Forum Discussion

darwinperez_kyn's avatar
darwinperez_kyn
Icon for Nimbostratus rankNimbostratus
Jun 07, 2024

Insert host name in TCP data

Hello,

We have a scenario where a Mainframe is sending a transactional data(tcp) to F5 that needs to have a host name inserted to it. The problem is that, even irule or local policy is not making it work.

VS is set to standard.

I have a sample pcap below, and it shows that F5 with or without irule/policy, is not forwarding the traffic to the pool members--

Below is the sample irule --

when CLIENT_ACCEPTED {

    TCP::collect 32

}

when CLIENT_DATA {

    [TCP::payload 32] insert "Host" "xxxx.yyyy.zzzz"

    TCP::release

}

Sample Policy --

Conditions

TCP address matches 'mainframe_ip_add' at client accepted time.

Actions

Insert HTTP Header named 'Host' with value 'xxxx.yyyy.zzzz' at request time.

 

My questions are-

  1. How F5 is handling the TCP Payload, is it possible to insert a hostname on a tcp data?
  2. Is there any other way to get this host name inserted?
  3. Why F5 is not doing a tcp 3-way handshake to the backend servers?

Will appreciate any help!

 

Thank you.

Darwin

application delivery
  • zamroni777's avatar
    zamroni777
    Icon for Nacreous rankNacreous
    Jun 08, 2024

    if the traffic is http traffic, it will be much easier if you put http profile in the virtual server so http related traffic policy or irules will work.

    there is no tcp payload insert command in irules.
    https://clouddocs.f5.com/api/irules/TCP__payload.html

    f5 bigip is basically proxy.
    it only forward healthy client request to the pool member.
    so even basic ltm virtual server will protect servers from bad requests such as tcp syn flood, http slow loris, etc.

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jun 09, 2024

    Several layers in this question.

    My first question is why. You say the traffic from the mainframe needs to have a hostname inserted on the F5. So why? Will the destination the F5 is sending it to understand that change in traffic?

    The second question is about traffic flow. You are already some steps in, but can you share a picture with the networks and should showing how the BIG-IP is positioned between the client (mainframe) and server (backend servers?).

    Also you mention transactional data(TCP). What exactly? Is it using the HTTP protocol?, the port in the packet capture suggests that, but is it really?

    I would leave the iRule out of it for now, first get the traffic flow between client and server via BIG-IP working, then start with modifying things. For that I agree with zamroni777 if this is actually HTTP traffic.

    For sure also share the virtual server config and have a look at the /var/log/ltm log to see if it shows hints on the cause.