For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Alex_Eduardo_Ar's avatar
Alex_Eduardo_Ar
Icon for Nimbostratus rankNimbostratus
Nov 10, 2017

Forwarding by destination ip in VS of type "performance (Layer 4)"

Hello, I have a VS of the type "performance (Layer 4)", without destination address, which captures TCP traffic by source address, in all ports, and directs it to a POOL. This is working correctly.

 

Now I want the traffic that is being captured and balanced towards the pool to be forwarded, considering the destination IP. I created the following iRule but it is not working.

 

Code
when CLIENT_ACCEPTED {

if { ([matchclass [IP::remote_addr] equals $::net_CPD_allow]) }{

   log local0. "La IP  [IP::client_addr] va al cpd "

   forward
   }
   pool "bluecoat_redireccion_wifi_Any"
}

The desired end result is to modify the VS so that it captures all traffic, not only TCP traffic, and that through iRule is possible, direct traffic to "data-center", instead of sending it to the Pool.

 

application delivery
iRules

1 Reply

  • Andy_McGrath's avatar
    Andy_McGrath
    Icon for Cumulonimbus rankCumulonimbus
    Nov 10, 2017

    If I understand correctly you need to update your iRule as follows:

    when CLIENT_ACCEPTED {
    if { ([class match [IP::local_addr] equals net_CPD_allow]) }{
       log local0. "La IP  [IP::client_addr] va al cpd --> 10.245.0.0/16"
       forward   
    } else {
       pool "bluecoat_redireccion_wifi_Any"
    }    
}

    First use class not matchclass (old method of data group lookup) second need to use IP::local_addr if you want the F5 Virtual Server address in a clientside context like CLIENT_ACCEPTED.

    NOTE: I think IP::local_addr will work as destination address for a wildcard forwarding Virtual Server but you never tried it so you will have to test.