Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Grzegorz_Skrzyp's avatar
Grzegorz_Skrzyp
Icon for Nimbostratus rankNimbostratus
Jan 28, 2014

Radius attributes based balncing question

Hi Experts, This is my first rule - you know what this mean :) OK - the goal is to have pool member selection based on RADIUS attribute. I have on my box: when RULE_INIT { set static::debug_c...
application delivery
deployment
devops
irules
Grzegorz_Skrzyp's avatar
Grzegorz_Skrzyp
Icon for Nimbostratus rankNimbostratus
Jan 28, 2014

OK - maybe this is not the optimal, but when I changed the event to CLIENT_ACCEPTED I was able to change the pool and its member according to any RADIUS attribute. Mission acomplished :)

 

Grzegorz_Skrzyp's avatar
Grzegorz_Skrzyp
Icon for Nimbostratus rankNimbostratus
Jan 29, 2014
Yes, thank you Mohamed - it was very inspiring to me. Finally my iRule is looking like this one: 
when RULE_INIT {
    set static::version 1.0
    set static::debug_custom_attribute 1
    set static::auth_pool POOL_RADIUS_auth
    set static::odd_member 192.168.36.1
    set static::even_member 192.168.36.2
}

when CLIENT_ACCEPTED {
     Displays script version
    if { $static::debug_custom_attribute } {
        log local0. ">>>> iRule script version: $static::version"
    }

     getting the Calling-Station-ID from the Radius packet
    set callingId  [RADIUS::avp  31 "string"]
     check if the callingId has any value
    if { $callingId ne ""}{
        checking Calling-Station-ID as callingId priority
        set is_odd [expr $callingId & 1]
        if { $is_odd } {
            if { $static::debug_custom_attribute } {
                log local0. "Calling-Station-Id: $callingId is odd"
            }
            pool $static::auth_pool member $static::odd_member
        } else {
            if { $static::debug_custom_attribute } {
                log local0. "Calling-Station-Id: $callingId is even"
            }
            pool $static::auth_pool member $static::even_member
        }
    } else {
         there is no Calling-Station-ID set in Radius packet
        if { $static::debug_custom_attribute } {
            log local0. "Radius packet hasn't got Calling-Station-Id set"
        }
         we do normal load balancing around servers defined in pool
        pool $static::auth_pool
    }
}
when LB_FAILED {
     triggered when selected server is down
    if { $static::debug_custom_attribute } {
        log local0. "Selected server: [LB::server addr] is down"
    }
     doing normal new server election from the pool 
    pool $static::auth_pool
    LB::reselect
}

 for DEBUG only
when LB_SELECTED {
     triggered when new server is selected: "manually" or by re-election
    if { $static::debug_custom_attribute } {
         log local0. "New server selected: [LB::server addr]"
    }
}
when SERVER_CONNECTED {
     triggered when selected server is connected
    if { $static::debug_custom_attribute } {
        log local0. "Server connected: [IP::remote_addr] from: [IP::local_addr]"
    }
}
}