Forum Discussion
Hi Stephan,
Yes have confirmed all of that. I am using just one pool member right now. Radius client is my own code (http://sourceforge.net/projects/radiustest/) - i am sending just a single Access-Request with 11:11:11:11:11:11 as calling-station-id and 1.2.3.4 as framed-ip-address and getting the result:
: session table entry added:
: session table lookup result for calling station ID of 11:11:11:11:11:11: 172.16.34.100
: lookup match: 172.16.34.100
: session table entry added:
That is with the following irule:
when LB_SELECTED {
log local0. "session table entry added: "
session add uie "persist:[RADIUS::avp 31]" [LB::server addr]
}
when CLIENT_DATA {
log local0. "session table lookup result for calling station ID of [RADIUS::avp 31]: [session lookup uie "persist:[RADIUS::avp 31]"]"
if {[session lookup uie "persist:[RADIUS::avp 31]"] ne ""} {
log local0. "lookup match: [session lookup uie "persist:[RADIUS::avp 31]"]"
node [session lookup uie "persist:[RADIUS::avp 31]"]
log local0. "session table entry added: "
session add uie "persist:[RADIUS::avp 8]" [IP::remote_addr]
}
}
Logs looks nice but how can i check the results ? Persistence and sys connection tables are empty. And i do suspect it's not working correctly because if i add a second member to the pool (172.16.34.101), and send two identical radius packets the second one is going to the second pool member:
: session table entry added:
: session table lookup result for calling station ID of 11:11:11:11:11:11: 172.16.34.101
So it looks like there is no session and we always start a new session and adding new session table entry (using session add from LB_SELECTED) instead of reusing the same node for which we do have that session already.
Also why we do use "node" in CLIENT_DATA if that is displayed by the logs after LB_SELECTED ? Should not we stick/persistent the session before we do create persistence entry/session entry (to be sure we do hit the one which was created previously) ?
Thanks, Michal
- Dec 20, 2015Hi Michal, please change the rule for accounting as follows by replacing the line of: session add uie "persist:[RADIUS::avp 8]" [IP::remote_addr] with the following: session add uie "persist:[RADIUS::avp 8]" [session lookup uie "persist:[RADIUS::avp 31]"] Now a new table entry will be created using the "persist:(framed-ip)" as key with a value of the pool member IP. This table entry will be used by a third iRule associated with your virtual server for web: when HTTP_REQUEST { log local0. "session table lookup result for web client of [IP::client_addr]: [session lookup uie "persist:[IP::client_addr]"]" if {[session lookup uie "persist:[IP::client_addr]"] ne ""} { node [session lookup uie "persist:[IP::client_addr]"] } } Assuming the client with the IP address matching the framed IP found in RADIUS will send a http request. Now the session table will be looked up for a key matching "persist:(web-client-ip)". The entry will be found and the value retrieved to pick the right pool member. Thanks, Stephan PS: Edited to fix formatting ...
- JoadMay 04, 2017Nimbostratus
Hello,
is it also possible to create a persistence iRule based on both Calling-station-ID and Audit-Session-ID ?
Thanks in advance
Regards
- RaghavendraSYMar 01, 2019Altostratus
Try below iRules:
With client IP and HTTP host:
when HTTP_REQUEST { persist uie "[IP::client_addr]:[HTTP::host]" }
(If you want to specific URI)
when HTTP_REQUEST { persist uie "[IP::client_addr]:[URI::query [HTTP::uri] param1]" }