Rodney_Newton_7
Aug 06, 2005Nimbostratus
RTSP Proxy
RTSP Proxy:
Situation: Remote clients point to a virtual server for streaming audio/video… based on the information in the RTSP header the F5 will make a decision on which pool to send it to (iRules). The BigIP contacts the server on behalf of the client… after the initial RTSP call setup the server will then stream to the F5 then the F5 feeds the client. This is a one arm configuration (single interface, one VLAN) and all clients and servers are on the other side of the BigIP’s gateway.
Requirements: Client IP’s must be hidden from the server so the BigIP will sNAT the source address and the servers will communicate directly to the BigIP as if it were the client. All traffic must flow through the BigIP so nPath routing or similar solutions are not an option.
Problem: Once the initial RTSP call setup is complete the server begins streaming UDP packets to the sNAT address… as far as BigIP is concerned these are unsolicited packets and no connection table exist to correlate them to a client on the other side.
Flow:
1.1.1.5 (Client) sends connection request to 192.168.0.1 (VIP)… Actually the clients will point to a public address (5.5.5.4) that NATs at the firewall to the BigIP VIP.
BigIP makes a pool selection using iRules then changes the source IP to 192.168.0.2 and contacts the appropriate server
192.168.0.2 NATs at the firewall to a different public address (5.5.5.5) and routes to server (2.2.2.5)
Server (2.2.2.5) responds to (5.5.5.5) and the connection is made.
Again.. the problem is the initial UDP packet from the server that is rejected by BigIP… certain clients that we tested with actually send a UDP packet to the server first after the call setup and in those instances F5 handles it just fine (session table exist). Other clients (QuickTime Player) actually switch to TCP if UDP fails and that works too. Unfortunately we need all clients to operate and that means the F5 handling those unsolicited UDP packets from the server and redirecting them to the client that requested the stream.
So…. is there a way with iRules or some other method to take the information from the TCP connection, that actually has the agreed upon UDP port numbers in it, and create a session table that allows those packets on the defined ports to map back to the client through BigIP? Any feedback is greatly appreciated.