Forum Discussion

ndubey2's avatar
ndubey2
Icon for Altostratus rankAltostratus
Dec 27, 2023

iRule for non http services

Hello All,  Can we configure an iRule for non http services? I have a VIP configured on port 491 with 3 Pool which I am trying to manage using irule but traffic is not hitting irule.  when HTTP_REQ...
application delivery
LTM
ndubey2's avatar
ndubey2
Icon for Altostratus rankAltostratus
Dec 28, 2023

anyone out there can help me please?

JRahm could you please share some expert advise?

Thanks,

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Dec 29, 2023

    Hi ndubey2 , reviewed the thread and i'm not clear on a couple things:

    • is there any http traffic on that virtual server, or is it all for this service?
    • is the proficy client using mqtt or a proprietary protocol?

    If you have a pcap of a sample transaction from client directly to server you can DM me, I'd be happy to take a look. Make sure to sanitize any credentials or IP. If mqtt, we can probably make this work pretty easily, though it'll be a learning process for both of us because i haven't done much with it yet. If not, what Paulius said is likely and you'll need to do a binary decode of the messages in the TCP data.

    • ndubey2's avatar
      ndubey2
      Icon for Altostratus rankAltostratus
      Jan 02, 2024

      Hello JRahm, Thanks for the response !

      Below is the sanswer of your query. 

      • is there any http traffic on that virtual server, or is it all for this service?>>>>there is no http traffic. Its all TCP based service. 
      • is the proficy client using mqtt or a proprietary protocol? No, they are not using mqtt. They are using TCP protocol. Below is the snapshot from their documents. 

      Please find the pcap data. Hope, this will help you to understand the communication. Ip ending with 54 is client and Ip ending with 133 is server. 

      Thanks,

       

      • JRahm's avatar
        JRahm
        Icon for Admin rankAdmin
        Jan 02, 2024

        great, thanks ndubey2. so since there is no http traffic on this, you will not want an http profile, and with that, the http commands won't help you. You'll need to look at the application requests from the client immediately after the handshake and understand the offsets in the packets so that you can do a binary scan on that traffic to forward to the correct pools. An example of that is here in this article:

        https://community.f5.com/t5/technical-articles/advanced-irules-binary-scan/ta-p/289249

        Here's a decode of DNS traffic in client request and server response (note that this iRule needs work to be used in production, it uses global variables that will pin all traffic on any virtual the iRule is applied to to a single TMM):

        https://community.f5.com/t5/codeshare/dns-decoding/ta-p/291362