Need help connecting RADIUS and HTTPS
I am trying to load-balance HTTPS (Port 8443) into the same node as a completed RADIUS communication. It is critical for session consistency that the HTTPS session is load-balanced onto the same node as the RADIUS session. It is key to note that the RADIUS client address is different to the HTTPS client address. In order to to load-balance the HTTPS session, I first need to determine the Client-IP from the preceding accounting packets.
I have attempted to achieve this using the following iRule:
Code
when CLIENT_DATA {
This ensures that only the interim_update accounting
packets are inspected by the iRule as these are
most likely to contain the IP address of the client
[RADIUS::code] == 4 identifies the packet as an accounting packet
[RADIUS::avp 40] == 3 identifies the packet as an interim_update accounting packet
if { [RADIUS::code ] == 4 and [RADIUS::avp 40] == 3 }{
set framed_ip [RADIUS::avp 8]
log local0. "request from $framed_ip"
persist uie "$framed_ip" 600
}
}
text Tying all this together on other Virtual Servers is a UIE persistence profile. The Persistence Profile has Match Across Services and Match Across Servers enabled. However, despite the persistence profile being attached to every VS, the HTTPS refuses to follow the persistence record that has been created by -- persist uie "$framedIP" 600.