Forum Discussion

draw34_179576's avatar
draw34_179576
Icon for Nimbostratus rankNimbostratus
Dec 17, 2014

radius persist irule with multiple vendor specific attributes

Hi,

 

I've been looking into the predefined RADIUS::avp command, documented here: https://devcentral.f5.com/wiki/irules.RADIUS__avp.ashx

 

Of particular interest is this option:

 

RADIUS::avp attr [attr_type] [index x] [vendor-id y] [vendor-type z]¶RADIUS Vendor-Specific attributeOptional attr_type = ( octet | ip4 | ip6 | integer )See example belowIntroduced in Version 11.4.0

 

In my situation, I have a RADIUS flow that has multiple VSAs, with the same vendor-id and vendor-type, e.g.

 

VSA 1 Type: AVP 26, Vendor-Id 9, Vendor-Type 1 Value: attribute1=string1

 

VSA 2 Type: AVP 26, Vendor-Id 9, Vendor-Type 1 Value: attribute2=string2

 

I would like to use UIE persistence based upon a desired value, for example attribute2.

 

The tricky bit for me is pulling the value out.

 

If I modify the index, I can see the value I want, e.g.

 

[RADIUS::avp 26 "string" index 0 vendor-id 9 vendor-type 1] returns attribute1=string1

 

[RADIUS::avp 26 "string" index 1 vendor-id 9 vendor-type 1] returns attribute2=string2

 

The problem is the index values will change, as the number of VSAs in a stream is variable. In some flows, attribute2 may be in index 1, in other flows it may be in index 8.

 

I'm wondering if anyone could offer advice in regards to an efficient way to extract this.

 

I'm not opposed to something like a for loop, however I'm not sure of the best way to do this since the index length is variable.

 

Thanks.

 

application delivery
devops
iRules
radius

1 Reply

  • Sophie_D_175631's avatar
    Sophie_D_175631
    Icon for Nimbostratus rankNimbostratus
    Feb 26, 2015

    Hello,

    Interesting question - I didn't realize that some vendors reuse the same sub-type for different VSAs. How inconvenient!

    It sounds like you need to loop through values at each index until you find the one you want to persist on. Yes, it will be somewhat costly in terms of performance. Something like this:

    when CLIENT_DATA {
    set i 0
    set val [RADIUS::avp 26 "string" index 0 vendor-id 9 vendor-type 1]
    while { $val ne "" } {
        log local0. "AVP at index $i has value $val"

        if {  } {
            persist uie $val
            set val ""
        } else {
            incr i
            set val [RADIUS::avp 26 "string" index $i vendor-id 9 vendor-type 1]
        }
    }    
}

    I found this table which I assume you've been using for reference. Unfortunately, that table doesn't specify possible values for each attribute nor length, nor how these values are encoded.

    The tricky part is determining if this is the correct AVP just by looking at the value. That was the intention of Vendor Sub-type, but since some vendors don't follow that standard, you'll have to think of a clever way to figure this out.

    Hope this helps!