Forum Discussion

darwinperez_kyn's avatar
Icon for Nimbostratus rankNimbostratus
Jun 07, 2024

Insert host name in TCP data


We have a scenario where a Mainframe is sending a transactional data(tcp) to F5 that needs to have a host name inserted to it. The problem is that, even irule or local policy is not making it work.

VS is set to standard.

I have a sample pcap below, and it shows that F5 with or without irule/policy, is not forwarding the traffic to the pool members--

Below is the sample irule --


    TCP::collect 32



    [TCP::payload 32] insert "Host" "xxxx.yyyy.zzzz"



Sample Policy --


TCP address matches 'mainframe_ip_add' at client accepted time.


Insert HTTP Header named 'Host' with value 'xxxx.yyyy.zzzz' at request time.


My questions are-

  1. How F5 is handling the TCP Payload, is it possible to insert a hostname on a tcp data?
  2. Is there any other way to get this host name inserted?
  3. Why F5 is not doing a tcp 3-way handshake to the backend servers?

Will appreciate any help!


Thank you.


2 Replies

  • if the traffic is http traffic, it will be much easier if you put http profile in the virtual server so http related traffic policy or irules will work.

    there is no tcp payload insert command in irules.

    f5 bigip is basically proxy.
    it only forward healthy client request to the pool member.
    so even basic ltm virtual server will protect servers from bad requests such as tcp syn flood, http slow loris, etc.

  • Several layers in this question.

    My first question is why. You say the traffic from the mainframe needs to have a hostname inserted on the F5. So why? Will the destination the F5 is sending it to understand that change in traffic?

    The second question is about traffic flow. You are already some steps in, but can you share a picture with the networks and should showing how the BIG-IP is positioned between the client (mainframe) and server (backend servers?).

    Also you mention transactional data(TCP). What exactly? Is it using the HTTP protocol?, the port in the packet capture suggests that, but is it really?

    I would leave the iRule out of it for now, first get the traffic flow between client and server via BIG-IP working, then start with modifying things. For that I agree with zamroni777 if this is actually HTTP traffic.

    For sure also share the virtual server config and have a look at the /var/log/ltm log to see if it shows hints on the cause.