For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chuck_127210's avatar
Chuck_127210
Icon for Nimbostratus rankNimbostratus
Dec 08, 2006

1 VS and 2 Pools

I'm new to IRULES and I'm having an issue with converting a 4.5 rule into a version 9 IRULE. Listed below is the 4.5 rule and below that the IRULE I created (which doesn't work). Any help would be app...
application delivery
dev
devops
iRules
Deb_Allen_18's avatar
Deb_Allen_18
Historic F5 Account
Dec 22, 2006
Hi guys -

I always put the mask on the subnet side of the comparison and it works just fine, so based on your logged results, it looks like it would work either way.

Looking more closely at your logic, though it seems that your "if" construct needs to be reconsidered:

You have 2 "if"s here, which means the conditions are not mutually exclusive. The connection is only forwarded after all conditions have been evaluated and acted upon, so when you send a request from a 172 address, the first condition is True, but the 2nd condtion is False. As a result, the pool is first set to the Citzens pool, but later set to the COB pool, which is where the traffic is actually sent.

You need to combine the 3 tests into one so you get only one result. You can either combine the 2 IP tests into one, or create a single "if / elseif / else" test:

when CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr]/8 equals 172.0.0.0] } {
    pool Branchplatform_Citizens_pool
  } elseif { [IP::addr [IP::client_addr]/16 equals 10.144.0.0] } {
    pool Branchplatform_Citizens_pool
  } else {
    pool Branchplatform_COB_pool
  }
}
or
when CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr]/8 equals 172.0.0.0] or [IP::addr [IP::client_addr]/16 equals 10.144.0.0] }{
    pool Branchplatform_Citizens_pool
  } else {
    pool Branchplatform_COB_pool
  }
}

HTH

/deb