For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

BKNwe_10326's avatar
BKNwe_10326
Icon for Nimbostratus rankNimbostratus
Sep 30, 2011

Radius UTP Irule if from send to WIP

Can anyone provide some information on making an Irule, on an LTM, as follows?:

 

 

 

 

 

If connection is sourced from 10.95.76.1, and the destination is to a virtual server IP of 10.95.216.7, using utp port 1812 (Radius), send the connection to the WIP on a GTM of test.radius.net.

 

 

 

 

 

 

 

 

 

FYI:

 

The GTM WIP will have two virtual servers, using port 1812, in different physical locations.

 

 

 

 

 

We have to use an Irule, because:

 

1. We can't put in the GTM WIP URL on the APM, because the APM turns the URL into the current IP that's in

 

use on the GTM.

 

2. We can't point the APM to a virtual server, because both of these servers are located in different/

 

physical locations. And one of the LTM's are setup so the internal servers cannot see the internal network.

 

application delivery
dev
devops
iRules

3 Replies

  • Ferg_104721's avatar
    Ferg_104721
    Icon for Nimbostratus rankNimbostratus
    Oct 31, 2011
    see udp section to catch client

     

    http://devcentral.f5.com/wiki/iRules.Events.ashx

     

     

    see section of ip options and tcpm options

     

    http://devcentral.f5.com/wiki/iRules.IP.ashx

     

    http://devcentral.f5.com/wiki/iRules.TCP.ashx

     

     

    if remote_addr = X and tcp = 1812

     

    pool member

     

    else

     

    X

     

     

    OR have a read of this

     

     

    http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/52/aft/26680/showtab/groupforums/Default.aspx

     

  • Kurt_Knochner_5's avatar
    Kurt_Knochner_5
    Icon for Cirrus rankCirrus
    Oct 31, 2011
    Posted By BKNwe on 09/30/2011 06:45 AM

     

    If connection is sourced from 10.95.76.1, and the destination is to a virtual server IP of 10.95.216.7, using utp port 1812 (Radius), send the connection to the WIP on a GTM of test.radius.net.

     

    Do you mean this: If the connection comes in, the LTM should resolve test.radius.net (probably within an iRule) and balance the connection to the ip address it gets?

     

     

    If yes: Why not just use a pool with two nodes.

     

    If no: I would need a bit more information what you are trying to do.

     

     

    Regards

     

    Kurt Knochner

     

  • Parinya_Ekparin's avatar
    Parinya_Ekparin
    Icon for Nimbostratus rankNimbostratus
    Oct 31, 2011
    I'm not sure about your requirement. From what I understand, incoming RADIUS packets will arrived at a single virtual server and what you want is balancing those packets across two data centers. Is that right?

     

     

    It would be good if you can provide us network diagram to let us know more about your network environment and understand your requirement.