Forum Discussion
how can I boundle two VS?
Hello, I just encounter a request that the one client(same IP address) may come from three router to BIGIP, but only one router at once. as you know, BIGIP's autolasthop feature will return the packets to right router for inbound traffic. But there a issue that when the server inside genarate a outbound traffic to the client, BIGIP don't know which router the client behind. So I have tried to write a rules to combine these two VS.
defined on all the VS that client come in:
when CLIENT_ACCEPTED {
set sip [IP::addr [IP::remote_addr]]
set lastmac [LINK::lasthop]
session add uie $sip $lastmac 180
}
defined on 0.0.0.0 VS that for outbound traffic:
when CLIENT_ACCEPTED {
set sip [IP::addr [IP::local_addr]]
set macaddr [session lookup ssl $sip]
switch macaddr {
mac1 {pool router1}
mac2 {pool router2}
mac3 {pool router3}
}
}
does the session command will work accross all the VS? if not, is there any way to solve this issue in better way?
- Yes, the session command works across all VS.
This is a nice rule and I think it will solve your problem well.
Couple of things though about your rule:
First is that you don't need to call IP::addr around IP::remote_addr or IP::local_addr. The IP::remote_addr and IP::local_addr commands will know format the address correctly.
Second, you have mismatched the key types between the two rules. In the ingress rule you are using "uie" but in the egress rule you are using "ssl". Probably a cut and paste error.
Third, you probably want to handle the case where the client is unknown. Maybe you can choose any router in this case. I added a default statement to the switch.
Anyway, here is a slightly more condensed version of your rules that doesn't even use any variables:
For ingress:when CLIENT_ACCEPTED { session add srcaddr [IP::remote_addr] [LINK::lasthop] 180 }
For egress:when CLIENT_ACCEPTED { switch [session lookup srcaddr [IP::local_addr]] { mac1 {pool router1} mac2 {pool router2} mac3 {pool router3} default {pool anyrouter} } }
Again, this is a great rule! - Hi, I have tested the rules, it seems that session lookup doen't work atall.
the test rules I use is:
when CLIENT_ACCEPTED {
set sss [IP::remote_addr]
set srcmac [LINK::lasthop]
session add uie $sss $srcmac
set ccc [session lookup uie $sss]
log "Remote IP address is $sss, MAC address is $srcmac"
log "insert MAC address is $ccc"
}
the log out put is:
Dec 10 17:07:50 tmm tmm[28539]: 01220002:6: Rule test_mac_rule_james : Remote IP address is 10.9.1.10, MAC address is 00:d0:c9:96:83:f7
Dec 10 17:07:50 tmm tmm[28539]: 01220002:6: Rule test_mac_rule_james : insert MAC address is
Dec 10 17:07:50 tmm tmm[28539]: 01220002:6: Rule test_mac_rule_james : Remote IP address is 10.9.1.10, MAC address is 00:d0:c9:96:83:f7
Dec 10 17:07:50 tmm tmm[28539]: 01220002:6: Rule test_mac_rule_james : insert MAC address is
there no output value of session lookup. why? - Hi, I have tested the rules, it seems that session lookup doen't work atall.
the test rules I use is:
when CLIENT_ACCEPTED {
set sss [IP::remote_addr]
set srcmac [LINK::lasthop]
session add uie $sss $srcmac
set ccc [session lookup uie $sss]
log "Remote IP address is $sss, MAC address is $srcmac"
log "insert MAC address is $ccc"
}
the log out put is:
Dec 10 17:07:50 tmm tmm[28539]: 01220002:6: Rule test_mac_rule_james : Remote IP address is 10.9.1.10, MAC address is 00:d0:c9:96:83:f7
Dec 10 17:07:50 tmm tmm[28539]: 01220002:6: Rule test_mac_rule_james : insert MAC address is
Dec 10 17:07:50 tmm tmm[28539]: 01220002:6: Rule test_mac_rule_james : Remote IP address is 10.9.1.10, MAC address is 00:d0:c9:96:83:f7
Dec 10 17:07:50 tmm tmm[28539]: 01220002:6: Rule test_mac_rule_james : insert MAC address is
there no output value of session lookup. why? - my testing BIGIP is version 9.2.0
- Yes, we found a bug in the session table about two months back. You'll want a 9.2 hotfix that includes CR56247.
James_Yang_9981Altostratus
oh, bad news. When will I got the hotfix? I have open a case and there are no answer. This feature is so importent to me.- James_Yang_9981good news, I have found BIGIP V9.2.2 has solved the issue.
the last rules is like this:
for ingress VS:
when CLIENT_ACCEPTED {
set sss [IP::remote_addr]
set lll [list $sss any]
set srcmac [LINK::lasthop]
session add uie $lll $srcmac
log "Remote IP address is $sss, MAC address is $srcmac"
set ccc [session lookup uie $lll]
log "insert MAC address is $ccc"
}
for egress VS:
when CLIENT_ACCEPTED {
set sss [IP::local_addr]
set lll [list $sss any]
set ccc [session lookup uie $lll]
log "MAC address of $sss is $ccc"
}
the insert parameter of session must be like [list $sss any], otherwise it will not work accross VS.
