Forum Discussion
ALAN_L_8843
Jun 27, 2012Nimbostratus
Device-watchdog-Answer AVP
Hi all,
I'm using below irule but it cannot take effect..... the DWA avp (origin host/origin realm) cannot be changed to specified value.
Anyone can help?
when RULE_INIT {
Device Watchdog (in hex)
set DWA_head 010000400000011800000000
origin host: BIG-IP 4249472d4950
origin realm: test.com 746573742e636f6d
set DWA_avp 0000010c4000000c000007d1000001084000000e4249472d495000000000012840000010746573742e636f6d
}
- nitassEmployeeis the irule truncated?
- ALAN_L_8843NimbostratusHi nitass,
when LB_FAILED { if { [active_members [LB::server pool]] > 0 } { after 100 LB::reselect pool [LB::server pool] } } when RULE_INIT { Device Watchdog (in hex) set DWA_head 010000400000011800000000 origin host: BIG-IP 4249472d4950 origin realm: test.com 746573742e636f6d set DWA_avp 0000010c4000000c000007d1000001084000000e4249472d495000000000012840000010746573742e636f6d }
- nitassEmployeesorry to confuse you. i meant the irule you posted might not be complete. i think it should have another event besides RULE_INIT and LB_FAILED.
- ALAN_L_8843NimbostratusHi nitass,
rule diameter_prod1_save_conections_irule { timing on when CLIENT_ACCEPTED { log local0. "[TCP::remote_port]-[TCP::local_port]" persistent timeout set timeout 60 Device Watchdog (in hex) set DWA_head 010000400000011800000000 origin host: BIG-IP 4249472d4950 origin realm: test.com 746573742e636f6d set DWA_avp 0000010c4000000c000007d1000001084000000e4249472d495000000000012840000010746573742e636f6d TCP::collect } when CLIENT_DATA { while { [TCP::payload length] > 20 } { binary scan [TCP::payload] IIIII a b c d e set comcode [ expr $b & 0xffffff ] set rflag [expr ($b >> 31)&1 ] set mlen [ expr $a & 0xffffff ] if { [TCP::payload length] < $mlen }{ TCP::collect return } switch $comcode { 280 { if { $rflag } { log local0. "reply to watchdog from [IP::remote_addr]" binary scan [TCP::payload] x8IH8H8 a h e log local0. "end-to-end ID = $e" TCP::payload replace 0 $mlen "" TCP::respond [binary format H* ${DWA_head}$h$e${DWA_avp} ] continue } } default { set index 20 set avp_of_interest 1 while { $index < $mlen } { binary scan [TCP::payload] @${index}III avp_code avp_len vendor_id set avp_flag_v [ expr ($avp_len >> 31)&1 ] set avp_len [ expr $avp_len & 0xffffff ] if { $avp_flag_v == 0 } { incr index 8 set avp_dlen [ expr $avp_len - 8 ] } else { incr index 12 set avp_dlen [ expr $avp_len - 12 ] } switch $avp_code { 263 { binary scan [TCP::payload] @${index}a${avp_dlen} sid persist uie $sid $timeout set s [session lookup uie $sid] if { $s ne "" } { pool [LB::server pool] member [lindex $s 0] [lindex $s 1] } else { set l [LB::select] session add uie $sid "[lindex $l 3] [lindex $l 4]" $timeout pool [LB::server pool] member [lindex $l 3] [lindex $l 4] } if { $avp_of_interest <= 1 } { set index $mlen break } else { incr avp_of_interest -1 } } default { } } set avp_ilen [expr ($avp_dlen / 4) * 4] if { $avp_ilen < $avp_dlen } { incr avp_ilen 4 } incr index $avp_ilen } } } log local0. "Sending CEA to [IP::remote_addr]" TCP::release $mlen TCP::notify request } TCP::collect } when SERVER_CONNECTED { log local0. "[TCP::local_port]-[TCP::remote_port]" TCP::collect } when LB_FAILED { LB::reselect } when SERVER_DATA { while { [TCP::payload length] > 20} { binary scan [TCP::payload] II a b set comcode [ expr $b & 0xffffff ] set mlen [ expr $a & 0xffffff ] set rflag [expr ($b >> 31)&1 ] if { [TCP::payload length] < $mlen } { TCP::collect return } set check_avp 0 switch $comcode { 280 { if { $rflag } { log local0. "reply to watchdog from [IP::remote_addr]" binary scan [TCP::payload] x8IH8H8 a h e log local0. "end-to-end ID = $e" TCP::payload replace 0 $mlen "" TCP::respond [binary format H* ${DWA_head}$h$e${DWA_avp} ] set mlen 0 continue } } default { set check_avp 1 } } TCP::collect } }
- nitassEmployeei cut some part of the irule and it seems okay on my testbed. are you able to find out more information?
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule myrule ltm rule myrule { when CLIENT_ACCEPTED { log local0. "[TCP::remote_port]-[TCP::local_port]" Device Watchdog (in hex) set DWA_head 010000400000011800000000 origin host: BIG-IP 4249472d4950 origin realm: test.com 746573742e636f6d set DWA_avp 0000010c4000000c000007d1000001084000000e4249472d495000000000012840000010746573742e636f6d TCP::collect } when CLIENT_DATA { while { [TCP::payload length] > 20 } { binary scan [TCP::payload] IIIII a b c d e set comcode [ expr $b & 0xffffff ] set rflag [expr ($b >> 31) & 1 ] set mlen [ expr $a & 0xffffff ] if { [TCP::payload length] < $mlen }{ TCP::collect return } switch $comcode { 280 { if { $rflag } { log local0. "reply to watchdog from [IP::remote_addr]" binary scan [TCP::payload] x8IH8H8 a h e TCP::payload replace 0 $mlen "" TCP::respond [binary format H* ${DWA_head}$h$e${DWA_avp} ] } } } TCP::release $mlen } TCP::collect } } No. Time Delta Time Source Src port Destination Dst port Protocol Window BiF Vlan id Length Info 8 2012-07-04 23:01:31.157199 0.000000 192.168.206.55 53893 172.28.19.252 3868 DIAMETER 66560 20 74 cmd=Device-WatchdogRequest(280) flags=R--- appl=Diameter Common Messages(0) h2h=ffd648f0 e2e=1ccb0074 Frame 8: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Ethernet II, Src: Dell_7a:ae:2a (5c:26:0a:7a:ae:2a), Dst: Force10N_3f:7b:66 (00:01:e8:3f:7b:66) Internet Protocol Version 4, Src: 192.168.206.55 (192.168.206.55), Dst: 172.28.19.252 (172.28.19.252) Transmission Control Protocol, Src Port: 53893 (53893), Dst Port: 3868 (3868), Seq: 197, Ack: 177, Len: 20 Diameter Protocol Version: 0x01 Length: 20 Flags: 0x80 Command Code: 280 Device-Watchdog ApplicationId: 0 Hop-by-Hop Identifier: 0xffd648f0 End-to-End Identifier: 0x1ccb0074 [Answer In: 11] No. Time Delta Time Source Src port Destination Dst port Protocol Window BiF Vlan id Length Info 11 2012-07-04 23:01:31.255105 0.097906 172.28.19.252 3868 192.168.206.55 53893 DIAMETER 3996 64 118 cmd=Device-WatchdogAnswer(280) flags=---- appl=Diameter Common Messages(0) h2h=ffd648f0 e2e=1ccb0074 Frame 11: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) Ethernet II, Src: Force10N_3f:7b:66 (00:01:e8:3f:7b:66), Dst: Dell_7a:ae:2a (5c:26:0a:7a:ae:2a) Internet Protocol Version 4, Src: 172.28.19.252 (172.28.19.252), Dst: 192.168.206.55 (192.168.206.55) Transmission Control Protocol, Src Port: 3868 (3868), Dst Port: 53893 (53893), Seq: 177, Ack: 237, Len: 64 Diameter Protocol Version: 0x01 Length: 64 Flags: 0x00 Command Code: 280 Device-Watchdog ApplicationId: 0 Hop-by-Hop Identifier: 0xffd648f0 End-to-End Identifier: 0x1ccb0074 [Request In: 8] [Response Time: 0.097906000 seconds] AVP: Result-Code(268) l=12 f=-M- val=DIAMETER_SUCCESS (2001) AVP: Origin-Host(264) l=14 f=-M- val=BIG-IP AVP: Origin-Realm(296) l=16 f=-M- val=test.com
- ALAN_L_8843NimbostratusHi nitass .
- nitassEmployeei'm using Diameter profile to setting my virtual server, will it caused the different on the irule result? i do not think so. anyway, irule should be triggered.
[root@ve11a:Active:In Sync] config tmsh show sys version Sys::Version Main Package Product BIG-IP Version 11.2.0 Build 2451.0 Edition Hotfix HF1 Date Tue Jun 5 23:45:09 PDT 2012 Hotfix List ID387964 ID387843
- ALAN_L_8843NimbostratusI tried it and result good, many thanks for your help.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects