UDP TCP Packet Duplication
Problem this snippet solves:
This iApp provides full configuration of UDP/TCP packet duplication. It is commonly used to duplicate Syslog, SNMP Traps, Netflow, and Sflow data streams to multiple vendor solutions or customers. It also provides fault tolerance capabilities within each duplicated destination. By pointing Network devices, Appliances, and Servers to a VIP distributing network management traffic modifying distribution of streams can be done in one centralized location. UDP packets retain the original source address when sending to the destination locations.
Notes:
- Prior to 11.5 you must add an IPv6 address to any interface to allow for HSL traffic to be sent to the distribution virtual fdf5::1/64 fdf5::2/64 for an HA pair would do it.* TCP traffic does not maintain original source
- Internal F5 Resources can demo this solution within the UDF environment using the blueprint named "Traffic Duplication Demo"
Contributed by: Ken Bocchino
20200807 - Updated to v2.2
How to use this snippet:
Published Mar 11, 2015
Version 1.0
tienbm_356668Nimbostratus
Hi, I tried this for duplicate mysql traffic but I can't login to DBs after do it! Can you help me?
Thanks.
awilhelmEmployee
This iApp should not be used. It uses a virtual server as a pool member, which is not supported.
A better way to approach the same goal would be to use a single virtual server and distribute to multiple HSL destinations - more control over how packets are distributed within those distributions could be achieved using a Log Publisher and Remote HSL Log Destination rather than a pool.
H__ValbuenaIf you ever need an iApp based on this template to duplicate traffic to virtual servers instead of to pool or nodes. Below is the procedure I used.
Create an iApp with dummy values for the “Destination Server Questions” section during creation
Uncheck the strict updates on the iApp to make manual changes
Replace the dummy string records created by the iApp in the data gorup with the virtual server names that you want the traffic to be duplicated to. The label values will not be used
Data group string records should look like this
Change this iRule (name should be ending with “_distribute” ) with the one below
when CLIENT_ACCEPTED {
binary scan [UDP::payload] ssssa256a* a b c d destinationwithpad data
#log "sending from $a.$b.$c.$d to pool: $destinationwithpad"
UDP::payload replace 0 [UDP::payload length] $data
snat "$a.$b.$c.$d"
#get just dest without pad
set destination [findstr $destinationwithpad "" 0 "~"]
#log $destination
set nodeandport [split $destination ":"]
virtual [lindex $nodeandport 0]
}
Duplicated traffic would be sent to the virtual server name listed on the data group
federicohumanHi
I am using the tool, however it creates an IPv6 address with the IP I am providing in: What IP address do you want to use for this virtual server?
Is it possible to use it on IPv4?
Thanks
steve2awilhelm - Can you please elaborate on this HSL method for UDP packet duplication and distributing? We are looking at upgrading from 14x to 16x, though I have not tested in the lab yet, I'm suspect of this iAPP continueing to work. Plus, iAPPs are on the way out being replaced with FAST and AS3, as I understand it.
Jim_AraujoWas the snippet removed?
- JRahm
Admin
it looks like it was removed by the author. I have v1 in a zipfile, hit me at j.rahm@f5.com if you want a copy to study/modify. awilhelm's advice stands, shouldn't use it as is.
