For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rubbishking_110's avatar
rubbishking_110
Icon for Nimbostratus rankNimbostratus
Mar 25, 2008

UDP Profile?

Hi All     I have created an iRules just now, however, it is failed when I tried to assigne to a virtual server.     "01070394:3: UDP::payload in rule (FIP_Route) requires an associated UD...
application delivery
dev
devops
iRules
mathiew_58773's avatar
mathiew_58773
Icon for Nimbostratus rankNimbostratus
Aug 27, 2008

 

Hello Guys,

 

 

would like to ask your assistance , we are new to IRULES

 

 

we have a requirement to load balance connections to multiple routers going to destination servers

 

 

 

-- client needs to authenticate to the backend radius server, one authenticated, client connections to multiple services ( WEB,FTP,WAP) shoud be persisted to

 

the same router in which the client passes thru when it sends radius accounting start to the backend radius server.

 

 

 

-- we also need to delete the persistence table for a particular client once it sends radius accounting stop to the backend server.

 

 

 

we have 2 VS on the F5 box. 1 for udp traffic and another 1 for tcp traffic, these are wildcard virtual servers.

 

 

Problem we encountered, client1 and client to is always being redirected to Router1, client connections is not being distributed multiple routers going to the

 

destination.

 

 

what is the Irules that we can use to load balance the radius request to multiple routers and persist the client connection based on framed-IP attributes of radius accounting

 

request

 

 

 

below is the Irules that we use for the 2 VS that we defined on the F5 box.

 

 

 

========================

 

Irule for VS 1

 

========================

 

rule VS1 {

 

when RULE_INIT {

 

array set ::msg_types {

 

4 "Accounting-Request"

 

5 "Accounting-Response"

 

255 "Reserved"

 

}

 

array set ::attr_types {

 

8 "Framed-IP-Address"

 

}

 

}

 

 

 

when CLIENT_DATA {

 

 

if { [UDP::payload length] > 4 } {

 

log "UDP::payload length [UDP::payload length]"

 

binary scan [UDP::payload] c hdr_code

 

log "radius type $::msg_types($hdr_code)"

 

binary scan [UDP::payload] @20a* rest_string

 

 

while { [string length $rest_string] >4} {

 

binary scan $rest_string cca* attr_id attr_length rest_string

 

scan $attr_length %i length

 

set ff [format "a%da*" [expr {$length} - 2]]

 

 

log "==== $::attr_types($attr_id)"

 

 

switch $attr_id {

 

1 { if the type of attrbuite is Framed-IP-Address

 

binary scan $rest_string $ff attr_value rest_string

 

log "attribute id: $::attr_types($attr_id); attribute length: $length; value: $attr_value"

 

persist uie $attr_value

 

}

 

8 { if the type of attrbuite is RADIUS_ATTR_FRAMED_IP_ADDRESS

 

binary scan $rest_string c4a* IPtmp rest_string

 

set IP {}

 

foreach num $IPtmp {

 

lappend IP [expr ($num + 0x100) % 0x100]

 

}

 

set attr_value [join $IP .]

 

log "$::attr_types($attr_id) value $attr_value"

 

log "attribute id: $::attr_types($attr_id); attribute length: $length; value: $attr_value"

 

persist hash $attr_value

 

}

 

default {

 

binary scan $rest_string $ff attr_value rest_string

 

log "attribute id: $::attr_types($attr_id); attribute length: $length; filed value: $attr_value"

 

}

 

}

 

}

 

}

 

}

 

}

 

 

 

========================

 

Irule for VS 2

 

========================

 

rule rule_hash_irules {

 

when CLIENT_ACCEPTED {

 

set client_ip [IP::remote_addr]

 

log "cilent_is is $client_ip"

 

persist hash $client_ip

 

}

 

}

 

 

 

 

 

thanks in advance