Forum Discussion
bman_12685
Nimbostratus
NimbostratusGTM irule to return differnt pool
I have a gtm pair version 9.x and ltm versions 11.2.0, and want to have the gtm return differnt pool members based on internal or external ip for example I have internal and external mail vips with different rules and although using npath on the ltm's nodes in the dc in which the mail servers live cannot access them ( they can access the remote dc) becuase of the routing thru the firewall.
Is there a way to accomplish this via the gtm?
6 Replies
Mohamed_LrhaziAltocumulus
want to have the gtm return differnt pool members based on internal or external ip
You should be able to use GTM's topology based LB..
I use GTM version 11.2 and found it simpler to use an iRule... but version 9.x does not have support for those.
bman_12685Hello, thanks for the input but im not sure if I we are on the same page, are you saying to add my internal dc pools to the pool in question as members?
then to use topology for that? This actually might work however what I was thinking was more along the line of below.
i.e.
all ips exampled below are bogus
wideip -> 4.4.4.4
defaut pool for wideip is called mailpool
-_____________________mailpool has 2 members
-____DC1 - public -ip-4.4.4.5
-____DC2 - public -ip-4.5.4.6
I would assume I would have an irule that does something like if from internal range send to
-____DC1 internal -ip 10.10.220.5
-____DC2 internal -ip 10.20.220.5- bman_12685I created a test pool wideip. set both pools to use topology in the wideip and the pool.
This doesn't work, perhaps because some hosts have static routes out but they come back as hitting the external ip which cant reach the mail servers as the firewall wont route from the inside interface to the outside interface in the same dc, so I need an irule to look at if the traffic comes from a specific ip or net and then send it to the appropriate pool(s) which are routeable everywhere.
so my above example is still the best way to go atm it seems. - bman_12685Im trying to trace out what is happening on the gtm atm, as Im trying to write an irule for the above mentioned issue, is there a way to catch in general any request in an irule ?
I have tried "when DNS_REQUEST" which should catch what I what however log local0 does not appear to catching the dns request i.e.
log local0. "Connection from: [IP::remote_addr] ..."
I've tried client_addr as well and nothing - bman_12685ok wrote an irule and tested it works this is my solution
---
substitute your values where needed
----
when RULE_INIT {
set ::TRACE 1
set DEBUG 1
}
when DNS_REQUEST {
if { [IP::addr [IP::client_addr] equals $dnsserver1_dc1 ] or [IP::addr [IP::client_addr] equals $dnsserver2_dc1 ] } {
log local0. "Connection from: [IP::client_addr] from internal DNS - attempting to send to mail internal pool"
cname mx-vip.domain.dc1.com
}
if { [IP::addr [IP::client_addr] equals $dnserver1_dc2 ] or [IP::addr [IP::client_addr] equals $dnsserver2_dc2 ] } {
cname mx-vip.domain.dc2.com
}
} - Mohamed_LrhaziIt's much better when you solve your problem by yourself :)
