Forum Discussion
Ashish_Gupta_15
Nimbostratus
NimbostratusDetect IP in a range in iRule
For the IPs in a range for example 91.186.192.0 to 91.186.223.255, how should I structure the datagroup list to detect if the incoming IP is within the that range using the iRule.
There are many IP ranges. If I calculate the CIDR for each range beforehand (an example CIDR for the above range would be 91.186.192.0/19), can I make use of the CIDR to delect if the incoming IP is within the given range using iRule?
Vijay_ECirrus
This devcentral article may answer your question.
- Kai_Wilke
MVP
Hi Ashish,
F5s
or F5s[IP::addr]
command in combination with an IP-ADDR based data-group can be used can be used to check if a given IP address falls in the range of a given[class]
subnet./CIDRThe
command is useful if you need to compare just a few different subnets...[IP::addr]if { [IP::addr [IP::client_addr] equals 91.186.192.0/19] } then { log local0.debug "The IP matches 91.186.192.0/19" } elseif { [IP::addr [IP::client_addr] equals 91.186.224.0/19] } then { log local0.debug "The IP matches 91.186.224.0/19" } elseif { [IP::addr [IP::client_addr] equals 91.186.0.0/16] } then { log local0.debug "The IP matches 91.186.0.0/16" } else { log local0.debug "The IP matches none of the subnets" }Note: The order of the
statement is important for overlapping subnets. The check is always performed as "first-match".[if]Whereas the
command scales much better if you need to compare multiple subnets...[class]iRule:
if { [set result [class lookup -value [IP::client_addr] equals DG_MY_SUBNETS]] ne "" } then { log local0.debug $result }Data-Group:
ltm data-group internal DG_MY_SUBNETS { records { 91.186.192.0/19 { data "The IP matches 91.186.192.0/19" } 91.186.224.0/19 { data "The IP matches 91.186.224.0/19" } 91.186.0.0/16 { data "The IP matches 91.186.0.0/16" } 0.0.0.0/0 { data "The IP matches none of the subnets" } } type ip }Note: The order of the data-group does not matter. The check is always performed as "best-match"
Cheers, Kai
