Forum Discussion

Destiny3986_116's avatar
Destiny3986_116
Icon for Nimbostratus rankNimbostratus
Sep 02, 2017

[Help] How to write iRule to select default gateway based source IP address?

Hi, all.

 

I have used BIG-IP LTM v12 and my information:

 

  • 02 ISPs: 178.102.1.104 & 122.255.27.144 => 02 default gateway.
  • 02 SMTP Servers: 192.168.10.101 & 192.168.10.102.
  • BIG-IP is default gateway of 02 SMTP Server and direct connect to 02 ISPs.

I want to configure:

 

  • If 02 STMP Servers connect to the LAN private IP => No NAT
  • If 02 STMP Servers connect to the Internet => SNAT to the same IP:178.102.1.105 and only select ISP01 link, never select ISP02 link and other cases are used SNAT automap.

Please help me write iRule to resolve this issue.

 

Thank you.

 

application delivery
iRules
LTM
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Sep 02, 2017

    Hi,

    you can use an irule like this one (rule edited after Kai comments about IP::addr performances):

    when RULE_INIT {
    array set static::SnatPolicy {
        "10.1.1.1" {"Pool_ISP1" "178.102.1.105" ""}
        "10.1.1.2" {"Pool_ISP1" "178.102.1.104" ""}
        "default" {"default_gateway_pool" "178.102.1.104" "122.255.27.144"}
    }
}

when CLIENT_ACCEPTED {
     Check if destination address is local
    if {[IP::addr [IP::local_addr] equals 192.168.0.0/16] || [IP::addr [IP::local_addr] equals 10.0.0.0/8] || [IP::addr [IP::local_addr] equals 172.16.0.0/12]} {
        pool internal_router
    } else { 
        if { [info exists static::SnatPolicy([IP::client_addr])]}{
            set clientip [IP::client_addr]
        } else {
            set clientip "default"
        }
        pool [lindex $static::SnatPolicy($clientip) 0]
    }
}

when LB_SELECTED {
    if { [IP::addr [LB::server addr]/28 equals 178.102.1.96]} {
        set link 1
    } else {
        set link 2
    }
    snat [lindex $static::SnatPolicy($clientip) $link]
}
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Sep 05, 2017

    Hi Destiny,

    Stanislas has shown you a setup based 

    [array]
    information and gateway pools. Let me show you a less integrated and complex setup based on a L2-Forwarding Virtual Server and a slightly less complicated iRule.

    Prequisite:

    1. Establish a L2-Forwarding Virtual Server and a default route-table for your environment.
    2. Figure out all the required exemption of this default route-table (sort of PBR thinkering)
    3. Customize the iRule below to selectively overwrite your default routing table.

    iRule: 

    when CLIENT_CONNECTED {
    if { ( [IP::addr [IP::local_addr] equals "10.0.0.0/8"] ) 
      or ( [IP::addr [IP::local_addr] equals "172.16.0.0/12"] )
      or ( [IP::addr [IP::local_addr] equals "192.168.0.0/16"] ) } then {
         This is the section for traffic destined to internal IPs
         The traffic is handled by the regular routing table.
    } elseif { [getfield [IP::client_addr] "%" 1] equals "192.168.10.101" } then {
         This is the section for traffic orginating from IP 192.168.10.101
         Set the SNAT IP to 178.102.1.105
        snat 178.102.1.105
         Set the next-hop to 178.102.1.104
        next-hop 178.102.1.104
    } elseif { [getfield [IP::client_addr] "%" 1] equals "192.168.10.102" } then {
         This is the section for traffic orginating from IP 192.168.10.102
         Set the SNAT IP to 178.102.1.105
        snat 178.102.1.105
         Set the next-hop to 178.102.1.104
        next-hop 178.102.1.104
    } else {
         This is the section for the remaining traffic
         Set the SNAT IP to 122.255.27.145
        snat 122.255.27.145
         Don't overwrite the next-hop to rely on the routing table
    }
}

    Cheers, Kai