { log local0. "reply to watchdog from [IP::remote_addr]" binary scan [TCP::payload] x8IH8H8 a h e log local0. "end-to-end ID = $e" TCP::payload replace 0 $mlen "" TCP::respond [binary format H* ${DWA_head}$h$e${DWA_avp} ] continue } } default { set index 20 set avp_of_interest 1 while { $index < $mlen } { binary scan [TCP::payload] @${index}III avp_code avp_len vendor_id set avp_flag_v [ expr ($avp_len >> 31)&1 ] set avp_len [ expr $avp_len & 0xffffff ] if { $avp_flag_v == 0 } { incr index 8 set avp_dlen [ expr $avp_len - 8 ] } else { incr index 12 set avp_dlen [ expr $avp_len - 12 ] } switch $avp_code { 263 { binary scan [TCP::payload] @${index}a${avp_dlen} sid persist uie $sid $timeout set s [session lookup uie $sid] if { $s ne "" } { pool [LB::server pool] member [lindex $s 0] [lindex $s 1] } else { set l [LB::select] session add uie $sid "[lindex $l 3] [lindex $l 4]" $timeout pool [LB::server pool] member [lindex $l 3] [lindex $l 4] } if { $avp_of_interest <= 1 } { set index $mlen break } else { incr avp_of_interest -1 } } default { } } set avp_ilen [expr ($avp_dlen / 4) * 4] if { $avp_ilen < $avp_dlen } { incr avp_ilen 4 } incr index $avp_ilen } } } log local0. "Sending CEA to [IP::remote_addr]" TCP::release $mlen TCP::notify request } TCP::collect } when SERVER_CONNECTED { log local0. "[TCP::local_port]-[TCP::remote_port]" TCP::collect } when LB_FAILED { LB::reselect } when SERVER_DATA { while { [TCP::payload length] > 20} { binary scan [TCP::payload] II a b set comcode [ expr $b & 0xffffff ] set mlen [ expr $a & 0xffffff ] set rflag [expr ($b >> 31)&1 ] if { [TCP::payload length] < $mlen } { TCP::collect return } set check_avp 0 switch $comcode { 280 { if { $rflag } { log local0. "reply to watchdog from [IP::remote_addr]" binary scan [TCP::payload] x8IH8H8 a h e log local0. "end-to-end ID = $e" TCP::payload replace 0 $mlen "" TCP::respond [binary format H* ${DWA_head}$h$e${DWA_avp} ] set mlen 0 continue } } default { set check_avp 1 } } TCP::collect } } - nitassi cut some part of the irule and it seems okay on my testbed. are you able to find out more information?
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule myrule ltm rule myrule { when CLIENT_ACCEPTED { log local0. "[TCP::remote_port]-[TCP::local_port]" Device Watchdog (in hex) set DWA_head 010000400000011800000000 origin host: BIG-IP 4249472d4950 origin realm: test.com 746573742e636f6d set DWA_avp 0000010c4000000c000007d1000001084000000e4249472d495000000000012840000010746573742e636f6d TCP::collect } when CLIENT_DATA { while { [TCP::payload length] > 20 } { binary scan [TCP::payload] IIIII a b c d e set comcode [ expr $b & 0xffffff ] set rflag [expr ($b >> 31) & 1 ] set mlen [ expr $a & 0xffffff ] if { [TCP::payload length] < $mlen }{ TCP::collect return } switch $comcode { 280 { if { $rflag } { log local0. "reply to watchdog from [IP::remote_addr]" binary scan [TCP::payload] x8IH8H8 a h e TCP::payload replace 0 $mlen "" TCP::respond [binary format H* ${DWA_head}$h$e${DWA_avp} ] } } } TCP::release $mlen } TCP::collect } } No. Time Delta Time Source Src port Destination Dst port Protocol Window BiF Vlan id Length Info 8 2012-07-04 23:01:31.157199 0.000000 192.168.206.55 53893 172.28.19.252 3868 DIAMETER 66560 20 74 cmd=Device-WatchdogRequest(280) flags=R--- appl=Diameter Common Messages(0) h2h=ffd648f0 e2e=1ccb0074 Frame 8: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Ethernet II, Src: Dell_7a:ae:2a (5c:26:0a:7a:ae:2a), Dst: Force10N_3f:7b:66 (00:01:e8:3f:7b:66) Internet Protocol Version 4, Src: 192.168.206.55 (192.168.206.55), Dst: 172.28.19.252 (172.28.19.252) Transmission Control Protocol, Src Port: 53893 (53893), Dst Port: 3868 (3868), Seq: 197, Ack: 177, Len: 20 Diameter Protocol Version: 0x01 Length: 20 Flags: 0x80 Command Code: 280 Device-Watchdog ApplicationId: 0 Hop-by-Hop Identifier: 0xffd648f0 End-to-End Identifier: 0x1ccb0074 [Answer In: 11] No. Time Delta Time Source Src port Destination Dst port Protocol Window BiF Vlan id Length Info 11 2012-07-04 23:01:31.255105 0.097906 172.28.19.252 3868 192.168.206.55 53893 DIAMETER 3996 64 118 cmd=Device-WatchdogAnswer(280) flags=---- appl=Diameter Common Messages(0) h2h=ffd648f0 e2e=1ccb0074 Frame 11: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) Ethernet II, Src: Force10N_3f:7b:66 (00:01:e8:3f:7b:66), Dst: Dell_7a:ae:2a (5c:26:0a:7a:ae:2a) Internet Protocol Version 4, Src: 172.28.19.252 (172.28.19.252), Dst: 192.168.206.55 (192.168.206.55) Transmission Control Protocol, Src Port: 3868 (3868), Dst Port: 53893 (53893), Seq: 177, Ack: 237, Len: 64 Diameter Protocol Version: 0x01 Length: 64 Flags: 0x00 Command Code: 280 Device-Watchdog ApplicationId: 0 Hop-by-Hop Identifier: 0xffd648f0 End-to-End Identifier: 0x1ccb0074 [Request In: 8] [Response Time: 0.097906000 seconds] AVP: Result-Code(268) l=12 f=-M- val=DIAMETER_SUCCESS (2001) AVP: Origin-Host(264) l=14 f=-M- val=BIG-IP AVP: Origin-Realm(296) l=16 f=-M- val=test.com - ALAN_L_8843Hi nitass .
I applied the irule on the machine, but the total execution time is still 0.........
i'm using Diameter profile to setting my virtual server, will it caused the different on the irule result?
Also may i know What BigIP version you are using??
Many thanks for your help - nitassi'm using Diameter profile to setting my virtual server, will it caused the different on the irule result? i do not think so. anyway, irule should be triggered.
Also may i know What BigIP version you are using?? i am running 11.2.0 hf1. i never tested it on 11.1.0 but i believe it should be same.[root@ve11a:Active:In Sync] config tmsh show sys version Sys::Version Main Package Product BIG-IP Version 11.2.0 Build 2451.0 Edition Hotfix HF1 Date Tue Jun 5 23:45:09 PDT 2012 Hotfix List ID387964 ID387843 - ALAN_L_8843I tried it and result good, many thanks for your help.
