Advanced TFTP Load Balancing
Problem this snippet solves:
TFTP works in similar fashion to active FTP, using a callback from a random high port for the data stream: 1. The initiating host A sends a request packet to host B at Well Known Port 69. 2. B replies with a packet sent from an ephemeral port, which should be used for the remainder of the request for all data packets between Host A and host B.How to use this snippet:
To support the callback connection, you would: 1. Configure the UDP virtual server on port 69 to accept the control connection and apply the clientSideTftp 2. Configure & apply a SNAT enabled at least on the server-side VLAN 3. Configure the UDP virtual server on :any 4. Apply the serverSideTftp to reestablish the auto last hop context 5. Build a data-group for all possible vlans the clients can connect to similar to vlanMappingCode :
rule clientSideTftp { when CLIENT_ACCEPTED { set LAST_HOP_MAC [LINK::lasthop] set CLIENT_VLAN [LINK::vlan_id] set CLIENT_IP [IP::client_addr] set VIRTUAL_IP [IP::local_addr] } when SERVER_CONNECTED { table set "[LINK::vlan_id][IP::remote_addr][IP::local_addr][UDP::local_port]" "$LAST_HOP_MAC $VIRTUAL_IP $CLIENT_IP $CLIENT_VLAN" indefinite 3600 } } rule serverSideTftp { when CLIENT_ACCEPTED { set entry [table lookup "[LINK::vlan_id][IP::remote_addr][IP::local_addr][UDP::local_port]"] if { $entry ne "" } { nexthop [class search -value vlanMapping equal [lindex $entry 3]] [lindex $entry 0] snat [lindex $entry 1] node [lindex $entry 2] } } } data-group vlanMapping { external-file-name /config/vlanMapping.dat records { 1100 { data peering } 1101 { data external } } type string }
Tested this on version:
10.2Published Jan 30, 2015
Version 1.0Michael_Earnhar
Historic F5 Account
Joined October 30, 2008
Michael_Earnhar
Historic F5 Account
Joined October 30, 2008
- Esaki_RajaNimbostratus
Hi Team,
I am no vice in setting up the data group, please let me know how to setup the external file for data group. I am trying to build a TFTP VIP and i am unable to understand the provided steps.
- JanaAltostratus
Yes, it requires two vips
ltm virtual vs_tftp_loadbalancing_69 { destination 172.16.4.101:69 ip-protocol udp mask 255.255.255.255 pool p_tftp_loadbalancing_69 profiles { udp { } } rules { rule_tftp-clientside } source 0.0.0.0/0 vs-index 353 } ltm virtual vs_tftp_loadbalancing_any { destination 172.16.4.101:0 ip-protocol udp mask 255.255.255.255 profiles { udp { } } rules { rule_tftp-serverside } source 0.0.0.0/0 vs-index 355 }
- Tunde1972_27774Nimbostratus
Does this require 2 VIPs to be created ?
- JRahmAdminContributed by SmartHop