F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Local Traffic Manager: Internet of Things Administration
  3. Configuring MQTT over websockets
Manual Chapter : Configuring MQTT over websockets

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 15.1.10, 15.1.9
Manual Chapter

Configuring MQTT over WebSockets

Overview: MQTT over WebSockets

The Message Queuing Telemetry Transport (MQTT) over WebSocket is enabled to offer a filter when MQTT is encapsulated using WebSockets, such as MQTT iRule based enrichment and inspection. In addition to the current behavior of the WebSockets filter, support for the following is introduced:
  • End-to-End WebSocket for MQTT Payload: Support for MQTT protocol profile over WebSockets on both client-side and server-side connections.
  • WebSocket Termination for MQTT Payload: Supports WebSocket connection termination on client-side.

Task Summary for configuring End-to-End WebSocket for MQTT Payload

Creating an End-to-End WebSocket profile

Use this task to create a WebSocket profile.
  1. On the Main tab, click
    Local Traffic
    Profiles
    Services
    WebSockets
    .
  2. Click
    Create
    .
    The new WebSocket Profile screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. In the
    Payload Processing Mode
     field, select
    End-To-End
    .
  5. In the
    Payload Protocol Profile
     field, select
    mqtt
     profile.
  6. Click
    Finished
    .

Creating an iRule for enabling WebSocket Payload processing

An iRule that enables WebSocket payload processing for MQTT is required. Without iRule, the WebSocket payload will be processed as opaque binary data and MQTT iRule Events will not be triggered.
Use this task to create an iRule for enabling WebSocket payload processing.
  1. On the Main tab, click
    Local Traffic
    iRules
    iRule List
    .
    The iRule List screen opens, displaying any existing iRules.
  2. Click
    Create
    .
    The New iRule screen opens.
  3. In the
    Name
     field, type a unique name for the iRule.
    The full path name of the iRule cannot exceed 255 characters.
  4. In the
    Definition
     field, type an iRule that enables WebSocket payload processing when MQTT is detected in request.
    Following are iRule examples:
    when WS_REQUEST {
    switch [WS::request protocol] {
        mqtt {
            WS::payload_processing enable
        }
    }
}
    when WS_REQUEST {
    if { [HTTP::path] starts_with "/mqtt" } {
        WS::payload_processing enable
    }
}
  5. Click
    Finished
    .
    The new iRule appears in the list of iRules on the system.
The BIG-IP system includes the iRules for enabling WebSocket payload processing.

Creating a LTM policy for enabling WebSocket Payload processing

Use BIG-IP LTM policy to direct traffic in accordance with rules, which are applied as determined by the specified strategy, conditions, and actions. Local traffic policies that have been upgraded from BIG-IP software version 12.0, or earlier, appear in the Published Policies list.
Use this task to create a LTM policy for enabling WebSockets payload processing.
  1. On the Main tab, click
    Local Traffic
    Policies
    Policy List
    .
    The
    Policies List
     screen opens, displaying any existing policies.
  2. Click
    Create
    .
    The
    New Policy
     screen opens.
  3. In the
    Policy Name
     field, type a unique name for the policy.
  4. Click
    Create Policy
    .
    The
    Draft Policy
     screen opens.
  5. In the
    Rules
     section, click
    Create
    .
    The
    Properties
     screen opens.
  6. In the
    Name
     field, type a unique name for the rule.
  7. In the
    Match all of the following conditions
     section, click the
    +
     button and create an HTTP request or WebSocket request based condition.
    For example,
    WebSocket
    protocol
     is any of
    mqtt
     at
    websocket request
     time.
  8. In the
    Do the following when the traffic is matched
     section, click the
    +
     button and create an action.
    For example,
    Enable
    websocket payload processing
     at
    websocket request
    time.
  9. Click
    Save
    .
    The
    Draft Policy
     screen opens.
  10. From the drop-down at
    Save Draft
    , select
    Save and Publish Policy
    .
    The
    Policy List
     screen opens, the created policy will be listed under
    Published Policies
     section.

Creating a Client SSL profile

Create a Client SSL profile to authenticate and decrypt/encrypt client-side application traffic.
  1. On the Main tab, click
    Local Traffic
    Profiles
    SSL
    Client
    .
    The Client SSL profile list screen opens.
  2. Click
    Create
    .
    The New Client SSL Profile screen opens.
  3. Configure all profile settings as needed.
  4. Click
    Finished
    .
After creating the Client SSL profile and assigning the profile to a virtual server, the BIG-IP system can apply SSL security to the type of application traffic for which the virtual server is configured to listen.

Creating a virtual server for MQTT over WebSockets

Before creating a virtual server, verify that you have created the pool to which you want this virtual server to send traffic.
When you create a virtual server, you specify a destination IP address and service port. All other settings on the virtual server have default values. Update the default values of any settings to suit the requirement.
  1. On the Main tab, click
    Local Traffic
    Virtual Servers
    .
    The Virtual Server List screen opens.
  2. Click
    Create
    .
    The New Virtual Server screen opens.
  3. In the
    Name
     field, type a unique name for the virtual server.
  4. From the
    Type
     list, retain the default,
    Standard
    .
  5. In the
    Destination Address/Mask
     field:
    • If you want to specify a single IP address, confirm that the
      Host
       button is selected, and type the IP address in CIDR format.
    • If you want to specify multiple IP addresses, select the
      Address List
       button, and confirm that the address list that you previously created appears in the box.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is
    10.0.0.1
     or
    10.0.0.0/24
    , and an IPv6 address/prefix is
    ffe1::0020/64
     or
    2001:ed8:77b5:2:10:10:100:42/64
    . When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a
    /32
     prefix.
    The IP address or addresses for this field must be on the same subnet as the external self-IP address.
  6. In the
    Service Port
     field, type the port number at which WebSocket service is required.
  7. From the
    Configuration
     list, select
    Advanced
    .
  8. For the
    HTTP Profile (Client)
     setting, select the name of an HTTP profile from the list.
  9. For the
    SSL Profile (Client)
     setting, from the
    Available
     list, select the name of the Client SSL profile you previously created and move the name to the
    Selected
     list.
  10. In the
    WebSocket Profile
     field, select the name of the WebSocket profile you previously created.
  11. Configure any other settings that are required.
  12. In the
    Resources
     section, in the
    iRules
     or
    Policies
     settings, from the
    Available
     list, select the name of the iRule or the LTM policy that you have previously created and move the name into the
    Enabled
     list by clicking
    <<
    .
  13. In the
    Default Pool
     list, select the name of the pool that you created previously.
  14. Click
    Finished
    .
You now have a virtual server that listens for application traffic and acts according to the values configured within the virtual server.

Viewing MQTT statistics

Ensure that an MQTT profile is assigned to at least one virtual server.
You can see how the BIG-IP is handling MQTT messages by viewing statistics per MQTT profile.
  1. On the Main tab, click
    Statistics
    Module Statistics
    Local Traffic
    .
    The Local Traffic statistics screen opens.
  2. From the
    Statistics Type
     list, select
    Profiles Summary
    .
  3. In the Details column for the MQTT profile, click
    View
     to display detailed statistics about MQTT messages.

Task Summary for configuring WebSocket Termination for MQTT payload

Redirect the WebSocket traffic to an internal virtual server to achieve WebSocket termination for MQTT payload.

Creaeting a WebSocket Termination profile

Use this task to create a WebSocket profile.
  1. On the Main tab, click
    Local Traffic
    Profiles
    Services
    WebSockets
    .
  2. Click
    Create
    .
    The new WebSocket Profile screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. In the
    Payload Processing Mode
     field, select
    Termination
    .
  5. Click
    Finished
    .

Creating a Client SSL profile

Create a Client SSL profile to authenticate and decrypt/encrypt client-side application traffic.
  1. On the Main tab, click
    Local Traffic
    Profiles
    SSL
    Client
    .
    The Client SSL profile list screen opens.
  2. Click
    Create
    .
    The New Client SSL Profile screen opens.
  3. Configure all profile settings as needed.
  4. Click
    Finished
    .
After creating the Client SSL profile and assigning the profile to a virtual server, the BIG-IP system can apply SSL security to the type of application traffic for which the virtual server is configured to listen.

Creating an iRule for enabling payload processing and specifying internal virtual server

An iRule that enables WebSocket payload processing and specifies WebSocket payload internal virtual server is required. Without iRule, the WebSocket will not be terminated and server will continue to receive WebSocket encapsulated traffic.
Use this task to create an iRule for enabling WebSocket payload processing and specifying WebSocket payload internal virtual server.
  1. On the Main tab, click
    Local Traffic
    iRules
    iRule List
    .
    The iRule List screen opens, displaying any existing iRules.
  2. Click
    Create
    .
    The New iRule screen opens.
  3. In the
    Name
     field, type a unique name for the iRule.
    The full path name of the iRule cannot exceed 255 characters.
  4. In the
    Definition
     field, type an iRule that enables WebSocket payload processing when MQTT is detected in request.
    Following are iRule examples:
    when WS_REQUEST {
    switch [WS::request protocol] {
        mqtt {
            WS::payload_processing enable
            WS::payload_ivs /Common/my_mqtt_ivs
        }
    }
}
    when WS_REQUEST {
    if { [HTTP::path] starts_with "/mqtt" } {
        WS::payload_processing enable
        WS::payload_ivs /Common/my_mqtt_ivs
    }
}
  5. Click
    Finished
    .
    The new iRule appears in the list of iRules on the system.

Creating an internal virtual server for MQTT

Use this task to create an internal virtual server for MQTT.
The internal virtual server will receive traffic only when parent virtual server sends data to it.
  1. On the Main tab, click
    Local Traffic
    Virtual Servers
    .
    The Virtual Server List screen opens.
  2. Click
    Create
    .
    The New Virtual Server screen opens.
  3. In the
    Name
     field, type a unique name for the virtual server.
  4. From the
    Type
     list, select
    Internal
    .
    The screen displays internal virtual server configuration options.
  5. From the
    Configuration
     list, select
    Advanced
    .
  6. In the
    MQTT
     field, select the MQTT profile.
  7. Configure any other settings that are required.
  8. In the
    Resources
     section, in the
    iRules
     setting, from the
    Available
     list, select the name of any MQTT iRule that you have previously created and move the name into the
    Enabled
     list by clicking
    <<
    .
  9. In the
    Default Pool
     list, select the name of the pool that you created previously or click the
    +
     button to create a new pool.
  10. Click
    Finished
    .

Creating a virtual server for MQTT over WebSockets

Before creating a virtual server, verify that you have created the pool to which you want this virtual server to send traffic.
When you create a virtual server, you specify a destination IP address and service port. All other settings on the virtual server have default values. Update the default values of any settings to suit the requirement.
  1. On the Main tab, click
    Local Traffic
    Virtual Servers
    .
    The Virtual Server List screen opens.
  2. Click
    Create
    .
    The New Virtual Server screen opens.
  3. In the
    Name
     field, type a unique name for the virtual server.
  4. From the
    Type
     list, retain the default,
    Standard
    .
  5. In the
    Destination Address/Mask
     field:
    • If you want to specify a single IP address, confirm that the
      Host
       button is selected, and type the IP address in CIDR format.
    • If you want to specify multiple IP addresses, select the
      Address List
       button, and confirm that the address list that you previously created appears in the box.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is
    10.0.0.1
     or
    10.0.0.0/24
    , and an IPv6 address/prefix is
    ffe1::0020/64
     or
    2001:ed8:77b5:2:10:10:100:42/64
    . When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a
    /32
     prefix.
    The IP address or addresses for this field must be on the same subnet as the external self-IP address.
  6. In the
    Service Port
     field, type the port number at which WebSocket service is required.
  7. From the
    Configuration
     list, select
    Advanced
    .
  8. For the
    HTTP Profile (Client)
     setting, select the name of an HTTP profile from the list.
  9. For the
    SSL Profile (Client)
     setting, from the
    Available
     list, select the name of the Client SSL profile you previously created and move the name to the
    Selected
     list.
  10. In the
    WebSocket Profile
     field, select the name of the WebSocket profile you previously created.
  11. Configure any other settings that are required.
  12. In the
    Resources
     section, in the
    iRules
     or
    Policies
     settings, from the
    Available
     list, select the name of the iRule or the LTM policy that you have previously created and move the name into the
    Enabled
     list by clicking
    <<
    .
  13. In the
    Default Pool
     list, select the name of the pool that you created previously.
  14. Click
    Finished
    .
You now have a virtual server that listens for application traffic and acts according to the values configured within the virtual server.

Viewing MQTT statistics

Ensure that an MQTT profile is assigned to at least one virtual server.
You can see how the BIG-IP is handling MQTT messages by viewing statistics per MQTT profile.
  1. On the Main tab, click
    Statistics
    Module Statistics
    Local Traffic
    .
    The Local Traffic statistics screen opens.
  2. From the
    Statistics Type
     list, select
    Profiles Summary
    .
  3. In the Details column for the MQTT profile, click
    View
     to display detailed statistics about MQTT messages.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information