cancel
Showing results for 
Search instead for 
Did you mean: 

IRule for UDP Traffic

SSHSSH_97332
Nimbostratus
Nimbostratus

i have pool with 2 memebrs , priority group activation is enabled

 

one server is master & one is backup

 

if master went down , monitor marks it down & traffic is sent to the other backup server

 

The idea is that i want when master server is back , all coming connections needs to be sent to master ( even if it was sent to backup ) .

 

This is UDP traffic

 

11 REPLIES 11

SSHSSH_97332
Nimbostratus
Nimbostratus
so when master is back , i don't want any connections ( new or old ) to be sent to backup

What_Lies_Bene1
Cirrostratus
Cirrostratus
If you create two separate pools and place one member in each, this will work just fine providing you assign the 'main' pool as the default pool for the VS and disable the slow ramp time and priority group activation for each pool;

 

when CLIENT_DATA { if { [active_members main_pool] != 0 } { pool main_pool } else { pool backup_pool } }

nitass
F5 Employee
F5 Employee
have you tried Datagram LB?

 

 

sol3605: Configuring the BIG-IP system to load balance UDP packets individually

 

http://support.f5.com/kb/en-us/solutions/public/3000/600/sol3605.html

SSHSSH_97332
Nimbostratus
Nimbostratus
Hi Steve , shall i sue CLIENT_DATA or CLIENT_ACCEPTED or LB_SELECTED ? it is UDP traffic

 

Hi nitass , do you mean that LB Datagram option will instruct F5 not create connection table for UDP ?

What_Lies_Bene1
Cirrostratus
Cirrostratus
If Datagram LB doesn't do it for you and you use the iRule it'll need to be CLIENT_DATA as CLIENT_ACCEPTED is only triggered once for the 'lifetime' of a UDP connection, which could be quite long if the UDP profile idle-time doesn't expire.

nitass
F5 Employee
F5 Employee
do you mean that LB Datagram option will instruct F5 not create connection table for UDP ?no, connection entry is created to handle return packet. anyway, load balancing decision will be made on every packet even source ip and port is same.

 

 

if you do not want bigip to create connection entry, you can set idle timeout immediate in udp profile but you have to create another virtual server to handle return packet.

SSHSSH_97332
Nimbostratus
Nimbostratus
Thanks nittas & Steve .

 

CLIENT_DATA is triggered with each UDP segment , does this mean each UDP packet receive from the connecting user ?

 

What_Lies_Bene1
Cirrostratus
Cirrostratus
You're welcome. I believe so.

Cityforest_1627
Nimbostratus
Nimbostratus
Posted By What Lies Beneath on 11/28/2012 04:20 AM

 

If you create two separate pools and place one member in each, this will work just fine providing you assign the 'main' pool as the default pool for the VS and disable the slow ramp time and priority group activation for each pool;

 

when CLIENT_DATA { if { [active_members main_pool] != 0 } { pool main_pool } else { pool backup_pool } }

 

 

Hi steve,

 

 

We made a simple test. It seemed that the "pool" command could not work in CLIENT_DATA event, it can only work in CLIENT_ACCEPT event.

 

 

Below is irule for testing. The test was made in BIG-IP with version 11.3. Any suggestions? thx!

 

when CLIENT_ACCEPTED {

 

log local0. "CLIENT_ACCEPTED: from [IP::client_addr]:[UDP::client_port] to vip [IP::local_addr]:[UDP::local_port]"

 

pool Pool1

 

}

 

 

 

when CLIENT_DATA {

 

log local0. "CLIENT_DATA: from [IP::client_addr]:[UDP::client_port] to vip [IP::local_addr]:[UDP::local_port]"

 

pool Pool2

 

}

 

 

All traffics were sent to Pool1

 

 

nitass
F5 Employee
F5 Employee
It seemed that the "pool" command could not work in CLIENT_DATA event, it can only work in CLIENT_ACCEPT event.it is a known issue which has not been fixed yet.

 

 

ID420176 - UDP irule command pool in client_data will be no effect even in datagram_LB mode

Cityforest_1627
Nimbostratus
Nimbostratus

i c. thx very much!