Hello and Good Afternoon DevCentral... We use our LTM 6400 primarily to load balance our customers on Windows 2003\2008 Terminal Servers. Customers connect over the internet using the standard TCP 3389 to connect to one of many virtual servers that represent terminal services farms we have internal to our network. I am wondering if anyone has any experience in using irules to direct inbound terminal services connections to a particular pool based on the FQDN that used to connect. For instance.... computer.termserver.com is the FQDN the customer uses to connect to the terminal services farm. computer.termserver.com resolves to an public IP we own, that we NAT to a virtual ip\server we have configured on the LTM 6400. Is the LTM capable in anyway of being "aware" the external RDP connection is using computer.termserver.com as the address, so we can possibly direct the inbound terminal services connection to a particular pool? I know alot of irules seem to be based on HTTP\HTTPS traffic, don't know if there are any options for the Remote Desktop Protocol. Thanks for any help you can provide...

Something like this could work?! i do not think so. rdp is not http, so HTTP::host is not valid. i am not aware of fqdn in rdp packet or maybe i missed it.

Using IRules to Direct Remote Desktop Traffic?

Pav_70755

Nimbostratus

Dec 20, 2011

Something like this could work?!


when CLIENT_ACCEPTED {
 if {[TCP::local_port] == 3389 and [HTTP:host] == "computer.termserver.com" }{
    pool rdp_servers
  } else {
    pool default
  }
}

nitass
Employee
Dec 20, 2011
Something like this could work?! i do not think so. rdp is not http, so HTTP::host is not valid.

i am not aware of fqdn in rdp packet or maybe i missed it.
nitass
Employee
Dec 20, 2011
sorry it is duplicated.

Pav_70755

Nimbostratus

Dec 20, 2011

I've done something similar for SQL traffic and hostnames so you would need to create a VS listening on port 3389 and then it should work?

when CLIENT_ACCEPTED {
  if { [matchclass [IP::remote_addr] equals $::Wip_Server] } {
    pool SQL-Wip
  } elseif { [matchclass [IP::remote_addr] equals $::UAT_Server] } {
    pool SQL-UAT
  } elseif { [matchclass [IP::remote_addr] equals $::Live_Servers] } {

although instead of re-directing traffic based on a tcp port you would just need to create datagroups with the IP addresses of the clients connecting via RDP and then the VS will only re-direct traffic to pools going to port 3389?

So you would create seperate VS for the different terminal server hostnames?


Pav

    pool SQL-Live
  }
}

Pav_70755
Nimbostratus
Dec 20, 2011
I've done something similar for SQL traffic and hostnames so you would need to create a VS listening on port 3389 and then it should work?

when CLIENT_ACCEPTED { if { [matchclass [IP::remote_addr] equals $::Wip_Server] } { pool SQL-Wip } elseif { [matchclass [IP::remote_addr] equals $::UAT_Server] } { pool SQL-UAT } elseif { [matchclass [IP::remote_addr] equals $::Live_Servers] } {

although instead of re-directing traffic based on a tcp port you would just need to create datagroups with the IP addresses of the clients connecting via RDP and then the VS will only re-direct traffic to pools going to port 3389?

So you would create seperate VS for the different terminal server hostnames?

Pav

pool SQL-Live

}

}
Pav_70755
Nimbostratus
Dec 20, 2011
I've done something similar for SQL traffic and hostnames so you would need to create a VS listening on port 3389 and then it should work?

when CLIENT_ACCEPTED { if { [matchclass [IP::remote_addr] equals $::Wip_Server] } { pool SQL-Wip } elseif { [matchclass [IP::remote_addr] equals $::UAT_Server] } { pool SQL-UAT } elseif { [matchclass [IP::remote_addr] equals $::Live_Servers] } {

although instead of re-directing traffic based on a tcp port you would just need to create datagroups with the IP addresses of the clients connecting via RDP and then the VS will only re-direct traffic to pools going to port 3389?

So you would create seperate VS for the different terminal server hostnames?

Pav

pool SQL-Live

}

}
Pav_70755
Nimbostratus
Dec 20, 2011
I've done something similar for SQL traffic and hostnames so you would need to create a VS listening on port 3389 and then it should work?

when CLIENT_ACCEPTED { if { [matchclass [IP::remote_addr] equals $::Wip_Server] } { pool SQL-Wip } elseif { [matchclass [IP::remote_addr] equals $::UAT_Server] } { pool SQL-UAT } elseif { [matchclass [IP::remote_addr] equals $::Live_Servers] } {

although instead of re-directing traffic based on a tcp port you would just need to create datagroups with the IP addresses of the clients connecting via RDP and then the VS will only re-direct traffic to pools going to port 3389?

So you would create seperate VS for the different terminal server hostnames?

Pav

pool SQL-Live

}

}
Pav_70755
Nimbostratus
Dec 20, 2011
dam duplicate posts!
Pav_70755
Nimbostratus
Dec 20, 2011
dam duplicate posts!

Forum Discussion

Using IRules to Direct Remote Desktop Traffic?

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

iRule for custom traffic flow

Virtual Desktop not getting IP from lease pool from APM VPN (physical desktops gets an IP)

Logging TLS traffic less than TLSv1.2

Traffic Shaping and Atlassian Jira

iRule for traffic redirect to a specific port based on URI

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS