Forum Discussion

Mike_Lowell_456's avatar
Mike_Lowell_456
Historic F5 Account
Mar 09, 2006

changing destination IP in an iRule

I'd like to use BIG-IP to forward through a router normally, and if a particular pool is down, I'd like to change the destination IP of the packet to that of a distant (remote) proxy server before forwarding through the router.

I've searched the forums and didn't find any similar attempts.

In a normal case (all servers up), the config is roughly this:


router default inet {
   gateway 1.1.1.1
}
virtual special_outbound_forward {
   destination any:any
   forward
   vlan special enable
}

There is obviously much more going on, but for this particular bit of traffic coming from the "special" VLAN, all traffic would simply be routed through the default gateway of 1.1.1.1.

Now if a particular pool is down, I would like to change the destination IP address of these packets, while still forwarding them through the router just as above.

So far my config idea is rougly this:


router default inet {
   gateway 1.1.1.1
}
pool super-special-pool {
   member 2.2.2.2:0 monitor very_special
}
pool remote-proxy {
   member 5.5.5.5:0
}
arp 5.5.5.5 00:cc:00:ff:ee:00
rule failover-to-proxy {
   when CLIENT_ACCEPTED {
      if { [active_members super-special-pool] } {
         forward   <--- things work normally
      } else {
         pool remote-proxy   <-- change dest IP, forward to router MAC
      }
   }
}
virtual special_outbound_forward {
   destination any:any
   rule failover-to-proxy
   vlan special enable
}

In this case, "5.5.5.5" is not a local IP address (it's several hops away), so I need to have a static ARP entry. The MAC address used for 5.5.5.5 is actually the MAC of the real router (1.1.1.1).

This seems to work, but it's ugly. Is there a cleaner way to do this? I'd love to have iRule commands to simply:


dnat 5.5.5.5    destination NAT, like iptables
forward
return

Or:


node 5.5.5.5 mac 00:cc:00:ff:ee:00
return

Even better:


node 5.5.5.5 [arp lookup 1.1.1.1]
return

IDEAL:


pool proxy-servers
l2pool nexthop-routers
return
(i.e. two load balancing decisions, one affecting only L2)

Are there any commands like I propose above? Or is there any cleaner solution to my problem?

Thanks!

a1l0s2k9
application delivery
dev
devops
iRules
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Mar 10, 2006
    Well, you could use the LINK::nexthop command to return the MAC address of the next logical hop in the transmission, which should get you the MAC info you're looking for.

     

     

    The problem then is, there's no real way to specify this along with the IP address of the pool member. I can't think of any commands in iRules that would help you set that arp entry or use the MAC information to forward the request there.

     

     

    -Colin