F5 iRule — Syslog Cloning iRule with HSL or Sideband

HSL_syslog_cloning

First lets create two(2) pools with a single node in each. These will be used in our iRule to clone the UDP datagram to both.

pool_SyslogServer001

pool_SyslogServer001

Now that we created the two(2) pools with single nodes in each, we can craft the irule to utilize HighSpeedLogging(HSL) in an iRule and tie it alltogether.

when CLIENT_ACCEPTED {
    set syslog_pool1 [HSL::open -proto UDP -pool pool_SyslogServer001] 
    set syslog_pool2 [HSL::open -proto UDP -pool pool_SyslogServer002] 
}
when CLIENT_DATA {
  HSL::send $syslog_pool1 [UDP::payload]
  HSL::send $syslog_pool2 [UDP::payload] 

}
Pros Cons
  • Each HSL send destination requires a unique pool with one node in it.
  • Cannot change source address (has to be self IP F5 LTM)

SIDEBAND_syslog_cloning

Now a different approach is to use iRule sideband method. Sideband was introduced in TMOS-LTMv11.0.0 so it will be needed for the SIDEBAND method to be available for use. It pretty much opens a TCP or UDP connection when the iRule get triggered.

when CLIENT_ACCEPTED {

  # grab UDP payload
  set data [UDP::payload]
  
  # create connection objects to both servers
  set conn_id1 [connect -protocol UDP -myaddr 1.1.1.1 -timeout 100 -idle 30 10.10.10.1:514]
  set conn_id2 [connect -protocol UDP -myaddr 1.1.1.1 -timeout 100 -idle 30 10.10.10.2:514]
  
  # send sideband request to server1
  send -timeout 1000 $conn_id1 $data
  close $conn_id1
  # send sideband request to server1
  send -timeout 1000 $conn_id2 $data
  close $conn_id2
}
Pros Cons
  • More control, we can change things like source address and timeouts
  • No pools needed, can craft connection object directly in iRule

 

References:

Tags:

August 25, 2022 by F5 0

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *