Radius and HTTP Header insertion

Hi Colin, and thank you for helping.

 

I will receive Radius "Start Accounting" and "Stop Accounting" data; this data contains a telephone number, and I will have to associate this telno with IP address. When I will receive HTTP sessions from that IP address, I will then have to insert an HTTP header with the 'linked' telno in the HTTP session.

 

telno = 13 digits, ipaddr = 12 digits, so let's say 30 bytes of data per radius session, considering some overhead. So with only 1MB of memory I would be able to have 30k sessions stored.

 

If this is possible, the other question is if global variables can be arrays or something like that, and if concurrent sessions of iRules can read/write to the same variable. Or, perhaps, if it would be possible to have one different variable per IP address.

 

 

Thanks again,

 

Pietro

Yes, you could use either a Tcl array or the session table for this. The session table has the added feature that it times unused entries out after a period of time whereas a Tcl array could grow and grow and grow without bound (well eventually you would exhaust memory).

 

 

So, you could certainly receive those Radius messages, parse out the necessary information, make a session table entry and then as HTTP requests come in, lookup the session table and get the telno and insert it in the HTTP request. Sounds like a fun project.

 

where can I find a doc on iRules API?That's a question we keep asking ourselves. Stay tuned to DevCentral and hopefully you'll get an answer. For now, there's DevCentral and on AskF5 there's a reference manual.

 

there is a way to share variables among different BIGIPs?No. You would need to do something very elaborate like make the requests go through both BIG-IP's or use some of the retry logic we added in 9.2 to sync the request between both BIG-IP's.

 

is it possible for me to set some user-configuration variables?What we call Data Groups or Classes are the only option for this at this time.

 

is it possible to send back Radius replies or will I need a backend server to handle Radius?You probably will want a backend server unless your Tcl programming skills are great. It is possible to craft a response, but it would require building binary data in Tcl.

 

How much is BIGIP scalable?That's a very difficult question to answer on-spec. There are many variables that influence the performance of the BIG-IP. Yes, it is very scalable, but exactly how much it can handle is going to depend on a number of factors, even including the rule you mention developing above. Your sales engineers should be able to give you similar performance data that would allow you to extrapolate a general idea. Then when you have everything in place and can measure actual data, you should be able to further extrapolate how scalable the BIG-IP will be in your scenario.

The best way I can think of would be to forward the request from one BIG-IP to the other BIG-IP. You would need a mechanism to know whether to forward to the next BIG-IP or onto the real server.

 

 

I would handle this by setting up an extra virtual to be used as the target from another BIG-IP. You could then know whether to forward to the other BIG-IP or on to the real server based on the destination address.

 

 

Of course, this will add a little bit of latency as your routing the requests through additional devices, but that seems trivial compared to the added capability.

 

 

Hope that helps.

I'll add that in the event the standby is down, you'll likely get an LB_FAILED event. So, in that event you can then check to see if the request was going to the other BIGIP and if so, retry directly to the real server.