UDP TCP Packet Duplication
Problem this snippet solves:
This iApp provides full configuration of UDP/TCP packet duplication. It is commonly used to duplicate Syslog, SNMP Traps, Netflow, and Sflow data streams to multiple vendor solutions or customers. It also provides fault tolerance capabilities within each duplicated destination. By pointing Network devices, Appliances, and Servers to a VIP distributing network management traffic modifying distribution of streams can be done in one centralized location. UDP packets retain the original source address when sending to the destination locations.
Notes:
- Prior to 11.5 you must add an IPv6 address to any interface to allow for HSL traffic to be sent to the distribution virtual fdf5::1/64 fdf5::2/64 for an HA pair would do it.* TCP traffic does not maintain original source
- Internal F5 Resources can demo this solution within the UDF environment using the blueprint named "Traffic Duplication Demo"
Contributed by: Ken Bocchino
20200807 - Updated to v2.2
How to use this snippet:
Published Mar 11, 2015
Version 1.0
kdt0078Nimbostratus
Having an issue with this iAPP on 11.6.1. It looks like it creates two virtual servers xxx_distribute and xxx_udp. Looks like the destination address on the xxx_distribute is a dummy ipv6 address and the xxx_udp virtual server is not forwarding traffic.
Has this been plug-n-play for those of you who have it working?
edolton_204031Thanks! i made the same change. It doesn't seem to keep the original source but increments a non-zero port 9011 then 9012 then 9013 etc. I'll see if this works for me. Thanks!
Sp33dy_156082@edolton
I fixed this by stripping of the restriction from the IAPP and change the sourceport to preserve on the Virtual Server (both the virtual servers created by the IAPP). Now everything works fine!
Regards,
Maarten
- edolton_204031
@Sp33dy
I see the same thing with the source port being 0. Its an issue for me since they want the backend servers to ACK the traffic. Let me know if you found a solution
- Sp33dy_156082
I have it working to two different IP's in different subnets. Just make sure you're routing is ok.
MauzAltostratus
Does this IApp works if the clone pool member is in a different subnet from the LTM's subnet?
- Mauz
Does this IApp works if the clone is in a different subnet from the LTM's subnet
- Sp33dy_156082
Hi,
I'm also using this duplicator and it works fine. The only thing is that it uses source port 0 for traffic sent to the 2 destinations. According to RFC Firewalls don't allow this traffic with source port 0. Do you guys have the same issue or am i doing something wrong?
Please let me know.
Thx.
- Sanjeev_N_G_183
Hi Ken,
I have installed Version 2.2 on 11.6.0 HF6, i am not able to get this working. When i grep for log i see below error in log.
warning mcpd[5663]: 01071859:4: Warning generated : /Common/Splunk_duplication.app/ir_Splunk_duplication_udp_spray:17: warning: [use curly braces to avoid double substitution][[string length $destination]] warning mcpd[5663]: 01071859:4: Warning generated : /Common/Splunk_duplication.app/ir_Splunk_duplication_distribute:14: warning: [use curly braces to avoid double substitution][![ catch { pool [lindex $nodeandport 0] } ]]
Add i do not see any traffic or any activity happening.Please let me know how to solve the issue.
Scott_Crawford_Anyone using this with route domains? I'm playing with it (in route domains) and not having luck. Unsure if it's the RD or something else.