UDP TCP Packet Duplication
Problem this snippet solves:
This iApp provides full configuration of UDP/TCP packet duplication. It is commonly used to duplicate Syslog, SNMP Traps, Netflow, and Sflow data streams to multiple vendor solutions or customers. It also provides fault tolerance capabilities within each duplicated destination. By pointing Network devices, Appliances, and Servers to a VIP distributing network management traffic modifying distribution of streams can be done in one centralized location. UDP packets retain the original source address when sending to the destination locations.
Notes:
- Prior to 11.5 you must add an IPv6 address to any interface to allow for HSL traffic to be sent to the distribution virtual fdf5::1/64 fdf5::2/64 for an HA pair would do it.* TCP traffic does not maintain original source
- Internal F5 Resources can demo this solution within the UDF environment using the blueprint named "Traffic Duplication Demo"
Contributed by: Ken Bocchino
20200807 - Updated to v2.2
How to use this snippet:
Published Mar 11, 2015
Version 1.0
Patricia_GonzalNimbostratus
I am very interested in this! Has anyone tested?- Yes, this is in may working environments (and just updated to version 2.0) let me know if you have any issues using it.
bigipjr28_13978How would you configure syslog for instance that require UDP duplication. What would be the desintation and the primary IPs..I only see the primary IP text box Any help is great thanks- bigipjr28_13978How would you configure syslog for instance that require UDP duplication. What would be the desintation and the primary IPs..I only see the primary IP text box Any help is great thanks
- Runo_Førrisdah1Hi Ken, Thanks for an interesting solution. I've had som issues with this on 11.6 duplication UDP syslogs. It starts off just fine and can work great for X time. Then something causes it to leak packages. It only leaks packages related to the duplication VIPs. Have you seen this kind of behavior?
- epKen, I'm trying to use v2.2 of this iApp to duplicate snmptraps to multiple trap receivers. For some traps, it is working great. For others, though, they aren't getting duplicated. I have a packet capture showing that two nearly identical traps behave differently on the F5. What is the best way to troubleshoot the iApp? Thanks, Brian
- ep
Looks like my issue disappeared. It is working quite well at the moment. Thanks! ep
Sanjeev_N_G_183Hi Ken,
I have installed iApp on 11.4.1 HF8 but i am getting below error when trying to implement.
Error parsing template:can't eval proc: "script::run" can't find package iapp 1.1.0 while executing "package require iapp 1.1.0" (procedure "script::run" line 2) invoked from within "script::run" line:1
- Scott_Crawford_
Anyone using this with route domains? I'm playing with it (in route domains) and not having luck. Unsure if it's the RD or something else.
- Sanjeev_N_G_183
Hi Ken,
I have installed Version 2.2 on 11.6.0 HF6, i am not able to get this working. When i grep for log i see below error in log.
warning mcpd[5663]: 01071859:4: Warning generated : /Common/Splunk_duplication.app/ir_Splunk_duplication_udp_spray:17: warning: [use curly braces to avoid double substitution][[string length $destination]] warning mcpd[5663]: 01071859:4: Warning generated : /Common/Splunk_duplication.app/ir_Splunk_duplication_distribute:14: warning: [use curly braces to avoid double substitution][![ catch { pool [lindex $nodeandport 0] } ]]
Add i do not see any traffic or any activity happening.Please let me know how to solve the issue.