Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

ISO 8583 Load Balancing

Kunal_Borkar_11
Nimbostratus
Nimbostratus

‎06-Mar-2019 04:51

we have below requirement for load Balancing of ISO 8583 traffic,

 

ISO messages require special handling to determine the start and end of the messages. A message will have its first two bytes as header. In this two bytes the length of the message body will be mentioned. Hence when a load-balancer port starts listening, it has to read the first two bytes. Get the contents of these two bytes in HEX, convert it to decimal to get the length of the message body. Read till the end of the message, depending on the message length. Route the message(both header and body) to a destination internal application Server and continue listening. Please find below example,

 

Example of a complete ISO message including header and body bytes: [1,56,48, 50, 48, 48, 70, 50, 49, 67, 54, 52, 56, 49, 48, 56, 69, 49, 48, 48, 48, 56, 48, 48, 48, 48, 48, 48, 48, 48, 48, 54, 48, 48, 48, 49, 48, 48, 49, 54, 52, 54, 53, 53, 55, 51, 49, 55, 50, 52, 49, 57, 53, 53, 52, 55, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 53, 49, 48, 48, 48, 48, 48, 49, 50, 49, 48, 48, 50, 51, 56, 51, 54, 49, 54, 51, 55, 51, 52, 49, 50, 51, 48, 50, 49, 49, 50, 54, 48, 49, 49, 48, 53, 54, 48, 56, 49, 49, 48, 48, 54, 54, 50, 50, 48, 49, 56, 56, 57, 49, 50, 51, 52, 53, 54, 55, 56, 57, 49, 57, 57, 57, 56, 49, 50, 51, 52, 49, 49, 49, 49, 57, 57, 48, 56, 56, 57, 57, 48, 56, 56, 57, 84, 69, 82, 77, 73, 78, 65, 76, 79, 87, 78, 69, 82, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 67, 104, 101, 110, 110, 97, 105, 32, 32, 32, 32, 32, 32, 84, 78, 73, 78, 48, 49, 49, 48, 53, 49, 48, 48, 53, 65, 84, 77, 48, 49, 48, 50, 49, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 55, 49, 49, 49, 48, 50, 49, 57, 55, 56, 53, 53, 48, 52, 54, 49, 57, 55, 49, 50, 48, 51, 54, 52, 52, 51, 52, 49, 57, 51, 49, 54, 57, 56, 56, 55, 51, 51, 51, 56, 55, 50, 57, 55, 49, 51, 54, 50, 48, 51, 56, 48, 48, 49, 48, 48, 50, 52, 53, 48, 48, 50, 48, 48, 51, 77, 79, 66, 48, 52, 53, 48, 48, 52, 65, 66, 67, 68, 48, 53, 49, 48, 48, 53, 65, 84, 77, 48, 49]

 

First two bytes (header): [1, 56]

 

First two bytes in HEX: 0138

 

First two bytes in decimal: 312

 

Message body length: 312

 

Bytes to be sent to destination Application port : 2+312 = 314

 

Please help with I-rule and LTM configuration.

 

Labels:
0 Kudos
5 REPLIES 5

Kunal_Borkar_11
Nimbostratus
Nimbostratus

‎06-Mar-2019 07:33

Can anyone please update ?

 

0 Kudos

Kunal_Borkar_11
Nimbostratus
Nimbostratus

‎06-Mar-2019 20:55

Any help on this

 

0 Kudos

Stanislas_Piro2
Cumulonimbus
Cumulonimbus

‎06-Mar-2019 23:22 - last edited on ‎01-Jun-2023 16:11 by Fog

You can read irule 2 in this article

https://devcentral.f5.com/articles/lightboard-lesson-perfect-forward-secrecy-inspection-visibility-3...

It’s an example on how to manage message based load balancing with binary decoding.

To convert binary to 2 bytes integer, use command

binary scan $payload S msg_len

The S converts 2 bytes to 16bitd signed integer!

0 Kudos

Stanislas_Piro2
Cumulonimbus
Cumulonimbus

‎10-Mar-2019 10:51 - last edited on ‎21-Nov-2022 21:35 by Fog

You can try this code:

 

when CLIENT_ACCEPTED {
   prevent first packet to be released to server before CLIENT DATA inspected (CLIENT_DATA Event)
  TCP::collect
}
when CLIENT_DATA {
  if {[binary scan [TCP::payload] S length] == 1 && [expr { ($length & 0xffff) +2 }] == [TCP::payload length]} {
    log local0. "This packet length meets header length value : Header value : [expr { ($length & 0xffff) }] / Packet Length : [TCP::payload length]"
     release packet to server... the data length equals the data header length value.
    TCP::release
     Allow to load balance per packet
    TCP::notify request
      prevent next packet to be released to server before CLIENT DATA inspected (loop on CLIENT_DATA Event)
    TCP::collect
  } else {
     Packet length doesn't meet Header length value... this is not a valid ISO 8583 packet.
    log local0. "This packet length doesn't meet header length value... this is not a valid ISO 8583 packet. reject the connection"
    reject
  }
}
when USER_REQUEST {
   We don't expect a response, so let's just signal one
   and detach to make oneconnect happy (message-based)
  TCP::notify response
  LB::detach
}

This code supports oneconnect profile assigned to the virtual server and load balance to server message-based and not connection-based.

 

0 Kudos

wlopez
Cirrocumulus
Cirrocumulus
In response to Stanislas_Piro2

‎26-Oct-2022 11:57

We tried this iRule on a virtual server with the oneconnect profile but it didn't work.

Does anyone have a working iRule and setup to load balance ISO8583 transactions that are received through a single tcp connection on the virtual server?

 

0 Kudos
Copyright © 2023 Khoros, LLC