TFTP load balancing
Problem this snippet solves:
TFTP works in similar fashion to active FTP, using a callback from a random high port for the data stream: 1. The initiating host A sends a request packet to host B at Well Known Port 69. 1. B replies with a packet sent from an ephemeral port, which should be used for the remainder of the request for all data packets between Host A and host B.
To support the callback connection, you would: 1. Configure the UDP virtual server on port 69 to accept the control connection 1. Configure & apply a SNAT enabled at least on the server-side VLAN 1. Apply the following iRule to establish for each data connection a temporary listen on the appropriate port of the SNAT address.
Note: Requires LTM version > v9.0.3
How to use this snippet:
- Timeout should match the timeout in the UDP profile applied to the virtual server.
- Works with or without SNAT.
It is important to note that the LTM has to have a route back to the client since the new listener that is brought up to handle the data flow back to the client will not have an associate last-hop value.
Beware : because of simultaneous access by tftp client, the following error appears : TCL error: P_TFTP_NAT_IRULE - command returned bad code: 12
Code :
rule tftp_rule { when SERVER_CONNECTED { listen { proto 17 timeout 60 bind [LINK::vlan_id] [IP::local_addr] [serverside {UDP::local_port}] server [peer {client_addr}] [peer {UDP::client_port}] allow [IP::server_addr] } } }