Hello, I believe I constructed an irule to properly a variable from text captured from two distinct points in the TCP Payload but I am not 100% certain the Irule will is persisting off this entity. can someone take a look below and see if this looks correct? I added the message load balancing profile on as well. The expectations are tat after collecting tcp payload for a new connection search for a string and then persists that string to a certain pool ( contains 2 servers). all subsequent matches for that same string in payload need to go to that pool. I also want the pool to load balance diverse entities so not everything is on the same pool member. Does this look correct ? when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { set payload [TCP::payload] set entityID [findstr $payload "@" 1 ","] log local0. "$entityID: $entityID" pool XYZ persist uie $entityID log local4.info " Entity Session routing $entityID and setting persistence" TCP::release TCP::notify request }

A few thoughts: It looks like the iRule should work as it is. Are you seeing different or just questioning if it could fail? Unless you're specifically doing mblb, I don't think you need the TCP::notify. TCP load balancing is by default session-based, so all traffic within a single TCP session will stick to the same node after an initial decision. I threw in some additional logging to show what the persistence record actually points to per TCP session. when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { set entityID [findstr [TCP::payload] "User-Agent: " 12 " "] log local0. "entityID = $entityID" persist uie $entityID log local0. "using persistence for entityId ($entityID): [persist lookup uie $entityID]" TCP::release }

Are you 100% sure there will always be an '@" in the first stream of data sent by the client?

Yes after the intial SSL handshake the first TCP payload will contain the entity and it will be after the "@" sign and before the ","

I think what Giltjr is asking is if the entityID value will be in every TCP packet? Load balancing persistence is (TCP) session-based. Beyond that you need some pervasive mechanism to maintain that persistence across multiple TCP sessions. The client must pass some unique and persistent value in every new TCP session for this to work.

the entity ID will only be available in the first few TCP packets then it will no longer appear. That could potentially be a problem. You'll need some piece of information from the client in each new TCP session after the initial load balancing decision to maintain that persistence. Is this a protocol that maintains one long TCP session, or is it like HTTP and can have multiple TCP sessions over the life of the application session? If the latter, is there anything else unique about the client that can be used, or is supported by the client for persistence? Is source address an option?

Load Balancing based off TCP Payload entity

33 Replies

Kevin_Stewart
Employee
Jul 01, 2014
A few thoughts:

It looks like the iRule should work as it is. Are you seeing different or just questioning if it could fail?

Unless you're specifically doing mblb, I don't think you need the TCP::notify. TCP load balancing is by default session-based, so all traffic within a single TCP session will stick to the same node after an initial decision. I threw in some additional logging to show what the persistence record actually points to per TCP session.

when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { set entityID [findstr [TCP::payload] "User-Agent: " 12 " "] log local0. "entityID = $entityID" persist uie $entityID log local0. "using persistence for entityId ($entityID): [persist lookup uie $entityID]" TCP::release }
giltjr
Nimbostratus
Jul 02, 2014
Are you 100% sure there will always be an '@" in the first stream of data sent by the client?
jgranieri
Nimbostratus
Jul 02, 2014
Yes after the intial SSL handshake the first TCP payload will contain the entity and it will be after the "@" sign and before the ","
Kevin_Stewart
Employee
Jul 02, 2014
I think what Giltjr is asking is if the entityID value will be in every TCP packet? Load balancing persistence is (TCP) session-based. Beyond that you need some pervasive mechanism to maintain that persistence across multiple TCP sessions. The client must pass some unique and persistent value in every new TCP session for this to work.
Kevin_Stewart
Employee
Jul 02, 2014
the entity ID will only be available in the first few TCP packets then it will no longer appear.

That could potentially be a problem. You'll need some piece of information from the client in each new TCP session after the initial load balancing decision to maintain that persistence. Is this a protocol that maintains one long TCP session, or is it like HTTP and can have multiple TCP sessions over the life of the application session?

If the latter, is there anything else unique about the client that can be used, or is supported by the client for persistence? Is source address an option?
Kevin_Stewart
Employee
Jul 04, 2014
First, just add a log local0. [TCP::payload] statement in your CLIENT_DATA event. I'm also guessing from this output that the collected data isn't text, and more important, there's more than one TCP session. Before going any further, add that additional log statement and see what the payload actually looks like.
nitass
Employee
Jul 06, 2014
i think if one client-side connection has multiple id (one id per packet), you need LB::detach or mblb.

also if there is multiple id per packet, i think you have to use mblb.

nitass

Employee

Jul 06, 2014

this is mblb example.

 config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:7
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        mblb { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 47
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:7 {
            address 200.200.200.101
        }
        200.200.200.111:7 {
            address 200.200.200.111
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  log local0. ""
  TCP::collect
}
when CLIENT_DATA {
  log local0. ""
  set id [findstr [TCP::payload] @ 1 ,]
  persist uie $id
  TCP::release
  TCP::notify eom
  TCP::collect
}
when SERVER_CONNECTED {
  log local0. ""
  TCP::collect
}
when SERVER_DATA {
  log local0. "id=$id server=[IP::server_addr]:[TCP::server_port]"
  TCP::release
  TCP::notify eom
  TCP::collect
}
}

 persistence

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records
Sys::Persistent Connections
universal  3  172.28.24.10:7  200.200.200.111:7  (tmm: 1)
universal  1  172.28.24.10:7  200.200.200.111:7  (tmm: 1)
universal  2  172.28.24.10:7  200.200.200.101:7  (tmm: 1)
Total records returned: 3

 /var/log/ltm

[root@ve11a:Active:In Sync] config  tail -f /var/log/ltm
Jul  6 00:15:25 ve11a info tmm1[29362]: Rule /Common/qux :
Jul  6 00:15:26 ve11a info tmm1[29362]: Rule /Common/qux :
Jul  6 00:15:26 ve11a info tmm1[29362]: Rule /Common/qux :
Jul  6 00:15:26 ve11a info tmm1[29362]: Rule /Common/qux : id=1 server=200.200.200.111:7
Jul  6 00:15:30 ve11a info tmm1[29362]: Rule /Common/qux :
Jul  6 00:15:30 ve11a info tmm1[29362]: Rule /Common/qux :
Jul  6 00:15:30 ve11a info tmm1[29362]: Rule /Common/qux : id=2 server=200.200.200.101:7
Jul  6 00:15:33 ve11a info tmm1[29362]: Rule /Common/qux :
Jul  6 00:15:33 ve11a info tmm1[29362]: Rule /Common/qux : id=1 server=200.200.200.111:7
Jul  6 00:15:36 ve11a info tmm1[29362]: Rule /Common/qux :
Jul  6 00:15:36 ve11a info tmm1[29362]: Rule /Common/qux : id=1 server=200.200.200.111:7
Jul  6 00:15:38 ve11a info tmm1[29362]: Rule /Common/qux :
Jul  6 00:15:38 ve11a info tmm1[29362]: Rule /Common/qux : id=2 server=200.200.200.101:7
Jul  6 00:15:43 ve11a info tmm1[29362]: Rule /Common/qux :
Jul  6 00:15:43 ve11a info tmm1[29362]: Rule /Common/qux : id=3 server=200.200.200.111:7

nitass

Employee

Jul 06, 2014

this is LB::detach example.

 config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:7
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 47
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:7 {
            address 200.200.200.101
        }
        200.200.200.111:7 {
            address 200.200.200.111
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  log local0. ""
  TCP::collect
}
when CLIENT_DATA {
  log local0. ""
  set id [findstr [TCP::payload] @ 1 ,]
  persist uie $id
  TCP::release
  TCP::collect
}
when SERVER_CONNECTED {
  log local0. ""
  TCP::collect
}
when SERVER_DATA {
  log local0. "id=$id server=[IP::server_addr]:[TCP::server_port]"
  TCP::release
  LB::detach
  TCP::collect
}
}

 persistence

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) show ltm persistence persist-records
Sys::Persistent Connections
universal  3  172.28.24.10:7  200.200.200.111:7  (tmm: 1)
universal  1  172.28.24.10:7  200.200.200.111:7  (tmm: 1)
universal  2  172.28.24.10:7  200.200.200.101:7  (tmm: 1)
Total records returned: 3

 /var/log/ltm
[root@ve11a:Active:In Sync] config  tail -f /var/log/ltm
Jul  6 00:23:32 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:34 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:34 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:34 ve11a info tmm[29362]: Rule /Common/qux : id=1 server=200.200.200.111:7
Jul  6 00:23:36 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:36 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:36 ve11a info tmm[29362]: Rule /Common/qux : id=2 server=200.200.200.101:7
Jul  6 00:23:38 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:38 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:38 ve11a info tmm[29362]: Rule /Common/qux : id=1 server=200.200.200.111:7
Jul  6 00:23:40 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:40 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:40 ve11a info tmm[29362]: Rule /Common/qux : id=1 server=200.200.200.111:7
Jul  6 00:23:43 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:43 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:43 ve11a info tmm[29362]: Rule /Common/qux : id=2 server=200.200.200.101:7
Jul  6 00:23:44 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:45 ve11a info tmm[29362]: Rule /Common/qux :
Jul  6 00:23:45 ve11a info tmm[29362]: Rule /Common/qux : id=3 server=200.200.200.111:7

jgranieri
Nimbostratus
Jul 07, 2014
Thanks Kevin & Nitass. let me try this and post back when I have some better results.

Forum Discussion

Load Balancing based off TCP Payload entity

33 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

AS3 Storage

f5 client certificate forwarding

How to configure pool to go down if multiple members are down

Terraform LTM provider - ICMP disabled on resulting VIPs

Problems connecting to vpn after upgrading to ubuntu 24.04

Related Content

Four Active/Active load balancing examples with F5 BIG-IP and Azure Load Balancer

HTTP Payload Collection

What is Load Balancing?

Load Balancing TCP TLS Encrypted Syslog Messages

Load Balancing WebSockets

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS