Forum Discussion

eric_haupt1's avatar
eric_haupt1
Icon for Nimbostratus rankNimbostratus
Sep 26, 2017

Data group: integers not working

I'm trying to configure GTM to avoid certain ports serverside due to some HBSS agent issues. I'm using a data group of integers to hold the list of ports I want GTM to avoid using a reselect action. I am not getting the behaviour I want and it doesn't appear that the logic is matching at all. Now I know the ports I want to avoid are being used because I'm logging on these ports in the SERVER_CONNECTED action.

 

Here is the code I'm using for port avoidance - any ideas?

 

when LB_SELECTED {
           if { [class match [UDP::local_port] equals hbss-port-exception] } { 
           log local0. "HBSS EXCEPTION LOG: [UDP::local_port] - GTM reselecting" 
           LB::reselect }
    }
application delivery
iRules

8 Replies

Sort By
  • eric_haupt1's avatar
    eric_haupt1
    Icon for Nimbostratus rankNimbostratus
    Sep 26, 2017

    It just occurred to me: Maybe this code needs to be part of SERVER_CONNECTED vice LB_SELECTED

     

  • Leonardo_Souza3's avatar
    Leonardo_Souza3
    Icon for Nimbostratus rankNimbostratus
    Sep 28, 2017

    You probably referring to LTM and not GTM, as GTM does not care about ports. I need more information about your configuration.

     

    Can you please provide these parts of the configuration?

     

    Datagroup hbss-port-exception

     

    Virtual Server

     

    Pool

     

    • eric_haupt1's avatar
      eric_haupt1
      Icon for Nimbostratus rankNimbostratus
      Sep 28, 2017

      Why wouldn't GTM care about ports? It needs to allocate a local source port for both TCP and UDP when providing DNS LB to DNS servers, does it not?

      I don't think the LB_SELECTED was the event that is able to identify the local port so I've shifted to calling it in the SERVER_CONNECTED event. This is working for us and I don't like it because it's brutal to the client, but this affects only TCP and we only see about 4 events per 12 hours that match across the 10 ports we want to avoid. The client would simply timeout and retransmit - thus getting a new port which is most likely no in the restricted port range.

      when SERVER_CONNECTED {
       if { [class match [TCP::local_port] equals hbss-port-exception] } { 
       log local0. "HBSS EXCEPTION LOG: [TCP::local_port] - GTM dropping" 
       TCP::close }
}
    • eric_haupt1's avatar
      eric_haupt1
      Icon for Nimbostratus rankNimbostratus
      Sep 28, 2017

      hbss-port-exception is an integer data group simply containing a list of numbers

       

    • Leonardo_Souza3's avatar
      Leonardo_Souza3
      Icon for Nimbostratus rankNimbostratus
      Sep 28, 2017

      Nops, that is LTM functionality. Maybe you are referring to a GTM listener, that is an LTM virtual server.

       

      GTM only answer to DNS requests, providing an answer to those queries. The port is not relevant for the GTM.

       

      Anyway, without the configuration I asked for, I could only guess what is the problem.

       

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Sep 28, 2017

    Hi,

     

    the problem is virtual server default behavior is to reuse client side source udp port on server side.