Forum Discussion
CirrusiRule for non http services
Cirrus
AdminHi ndubey2 , reviewed the thread and i'm not clear on a couple things:
- is there any http traffic on that virtual server, or is it all for this service?
- is the proficy client using mqtt or a proprietary protocol?
If you have a pcap of a sample transaction from client directly to server you can DM me, I'd be happy to take a look. Make sure to sanitize any credentials or IP. If mqtt, we can probably make this work pretty easily, though it'll be a learning process for both of us because i haven't done much with it yet. If not, what Paulius said is likely and you'll need to do a binary decode of the messages in the TCP data.
- ndubey2
Hello JRahm, Thanks for the response !
Below is the sanswer of your query.
- is there any http traffic on that virtual server, or is it all for this service?>>>>there is no http traffic. Its all TCP based service.
- is the proficy client using mqtt or a proprietary protocol? No, they are not using mqtt. They are using TCP protocol. Below is the snapshot from their documents.
Please find the pcap data. Hope, this will help you to understand the communication. Ip ending with 54 is client and Ip ending with 133 is server.
Thanks,
- JRahm
great, thanks ndubey2. so since there is no http traffic on this, you will not want an http profile, and with that, the http commands won't help you. You'll need to look at the application requests from the client immediately after the handshake and understand the offsets in the packets so that you can do a binary scan on that traffic to forward to the correct pools. An example of that is here in this article:
https://community.f5.com/t5/technical-articles/advanced-irules-binary-scan/ta-p/289249
Here's a decode of DNS traffic in client request and server response (note that this iRule needs work to be used in production, it uses global variables that will pin all traffic on any virtual the iRule is applied to to a single TMM):
https://community.f5.com/t5/codeshare/dns-decoding/ta-p/291362
