UDP TCP Packet Duplication

Problem this snippet solves:

This iApp provides full configuration of UDP/TCP packet duplication. It is commonly used to duplicate Syslog, SNMP Traps, Netflow, and Sflow data streams to multiple vendor solutions or customers. It also provides fault tolerance capabilities within each duplicated destination. By pointing Network devices, Appliances, and Servers to a VIP distributing network management traffic modifying distribution of streams can be done in one centralized location. UDP packets retain the original source address when sending to the destination locations.

Notes:

  • Prior to 11.5 you must add an IPv6 address to any interface to allow for HSL traffic to be sent to the distribution virtual fdf5::1/64 fdf5::2/64 for an HA pair would do it.* TCP traffic does not maintain original source
  • Internal F5 Resources can demo this solution within the UDF environment using the blueprint named "Traffic Duplication Demo"

Contributed by: Ken Bocchino


20200807 - Updated to v2.2

How to use this snippet:


Published Mar 11, 2015
Version 1.0
  • Hi Ken,

     

    I have installed iApp on 11.4.1 HF8 but i am getting below error when trying to implement.

     

    Error parsing template:can't eval proc: "script::run" can't find package iapp 1.1.0 while executing "package require iapp 1.1.0" (procedure "script::run" line 2) invoked from within "script::run" line:1

     

  • ep's avatar
    ep
    Icon for Nimbostratus rankNimbostratus

    Looks like my issue disappeared. It is working quite well at the moment. Thanks! ep

     

  • ep's avatar
    ep
    Icon for Nimbostratus rankNimbostratus
    Ken, I'm trying to use v2.2 of this iApp to duplicate snmptraps to multiple trap receivers. For some traps, it is working great. For others, though, they aren't getting duplicated. I have a packet capture showing that two nearly identical traps behave differently on the F5. What is the best way to troubleshoot the iApp? Thanks, Brian
  • Hi Ken, Thanks for an interesting solution. I've had som issues with this on 11.6 duplication UDP syslogs. It starts off just fine and can work great for X time. Then something causes it to leak packages. It only leaks packages related to the duplication VIPs. Have you seen this kind of behavior?
  • How would you configure syslog for instance that require UDP duplication. What would be the desintation and the primary IPs..I only see the primary IP text box Any help is great thanks
  • How would you configure syslog for instance that require UDP duplication. What would be the desintation and the primary IPs..I only see the primary IP text box Any help is great thanks
  • Ken_Bocchino_49's avatar
    Ken_Bocchino_49
    Historic F5 Account
    Yes, this is in may working environments (and just updated to version 2.0) let me know if you have any issues using it.