Forum Discussion

ALAN_L_8843's avatar
ALAN_L_8843
Icon for Nimbostratus rankNimbostratus
Jun 27, 2012

Device-watchdog-Answer AVP

Hi all,

I'm using below irule but it cannot take effect..... the DWA avp (origin host/origin realm) cannot be changed to specified value.

Anyone can help?


when RULE_INIT {
     Device Watchdog (in hex)
    set DWA_head 010000400000011800000000
    origin host: BIG-IP 4249472d4950
    origin realm: test.com 746573742e636f6d
    set DWA_avp 0000010c4000000c000007d1000001084000000e4249472d495000000000012840000010746573742e636f6d
    }

  • Hi nitass,

     

     

    Many thanks for your reply.

     

     

    But how to check if irule truncated? ( I'm newbie on F5 >_<)

     

     

    My F5 version 11.2.0 build 2451.0

     

     

    This is all code of irule and it stored on file which called "diameter_prod1_save_conections_irule"....

     

     

    But not working...

     

     

    
    when LB_FAILED {
        if { [active_members [LB::server pool]] > 0 } {
            after 100
            LB::reselect pool [LB::server pool]
        }
    }
    
    when RULE_INIT {
         Device Watchdog (in hex)
        set DWA_head 010000400000011800000000
        origin host: BIG-IP 4249472d4950
        origin realm: test.com 746573742e636f6d
        set DWA_avp 0000010c4000000c000007d1000001084000000e4249472d495000000000012840000010746573742e636f6d
    }
     
  • sorry to confuse you. i meant the irule you posted might not be complete. i think it should have another event besides RULE_INIT and LB_FAILED.
  • Hi nitass,

    I think i know what happen now...i didn't parse value to the response package....

    i'm testing below irule now....

    
    rule diameter_prod1_save_conections_irule { 
        timing on 
     when CLIENT_ACCEPTED { 
         log local0. "[TCP::remote_port]-[TCP::local_port]" 
          persistent timeout 
         set timeout 60 
      
          Device Watchdog (in hex) 
         set DWA_head 010000400000011800000000 
         origin host: BIG-IP 4249472d4950 
         origin realm: test.com 746573742e636f6d 
         set DWA_avp 0000010c4000000c000007d1000001084000000e4249472d495000000000012840000010746573742e636f6d 
      
         TCP::collect 
     } 
     when CLIENT_DATA { 
         while { [TCP::payload length] > 20 } { 
             binary scan [TCP::payload] IIIII a b c d e 
             set comcode [ expr $b & 0xffffff ] 
             set rflag [expr ($b >> 31)&1 ] 
             set mlen [ expr $a & 0xffffff ] 
             if { [TCP::payload length] < $mlen }{ 
                 TCP::collect 
                 return 
             } 
             switch $comcode { 
                 280 { 
                     if { $rflag } { 
                             log local0. "reply to watchdog from [IP::remote_addr]" 
                             binary scan [TCP::payload] x8IH8H8 a h e 
                             log local0. "end-to-end ID = $e" 
                             TCP::payload replace 0 $mlen "" 
                             TCP::respond [binary format H* ${DWA_head}$h$e${DWA_avp} ] 
                             continue 
                     } 
                 } 
                 default { 
                     set index 20 
                     set avp_of_interest 1 
                     while { $index < $mlen } { 
                         binary scan [TCP::payload] @${index}III avp_code avp_len vendor_id 
                         set avp_flag_v [ expr ($avp_len >> 31)&1 ] 
                         set avp_len [ expr $avp_len & 0xffffff ] 
                         if { $avp_flag_v == 0 } { 
                             incr index 8 
                             set avp_dlen [ expr $avp_len - 8 ] 
                         } else { 
                             incr index 12 
                             set avp_dlen [ expr $avp_len - 12 ] 
                         } 
                         switch $avp_code { 
                             263 { 
                                 binary scan [TCP::payload] @${index}a${avp_dlen} sid 
                                 persist uie $sid $timeout 
                                 set s [session lookup uie $sid] 
                                 if { $s ne "" } { 
                                     pool [LB::server pool] member [lindex $s 0] [lindex $s 1] 
                                 } else { 
                                     set l [LB::select] 
                                     session add uie $sid "[lindex $l 3] [lindex $l 4]" $timeout 
                                     pool [LB::server pool] member [lindex $l 3] [lindex $l 4] 
                                 } 
                                 if { $avp_of_interest <= 1 } {  
                                     set index $mlen 
                                     break 
                                 } else { 
                                     incr avp_of_interest -1 
                                 } 
                             } 
                             default { 
                             } 
                         } 
                         set avp_ilen [expr ($avp_dlen / 4) * 4] 
                         if { $avp_ilen < $avp_dlen } { 
                             incr avp_ilen 4 
                         } 
                         incr index $avp_ilen 
                     } 
                 } 
             } 
             log local0. "Sending CEA to [IP::remote_addr]" 
             TCP::release $mlen 
             TCP::notify request 
         } 
         TCP::collect 
     } 
     when SERVER_CONNECTED { 
         log local0. "[TCP::local_port]-[TCP::remote_port]" 
         TCP::collect 
     } 
     when LB_FAILED { 
         LB::reselect 
     } 
     when SERVER_DATA { 
         while { [TCP::payload length] > 20} { 
             binary scan [TCP::payload] II a b 
             set comcode [ expr $b & 0xffffff ] 
             set mlen [ expr $a & 0xffffff ] 
             set rflag [expr ($b >> 31)&1 ] 
     if { [TCP::payload length] < $mlen } { 
     TCP::collect 
     return 
     } 
             set check_avp 0 
             switch $comcode { 
                 280 { 
                     if { $rflag } { 
                         log local0. "reply to watchdog from [IP::remote_addr]" 
                         binary scan [TCP::payload] x8IH8H8 a h e 
                         log local0. "end-to-end ID = $e" 
                         TCP::payload replace 0 $mlen "" 
                         TCP::respond [binary format H* ${DWA_head}$h$e${DWA_avp} ] 
                         set mlen 0 
                         continue 
                     } 
                 } 
                 default { 
                     set check_avp 1 
                 } 
             } 
           
         TCP::collect 
     } 
     } 
  • i cut some part of the irule and it seems okay on my testbed. are you able to find out more information?

     

     

    root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule myrule
    ltm rule myrule {
        when CLIENT_ACCEPTED {
        log local0. "[TCP::remote_port]-[TCP::local_port]"
    
         Device Watchdog (in hex)
        set DWA_head 010000400000011800000000
        origin host: BIG-IP 4249472d4950
        origin realm: test.com 746573742e636f6d
        set DWA_avp 0000010c4000000c000007d1000001084000000e4249472d495000000000012840000010746573742e636f6d
    
        TCP::collect
    }
    when CLIENT_DATA {
        while { [TCP::payload length] > 20 } {
            binary scan [TCP::payload] IIIII a b c d e
            set comcode [ expr $b & 0xffffff ]
            set rflag [expr ($b >> 31) & 1 ]
            set mlen [ expr $a & 0xffffff ]
            if { [TCP::payload length] < $mlen }{
                TCP::collect
                return
            }
            switch $comcode {
                280 {
                    if { $rflag } {
                        log local0. "reply to watchdog from [IP::remote_addr]"
                        binary scan [TCP::payload] x8IH8H8 a h e
                        TCP::payload replace 0 $mlen ""
                        TCP::respond [binary format H* ${DWA_head}$h$e${DWA_avp} ]
                    }
                }
            }
            TCP::release $mlen
        }
        TCP::collect
    }
    }
    
    No.     Time                       Delta Time  Source                Src port Destination           Dst port Protocol Window     BiF        Vlan id Length Info
          8 2012-07-04 23:01:31.157199 0.000000    192.168.206.55        53893    172.28.19.252         3868     DIAMETER 66560      20                 74     cmd=Device-WatchdogRequest(280) flags=R--- appl=Diameter Common Messages(0) h2h=ffd648f0 e2e=1ccb0074
    
    Frame 8: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
    Ethernet II, Src: Dell_7a:ae:2a (5c:26:0a:7a:ae:2a), Dst: Force10N_3f:7b:66 (00:01:e8:3f:7b:66)
    Internet Protocol Version 4, Src: 192.168.206.55 (192.168.206.55), Dst: 172.28.19.252 (172.28.19.252)
    Transmission Control Protocol, Src Port: 53893 (53893), Dst Port: 3868 (3868), Seq: 197, Ack: 177, Len: 20
    Diameter Protocol
        Version: 0x01
        Length: 20
        Flags: 0x80
        Command Code: 280 Device-Watchdog
        ApplicationId: 0
        Hop-by-Hop Identifier: 0xffd648f0
        End-to-End Identifier: 0x1ccb0074
        [Answer In: 11]
    
    No.     Time                       Delta Time  Source                Src port Destination           Dst port Protocol Window     BiF        Vlan id Length Info
         11 2012-07-04 23:01:31.255105 0.097906    172.28.19.252         3868     192.168.206.55        53893    DIAMETER 3996       64                 118    cmd=Device-WatchdogAnswer(280) flags=---- appl=Diameter Common Messages(0) h2h=ffd648f0 e2e=1ccb0074
    
    Frame 11: 118 bytes on wire (944 bits), 118 bytes captured (944 bits)
    Ethernet II, Src: Force10N_3f:7b:66 (00:01:e8:3f:7b:66), Dst: Dell_7a:ae:2a (5c:26:0a:7a:ae:2a)
    Internet Protocol Version 4, Src: 172.28.19.252 (172.28.19.252), Dst: 192.168.206.55 (192.168.206.55)
    Transmission Control Protocol, Src Port: 3868 (3868), Dst Port: 53893 (53893), Seq: 177, Ack: 237, Len: 64
    Diameter Protocol
        Version: 0x01
        Length: 64
        Flags: 0x00
        Command Code: 280 Device-Watchdog
        ApplicationId: 0
        Hop-by-Hop Identifier: 0xffd648f0
        End-to-End Identifier: 0x1ccb0074
        [Request In: 8]
        [Response Time: 0.097906000 seconds]
        AVP: Result-Code(268) l=12 f=-M- val=DIAMETER_SUCCESS (2001)
        AVP: Origin-Host(264) l=14 f=-M- val=BIG-IP
        AVP: Origin-Realm(296) l=16 f=-M- val=test.com
    
  • Hi nitass .

     

     

    I applied the irule on the machine, but the total execution time is still 0.........

     

    i'm using Diameter profile to setting my virtual server, will it caused the different on the irule result?

     

     

    Also may i know What BigIP version you are using??

     

     

    Many thanks for your help

     

  • i'm using Diameter profile to setting my virtual server, will it caused the different on the irule result? i do not think so. anyway, irule should be triggered.

    Also may i know What BigIP version you are using?? i am running 11.2.0 hf1. i never tested it on 11.1.0 but i believe it should be same.

    [root@ve11a:Active:In Sync] config  tmsh show sys version
    
    Sys::Version
    Main Package
      Product  BIG-IP
      Version  11.2.0
      Build    2451.0
      Edition  Hotfix HF1
      Date     Tue Jun  5 23:45:09 PDT 2012
    
    Hotfix List
    ID387964  ID387843