Forum Discussion

hung_37471's avatar
hung_37471
Icon for Nimbostratus rankNimbostratus
Sep 26, 2011

How to config PBR

hi all     can you help me , how to config PBR on the BIg Ip ?     on the web GUI , i can't see anywhere to config PBR     thanks all      
config
design
nitass_89166's avatar
nitass_89166
Icon for Noctilucent rankNoctilucent
Sep 06, 2014

I was expecting to include multiple subnets in the source section, i have around 50. Not sure if I can use i-Rule here. Would that impact e-PVA forwarding?

why don't use one virtual server with source 0.0.0.0/0? if you want to forward traffic from some source only, you can drop/reject traffic from other source by irule.

e.g.

when CLIENT_ACCEPTED  {
   if { ![class match -- [IP::client_addr] equals trusted_source] } {
      reject
   }
}
  • Sumanta_88744's avatar
    Sumanta_88744
    Icon for Cirrus rankCirrus
    Sep 06, 2014
    Thanks Nitaas, but I need to specify 50 subnets to just route via F5 to next hop, without going through the port 80 virtual server. So it has to match the L3 forwarding virtual server but not the port 80 vs.
  • Sumanta_88744's avatar
    Sumanta_88744
    Icon for Cirrus rankCirrus
    Sep 07, 2014
    Hi Nitaas See below rule, taken from one of your examples. Is it workable? [root@ve1023:Active] config tmsh list rule myrule rule myrule { when CLIENT_ACCEPTED { if {[class match -- [IP::client_addr] equals subnet_list]}{ node } else { pool http_pool } } } [root@ve1023:Active] config tmsh list class subnet_list class subnet_list { network 172.28.19.0/24 network 172.29.19.0/24 network 172.30.19.0/24 network 172.21.19.0/24 network 172.20.19.0/24 network 172.44.19.0/24 network 172.08.19.0/24 . . . . . network n }