NimbostratusDuplicate netflow traffic via iRule
Netflow traffic is coming into a VIP and pool and then the traffic is duplicated via an iRule to aonther set of servers. The traffic being duplicated is not complete. The iRule is based on IP addresses defined in a data group and sent to a specific IP. This is the iRule being used:
when RULE_INIT {
set static::timeout "30"
}
when CLIENT_DATA {
if { [class match [IP::client_addr] equals SOC_Core_1] } {
set conn [connect -protocol UDP -myaddr [IP::client_addr] -timeout $static::timeout -idle 30 -status conn_status 10.65.46.98:2055]
set send_info [send -timeout $static::timeout -status send_status $conn [UDP::payload]]
set sessionCheckResponse [recv -timeout $static::timeout -status recv_status $conn]
}
elseif { [class match [IP::client_addr] equals SOC_Core_2] } {
set conn [connect -protocol UDP -myaddr [IP::client_addr] -timeout $static::timeout -idle 30 -status conn_status 10.65.46.99:2055]
set send_info [send -timeout $static::timeout -status send_status $conn [UDP::payload]]
set sessionCheckResponse [recv -timeout $static::timeout -status recv_status $conn]
}
elseif { [class match [IP::client_addr] equals All_Hubs] } {
set conn [connect -protocol UDP -myaddr [IP::client_addr] -timeout $static::timeout -idle 30 -status conn_status 10.65.46.100:2055]
set send_info [send -timeout $static::timeout -status send_status $conn [UDP::payload]]
set sessionCheckResponse [recv -timeout $static::timeout -status recv_status $conn]
}
else {
set conn [connect -protocol UDP -myaddr [IP::client_addr] -timeout $static::timeout -idle 30 -status conn_status 10.65.46.101:2055]
set send_info [send -timeout $static::timeout -status send_status $conn [UDP::payload]]
set sessionCheckResponse [recv -timeout $static::timeout -status recv_status $conn]
}
}
Also traffic that comes in to the VIP and pool nodes include the NetFlow/IPFIX, but when it is duplicated in the iRule, the Netflow/IPFIX is incomplete.
