Forum Discussion

Nimbostratus

Sep 26, 2011

How to config PBR

hi all can you help me , how to config PBR on the BIg Ip ? on the web GUI , i can't see anywhere to config PBR thanks all

config

design

nitass_89166

Noctilucent

Sep 06, 2014

I was expecting to include multiple subnets in the source section, i have around 50. Not sure if I can use i-Rule here. Would that impact e-PVA forwarding?

why don't use one virtual server with source 0.0.0.0/0? if you want to forward traffic from some source only, you can drop/reject traffic from other source by irule.

e.g.

when CLIENT_ACCEPTED  {
   if { ![class match -- [IP::client_addr] equals trusted_source] } {
      reject
   }
}

Sumanta_88744

Cirrus

Sep 07, 2014

Hi Nitaas See below rule, taken from one of your examples. Is it workable? [root@ve1023:Active] config tmsh list rule myrule rule myrule { when CLIENT_ACCEPTED { if {[class match -- [IP::client_addr] equals subnet_list]}{ node } else { pool http_pool } } } [root@ve1023:Active] config tmsh list class subnet_list class subnet_list { network 172.28.19.0/24 network 172.29.19.0/24 network 172.30.19.0/24 network 172.21.19.0/24 network 172.20.19.0/24 network 172.44.19.0/24 network 172.08.19.0/24 . . . . . network n }

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)