Forum Discussion

Iberdrola-Siste's avatar
Iberdrola-Siste
Icon for Nimbostratus rankNimbostratus
Sep 30, 2013

Event and action using a iRule

Hello to all:

 

We are Load Balancing a Genesys SIP Server using LTM, but in our architecture we have found a problem with the default configuration recommended by Genesys. An iRule is creating a UDP session between the active SIP Server and our SBC, that, when a switchover occurs in the SIP Servers, this session makes the Virtual Service not to work properly with the new SIP Server active. The only way to make it work is accessing to the CLI, and introduce a "delete /sys connection cs-client-addr SIP-SERVER-IP-ADDRESS cs-client-port 5060 cs-server-addr SBC-IP-ADDRESS cs-server-port 5060" in the tmsh console.

 

Is there any way that we can do this using an iRule? I expect that it could exist an EVENT related to a creation of a connection entry in the connection table, and an action command to delete this connection

 

Thanks for your help

 

6 Replies

  • what is your pool setting for the active/standby sip servers?

     

    I am also in the process of setting up a similar solution, but genesys sip has odd requirements....

     

    cheers

     

    • Iberdrola-Siste's avatar
      Iberdrola-Siste
      Icon for Nimbostratus rankNimbostratus
      The Genesys monitoring tool (LTA) is the one that maintains only one active SIP Server, and disables the standby one. So,this pool is a regular pool, and the monitor is the one that enables one SIP server or the other: ltm pool /Common/poolHA01 { members { /Common/CCCCPL1SIP1:5060 { address 172.20.91.249 } /Common/CCCCPL2SIP2:5060 { address 172.20.91.23 } } monitor /Common/monSipUdp service-down-action reselect slow-ramp-time 0 } ltm ru
  • In SIP deployments I always used an immediate timeout. That´s why I never struggeled with a problem like this.

     

    This approach makes the iRule a bit more complex as you need to provide bi-directional processing for requests and responses (because the client and the gateway can send both types of messages).

     

    The following events were required:

     

    RULE_INIT, CLIENT_ACCEPTED, SIP_REQUEST, SIP_REQUEST_SEND, SIP_RESPONSE

     

    As well it was necessary to keep additional persistence records for mapping outgoing messages to the peer.

     

    The whole set of iRules is appr. 300 lines and requires some explanation (and sanitization).

     

  • Genesys sent me a very complex iRule that defined an action for all of these events you listed in your answer. I did not understand very well what they sent me. Additionally, I have made an alternate configuration in the F5 that I think it would solve the problem in our installation. Basically, we have created a different fastL4 protocol profile with "Idle timeout" parameter configured to immediate, and assign this profile to a forwarding virtual server specifically created for the traffic that flows from Genesys interface to the SBCs, and configure the SNAT in the specific option of this virtual server, without an iRule To sum up, the specific configuration we included is as follows:

     

    Previous Forwarding Virtual Server, now without the irule

    ltm virtual /Common/vsWildCardOutbound { destination /Common/0.0.0.0:0 ip-forward mask any profiles { /Common/fastL4 { } } translate-address disabled translate-port disabled vlans { /Common/internal } vlans-enabled }

     

    Specific Forwarding Virtual server that matches SIP traffic to the SBC. Specific fast-l4 profile and SNAT configured

    ltm virtual /Common/vsWildCardOutbound_SBC { destination /Common/172.20.90.48:5060 ip-forward ip-protocol udp mask 255.255.255.240 profiles { /Common/Conexion_SBC { } } snatpool /Common/snatPoolVipBi translate-address disabled translate-port disabled vlans { /Common/internal } vlans-enabled

     

    New fastl4 profile

    ltm profile fastl4 /Common/Conexion_SBC { app-service none defaults-from /Common/fastL4 idle-timeout immediate }

     

    Can somebody come back to me, and verify that this configuration is sensible and that would not carry out any other problem to the platform?

     

    Thanks a lot for your help

     

  • The deployment I´m referring to was done with another vendors SGC and it really took us a couple of days to get everything done and tested. And in this case I was already using a tested set of iRules.

     

    With SIP you will very likely need to touch a couple of SIP headers to rewrite IP addresses bi-directional and in some cases the SIP URI needs to be modified. Some heades will show up multiple times in the same message and each of it has to be rewritten.

     

    In all cases we used the SIP profile with our virtual servers allowing us to access the header and URI information.

     

    Perhaps your SIP environment is robust enough and can deal with the address translation by the load balancer, but especially for outgoing messages it will be required to use specific persistency to map responses to a client if an immediate timeout was applied.

     

    I would recommend to work closely with an experienced F5 systems engineer.

     

    Trying to use DevCentral to get it done will make this one a very long thread, imho.