Forum Discussion

El_Bendecido_12's avatar
El_Bendecido_12
Icon for Altostratus rankAltostratus
Aug 23, 2018

iRule for MSDRP (RDP)

Hello,

 

I'm having some problems with the msrdp persistence in the virtual server located in a route domain, and the solution said that is necessary create msrdp persistence inside a rule. Could you help me with a iRule for it, please

 

3 Replies

  • dirome's avatar
    dirome
    Icon for Cirrus rankCirrus
    Aug 24, 2018

    Hi AMG,

     

    Its: ID issue: 655724

     

    655724 : MSRDP persistence does not work across route domains.

     

    Solution Article: K15695

     

    Component: Local Traffic Manager

     

    Symptoms: MSRDP persistence doesn't work with non-default route domains.

     

    Conditions: Configure a virtual server with a MSRDP persistence profile and a pool using a non-default route domain.

     

    Impact: MSRDP persistence does not work.

     

    Workaround: Implement MSRDP persistence using iRules.

     

    Fix: MSRDP persistence with non-default route domains works correctly now.

     

    Link:

     

    K15695: BIG-IP MSRDP persistence may not function in some environments https://support.f5.com/csp/article/K15695

     

    ID issue: 655724 https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/relnote-supplement-bigip-13-1-0.html

     

  • Andy_McGrath's avatar
    Andy_McGrath
    Icon for Cumulonimbus rankCumulonimbus
    Aug 24, 2018

    This could either be really simple in you just need to use an iRule for persistence due to some event ordering or something in which case the following iRule should work:

    when CLIENT_ACCEPTED {
     Set persistence to use msrdp with timeout of 20 mins
    persist msrdp 1200
}

    However, I am guessing the solution is to actually read the TCP payload and identify an element you can use with 

    persist uie
    .

    However I don't know enough about the TCP packet structure but from the little I have found something like this is what you would need:

    NOTE: I have not tested this, it is a raw iRule so test and check the logs to see what output you get.

    when CLIENT_ACCEPTED {
     Collect TCP payload to parse, 
     skip first 11 bytes and collect 14 bytes
    TCP::collect 14 11
}

when CLIENT_DATA {
     Read binary payload and convert to string
    binary scan [TCP::payload] a* msRdp
    log local0.info "msRdp=$msRdp"

    if {[string tolower $msRdp] starts_with "cookie: mstshash="} {

        set msRdpMstshash [getfield $msRdp "mstshash=" 2]
        log local0.info "msRdpMstshash=$msRdpMstshash"

        if {$msRdpMstshash contains "@"} {  
            set msRdpUser [getfield $msRdpMstshash "@" 1]
        } elseif {$msRdpMstshash contains "\\"} {  
            set msRdpUser [getfield $msRdpMstshash "\\" 3]
        } else {
            set msRdpUser $msRdpMstshash
        }
        log local0.info "msRdpUser=[string trim $msRdpUser]"

         Using MS RDP Username set persistence with 20 min timeout
        persist uie [string trim $msRdpUser] 1200
    }
    TCP::release
}