Forum Discussion
Nimbostratus[iRule] Pool redirect using hex values
Hi guys,
I'm trying to find out how to do pool redirection using hex values. Has anybody ever tried that?
So I have a packet, for example, I'd like to read the 10th hex value of that whole packet, if it's "10" redirect it to Pool A, and if it's "12" redirect to Pool B.
I am not even sure if F5 can delve deep into hex values of a packet,thus asking if anybody ever did this before..
Cheers.
10 Replies
- Kevin_Stewart
Employee
Try this:
when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { grab 15 hex bytes binary scan [TCP::payload] H15 hex look at the 10th hex value switch [string index $hex 10] { 10 { pool poolA } 12 { pool poolB } } release the payload TCP::release }This of course assumes that the 10th hex value in EVERY TCP packet, or at least the first in each new TCP session is always a "10" or "12". Otherwise you'd need to employ some form of persistence to manage subsequent requests.
ciscoarcThanks Kevin, but this didn't work.
I put a log local0. in your code, and it seems to stop after binary scan.
- Kevin_Stewart
Okay, so what happens if you do this?
when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { grab 15 hex bytes binary scan [TCP::payload] H15 hex log local0. $hex release the payload TCP::release }I'd set a static pool in the VIP and disable all but one member for this test.
I also should have asked this earlier, but is this TCP or UDP traffic?
- ciscoarc
I think there is some kind of misconception from my part.
CMIIW, F5 has an external and internal interface, so when packet arrives at external interfaces ( I assume this is where CLIENT_ACCEPTED kicks in), it will be encrypted in SSL and the hex value is different from what I need.
Is there someway to check this hex value AFTER it is decrypted ?
- ciscoarcIt's a TCP traffic.
- Kevin_Stewart
Give this a shot:
when CLIENTSSL_HANDSHAKE { SSL::collect } when CLIENTSSL_DATA { binary scan [SSL::payload] H15 hex log local0. $hex SSL::release }Same idea, but after SSL decryption.
- ciscoarc
Brilliant Kevin. The log local0. $hex found what I need from CLIENTSSL_DATA.
Result : Rule /Common/X-Route : 006660001080000
But the pool redirection using switch / if [string index $hex 9] equals "1" and [string index $hex 10] equals "0" still doesn't work.
The value I'd like to grab is the "10" in the middle (just before 80000).
- Kevin_Stewart
I believe its a zero index, so have you tried indexes of 8 and 9?
Also
log local0. [string range $hex 8 9] - ciscoarc
I think that works somehow.
Don't know if this is a problem related, but the pool A server can't read the data. Looking from a wireshark, apparently the F5 sends an "F" flag before the server has the opportunity to read the data.
Is there a way to make it sort of "hold" the connection for a couple of seconds more.
- ciscoarc
Sorry just ignore the last one.
It's from the apps. They need to change something and it's working fine now.
Thanks Kevin for the help. Cheers.
