Forum Discussion

T33_94464's avatar
T33_94464
Icon for Nimbostratus rankNimbostratus
Feb 21, 2016

Load balancing SMPP authentication with MRF and no iRules. Can it be done?

Hi DevCentral,

 

I will be honest, I do not completely understand how SMPP works, and the full requirements, but of all the configurations required this is the one that's throwing me for a loop.

 

The scenario is as follows;

 

When an external client initiates a connection to the VS, they are required to authenticate to two servers located in two differing subnets. The LTMs must traverse other gateways to reach these subnets.

 

The requirements are to allow the connecting client to authenticate to both servers and any subsequent messages are load balanced to either of the servers, and if possible persist to only one based on the client/source. If the server fails, the pool will reselect and direct the connection to the available member. If the authenticated session fails, or the client closes the connection, they will re-authenticate to both servers and then load balancing can take place as before.

 

I have looked at an iRule example by Dev member NAT, and trying to understand it at the moment. Some of it I get but the majority still escapes me, and I'm currently watching a TCL crash course to try and understand further.

 

Referencing this post, from Dev user Sam, showing the SMPP message flow, which seems similar to Diameter, and from this I have been looking at MRF to possibly circumvent the iRules, limiting the complexity for future modifications.

 

I have not begun configuring the SMPP services as yet, focusing on other configurations required prior to undertaking this one which seems mentally as a challenge. The HA pair LTMs are currently running version 12.0.0 1.0.0.628.

 

My questions are;

 

  1. Is it possible to undertake this task without using iRules? and if so, any suggestions/tips for the configuration?

     

  2. Based on the message flow, is MRF viable for this solution?

     

  3. If iRules are required for the requirements, can the iRule example (from above) be used to satisfy this requirement?

     

I would appreciate any assistance regarding the above, and also, feel free to ask for any information which can hopefully aid in a resolution.

 

Best regards,

 

T33

 

application delivery
application load balancing
iRules
LTM
mrf
smpp
smpp message flow

6 Replies

Sort By
  • Segman_342030's avatar
    Segman_342030
    Icon for Nimbostratus rankNimbostratus
    Jul 03, 2018

    Hi Arturo and Nat, Can you share what you did on the iRule? We are trying to do very similar solution

     

    Thank you, Yoav

     

  • Arturo's avatar
    Arturo
    Icon for Employee rankEmployee
    Jun 20, 2018

    yes, it is possible to do load balance SMPP traffic using MRF. But the iRule is still needed. You need to read the payload manually and then create the persistence record based on some field.

     

    Good luck

     

  • T33_94464's avatar
    T33_94464
    Icon for Nimbostratus rankNimbostratus
    Feb 24, 2016

    Thus far this is the algorithm I've come up with;

     

    Code
When request from ESME;
    Is it a bind transmit from ESME
        Yes
            Send to both pool members
        else
            Is it an unbind
                Send to both pool members
            else //assuming all other messages are submit_sm related
                Load balance to either member

    Hopefully I'm on the right track here

     

    T33

     

  • Nat_Thirasuttakorn's avatar
    Nat_Thirasuttakorn
    Icon for Employee rankEmployee
    Feb 23, 2016

    in my opinion,

     

    1.Is it possible to undertake this task without using iRules? and if so, any suggestions/tips for the configuration?

     

    No, it is not possible

     

    2.Based on the message flow, is MRF viable for this solution?

     

    yes, MRF should be able to help.

     

    3.If iRules are required for the requirements, can the iRule example (from above) be used to satisfy this requirement?

     

    I believe the iRule example sort of satisfy this requirement. the different is, for example, it may not try to authenticate to all server at beginning, it may do authenticate when it connects. perhaps, with a small modification you can get exactly what you need.

     

    However, one thing to note, the iRule example is based on "mblb" profile which is old way for doing message-based load balancing. "mblb" will be obsoleted in near future. MRF is current framework for message-based routing. I would suggest using MRF for a better supportability. but you need to re-write iRule for it.

     

    the MRF related iRule syntax can be found here...

     

    https://devcentral.f5.com/wiki/iRules.GENERICMESSAGE.ashx

     

    https://devcentral.f5.com/wiki/iRules.MR.ashx

     

    I don't have sample MRF iRule to show at the moment (maybe other member have) when I have a chance I may post some example here

     

    Nat

     

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Feb 21, 2016

    Hi T33,

     

    The requirements are to allow the connecting client to authenticate to both servers and any subsequent messages are load balanced to either of the servers, and if possible persist to only one based on the client/source

     

    I don't get the point why you want to authenticate the client to both pool members, if you're going to persist the client via its source IP address to one of the pool members?

     

    Im my opinion it would just make sense to authenticate to both servers, if you need to implement a per-message load-balancing based on certain SMPP informations, isn't it?

     

    Do you have such requirements?

     

    Cheers, Kai