Class Match iRule problem

Hi Aaron,

Can you add some debug logging, retest and check /var/log/ltm for the log output for a failure?

when HTTP_REQUEST {
   log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] to [virtual name] [HTTP::host][HTTP::uri]"
   if { [class match [IP::client_addr] equals AWS_EC2] } {
       Allow Amazon EC2 nodes past DUST Page
      log local0. "[IP::client_addr]:[TCP::client_port]: Matched AWS_EC2"
   } elseif { [class match [IP::client_addr] equals Testers] } {
       Allow Testers past DUST Page
      log local0. "[IP::client_addr]:[TCP::client_port]: Matched Testers"
   } else {
      HTTP::redirect "URL"
      log local0. "[IP::client_addr]:[TCP::client_port]: No match in AWS_EC2: [class get AWS_EC2] or Testers: [class get Testers]"
   }
}

Aaron

Okay, I added the log data, and now I'm really baffled:

 

 

Jun 14 13:26:52 local/tmm2 info tmm2[4997]: Rule dust-appctr-planned-prod : 209.119.85.5%1:48622: No match in AWS_EC2: {2620:0:c10:f501:0:1:ae81:0/32 {}} {2620:0:c10:f501:0:1:b848:0/39 {}} {2620:0:c10:f501:0:1:ccec:8000/33 {}} {2620:0:c10:f501:0:1:1714:0/30 {}} {2620:0:c10:f501:0:1:3210:0/30 {}} {2620:0:c10:f501:0:1:43ca:0/34 {}} {2620:0:c10:f501:0:1:482c:2000/35 {}} {2620:0:c10:f501:0:1:4b65:8000/33 {}} or Testers: 2620:0:c10:f501:0:1:d177:5505/48 {}

 

 

What the heck is going on with that data group? I added networks using the iRule editor.

Okay, I added the log data, and now I'm really baffled:

 

 

Jun 14 13:26:52 local/tmm2 info tmm2[4997]: Rule dust-appctr-planned-prod : 209.119.85.5%1:48622: No match in AWS_EC2: {2620:0:c10:f501:0:1:ae81:0/32 {}} {2620:0:c10:f501:0:1:b848:0/39 {}} {2620:0:c10:f501:0:1:ccec:8000/33 {}} {2620:0:c10:f501:0:1:1714:0/30 {}} {2620:0:c10:f501:0:1:3210:0/30 {}} {2620:0:c10:f501:0:1:43ca:0/34 {}} {2620:0:c10:f501:0:1:482c:2000/35 {}} {2620:0:c10:f501:0:1:4b65:8000/33 {}} or Testers: 2620:0:c10:f501:0:1:d177:5505/48 {}

 

 

What the heck is going on with that data group? I added networks using the iRule editor.

Can you paste the contents of your data-group?

 

 

As you are using route domains, you are going to need to list the IP in the data-group as x.x.x.x%. So in your log output from above, make sure the data-group has an entry with:

 

 

209.119.85.5%1

 

I entered the networks via the Data Group Editor in the F5 iRule editor. Right now my testers data group has:

 

 

209.119.85.5

 

 

in it and nothing else. It was entered as 209.119.85.5/255.255.255.255 with no value field attached.

Try changing the entry to be 209.119.85.5%1 in the data-group.

 

 

Done. No change in the output:

 

 

 

Jun 14 18:01:28 local/tmm2 info tmm2[4997]: Rule dust-appctr-planned-prod : 209.119.85.5%1:34494: No match in AWS_EC2: {2620:0:c10:f501:0:1:ae81:0/32 {}} {2620:0:c10:f501:0:1:b848:0/39 {}} {2620:0:c10:f501:0:1:ccec:8000/33 {}} {2620:0:c10:f501:0:1:1714:0/30 {}} {2620:0:c10:f501:0:1:3210:0/30 {}} {2620:0:c10:f501:0:1:43ca:0/34 {}} {2620:0:c10:f501:0:1:482c:2000/35 {}} {2620:0:c10:f501:0:1:4b65:8000/33 {}} or Testers: 2620:0:c10:f501:0:1:d177:5505/48 {}

Any more help incoming on this one? It's not as if I'm trying to do something particularly bizarre and difficult.

Data groups and the associated lookup commands (matchclass, class, findclass, etc) do not support route domains yet. See this thread for details and possible workarounds:

 

 

https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/1172490/showtab/groupforums/Default.aspx

 

 

Aaron

Ah, thank you! Moving my class to the common partition seems to have done the trick. Strange behaviour.