cancel
Showing results for 
Search instead for 
Did you mean: 

Set the same iRule on TCP and UDP VS

Sylvain_Goulmy
Altostratus
Altostratus

Hi all,

 

I have written an iRule that i'd like to deploy both on TCP and UDP VS.

 

To achieve that i have something in my code like :

 

set protocol [IP::protocol] set dest_port [expr { $protocol == 6 ? [TCP::local_port] : [UDP::local_port] }]

 

When i put this iRule on my TCP VS with a standard type, i have the following error :

 

UDP::remote_port in rule (/Common/mitigate_scans) requires an associated BIGPROTO or UDP profile on the virtual-server 

 

But if i switch my TCP VS to a FastL4 type then the error doesn't raise anymore and it works as expected.

 

Here are my questions :

 

  • Why is there a difference linked to the type of my VS ? Why can i deploy this iRule on a FastL4 type ?
  • Is there any code trick that would allow me to deploy the same code both on UDP and TCP VS with a standard type ?

 

Thanks in advance for your feedback.

 

Sylvain

 

 

 

 

3 REPLIES 3

Sylvain_Goulmy
Altostratus
Altostratus

Hi all,

 

Do someone has some thoughts about this ?

 

Thanks in advance.

ldesfosses
Cirrus
Cirrus

I think you'll not be able to use UDP::something if your VS is not in FastL4 ( BIGPROTO ) or UDP. I understand it's not "normal" because UDP is not called if the VS is not in UDP.

 

When a VIP is configured in FastL4, it handle each packet, even for TCP, and a single packet.

 

https://support.f5.com/csp/article/K8082#l4

 

This is the only difference I see that can explain why it work in FastL4 and not in Standard. I suspect that to save memory, a VIP in TCP/Standard will not load all the event, UDP in your case. It's pure speculation tho.

 

 

 

Thank you for your input.