Forum Discussion

Jure_48098's avatar
Jure_48098
Icon for Nimbostratus rankNimbostratus
Dec 11, 2008

TNS TCP::payload replace

I'm trying to work out a solution for oracle TNS stream to replace HOST=VS-IP (virtual server IP) into HOST=PM-IP (pool member IP). The problem with TNS is, that it sends the host IP in payload as well and as we do NAT on the VS, the HOST value doesn't match.

The nodes and the VS are on the same subnet, so I need to do NAT on the VS. I'm been trying to figure out how to do a TCP::payload replace (how to get the offset for that string to replace). Can someone please help me with the replace string..

Thanks

Jure

At the moment I have: 

 
 when RULE_INIT { 
     set ::FIRST_PKT 1  
     set :RAVIP "10.10.10.10" 
 } 
 when CLIENT_ACCEPTED { 
     TCP::collect 
 } 
 when CLIENT_DATA { 
     set oradata [TCP::payload] 
     set orahost [ findstr $oradata "HOST=" 5 ")" ] 
     log local0. "Got ORAHOST=$orahost" 
     if { $orahost equals $:RAVIP }{ 
 set tcp_offset [ string first $oradata $orahost ] 
 test replace 
  Here i need to do a TCP::payload replace 0 [length] $pool::memberIP 
     } 
      release TCP data 
     TCP::release 
 }

application delivery
dev
devops
iRules
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 11, 2008
    Hi there,

    Normally, you wouldn't know the pool member IP address until the LB_SELECTED event. However, you can force the pool member selection using the LB::select command ().

    I think it might be possible (and more efficient) to use a stream profile and iRule to do this replacement. Can you try this example? You'll need to add a blank stream profile to the VIP. 

     
 when CLIENT_ACCEPTED { 
  
     Force selection of a pool member 
    set selected [LB::select] 
  
     Use the selected pool member 
    eval $selected 
  
     Parse the IP address of the selected pool member 
    set node_ip [lindex $selected 3] 
    log local0. "\$node_ip: $node_ip" 
  
     Set the replacement string.  Replace the VIP address with the pool member address. 
    STREAM::expression "@[IP::local_addr]@$node_ip@" 
  
     Enable the stream filter using the above expression 
    STREAM::enable 
 } 
 when STREAM_MATCHED { 
     This event is for debug only.  It can be removed/commented out once you're done testing. 
  
     Log when we find a string to replace 
    log local0. "Found [STREAM::match] in request" 
  
 }

    Aaron
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 11, 2008
    Also, I would think there is a method for telling the Oracle servers that they're being NAT'd and should accept the VIP address as an alias. You might consider searching for Oracle docs online that go over handling address translation or posting in the F5/Oracle Solutions forum (Click here).

     

     

    I'm still curious to see if the iRule would work, but I think it shouldn't be necessary.

     

     

    Aaron
  • Jure_48098's avatar
    Jure_48098
    Icon for Nimbostratus rankNimbostratus
    Dec 12, 2008
    Thanks a lot.. The iRule works perfectly, it just turned out, that it actually does work without one, just the test connect to oracle we were testing with had some problems.. So it was "an excercise to the reader" =)

     

     

    Thanks a lot

     

     

    Jure