Forum Discussion

xzjleo_133138's avatar
xzjleo_133138
Icon for Nimbostratus rankNimbostratus
Oct 11, 2013

iRule for UDP traffic

Hi, I am new to F5 and I need to create the iRule on LTM to fullfill following functions, anyone could let me know if LTM can do this? If so, please shield some light for me how to start, thanks advance.

 

Data flow: end device sends SNMP trap (UDP packet) to LTM, then LTM forward the UDP packet to application server base on the source IP address. This will be the one way traffic, no need to worry about the return traffic.

 

Requirements for LTM

 

1/ When LTM receives the UDP packet, it will check the source IP address base on the pre-define list.

 

2/ Forward the packet to the different application servers base on source IP address.

 

3/ When LTM send out the packet, new packet needs to retain the source IP address of original packet.

 

application delivery
devops
iRules

2 Replies

Sort By
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Oct 11, 2013

    Sure can.

    Assuming you have a VS that's targetted for the SNMP, the iRule would look something like

      when CLIENT_ACCEPTED {
    if { [IP::client_addr] equals 10.1.1.1 } {
      pool appserverpool member appserverip
    }
  }

    Note that the pool command doesn't take into account the poolmember status. If it's down, it'll get used anyway. You can check that from the iRule though. =So long as the VS recieving the packet doesn't have SNAT enabled, the target will get the original client IP for the forwarded packet.

    You can expand the iRule for error handling and things like lookups too (i.e. Lookup in a class/datagroup rather than a hard-coded IP address) if you like. This is just a quickie, no testing, syntax errors are my own etc etc...

    See the iRules wiki for reference to lookups in classes.

    H