hi all can you help me , how to config PBR on the BIg Ip ? on the web GUI , i can't see anywhere to config PBR thanks all

Can you tell us what PBR is? I have no idea what you are referring to.

PBR typically refers to "Policy Based Routing" not surehow the origninal poster was looking to employ PBR but I could see using an irule with a forwarding virtual server to accomplish some sort of PBR.

You can accomplish simple PBR using VS's... And tie them to explicit inbound vlans... More complex will require an iRule... But the world is your oyster there... Just be aware that you probably won't get any acceleration if you're using iRules on a VS... H

Hi Hung, Creating a PBR is very similar to creating a vip and pool along with an iRule. 1. You would create a wildcard virtual forwarding server. 2. Then you would create a pool with the IP address of the next hops that will be chosen based on your conditions. Example Irule when CLIENT_ACCEPTED { if { [IP::addr [IP::local_addr] equals 10.0.0.1/24 ]}{ pool pool_hop_1 } elseif { [IP::addr [IP::client_addr] equals 192.168.1.0/24]}{ pool pool_hop_2 } else { pool pool_hop_3 } } I hope this is a good start Bhattman

This may be possible using Acces Policy Manager

How to config PBR | DevCentral

78 Replies

StephanManthey
Nacreous
Sep 13, 2014
Hi Sumanta, regarding "tmsh list ltm":

The output contains all preconfigured profiles, iRules, policies etc.. The /config/bigip.conf contains primarily your additions to the logical configuration.

The /config/bigip_base.conf contains primarily configurations objects related to network configuration which are typically not synchronized in a sync-failover device-group.

What´s wrong with the tcpdumps?

Thanks,

Stephan
Sumanta_88744
Cirrus
Oct 12, 2014
Hi Stephan Will the below work? Condition has to be such that if pool is unavailable, then all traffic has to be forwarded to next hop.

rule pbr-rule {

when CLIENT_ACCEPTED { log local0. "PBR iRule starting" if {[class match -- [IP::client_addr] equals subnet_bypass]} { if { [active_members pool_hop_1] < 1 } { log local0. "No active pool members so will forward to next-hop" } { forward } else {[class match -- [IP::client_addr] equals subnet_permit]}{ pool WHTTP_Transparent log local0. "PBR successful" } }

}

StephanManthey

Nacreous

Oct 13, 2014

Hi Sumanta, I changed it a bit and added comments:

rule pbr-rule {
when CLIENT_ACCEPTED {
    log local0. "PBR iRule starting"
     client IP is from subnet_bypass and will be forwarded via pool_hop_1
    if {[class match -- [IP::client_addr] equals subnet_bypass]} {
         if pool_hop_1 has no members, connections will be forwarded according to routing table
        if { [active_members pool_hop_1] < 1 } { 
            log local0. "No active pool members so will forward to next-hop"
            forward
         if pool_hop_1 has available members, connections will be forwarded via pool_hop_1
        } else {
            pool pool_hop_1
        }
     client IP is from subnet_permit and will be forwarded via WHTTP_Transparent
    } elseif {[class match -- [IP::client_addr] equals subnet_permit]} {
        pool WHTTP_Transparent
        log local0. "PBR successful"
    }
}
}

Thanks, Stephan

Forum Discussion

How to config PBR

78 Replies

ICYMI - Steve Wozniak at AppWorld 2026

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Connections appear not to use Persistence

LB Connection Limit Detection Method

Partially reachabilty issues with VS in F5OS tenant

Forward proxy with SSL passthrough - SWG license required?

Need step-by-step guidance for migrating BIG-IP i2800 WAF to rSeries (UCS restore vs clean build)

Related Content

Radware config translation

virtual server config

Alteon Config Converter

Config Search

Displaying VS config using SDK

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS