UDP Profile?

Did you apply the UDP Profile to the VIP?

 

 

/CB

 

Hi

 

 

Thx for the advice. I solved this by asisgning back the UDP profile for the VIP.

 

 

However, I found problem in iRule, it cannto really able to find the strings pattern "10.12.1." or "10.12.2." inside the UDP packet. is my syntax wrong?

 

 

help!

Hi,

 

 

What are you looking for ? the client IP address ? if yes it is not within the payload.

 

 

The payload is the data transmitted for the application on the other end.

 

 

If you are interested in the client IP address you may try this:

 

 

when CLIENT_ACCEPTED {

 

if { [IP::client_addr] starts_with " 10.12.1." } {

 

use pool pool1

 

}

 

elseif { [IP::client_addr] contains "10.12.2." } {

 

use pool pool2

 

}

 

}

 

 

Hi

 

 

actually, I want to extract the value of RADIUS attribute "Framed-IP-Address" in RADIUS UDP packet. would you mind advising me what should I do?

 

 

rk

Hi,

 

 

to do so you'll need to transform the payload before doing any analysis with the command binary scan.

 

 

Here is an article which show how to manipulate radius data: Click here

 

 

Another one: Click here

Hi

 

 

it is too complicated to me. is there any code can be shared so that I can understand it more easily?

 

 

rk

 

If you do a search in this forum with the keywords radius you will see a lots of example that may be easier to understand.

radius use type-length-value (TLV) to store attribute and it stores in binary not in clear text. I think you either need to use irule to loop and extract each attribute one by one until you find what you want or search by using binary instead of clear text (see below for the later case).

 

 

you might check RFC2865 for complete protocol format.

 

 

protocol format for framd-ip-address is

 

type=8 => 08 in hex

 

length=6 => 06 in hex

 

data= (4 bytes IP address)

 

if IP is 10.12.1.x it should look like this..

 

10.12.1 => 0a0c01 in hex

 

 

hex data that you are looking for becomes

 

08060a0c01 (ignore last octet of IP)

 

 

use binary format to creat binary data

 

 

set bdata1 [binary format ccccc 8 6 10 12 1 ]

 

if { [UDP::payload] contains $bdata1 } {

 

use pool pool1

 

log local0. "use pool 1"

 

}

 

 

I think it should work. if not, I will let you know another idea.

Hi

 

 

thank for the info. I tried. but it seems cannot work. should we use binary scan instead of "contains"?

 

 

rk

Hi

 

 

 

I have tried this

 

 

 

when CLIENT_DATA {

 

set bdata1 [binary format ccccc 8 6 10 12 1]

 

set bdata2 [binary format ccccc 8 6 10 12 2]

 

if {[UDP::payload[]] contains $bdata1 } {

 

log local0. "use POOL1"

 

pool POOL1

 

}

 

elseif {[UDP::payload[]] contains $bdata2 } {

 

log local0. "use POOL2"

 

pool POOL2

 

}

 

}

 

 

However, I observed two problems.

 

Problem 1, from the /var/log/ltm, I got

 

 

Mar 26 18:40:53 tmm tmm[1571]: Rule FIP_route1 : use POOL2

 

Mar 26 18:40:53 tmm tmm[1571]: 01220001:3: TCL error: FIP_route1 - Address in use (line 9) invoked from within "pool POOL2"

 

Mar 26 18:41:01 tmm tmm[1571]: Rule FIP_route1 : use POOL1

 

Mar 26 18:41:01 tmm tmm[1571]: 01220001:3: TCL error: FIP_route1 - Address in use (line 9) invoked from within "pool POOL1"

 

 

Problem 2,

 

although the log show the correct pool is used, but the real packet is not route to the correct pool.

 

 

I cannot figure out the problem. please help!

 

 

rk