Forum Discussion

monica_74227

Nimbostratus

Oct 24, 2009

how about this iRule ?

hey guys,

Could you help me to check this iRule, I don't know if it does work well ? Many thanks!

when CLIENT_ACCEPTED {

if { [ matchclass [IP::client_addr] equals $::mail_internal_class ] } {

pool mail_gateway_pool

}

else {

pool default_gateway_pool

}

when LB_SELECTED {

if {[IP::addr [LB::server addr] equals 222.35.42.126] and [IP::addr [IP::client_addr] equals 172.16.1.11] } {

snatpool snat_crt_test2

} elseif {[IP::addr [LB::server addr] equals 221.218.248.155] and [IP::addr [IP::client_addr] equals 172.16.1.11] } {

snatpool snat_uni_test2

} elseif {[IP::addr [LB::server addr] equals 222.35.42.126] and [IP::addr [IP::client_addr] equals 172.16.1.13] } {

snatpool snat_crt_test1

} elseif {[IP::addr [LB::server addr] equals 221.218.248.155] and [IP::addr [IP::client_addr] equals 172.16.1.13] } {

snatpool snat_uni_test1

} elseif {[IP::addr [LB::server addr] equals 222.35.42.126] and [IP::addr [IP::client_addr] equals 172.16.1.20] } {

snatpool snat_crt_test4

} elseif {[IP::addr [LB::server addr] equals 221.218.248.155] and [IP::addr [IP::client_addr] equals 172.16.1.20] } {

snatpool snat_uni_test4

} elseif {[IP::addr [LB::server addr] equals 222.35.42.126] and [IP::addr [IP::client_addr] equals 172.16.1.16] } {

snatpool snat_crt_sms

} elseif {[IP::addr [LB::server addr] equals 221.218.248.155] and [IP::addr [IP::client_addr] equals 172.16.1.16] } {

snatpool snat_uni_sms

} elseif {[IP::addr [LB::server addr] equals 222.35.42.126] and [IP::addr [IP::client_addr] equals 172.16.1.25] } {

snatpool snat_crt_mail

} elseif {[IP::addr [LB::server addr] equals 221.218.248.155] and [IP::addr [IP::client_addr] equals 172.16.1.25] } {

snatpool snat_uni_mail

} elseif {[IP::addr [LB::server addr] equals 222.35.42.126] } {

snatpool snat_crt_pool

} elseif {[IP::addr [LB::server addr] equals 221.218.248.155] } {

snatpool snat_uni_pool

} else {

snat automap

}

13 Replies

hoolio

Cirrostratus

Oct 25, 2009

That is a lot of possible evalutions if there aren't any matches or the match for a particular connection is late in the list. You might try combining a few of the checks together to reduce the number of IP checks you're doing.

For example, you could replace this:

 
 if {[IP::addr [LB::server addr] equals 222.35.42.126] and [IP::addr [IP::client_addr] equals 172.16.1.11] } {  
    snatpool snat_crt_test2 
 } elseif {[IP::addr [LB::server addr] equals 221.218.248.155] and [IP::addr [IP::client_addr] equals 172.16.1.11] } {  
    snatpool snat_uni_test2 
 }

with this:

 
 if {[IP::addr [IP::client_addr] equals 172.16.1.11] }{ 
  
    if {[IP::addr [LB::server addr] equals 222.35.42.126] }{  
       snatpool snat_crt_test2  
    } elseif {[IP::addr [LB::server addr] equals 221.218.248.155]} {  
       snatpool snat_uni_test2  
    } 
 }

Aaron

monica_74227
Nimbostratus
Oct 26, 2009

Aaron, I apreciate your help!

I don't know if the last two sentences could work ?

thanks!
hoolio
Cirrostratus
Oct 26, 2009
Hi Monica,

I edited my last post as I originally thought both cases were using the same SNAT pool. The updated version should work though.

Aaron
monica_74227
Nimbostratus
Oct 26, 2009
hey Aaron,

I am sorry that i don't understand your mean.

my querstion is that i don't know if this iRule could work, expecially the combine the forllowing:

....} elseif {[IP::addr [LB::server addr] equals 222.35.42.126] } {

snatpool snat_crt_pool

} elseif {[IP::addr [LB::server addr] equals 221.218.248.155] } {

snatpool snat_uni_pool

}

......

Thank you!
hoolio
Cirrostratus
Oct 26, 2009
Hi Monica,

Sorry, I'm not sure what your question is. The iRule syntax should work fine.

Can you try testing it?

Thanks,

Aaron
monica_74227
Nimbostratus
Oct 27, 2009
Hey Aaron,

Thank you for your help! I could set up test environment next week.

I have optimized the iRule again, could you help me to correct it, i don't if there are something wrong with the iRule syntax ? Thanks!!!

when CLIENT_ACCEPTED {

if { [ matchclass [IP::client_addr] equals $::mail_internal_class ] } {

pool mail_gateway_pool

}

else {

pool default_gateway_pool

}

}

when LB_SELECTED {

switch {IP::addr [LB::server addr]}

{

222.35.42.126 {

switch {IP::addr [IP::client_addr]} {

192.168.3.11 { snatpool snat_crt_test2 }

192.168.3.13 { snatpool snat_crt_test1 }

192.168.3.20 { snatpool snat_crt_test4 }

192.168.3.16 { snatpool snat_crt_sms }

192.168.3.25 { snatpool snat_crt_mail }

default { snatpool snat_crt_pool }

}

}

221.218.248.155 {

switch {IP::addr [IP::client_addr]} {

192.168.3.11 { snatpool snat_uni_test2 }

192.168.3.13 { snatpool snat_uni_test1 }

192.168.3.20 { snatpool snat_uni_test4 }

192.168.3.16 { snatpool snat_uni_sms }

192.168.3.25 { snatpool snat_uni_mail }

default { snatpool snat_uni_pool }

}

}

default { snat automap }

}

}

hoolio

Cirrostratus

Oct 27, 2009

That looks good. One small correct: when using switch you can use the following format:

 
 switch [IP::client_addr] { 
    "case 1" { 
    } 
    ...

So here is an update:

 
 when CLIENT_ACCEPTED { 
    if { [ matchclass [IP::client_addr] equals $::mail_internal_class ] } { 
       pool mail_gateway_pool 
    } else { 
       pool default_gateway_pool 
    } 
 } 
 when LB_SELECTED { 
    switch [LB::server addr] { 
       222.35.42.126 { 
          switch [IP::client_addr] { 
             192.168.3.11 { snatpool snat_crt_test2 } 
             192.168.3.13 { snatpool snat_crt_test1 } 
             192.168.3.20 { snatpool snat_crt_test4 } 
             192.168.3.16 { snatpool snat_crt_sms } 
             192.168.3.25 { snatpool snat_crt_mail } 
             default { snatpool snat_crt_pool } 
          } 
       } 
       221.218.248.155 { 
          switch [IP::client_addr] { 
             192.168.3.11 { snatpool snat_uni_test2 } 
             192.168.3.13 { snatpool snat_uni_test1 } 
             192.168.3.20 { snatpool snat_uni_test4 } 
             192.168.3.16 { snatpool snat_uni_sms } 
             192.168.3.25 { snatpool snat_uni_mail } 
             default { snatpool snat_uni_pool } 
          } 
       } 
       default { snat automap } 
    } 
 }

Aaron

monica_74227
Nimbostratus
Oct 27, 2009
okay, many thanks!
Ben_Cuthbert_90
Historic F5 Account
Oct 28, 2009
Drop the $:: from your mail_internal_class might be a good idea too
monica_74227
Nimbostratus
Nov 09, 2009
hey Aaron,

I have tested this irule, however it does't work now. all of the client's item math the last sentence " snat automap", could you help correct it ? thanks

when CLIENT_ACCEPTED {

if { [ matchclass [IP::client_addr] equals $::mail_internal_class ] } {

pool mail_gateway_pool

} else {

pool default_gateway_pool

}

}

when LB_SELECTED {

switch {IP::addr [LB::server addr]} {

222.35.42.126 {

switch {IP::addr [IP::client_addr]} {

192.168.3.11 { snatpool snatpool_crt_rd2 }

192.168.3.13 { snatpool snatpool_crt_rd1 }

192.168.3.20 { snatpool snatpool_crt_rd4 }

192.168.3.16 { snatpool snatpool_crt_sms }

192.168.3.25 { snatpool snatpool_crt_mail }

default { snatpool snatpool_crt_default }

}

}

221.218.248.155 {

switch {IP::addr [IP::client_addr]} {

192.168.3.11 { snatpool snatpool_uni_rd2 }

192.168.3.13 { snatpool snatpool_uni_rd1 }

192.168.3.20 { snatpool snatpool_uni_rd4 }

192.168.3.16 { snatpool snatpool_uni_sms }

192.168.3.25 { snatpool snatpool_uni_mail }

default { snatpool snatpool_uni_default }

}

}

default { snat automap }

}

}