ltm rule command XLAT listen
iRule(1) BIG-IP TMSH Manual iRule(1)
XLAT::listen
Creates a related ephemeral listener.
SYNOPSIS
XLAT::listen (-hairpin)? (-inherit-main-rules)? (-single-connection)?
(-translation-loose)? (XLAT_LISTEN_SUBCMDS)+
DESCRIPTION
Creates a related ephemeral listener and returns the TCL handle for the
listener. bind address and port can be omitted. It is recommend that
users don't set this, so the command can choose an IP:port based on the
server address specified and also conforms to source translation
config. If the server address is on the clientside, then bind IP::port
will be a valid endpoint on the clientside and conforms to the source
translation config on the clientside. If the sever address is on the
serverside, then bind IP::port will be a valid endpoint on the
serverside and conforms to the source translation on config serverside,
if any. When configured source translation is LSN or SECURITY-DYNAMIC-
PAT, a reserved endpoint is also created for bind address:port. If user
has already created a reserved endpoint (using
XLAT::src_endpoint_reservation), then it will be reused provided the
allow address:port match the client address:port used to reserve the
endpoint.
Syntax: XLAT::listen [-hairpin] [-inherit-main-rules]
[-single-connection] [-translation-loose] { [proto
] bind -allow|-deny [-ip ] [-port
] server [allow []] [inherit-vs
] }
Sets up a related ephemeral listener to allow an incoming related
connection to be established: + -hairpin: This listener will be used
for accepting hairpin connections only. This option is supported with
LSN and SECURITY-DYNAMIC-PAT source translation config only. This
option should be used when hairpin connections from other subscribers
using LSN or SECURITY-DYNAMIC-PAT are anticipated, as such the incoming
subscriber flow (does not have to be the same as listener subscriber)
must match an existing virtual-server with a LSN or SECURITY-DYNAMIC-
PAT source translation pool attached. + -inherit-main-rules: The
created listener executes the main rules(tmsh list ltm virtual
rules) attached to parent virtual. Related rules are executed by
default(tmsh list ltm virtual related-rules) + -single-connection:
Listener expires after one connection is received. +
-translation-loose: The command will try to use the hint data(-ip
and/or -port) provided. Command will not fail if the provided hints
cannot be used. + lifetime: The number of seconds to hold the listener
open waiting on a connection, parameter is required. + proto: Set the
protocol that the listener should listen for. If not specified this is
determined using the parent connection. + bind: vlan/ifc list, addr,
port to listen on. -allow/-deny determine if the vlan list is an allow
or a deny list. "*" can be used to denote all vlans. For hairpin
connections a separate listener must be created. Just enabling the
listener on all VLANS will not work for hairpinning. + server: The
address and port to connect the listening connection to. + allow: The
address and optional port to restrict the incoming connection to. +
inherit-vs: inherit the profiles, irules, and protocol of the provided
virtual server.
RETURN VALUE
Return the TCL handle to the created listener. String representaion of
the handle: "%,,%,,%,,,". Route
domain is not printed when zero.
VALID DURING
SERVER_CONNECTED, CLIENT_DATA, SERVER_DATA
EXAMPLES
when SERVER_CONNECTED {
set listen [XLAT::listen -inherit-main-rules 30 {
proto [IP::protocol]
bind -allow [LINK::vlan_id],/Common/public1 -ip [serverside {IP::local_addr}]
server [IP::client_addr] 7000
allow [LB::server addr] 0
inherit-vs [virtual]
}]
log local0. "LISTEN: $listen"
# hairpin
set listen_hairpin [XLAT::listen -hairpin 30 {
proto [IP::protocol]
bind -allow [clientside {LINK::vlan_id}]
server [IP::client_addr] 7000
}]
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-14.1.0 --First introduced the command.
BIG-IP 2019-05-10 iRule(1)