Forum Discussion
Load balancing SMPP authentication with MRF and no iRules. Can it be done?
Hi DevCentral,
I will be honest, I do not completely understand how SMPP works, and the full requirements, but of all the configurations required this is the one that's throwing me for a loop.
The scenario is as follows;
When an external client initiates a connection to the VS, they are required to authenticate to two servers located in two differing subnets. The LTMs must traverse other gateways to reach these subnets.
The requirements are to allow the connecting client to authenticate to both servers and any subsequent messages are load balanced to either of the servers, and if possible persist to only one based on the client/source. If the server fails, the pool will reselect and direct the connection to the available member. If the authenticated session fails, or the client closes the connection, they will re-authenticate to both servers and then load balancing can take place as before.
I have looked at an iRule example by Dev member NAT, and trying to understand it at the moment. Some of it I get but the majority still escapes me, and I'm currently watching a TCL crash course to try and understand further.
Referencing this post, from Dev user Sam, showing the SMPP message flow, which seems similar to Diameter, and from this I have been looking at MRF to possibly circumvent the iRules, limiting the complexity for future modifications.
I have not begun configuring the SMPP services as yet, focusing on other configurations required prior to undertaking this one which seems mentally as a challenge. The HA pair LTMs are currently running version 12.0.0 1.0.0.628.
My questions are;
-
Is it possible to undertake this task without using iRules? and if so, any suggestions/tips for the configuration?
-
Based on the message flow, is MRF viable for this solution?
-
If iRules are required for the requirements, can the iRule example (from above) be used to satisfy this requirement?
I would appreciate any assistance regarding the above, and also, feel free to ask for any information which can hopefully aid in a resolution.
Best regards,
T33
- Segman_342030Nimbostratus
Hi Arturo and Nat, Can you share what you did on the iRule? We are trying to do very similar solution
Thank you, Yoav
- ArturoEmployee
yes, it is possible to do load balance SMPP traffic using MRF. But the iRule is still needed. You need to read the payload manually and then create the persistence record based on some field.
Good luck
- guy_dahanAltostratus
Hi,
did you managed to create this configuration ?
- T33_94464Nimbostratus
Thus far this is the algorithm I've come up with;
Code When request from ESME; Is it a bind transmit from ESME Yes Send to both pool members else Is it an unbind Send to both pool members else //assuming all other messages are submit_sm related Load balance to either member
Hopefully I'm on the right track here
T33
- Nat_ThirasuttakornEmployee
in my opinion,
1.Is it possible to undertake this task without using iRules? and if so, any suggestions/tips for the configuration?
No, it is not possible
2.Based on the message flow, is MRF viable for this solution?
yes, MRF should be able to help.
3.If iRules are required for the requirements, can the iRule example (from above) be used to satisfy this requirement?
I believe the iRule example sort of satisfy this requirement. the different is, for example, it may not try to authenticate to all server at beginning, it may do authenticate when it connects. perhaps, with a small modification you can get exactly what you need.
However, one thing to note, the iRule example is based on "mblb" profile which is old way for doing message-based load balancing. "mblb" will be obsoleted in near future. MRF is current framework for message-based routing. I would suggest using MRF for a better supportability. but you need to re-write iRule for it.
the MRF related iRule syntax can be found here...
https://devcentral.f5.com/wiki/iRules.GENERICMESSAGE.ashx
https://devcentral.f5.com/wiki/iRules.MR.ashx
I don't have sample MRF iRule to show at the moment (maybe other member have) when I have a chance I may post some example here
Nat
Hi T33,
The requirements are to allow the connecting client to authenticate to both servers and any subsequent messages are load balanced to either of the servers, and if possible persist to only one based on the client/source
I don't get the point why you want to authenticate the client to both pool members, if you're going to persist the client via its source IP address to one of the pool members?
Im my opinion it would just make sense to authenticate to both servers, if you need to implement a per-message load-balancing based on certain SMPP informations, isn't it?
Do you have such requirements?
Cheers, Kai
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com