Forum Discussion
AltostratusSet the same iRule on TCP and UDP VS
Hi all,
I have written an iRule that i'd like to deploy both on TCP and UDP VS.
To achieve that i have something in my code like :
set protocol [IP::protocol]
set dest_port [expr { $protocol == 6 ? [TCP::local_port] : [UDP::local_port] }]
When i put this iRule on my TCP VS with a standard type, i have the following error :
UDP::remote_port in rule (/Common/mitigate_scans) requires an associated BIGPROTO or UDP profile on the virtual-server
But if i switch my TCP VS to a FastL4 type then the error doesn't raise anymore and it works as expected.
Here are my questions :
- Why is there a difference linked to the type of my VS ? Why can i deploy this iRule on a FastL4 type ?
- Is there any code trick that would allow me to deploy the same code both on UDP and TCP VS with a standard type ?
Thanks in advance for your feedback.
Sylvain
Sylvain_GoulmyHi all,
Do someone has some thoughts about this ?
Thanks in advance.
ldesfossesCirrus
I think you'll not be able to use UDP::something if your VS is not in FastL4 ( BIGPROTO ) or UDP. I understand it's not "normal" because UDP is not called if the VS is not in UDP.
When a VIP is configured in FastL4, it handle each packet, even for TCP, and a single packet.
https://support.f5.com/csp/article/K8082#l4
This is the only difference I see that can explain why it work in FastL4 and not in Standard. I suspect that to save memory, a VIP in TCP/Standard will not load all the event, UDP in your case. It's pure speculation tho.
- Sylvain_Goulmy
Thank you for your input.