Forum Discussion

kderrough_26121

Nimbostratus

Jul 24, 2018

Solved

How can i create an iRule for one VIP with multiple service ports.

For a clean look I would like to create an iRule for one VIP with 8 specific service ports. (Not a range)

Jul 25, 2018

It's possible but you need to set VIP destination port to 0. And write irule to allow defined port and block rest of the service.

Below irule might help...

    when CLIENT_ACCEPTED {
       if { [TCP::local_port] == 5540 } {
        pool test_PROD_pool1
        } elseif { [TCP::local_port] == 5580 } {
        pool test_PROD_pool2
        } else {
            reject
    }
}

Cheers...

Samir_Jha_52506

Noctilucent

Jul 25, 2018

It's possible but you need to set VIP destination port to 0. And write irule to allow defined port and block rest of the service.

Below irule might help...

    when CLIENT_ACCEPTED {
       if { [TCP::local_port] == 5540 } {
        pool test_PROD_pool1
        } elseif { [TCP::local_port] == 5580 } {
        pool test_PROD_pool2
        } else {
            reject
    }
}

Cheers...

kderrough_26121
Nimbostratus
Jul 25, 2018
Will this syntax be correct? With the VIP destiation set to 0?

when CLIENT_ACCEPTED { if {([TCP::local_port] == 443 )} { pool pool_443 } if {([TCP::local_port] == 5554 )} { pool pool_5443 } if {([TCP::local_port] == 8080 )} { pool pool_8080 } if {([TCP::local_port] == 4900 )} { pool pool_4900 } if {([TCP::local_port] == 4889 )} { pool pool_4889 } if {([TCP::local_port] == 8081 )} { pool pool_8081 } if {([TCP::local_port] == 7301 )} { pool pool_7301 } if {([TCP::local_port] == 7302 )} { pool pool_7302 } if {([TCP::local_port] == 7788 )} { pool pool_7788 } if {([TCP::local_port] == 7799 )} { pool pool_7799 } if {([TCP::local_port] == 9851 )} { pool pool_9851 } if {([TCP::local_port] == 9788 )} { pool pool_9788 } else reject }
kderrough_26121
Nimbostratus
Jul 25, 2018
Thanks for the info

Samir_Jha_52506

Noctilucent

Jul 25, 2018

You can try with this code:

    when CLIENT_ACCEPTED {
     if {([TCP::local_port] == 443 )} { pool pool_443 } 
    elseif {([TCP::local_port] == 5554 )} { pool pool_5443 }    
    elseif {([TCP::local_port] == 8080 )} { pool pool_8080 }
    elseif {([TCP::local_port] == 4900 )} { pool pool_4900 }
    elseif {([TCP::local_port] == 4889 )} { pool pool_4889 }
    elseif {([TCP::local_port] == 8081 )} { pool pool_8081 }
    elseif {([TCP::local_port] == 7301 )} { pool pool_7301 }
    elseif {([TCP::local_port] == 7302 )} { pool pool_7302 }
    elseif {([TCP::local_port] == 7788 )} { pool pool_7788 }
    elseif {([TCP::local_port] == 7799 )} { pool pool_7799 }
    elseif {([TCP::local_port] == 9851 )} { pool pool_9851 }
    elseif {([TCP::local_port] == 9788 )} { pool pool_9788 }
    else { reject }
 }

$1 * use a data group containing pool name as value. You can add as many port in datagroup...

        ltm data-group internal DG_TCP { 
        records { 
        443 {pool_443} 
        5554 {pool_5554} 
        8080 {Pool_8080}
        4900 {pool_4900}
        4889 {pool_4889}
        xxxx {pool_xxx}
             } 
        type string 
        }

        when CLIENT_ACCEPTED {
        if {[set pool [class match -value [TCP::local_port] equals "DG_TCP"]] ne ""} {
         pool $pool
        } else {
            reject
        }
    }

cheers...

kderrough_26121
Nimbostratus
Jul 26, 2018
That's clever, but because adding and subtracting pool want change i'll use the first iRule suggested. Thanks for the prompt input.
rob_carr
Cirrocumulus
Jul 26, 2018
For the number of comparisons you are making, you really should look into the 'switch' structure.
¬†