Forum Discussion
Ege_Sargin_2638
Nimbostratus
NimbostratusDiameter_AVP
Dear Experts, We'd like to add an irule for the diameter responses that's received from diameter_server.
The irule should drop the packet by checking the field in Diameter_Result_Code AVP. ...
nitass
Employee
Employeethis is not applicable for CEA message.
[root@ve1100:Active] config tmsh
root@ve1100(Active)(/Common)(tmos) show sys version
Sys::Version
Main Package
Product BIG-IP
Version 11.0.0
Build 8131.0
Edition Hotfix HF1
Date Tue Oct 4 18:28:31 PDT 2011
root@ve1100(Active)(/Common)(tmos) list ltm virtual vs_scapv2
ltm virtual vs_scapv2 {
destination 172.28.19.252:3868
ip-protocol tcp
mask 255.255.255.255
pool diameter_pool
profiles {
diameter { }
mblb { }
tcp { }
}
rules {
myrule
}
snat automap
vlans-disabled
}
root@ve1100(Active)(/Common)(tmos) list ltm pool diameter_pool
ltm pool diameter_pool {
members {
200.200.200.101:3868 {
address 200.200.200.101
}
}
}
root@ve1100(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
when DIAMETER_INGRESS {
if {[DIAMETER::is_response]} {
log local0. "[IP::remote_addr]:[TCP::remote_port]>[IP::local_addr]:[TCP::local_port]|[DIAMETER::result]"
switch [DIAMETER::result] {
4011 { DIAMETER::drop }
}
}
}
when DIAMETER_EGRESS {
if {[DIAMETER::is_response]} {
log local0. "[IP::local_addr]:[TCP::local_port]>[IP::remote_addr]:[TCP::remote_port]|[DIAMETER::result]"
}
}
}
[root@ve1100:Active] config tail -f /var/log/ltm
Nov 25 11:24:37 tmm info tmm[5633]: Rule /Common/myrule : 200.200.200.101:3868>200.200.200.11:51479|2001
Nov 25 11:24:37 tmm info tmm[5633]: Rule /Common/myrule : 172.28.19.252:3868>172.28.19.251:51479|2001
[root@ve1100:Active] config tail -f /var/log/ltm
Nov 25 11:27:14 tmm info tmm[5633]: Rule /Common/myrule : 200.200.200.101:3868>200.200.200.11:51480|4011
Nov 25 11:27:15 tmm info tmm[5633]: Rule /Common/myrule : 200.200.200.101:3868>200.200.200.11:51480|4011
Nov 25 11:27:16 tmm info tmm[5633]: Rule /Common/myrule : 200.200.200.101:3868>200.200.200.11:51480|4011