I need to write an iRule for a pool that will direct traffic to the correct member by incoming IP address. The pool members are setup to push traffic to member on service port 9081. (e.g). Traffic destined for IP address 10.10.10.20 will go to .20, but if .20 is down traffic will go to pool member 10.10.10.21 and vice versa. Traffic with IP header 10.10.10.21 will go to member .21, but if not available will go to .20. I am sure this is a simple iRule, but my synax is terrible. Any help would be appreciated pmanet

Hi, Here are a few related posts. You can reply here if you get stuck. Pool redirect based on source IP Range http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=3486334864 Redirect Traffic Based on Source Address http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&postid=56827&ptarget=56838 IP::addr http://devcentral.f5.com/wiki/default.aspx/iRules/ip__addr matchclass http://devcentral.f5.com/wiki/default.aspx/iRules/matchclass Aaron

Nevermind... I thought you wanted to select the pool based on the source IP address. Can you elaborate on what you're trying to implement? Do you have two virtual server IP addresses which you want to map to two server IP addresses? If so, you could create one VS on 1.0.0.1 which points to a pool containing 2.0.0.1 as priority 100 and 2.0.0.2 as priority 1. And you can create a second VS on 1.0.0.2 which points to a pool containing 2.0.0.2 as priority 100 and 2.0.0.1 as priority 1. The higher priority pool member would take precedence as long as it is marked up. If it marked down, connections would go to the lower priority member. Or have I misunderstood your scenario? Aaron

Thanks. Sorry for any confusion. The traffic will have the destination IP address in the packet. So I need to direct the traffic based on target IP. (e.g header packet will contain the target pool member it needs to go to by IP address 10.10.10.20). But, if this server is ever unavailable, I will need it to go to the other pool member 10.10.10.21. I need to build the rule to cover this both ways. pmanet

I don't think that would work as is. I don't think both servers could be configured for 10.10.10.20 and 10.10.10.21. You would get IP conflicts if both hosts answered ARPs for both addresses. It seems like it would be a lot more complicated to try to do something like transparent load balancing compared with just using a new IP address and load balancing the two servers with that. Aaron

I am not sure I follow. Do you think if the traffic intended for .20 cannot get there, then it would produce an IP conflict b/c it would then try to go to .21 but doesn't match that address. I will have to follow up with the application group, but the IP address may just be part of the content not the actual header packet. If this is the case, do you think this could be done?

Filter by incoming IP address

14 Replies

hoolio
Cirrostratus
Aug 03, 2009
What is the purpose of having two virtual servers or two IP's to reference the two servers? Typically, you'd either want to talk to a single high availability IP address (load balanced) or one IP per server for maintenance or similar.

If this is SOAP over HTTP, I'm guessing you'll end up using a new IP for the virtual server and translate the destination IP address to the real server IP. If there is an IP address in the request and/or response payload that needs to be rewritten, you can do this using HTTP::collect (Click here). If the length of the IP address string in the request payload is the same as what you're replacing it with (length of 111.11.11.111 = length of 222.22.22.222), you could use a stream profile and STREAM::expression iRule (Click here) to rewrite the payload. A stream profile and iRule would buffer less payload and be more efficient than using HTTP::collect.

Aaron
abachman_72712
Nimbostratus
Aug 04, 2009
I think I forgot to mention that the VIP server IP address is a separate VLAN than the pool members, so I think that the IP conflict mentioned earlier will not be an issue.

VIP = 10.10.11.10

member = 10.10.10.20

member2=10.10.10.21
abachman_72712
Nimbostratus
Aug 04, 2009
I will not need to rewrite the IP Address. The IP address in the payload will match the pool member that it originated from and we would like to push back to same member (service port 9081) if available. If that member is not available, then push that packet to the other member of the pool on service port 9081.
Ian_Smith
Ret. Employee
Aug 08, 2009
If what you are saying is that you have a SOAP message that contains an element which will tell you which pool member to send it to, then what you need to do is:

- search for that element using [XML::element]

- make a variable out of its value [set]

- then switch on that variable [switch]

- when you match it, you can use [active_members] to check if the pool member is available

- then write a session entry using [session] if you need to

- and direct the traffic to it using the member specification in [pool]

Forum Discussion

Filter by incoming IP address

14 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Cisco TACACS+ Config on ISE LTM Pair

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

iRule causing requests to be duplicated (sometimes)

Related Content

Filtering traffic based on client ip address and URL

Addressing Shadow AI with F5 BIG-IP SSL Orchestrator

BIG-IP Next for Kubernetes, addressing today’s enterprise challenges

CSV to Address External Datagroup File

The Power of Source Address

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS