For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Philippe_CLOUP's avatar
Philippe_CLOUP
Icon for Employee rankEmployee
Sep 17, 2007

looking inside persistence table, through different Virtual Servers

I have created an irule to store, using universal persistence, the 2 things:   - the Client-IP adress connected to the VS.   - the Mac adress of the "lasthop" that sent the request t...
application delivery
dev
devops
iRules
leozou_80567's avatar
leozou_80567
Historic F5 Account
Dec 04, 2007
Hi deb,

 

I test this irule. I have some problem. I can find the lasthop MAC, But I can't find out the lasthop's IP.

 

When I use real lasthop MAC to replace $fwMAC,I can find out the lasthop's IP.

 

-----------------------------------------------------------------------

 

set fwIP [findclass 00:d0:c9:96:83:f7 $::fw_MAC2IP " "] is OK.

 

set fwIP1 [findclass $fwMAC $::fw_MAC2IP " "] does't OK.

 

------------------------------------------------------------------------------

 

 

So I think there is some problem in $fwMAC.

 

I check below rule:

 

---------------------------------------------------------------------------

 

if {$origin_vlan == "4093"}{

 

for client originated connections, use server pool & simple persistence

 

set session_key [IP::remote_addr]

 

log local0. "client connecting from vlan $origin_vlan - session_key = >$session_key<"

 

select inbound pool by name & apply simple persistence

 

pool pool2-https

 

persist source_addr 86400

 

create/update session table entry for reciprocal traffic

 

session add uie {$session_key any virtual} [LINK::lasthop] $::timeout

 

log local0. "http_pool1 pool selected, source_addr persistence & session table entry added for $session_key"

 

set fwMAC [session lookup uie {$session_key any virtual}]

 

log local0. "session add uie is --->$fwMAC<---------"

 

------------------------------------------------------------------------------

 

when testing, the display is:

 

 

Dec 4 18:04:45 tmm tmm[1052]: Rule bidirectional_firewall_persistence : vlan ID: 4093 client: 10.9.1.11

 

Dec 4 18:04:45 tmm tmm[1052]: Rule bidirectional_firewall_persistence : client connecting from vlan 4093 - session_key = >10.9.1.11<

 

Dec 4 18:04:45 tmm tmm[1052]: Rule bidirectional_firewall_persistence : http_pool1 pool selected, source_addr persistence & session table entry added for 10.9.1.11

 

Dec 4 18:04:45 tmm tmm[1052]: Rule bidirectional_firewall_persistence : session add uie is --->00:d0:c9:96:83:f7

 

Dec 4 18:04:45 tmm tmm[1052]: Rule bidirectional_firewall_persistence : vlan ID: 4093 client: 10.9.1.11

 

Dec 4 18:04:45 tmm tmm[1052]: Rule bidirectional_firewall_persistence : client connecting from vlan 4093 - session_key = >10.9.1.11<

 

Dec 4 18:04:45 tmm tmm[1052]: Rule bidirectional_firewall_persistence : http_pool1 pool selected, source_addr persistence & session table entry added for 10.9.1.11

 

Dec 4 18:04:45 tmm tmm[1052]: Rule bidirectional_firewall_persistence : session add uie is --->00:d0:c9:96:83:f7

 

 

 

The "session add uie is --->00:d0:c9:96:83:f7" does not include" <-----"

 

So I think there is some problem about the $fwMAC.

 

 

Would you pls help check what has happen? For I am urgent to use this iRule.

 

Thanks.