Advanced TFTP Load Balancing

Problem this snippet solves:

TFTP works in similar fashion to active FTP, using a callback from a random high port for the data stream: 1. The initiating host A sends a request packet to host B at Well Known Port 69. 2. B replies with a packet sent from an ephemeral port, which should be used for the remainder of the request for all data packets between Host A and host B.

How to use this snippet:

To support the callback connection, you would: 1. Configure the UDP virtual server on port 69 to accept the control connection and apply the clientSideTftp 2. Configure & apply a SNAT enabled at least on the server-side VLAN 3. Configure the UDP virtual server on :any 4. Apply the serverSideTftp to reestablish the auto last hop context 5. Build a data-group for all possible vlans the clients can connect to similar to vlanMapping

Code :

rule clientSideTftp {
    when CLIENT_ACCEPTED {
        set LAST_HOP_MAC [LINK::lasthop]
set CLIENT_VLAN [LINK::vlan_id]
        set CLIENT_IP [IP::client_addr]
        set VIRTUAL_IP [IP::local_addr]
    }
    when SERVER_CONNECTED {
       table  set "[LINK::vlan_id][IP::remote_addr][IP::local_addr][UDP::local_port]" "$LAST_HOP_MAC $VIRTUAL_IP $CLIENT_IP $CLIENT_VLAN" indefinite 3600
    }
}
rule serverSideTftp {
    when CLIENT_ACCEPTED {
        set entry [table lookup "[LINK::vlan_id][IP::remote_addr][IP::local_addr][UDP::local_port]"]
        if { $entry ne "" } {
   nexthop [class search -value vlanMapping equal [lindex $entry 3]] [lindex $entry 0]
   snat [lindex $entry 1]
   node [lindex $entry 2]
        }
    }
}

data-group vlanMapping {
    external-file-name /config/vlanMapping.dat
    records {
        1100 {
            data peering
        }
        1101 {
            data external
        }
    }
    type string
}

Tested this on version:

10.2
Published Jan 30, 2015
Version 1.0
application delivery
devops
iRules
tftp

Was this article helpful?

4 Comments

Sort By
  • Jana's avatar
    Jana
    Icon for Altostratus rankAltostratus
    Jan 10, 2017

    Yes, it requires two vips

    ltm virtual vs_tftp_loadbalancing_69 {
    destination 172.16.4.101:69
    ip-protocol udp
    mask 255.255.255.255
    pool p_tftp_loadbalancing_69
    profiles {
        udp { }
    }
    rules {
        rule_tftp-clientside
    }
    source 0.0.0.0/0
    vs-index 353
}


ltm virtual vs_tftp_loadbalancing_any {
    destination 172.16.4.101:0
    ip-protocol udp
    mask 255.255.255.255
    profiles {
        udp { }
    }
    rules {
        rule_tftp-serverside
    }
    source 0.0.0.0/0
    vs-index 355
}
  • Esaki_Raja's avatar
    Esaki_Raja
    Icon for Nimbostratus rankNimbostratus
    Apr 30, 2019

    Hi Team,

     

    I am no vice in setting up the data group, please let me know how to setup the external file for data group. I am trying to build a TFTP VIP and i am unable to understand the provided steps.