Forum Discussion

karlg_49229's avatar
karlg_49229
Icon for Nimbostratus rankNimbostratus
Jan 21, 2012

UDP DST Port Range Load Balancing Rule

There is no TCP connection associated with these packets - it is raw UDP only, between port ranges 9000 to 9100 on the DST side, and targeted to a particular IP address.

 

 

Can I humbly ask the advice of an iRule expert for the rule syntax? We tried a few and so far no luck.

 

 

Best,

 

Karl G.

 

3 Replies

  • Hi Karl,

    Do you want to allow UDP packets destined for ports 9000 - 9100 and block all others? If so, you can create a virtual server with either a UDP profile or a Performance L4 virtual and use an iRule like this:

    
    
    when CLIENT_ACCEPTED {
    if {[UDP::local_port] >= 9000 and [UDP::local_port] <= 9100}{
     Allow
    } else {
     Send the client a reset
    reject
    }
    }
    

    Aaron
  • Great. For performance, it would be a lot more efficient to use a PerfL4 VS.

     

     

    Aaron
  • Hi Aaron,

     

    I work with Karl and I am trying to figure out if something I am seeing is because of this rule or something else. Along with this rule, we have a pool on the Virtual Server. The issue I am seeing is that even if I remove the first server in the pool and hope to see traffic only going to the second and third, traffic still makes it to the first server. I also disable the node and still see traffic to this first server. What do you think can be going on?

     

     

    Best Regards,

     

     

    Al