diameter
4 TopicsF5 LTM SNAT: only 1 outgoing connection, multiple internal clients
I have an F5 LTM SNAT configured: ltm snat /Common/outgoing_snat_v6 { description "IPv6 SNAT translation" mirror enabled origins { ::/0 { } } snatpool /Common/outgoing_snatpool_v6 vlans { /Common/internal } vlans-enabled } ... with a translation configured as: ltm snat-translation /Common/ext_SNAT_v6 { address 2607:f160:c:301d::63 inherited-traffic-group true traffic-group /Common/traffic-group-1 } ... with snatpool configured as: ltm snatpool /Common/outgoing_snatpool_v6 { members { /Common/ext_SNAT_v6 } } ... and finally, with the SNAT type set to automap: vs_pool__snat_type { value automap } The goal is to achieve a single Diameter connection (single source IP, port) between F5 and the external element, while internally multiple Diameter clients connect via F5 to the external element: However, what ends up happening with this SNAT configuration is that multiple outgoing Diameter connections to the external Diameter element are opened, with the only difference between them being the source port (source IP, destination IP and port remained the same). The external element cannot handle multiple connections per the same origin IP and the same Diameter entity (internal clients are all configured to use the same Origin-Host during the Capabilities Exchange phase). Is there a way to configure F5 to funnel all the internal connections into a single outgoing one?Solved1KViews0likes10Commentsdiameter and ssl
Hi all, I have a question about diameter balancing with SSL client profile. I'm noticing that with diameter profile I'm not able to use SSL::disable and SSL::enable in irules. I tried this configuration for testing when CLIENT_ACCEPTED { SSL::disable } In http profile (I tried it just for test) it works well. In diameter profile it doesn't work. So my question is: Can I use SSL::enable/disable in diameter profile? I need this because my diameter client establish a no TLS connection with CER/CEA exchange and only after this exchange start the TLS handshake in the same session. So I'm looking if it's possible use irules to support this. Using a full TLS session or full no-TLS session everything is ok. Thanks, Davide237Views0likes0CommentsGy Diameter irule example
Dear experts, I am studying the Gydiameter MRF to make a routing based on the IMSI and3GPP-Charging-Characteristics but those are under the AVP grouped. Can anyone please suggest how can i extract those data as the string or octet? Diameter Protocol Version: 0x01 Length: 772 Flags: 0xc0, Request, Proxyable Command Code: 272 Credit-Control ApplicationId: Diameter Credit Control Application (4) Hop-by-Hop Identifier: 0x14d943d3 End-to-End Identifier: 0x8c7835cc [Answer In: 10] AVP: Subscription-Id(443) l=32 f=-M- AVP: Session-Id(263) l=18 f=-M- val=pgw;010100 AVP: Subscription-Id(443) l=40 f=-M- AVP Code: 443 Subscription-Id AVP Flags: 0x40, Mandatory: Set AVP Length: 40 Subscription-Id: 000001c24000000c00000001000001bc40000012343136323739363130300000 AVP: Subscription-Id-Type(450) l=12 f=-M- val=END_USER_IMSI (1) AVP Code: 450 Subscription-Id-Type AVP Flags: 0x40, Mandatory: Set AVP Length: 12 Subscription-Id-Type: END_USER_IMSI (1) AVP: Subscription-Id-Data(444) l=18 f=-M- val=4162796100 AVP Code: 444 Subscription-Id-Data AVP Flags: 0x40, Mandatory: Set AVP Length: 18 Subscription-Id-Data: 4162796100 IMSI: 4162796100 [Association IMSI: 4162796100] Padding: 0000 AVP: Multiple-Services-Credit-Control(456) l=56 f=-M- AVP: Multiple-Services-Credit-Control(456) l=68 f=-M- AVP: Multiple-Services-Indicator(455) l=12 f=-M- val=MULTIPLE_SERVICES_SUPPORTED (1) AVP: Service-Information(873) l=340 f=VM- vnd=TGPP AVP Code: 873 Service-Information AVP Flags: 0xc0, Vendor-Specific: Set, Mandatory: Set AVP Length: 340 AVP Vendor Id: 3GPP (10415) Service-Information: 0000036ac0000128000028af00000015c000000e000028af3031000000000016c0000023… AVP: PS-Information(874) l=296 f=VM- vnd=TGPP AVP Code: 874 PS-Information AVP Flags: 0xc0, Vendor-Specific: Set, Mandatory: Set AVP Length: 296 AVP Vendor Id: 3GPP (10415) PS-Information: 00000015c000000e000028af3031000000000016c0000023000028af30313a30333a3032… AVP: 3GPP-RAT-Type(21) l=14 f=VM- vnd=TGPP val=3031 AVP: 3GPP-User-Location-Info(22) l=35 f=VM- vnd=TGPP val=30313a30333a30323a39393a30303a30313a30373a6431 AVP: 3GPP-SGSN-MCC-MNC(18) l=18 f=VM- vnd=TGPP val=302990 AVP: 3GPP-Charging-Characteristics(13) l=16 f=VM- vnd=TGPP val=0400 AVP Code: 13 3GPP-Charging-Characteristics AVP Flags: 0xc0, Vendor-Specific: Set, Mandatory: Set AVP Length: 16 AVP Vendor Id: 3GPP (10415) 3GPP-Charging-Characteristics: 0400 AVP: 3GPP-Selection-Mode(12) l=13 f=VM- vnd=TGPP val=0 AVP: Called-Station-Id(30) l=21 f=-M- val=wde.stm.sk.ca AVP: 3GPP-NSAPI(10) l=13 f=VM- vnd=TGPP val=5 AVP: 3GPP-GGSN-MCC-MNC(9) l=18 f=VM- vnd=TGPP val=302990 AVP: 3GPP-IMSI-MCC-MNC(8) l=18 f=VM- vnd=TGPP val=302990 AVP: SGSN-Address(1228) l=18 f=VM- vnd=TGPP val=[Malformed] AVP: GGSN-Address(847) l=18 f=VM- vnd=TGPP val=[Malformed] AVP: PDP-Address(1227) l=18 f=VM- vnd=TGPP val=[Malformed] AVP: 3GPP-PDP-Type(3) l=16 f=VM- vnd=TGPP val=IPv4 (0) AVP: 3GPP-Charging-Id(2) l=23 f=VM- vnd=TGPP val="0a:00:03:97" AVP: SMS-Information(2000) l=32 f=VM- vnd=TGPP AVP: Service-Context-Id(461) l=22 f=-M- val=32251@3gpp.org AVP: CC-Request-Number(415) l=12 f=-M- val=10 AVP: CC-Request-Type(416) l=12 f=-M- val=INITIAL_REQUEST (1) AVP: Auth-Application-Id(258) l=12 f=-M- val=Diameter Credit Control Application (4) AVP: Origin-Realm(296) l=24 f=-M- val=f5techsummit.com AVP: Origin-Host(264) l=28 f=-M- val=pgw.f5techsummit.com AVP: Destination-Realm(283) l=27 f=-M- val=visited.traffix.com AVP: User-Name(1) l=29 f=-M- val=user@f5techsummit.com AVP: Origin-State-Id(278) l=12 f=-M- val=1Solved1.9KViews0likes5CommentsDocumentation for F5 Diameter "ingress" process
Hello, Is there any documentation for the process that handles diameter profile? There are some errors in ltm log for example "diameter process ingress error Not found" but i don't know what AVP is missing in message. I have LTM v 11.3 br, Tomasz213Views0likes2Comments