Forum Discussion
Insert host name in TCP data
Hello,
We have a scenario where a Mainframe is sending a transactional data(tcp) to F5 that needs to have a host name inserted to it. The problem is that, even irule or local policy is not making it work.
VS is set to standard.
I have a sample pcap below, and it shows that F5 with or without irule/policy, is not forwarding the traffic to the pool members--
Below is the sample irule --
when CLIENT_ACCEPTED {
TCP::collect 32
}
when CLIENT_DATA {
[TCP::payload 32] insert "Host" "xxxx.yyyy.zzzz"
TCP::release
}
Sample Policy --
Conditions
TCP address matches 'mainframe_ip_add' at client accepted time.
Actions
Insert HTTP Header named 'Host' with value 'xxxx.yyyy.zzzz' at request time.
My questions are-
- How F5 is handling the TCP Payload, is it possible to insert a hostname on a tcp data?
- Is there any other way to get this host name inserted?
- Why F5 is not doing a tcp 3-way handshake to the backend servers?
Will appreciate any help!
Thank you.
Darwin
- zamroni777Nacreous
if the traffic is http traffic, it will be much easier if you put http profile in the virtual server so http related traffic policy or irules will work.
there is no tcp payload insert command in irules.
https://clouddocs.f5.com/api/irules/TCP__payload.htmlf5 bigip is basically proxy.
it only forward healthy client request to the pool member.
so even basic ltm virtual server will protect servers from bad requests such as tcp syn flood, http slow loris, etc. Several layers in this question.
My first question is why. You say the traffic from the mainframe needs to have a hostname inserted on the F5. So why? Will the destination the F5 is sending it to understand that change in traffic?
The second question is about traffic flow. You are already some steps in, but can you share a picture with the networks and should showing how the BIG-IP is positioned between the client (mainframe) and server (backend servers?).
Also you mention transactional data(TCP). What exactly? Is it using the HTTP protocol?, the port in the packet capture suggests that, but is it really?
I would leave the iRule out of it for now, first get the traffic flow between client and server via BIG-IP working, then start with modifying things. For that I agree with zamroni777 if this is actually HTTP traffic.
For sure also share the virtual server config and have a look at the /var/log/ltm log to see if it shows hints on the cause.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com