Forum Discussion

Stan_Ward_01_13's avatar
Stan_Ward_01_13
Icon for Nimbostratus rankNimbostratus
Jun 22, 2015

iRule can't see UDP traffic

I have an iRule to do SNAT of UDP traffic for one specific flow case, otherwise leave addressing alone. But when I assign it to the VIP, I never see it hit. The iRule has log statements on LB_SELECT, LB_FAIL, CLIENT_CONNECT, CLIENT_DATA, and CLIENT_CLOSE, none of which are ever triggered (RULE_INIT is triggered). A TCPDUMP shows the incoming UDP packet being mapped to the VS that has the iRule on it, but it doesn't ever seem to be forwarded.

 

How can I find out what happened to the packet? The VS allows traffic from all VLANs and has no address restriction. It's a Standard VS with a UDP profile, port 3478, and the destination is on a connected interface. The VS works correctly if the iRule is not assigned.

 

APM
application delivery
design
devops
iRules
LTM
security

2 Replies

Sort By
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jun 23, 2015

    did you read the wiki on for example CLIENT_ACCEPTED (CLIENT_CONNECT doesn't exist) https://devcentral.f5.com/wiki/iRules.CLIENT_ACCEPTED.ashx

     

    because of how UDP works it might trigger on different moments, looking at it and if you have regular traffic i could imagine this event will never trigger because it never expires, so the event doesn't trigger.

     

    not sure if you can test, but if you can perhaps the LB Datagram option can be enabled to see if you get more logging then.

     

    also i don't quite get your last statement, does the virtual server break when an irule that only logs? could you provide the irule code here?

     

  • Stan_Ward_01_13's avatar
    Stan_Ward_01_13
    Icon for Nimbostratus rankNimbostratus
    Jun 24, 2015

    Ok, so what really happened was that I forgot that on an iRule update, an existing connection retains the old copy of the iRule. So when I cleared the connection (which otherwise stays up forever because there's always traffic), my log statements are showing traffic within the proper events.

     

    So all is well. Thank you for replying.