Forum Discussion
Yes, realistically, anything in the payload that is unencrypted could be used as a value to key off of for an iRule. That being said, UDP isn't the easiest to parse. As you're describing it, it's not something F5 has a parser for, so it would be generic UDP to the BIG-IP.
Do you think there's any connection between the udp source port used where you'd want to key off of that? Probably not, but it would be easier than UDP payload
You'd most likely need to use a binary scan technique. If this isn't in your wheelhouse, you can reach out to F5 professional services and they could most likely write it for you depending on whether you'd be able to pay for it or not.
Here are some examples of binary scan. https://devcentral.f5.com/questions/radius-uie-persistence-and-cmp-compatibility
https://devcentral.f5.com/questions/universal-persistence-based-on-udp-payload-what-event-to-use
You'd want to look at UDP payload probably https://devcentral.f5.com/wiki/iRules.UDP__payload.ashx