Paula_Roldan_73
Oct 18, 2006Nimbostratus
iRule bad behavior
Hello everybody!
I am new in this forum, and I woulkd really appreciate if any of you with your experience could help me to find out wath is wrong with my irule that is not working properly!
The required behavior is the following:
Many clients send UDP (port 50001) messages to different internal servers through BIGIP LTM. BUT, the messages should ONLY be delivered to pool1 (at this moment with only one server, server1) IF and ONLY IF the message contains certain data in the UDP packet payload (the "certain data" is the following binary string 018000000140). IF the packet/message does not match that pattern/data it must be delivered to pool2 (with 2 pool members: server2 and server3).
So I configured the following:
a) 3 nodes: server1, server2 and server3 with heath monitor = icmp
b) pool1 with 1 pool member: server1 and port 50001 (server1:50001)
c) pool2 with 2 pool members: server2:port 50001 and server3:port 50001 (server2:50001 and server3:50001)
d) A virtual server with the corresponding virtual IP address (destination address), virtual service port = 50001, UDP protocol, Default Pool =none. And assigned the following iRule to manage the traffic:
when CLIENT_DATA {
binary scan [UDP::payload] H12 datos
if { $datos equals "018000000140" } {
pool pool1
} else {
pool pool2
}
}
PROBLEM: As you can verify the wanted iRule is a very simple one. The "strange" thing, is the "binary scan" statement, but I supposed it is a valid one. Unfortunately I am seing a no deterministic and bad behavior. The iRule is working well with some messages, but not with ALL of them. I saw messages delivered to server1 (in pool1) that should be delivered to pool2 (server2 or server3), and I am also seeing messages that must being delivered to pool1, but they are delivered to pool2.
I made changes in the iRule to try to find out the problem and did troubleshooting, but I always have the same bad result. Each change was configured and tested with and without the log option, and putting the log sentence after and before the corresponding pool/node sentence, we also reboot the ltm box. But we have the bad behavior: some packets were wrongly delivered.
Change1: Delete the "else" option AND configured in the Visrtual server a default Pool = pool2.
when CLIENT_DATA {
binary scan [UDP::payload] H12 datos
if { $datos equals "018000000140" } {
log local0. "THE PAYLOAD IS $datos AND I AM IN IF EVAL" ---------->>>> I add this line for troubleshooting and did the test wit and without it
pool pool1
}
}
Change2:
when CLIENT_DATA {
binary scan [UDP::payload] H12 datos
if { $datos equals "018000000140" } {
log local0. "THE PAYLOAD IS $datos AND I AM IN IF EVAL" ---------->>>> I add this line for troubleshooting and did the test wit and without it
node
}
}
Change3: Use node sentence instead of pool sentence AND add the else option AND configure default Pool = none in the Virtual server
when CLIENT_DATA {
binary scan [UDP::payload] H12 datos
if { $datos equals "018000000140" } {
log local0. "THE PAYLOAD IS $datos AND I AM IN IF EVAL" ---------->>>> I add this line for troubleshooting and did the test wit and without it
node
}else {
log local0. "THE PAYLOAD IS $datos AND I AM IN ELSE EVAL" ---------->>>> I add this line for troubleshooting and did the test wit and without it
pool pool2
}
}
Change4: change CLIENT_DATA event with CLIENT_ACCEPTED event AND verify that Visrtual server´s default Pool was none.
when CLIENT_ACCEPTED {
binary scan [UDP::payload] H12 datos
if { $datos equals "018000000140" } {
pool pool1
} else {
pool pool2
}
}
Change5:
when CLIENT_ACCEPTED {
binary scan [UDP::payload] H12 datos
if { $datos equals "018000000140" } {
node
} else {
pool pool2
}
}
Change6: Delete the else option AND configured in the Virtual server a default Pool = pool2
when CLIENT_ACCEPTED {
binary scan [UDP::payload] H12 datos
if { $datos equals "018000000140" } {
log local0. "THE PAYLOAD IS $datos AND I AM IN IF EVAL" >>> I add this line for troubleshooting and did the test wit and without it >>>>>>>>>>>>>>
node
}
}
In all the described situations/configurations we still saw some udp messages/packets delivered to pool1 or server that should be delivered to pool2 (server2 or server3), and some messages that should be delivered to server1 that were delivered to pool2.
When I saw the statistics, or the /var/log/ltm file I saw that some messages that should be delivered to pool1 or server were delivered to pool2 (server2 or server3).
For more information, the source IP address not always is the same. There is no pattern. At one time, we had the behavior with certain source IP addresses, 15 minutes later we have the same behavior with other source IP addresses and the first ones then work fine. As I told you, it is NO deterministic.
Perhaps the problem would be in the expression when comparing the variable (with a binary value assigned) with the static value between quotation marks. So then, sometimes the expression evaluates the comparison correctly and sometimes it is not. But I really do not know...
Could anyone help me with this iRule?
Thanks in advance for your help!
Kind regards,
Paula