load balance based on payload data

chabakro · ‎02-Dec-2020

Hi,

I need your help to do a "custom L7 load balancing" :

we are using F5 LTM to load balance a proprietary protocol and we would like to redirect some requests that contains a specific string to a different server/pool,

is this something we can do with irules ?

can we use Message routing framework (MRF) to achieve this ?

thank you

Samir · ‎03-Dec-2020

These kind of senerio not seen but try MRF and update us also.. thanks

chabakro · ‎03-Dec-2020

can something like this work ?

when CLIENT_ACCEPTED {

TCP::collect 100

}

when CLIENT_DATA {

set payload [TCP::payload]

if { $payload contains "magic" } {

pool magic_pool

} else {

pool default_pool

}

crodriguez · ‎03-Dec-2020

Something like that might work, but only if the TCP payload is in clear text and not encrypted, as with SSL/TLS.

jaikumar_f5 · ‎04-Dec-2020

As long as SSL Offload is there, it should be doable I believe. Like below code snippet Ive shared.

jaikumar_f5 · ‎04-Dec-2020

,

I'd try something like below, have done payload manipulation in the past, so i assume it should work.

Keep us posted/.

ltm rule test_rule {
 
when CLIENT_ACCEPTED {
set ltm_trace [string range [AES::key 256] 15 23]
set vip [findstr [virtual name] "" 8 ]
log local0. "LTM_TRACE=$ltm_trace VIP=$vip CLIENT=[IP::client_addr] has established a connection"
}
 
when CLIENTSSL_HANDSHAKE {
SSL::collect
}
 
when CLIENTSSL_DATA {
# Do not log fullpayload as it may contain sensitive information
#log local0. "LTM_TRACE=$ltm_trace VIP=$vip FULLPAYLOAD=[SSL::payload]"
if { [SSL::payload] contains "magic" } {
pool magic_pool
log local0. "LTM_TRACE=$ltm_trace VIP=$vip --> Pool=magic_pool"
} else {
pool default_pool
log local0. "LTM_TRACE=$ltm_trace VIP=$vip --> Pool=default_pool"
}
SSL::release
}
 
when CLIENT_CLOSED {
log local0. "LTM_TRACE=$ltm_trace VIP=$vip CLIENT=[IP::client_addr] connection is closed"
}
 
}

DevCentral

load balance based on payload data

MFA required on DevCentral