Forum Discussion
khumfleet
Nimbostratus
NimbostratusStuck...Simple iRule? Not sure...req for Help
We are trying to use our LTM to route medical imaging (also known as DICOM) traffic to from our clients to one of two medical imaging archives (also known as a PACS) at our headquarters.
A little background on DICOM communication- to send a DICOM image to a PACS you need 3 things. An IP address, port number, and “Application Entity Title” (AKA- AE Title). Think of the AE Title as a host name for the PACS. The AE Title on the PACS must be unique to that network.
Our environment- Primary PACS communication happens on 192.168.1.10, port 12001, AE Title PACS_01. Backup PACS communication happens on 192.168.1.20 port 12001, AE Title PACS_02. We would like to have our clients point their systems to a VIP on the LTM so at the flip of a switch, route traffic to the backup PACS. The problem is, the AE Title. The backup PACS will refuse any traffic with an AE Title of PACS_01.
If we could have all of our clients point to VIP 192.168.1.15, Port 12001, AE Title INBOUND, we could modify the AE Title with an iRule, depending on which PACS we are routing to.
I have done some tcp captures and found the packet that the AE Title is contained in, however I am not sure how to code the iRule to do the TCP:payload replace. I was passed an example of the syntax that might help, but as I am a iRule Noob, I am having a hard time. Any help would be greatly appreciated.
Here is the code that I have:
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
TCP::payload replace [lindex OLDTITLE 0] 8 NEWTITLE
TCP::release
}
}
HamishCirrocumulus
A couple of thoughts... Is the AE_Title only at the beginning of the request? And how big can the request be? An open collect is dangerous. You really want to use managable sized chunks of data to collect and release.
Is thisntextual data? Would the change work better with a stream perhaps? (The proxy pass irule has a good implementation of a dynamic stream, but you may even be able to get away with a static one on the backup VS).
H
nitassEmployee
just wondering how we can modify tcp payload according to pool member which is selected. in case of HTTP, we have HTTP_REQUEST_SEND event but this is tcp.
khumfleetHamish;
I believe the length of the data in packet we are looking at is 281 bytes. I thought I saw code somewhere to allow you to specify length. I don't think the data is textual, probably binary, not that i know for sure, i am using wireshark and can search through the packet to find the AETitle i would expect embedded in the packet always at the same spot 0040 of the conversation. Does that make sense? Not sure about using a stream, i am more than happy to learn more so i will take a look ath the proxy pass irule, can we still do that if the data is not textual?- HamishPosted By nitass on 02/23/2012 06:57 AM
just wondering how we can modify tcp payload according to pool member which is selected. in case of HTTP, we have HTTP_REQUEST_SEND event but this is tcp.
And use one pool? Could do. Or implement the rewrite when the number of poolmembers in the default pool goes to 0 and then select the alternate pool.Then the client wouldnt have to worry about a second host to open the connection to.
- HamishPosted By khumfleet on 02/23/2012 08:24 AM
Hamish;
I believe the length of the data in packet we are looking at is 281 bytes. I thought I saw code somewhere to allow you to specify length. I don't think the data is textual, probably binary, not that i know for sure, i am using wireshark and can search through the packet to find the AETitle i would expect embedded in the packet always at the same spot 0040 of the conversation. Does that make sense? Not sure about using a stream, i am more than happy to learn more so i will take a look ath the proxy pass irule, can we still do that if the data is not textual?
I've never tried a stream on binary content before. I'm not sure what will happen since it cares about character encoding (ASCII being the default). You could try it with a hardcoded stream profile on the second vs and see if it works. No irule required then.Or you could try the single vs approach as above with the single vs detecting the primary PAC being down and accessing the secondary as a separate pool with a rewrite dynamically. So client doesnt need to open a second connection. But that may be overkill for you perhaps.
H
- nitassthanks Hamish!
for example, there is one pool with two members. how can we modify tcp payload sending to pool member based on pool member which is picked up?
if we divide one pool to two pools which each contains only one member, how can we distribute traffic to both pool members evenly? - HamishAssuming that we have twompools. A primary (default) and a secondary. Primary is always used (like group priority) unlesss its down. So in CLIENT_CONNECTED event we check available members of default group. If the number of available members is 0 we set the pool to the secindary pool using the 'pool' command and the setup a TCP::collect for the data.
When the data triggers we scan for the title (just in case it moves offset) and replace that with the title for the secondary pool and release the altered data (using TCP::payload replace)
H - HamishPosted By nitass on 02/24/2012 12:14 AM
thanks Hamish!
for example, there is one pool with two members. how can we modify tcp payload sending to pool member based on pool member which is picked up?
if we divide one pool to two pools which each contains only one member, how can we distribute traffic to both pool members evenly?
One pool? Not sure i see where we'd doit with one pool (although no doubt iwe could, it would get more complicated than a default pool and an alternate).One VS as above though.
H
- khumfleetHamish,
We currently have the LTM configured with one pool and both servers as members. I was able to use the iRule Editor to get the I rule offered above to act on incoming connections however further packet captures do not seem to reflect the "NEWTITLE" anywhere in the conversation. Can anyone tell me what this line of code is supposed to be doing?
TCP::payload replace [lindex OLDTITLE 0] 8 NEWTITLE
I am not sure about the 8? 
Nathan_68320Why not just have both servers use the same AE title? Then you could just distribute traffic to both of them and there would be no need to create this iRule?
FYI - That is how we do it in our environments. All Dicom servers are configured with their own AE, as well as a universal AE. All of the modalities are configured to use the universal AE. All Dicom servers are placed in a pool and then traffic is distributed across all of them.
Further, we have an alternate server/pool to be used during scheduled downtimes/maintenance windows. Rather than enforcing a downtime policy and instructing all the users to send to the "downtime" server, we just switch the active pool. As far as the users know, everything is exactly the same.- JulienM_23339Nathan, Your feedback is interesting. Do you use any specific iRule or stream profile to rename the AE ? Thank you