iRule to Hunt on SIP 503 Response

Question

Hello,&nbsp;
&nbsp;In the telephony world, if an SBC receives a SIP 503 from one telco provider, it can hunt to the next one.&nbsp;
&nbsp;I have two servers in a pool that is associated with a virtual server with a SIP profile.  Normally, if one of the servers responds with a SIP 503 error, it forwards that back to the caller.&nbsp;
&nbsp;I would like to set it up so that, if one server in the pool responds with a 503 error, the LTM goes on to try the other server in the pool.&nbsp;
&nbsp;F5 support didn't have any answer on this, but they thought it might be able to be done with an iRule and suggested DevCentral.&nbsp;
&nbsp;Thx,&nbsp;
&nbsp;Paul   &nbsp;

chris_miller · Answer

While we could probably do something with an iRule, why not just create a SIP health monitor that considers the pool member down if it returns a 503 and set your Pool's "Action on Service Down" to reselect? Or were you looking for something else? 
&nbsp;  
&nbsp; I can see some options from SIP::response to look for the code but am not entirely sure how to trigger LB::reselect from there...

pgermain_71805 · Answer

Apparently, the SIP monitor keepalive uses the OPTIONS method, which doesn't always return a 503 in the same cases where a call from an external caller would.  If  that could be customized we would be in business.

chris_miller · Answer

How about an Inband monitor?

hoolio · Answer

I think an inband monitor will only detect connection failures (or with an HTTP profile no response failures): 
&nbsp;  
&nbsp;  
&nbsp; Manual Chapter: Health and Performance Monitors 
&nbsp;  
&nbsp; http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_1/ltm_appendixa_monitor_types.html?sr=138265381192393 
&nbsp;  
&nbsp; With an Inband type of monitor, the BIG-IP system performs passive monitoring as part of client requests. Replacing the need to write an iRule to perform passive monitoring, an Inband monitor works with either a Standard or a Performance (Layer 4) type of virtual server. 
&nbsp; When you configure an Inband type of monitor, the monitor, when acting as a client, attempts to connect to a pool member and behaves as follows: 
&nbsp;  
&nbsp; If the pool member does not respond to a connection request after a user-specified number of tries within a user-specified time period, the monitor marks the pool member as down. 
&nbsp;  
&nbsp; After the monitor has marked the pool member as down, and after a user-specified amount of time has passed, the monitor tries again to connect to the pool member (if so configured). 
&nbsp;  
&nbsp; ... 
&nbsp;  
&nbsp; Standard with no HTTP profile 
&nbsp;  
&nbsp; If you configure an Inband monitor and associate it with a Standard type of virtual server that does not reference an HTTP type of profile, a passive failure occurs when a connection is established with the pool member, or the pool member is responding to requests (or both), and the maximum retransmit times specified in the TCP profile are exceeded. 
&nbsp;  
&nbsp; After a pool member has been marked down by the Inband monitor for the number of seconds specified in the Retry Time setting (if the value is non-zero), the pool member becomes eligible to receive a request. If the client is able to successfully establish a connection with the pool member, the pool member is marked up when the connection is completed.  
&nbsp;  
&nbsp;  
&nbsp; How about using Chris' idea of checking the response status in SIP_RESPONSE, calling LB::down and then having the pool action on service down set to reselect?   
&nbsp;  
&nbsp; Else, you could try using a external monitor to send the exact SIP request you'd need to to trigger a failure like the client would receive.  This wouldn't reselect on a client request getting a 503, but would take the pool member out of load balancing if the member was giving 503's for all clients. 
&nbsp;  
&nbsp; Here's a template you could try for an external monitor: 
&nbsp; http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/TemplateForExternalLtmMonitors.html 
&nbsp;  
&nbsp; Aaron

james_thomson · Answer

I'm just starting to work on a project to accomplish this same thing. 
&nbsp;In our scenario, the 403 or 404 error doesn't mean that the server is down, it just means that the server does not own that session.&nbsp;
&nbsp;Imagine I have 10 sip servers behind a vip. I start a session and set up a chat session with chat id 1234. Our software assigns that chat session to server 4.  BIG-IP didn't see this request, it was done on that backend.&nbsp;
&nbsp;I tell someone to come chat with me at the vip IP and chat id 1234.
&nbsp;The BIG-IP then sends this request for chat session 1234 to server 1, server 1 doesn't have it so it responds with 404.  
&nbsp;I need to get the BIG-IP to see the 404, then send the sip request to server 2, then 3, etc.. on down the line until it gets a valid response and pass that response on to the client.&nbsp;
&nbsp;Essentially, SIP::retry.
&nbsp;This earlier message had the same problem with no resolution:
&nbsp;http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/1171557/showtab/groupforums/Default.aspx&nbsp;

Forum Discussion

iRule to Hunt on SIP 503 Response

6 Replies

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

threat hunting guide

Hunt The Wumpus

Introduction of Incident Response

F5 NGINX API Gateway: Simplify Response Manipulation

iRule to take cookie from HTTP Response into HTTP Request via table

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS