Forum Discussion
NimbostratusGTM response according to source ip
Hi,
I have GTM configuration running properly. The devices can talk to each other, get update about the availability of pools.
I need to make another enhancement though. I need a configuration that it will answers the requests according to source ip address as well.
Here is how my irule looks :
when DNS_REQUEST { if { ( [active_members DC-DENEME] >= 1) } { if { ( [IP::addr [IP::client_addr] equals 192.168.5.1/32]) } { log local0. "dns query from local network: <[IP::client_addr]>" host 192.168.71.150 } elseif { [IP::addr[IP::client_addr] not equals 192.168.5.1/32] } { host 1.1.1.1 } } elseif { [active_members DR-DENEME] >= 1 } { host 10.0.71.150 } }
My algorithm is like this : If DC is active calculate the source ip address and respond accordingly. Else its always 10.0.71.150
I have seen under /var/log/gtm :
Oct 13 14:58:12 dcf51 err tmm[10396]: 011a7001:3: TCL error: Rule /Common/DC-DENEME_IRULE - invalid command name "IP::addr192.168.5.199" while executing "IP::addr[IP::client_addr] not equals 192.168.5.1/32"
My clients ip address is 192.168.5.199. I thought IP::addr was irrelevant and removed that.
Then i receive that error :
Oct 13 15:07:14 dcf51 err tmm1[10396]: 011a7001:3: TCL error: Rule /Common/DC-DENEME_IRULE - invalid command name "192.168.5.199" while executing "[IP::client_addr] equals 192.168.5.1/32"
So its all about the syntax of this if condition: What am i doing wrong?
if { ( [IP::addr [IP::client_addr] equals 192.168.5.1/32]) }
Kind regards
3 Replies
CANSTAYN569when DNS_REQUEST {
if { ( [active_members DC-DENEME] >= 1) } {
if { ( [IP::addr [IP::client_addr] equals 192.168.5.1/32]) } {log local0. "dns query from local network: <[IP::client_addr]>"
host 192.168.71.150 } elseif { [IP::addr[IP::client_addr] not equals 192.168.5.1/32] } { host 1.1.1.1 }} elseif { [active_members DR-DENEME] >= 1 } {
host 10.0.71.150 }}
Vijay_ECirrus
GTM sees the IP of the LDNS server that is making the DNS query and not the original client IP. Just wanted to make sure you remember this as it is easy to confuse between LTM & GTM client IP address.
- CANSTAYN569
Hi folks,
found my answer, here is the irule working properly and most of you can provide
What this basically do is, checks the pool members availability on both Datacenters and if there is less number than desired on primary dc, it returns the ip address of the Disaster web server. If there are enough members on DC then it gives the client dns response according to the client is whether LAN or WAN user. :
when DNS_REQUEST {
if { ( [active_members DC-ITTEST] >= 1) } {
if { [IP::addr [IP::client_addr]/16 equals 192.169.0.0] } {
host 10.1.10.2log local0 LAN USER
} else {log local0 WAN USER
host 4.4.4.4 }} elseif { [active_members DR-ITTEST] >= 1 } {
host 3.3.3.3 }}
