Forum Discussion
NimbostratusError adding irule to GTM
Hi Guys, I'm trying to add the following irule to my BigIP GTM, it doesn't fuction as LTM only GTM, I'm on version 11.4.1 for some reason it keeps giving this error (undefined procedure: rateclass][rateclass dns_rate_shape]). For what I understand I need to declare the dns_rate_shape class but I don't know where...any help? thanks..
Code when DNS_REQUEST { if { ([DNS::rrtype] eq "TXT") } { rateclass dns_rate_shape } }
ERROR:01070151:3: Rule [/Common/test3] error: /Common/test3:3: error: [undefined procedure: rateclass][rateclass dns_rate_shape]
17 Replies
Cory_50405Noctilucent
I mocked this up and I get the same error. I first created the rate shaping policy under Network -> Rate Shaping -> Rate Class List, then tried to build the iRule. I got the same error you did.
I suspect maybe, even though rateclass supposedly can be called from any event (https://devcentral.f5.com/wiki/iRules.rateclass.ashx), it isn't available in the event 'when DNS_REQUEST'.
Perhaps one of the experts here can weigh in on this?
gusf_139367Thanks Cory, I don't even have that option to create the policy under Network- gusf_139367I finally found the Rate Class list under Acceleration, I added my "dns_rate_shape" class but Im still getting the same error when creating the irule ...error: [undefined procedure: rateclass][rateclass dns_rate_shape ]
- Cory_50405Seems that it's just within 'when DNS_REQUEST' that it isn't working then.
Mohamed_LrhaziAltocumulus
Try adding the iRule in the LTM section, under Local Traffic... maybe you need to apply it there, directly to the virtual servers. Out of curiosity, what kind of rate shaping are you trying to enforce on your DNS traffic?- gusf_139367
Thanks Cory, I don't even have that option to create the policy under Network
- gusf_139367Thanks Mohamed, I don't have a defined limit yet. Just trying to implement the functionality based on this article ( https://devcentral.f5.com/s/articles/protecting-beyond-dns-flood--ddos )
- gusf_139367BTW...since my BigIP is GTM only, the irule section only appears under Global Traffic not Local traffic...
- Mohamed_LrhaziI just checked on my GTMs, running version 11.2.0, i dont have Rate Shaping in the UI, i also dont have Acceleration! Maybe you shuld ask Support. also, am not convinced the rate shaping of TXT and big DNS responses is all that useful... I would imagine reflection and amplification attacks would use your DNS server, among many other thousands of them, to generate the DDOS traffic that they need to overwhelm their victim, which isn't your DNS server.. They would slow down they queries to you to the minimum they could get away with, in the hope that you won't even notice it.... anyways... I tried to implement a response rate limiting.. I'll share if you are interested.
- gusf_139367Thanks Mohamed, yes I will be interested.
- Mohamed_Lrhazigusf: See the comment section of the article you quoted, I posted a link there. Thanks, Mohamed.
- Mohamed_LrhaziOh, and use at your own risk, of course.
- gusf_139367sorry I can't find the link
