Advanced TFTP Load Balancing

Problem this snippet solves:

TFTP works in similar fashion to active FTP, using a callback from a random high port for the data stream: 1. The initiating host A sends a request packet to host B at Well Known Port 69. 2. B replies with a packet sent from an ephemeral port, which should be used for the remainder of the request for all data packets between Host A and host B.

How to use this snippet:

To support the callback connection, you would: 1. Configure the UDP virtual server on port 69 to accept the control connection and apply the clientSideTftp 2. Configure & apply a SNAT enabled at least on the server-side VLAN 3. Configure the UDP virtual server on :any 4. Apply the serverSideTftp to reestablish the auto last hop context 5. Build a data-group for all possible vlans the clients can connect to similar to vlanMapping

Code :

rule clientSideTftp {
    when CLIENT_ACCEPTED {
        set LAST_HOP_MAC [LINK::lasthop]
set CLIENT_VLAN [LINK::vlan_id]
        set CLIENT_IP [IP::client_addr]
        set VIRTUAL_IP [IP::local_addr]
    }
    when SERVER_CONNECTED {
       table  set "[LINK::vlan_id][IP::remote_addr][IP::local_addr][UDP::local_port]" "$LAST_HOP_MAC $VIRTUAL_IP $CLIENT_IP $CLIENT_VLAN" indefinite 3600
    }
}
rule serverSideTftp {
    when CLIENT_ACCEPTED {
        set entry [table lookup "[LINK::vlan_id][IP::remote_addr][IP::local_addr][UDP::local_port]"]
        if { $entry ne "" } {
   nexthop [class search -value vlanMapping equal [lindex $entry 3]] [lindex $entry 0]
   snat [lindex $entry 1]
   node [lindex $entry 2]
        }
    }
}

data-group vlanMapping {
    external-file-name /config/vlanMapping.dat
    records {
        1100 {
            data peering
        }
        1101 {
            data external
        }
    }
    type string
}

Tested this on version:

10.2
Published Jan 30, 2015
Version 1.0
  • Hi Team,

     

    I am no vice in setting up the data group, please let me know how to setup the external file for data group. I am trying to build a TFTP VIP and i am unable to understand the provided steps.

     

  • Jana's avatar
    Jana
    Icon for Altostratus rankAltostratus

    Yes, it requires two vips

    ltm virtual vs_tftp_loadbalancing_69 {
        destination 172.16.4.101:69
        ip-protocol udp
        mask 255.255.255.255
        pool p_tftp_loadbalancing_69
        profiles {
            udp { }
        }
        rules {
            rule_tftp-clientside
        }
        source 0.0.0.0/0
        vs-index 353
    }
    
    
    ltm virtual vs_tftp_loadbalancing_any {
        destination 172.16.4.101:0
        ip-protocol udp
        mask 255.255.255.255
        profiles {
            udp { }
        }
        rules {
            rule_tftp-serverside
        }
        source 0.0.0.0/0
        vs-index 355
    }