For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Eric_Stewart_36's avatar
Eric_Stewart_36
Icon for Nimbostratus rankNimbostratus
Oct 09, 2018

How to make server pool decision based on incoming IP

Suggestion on best way to handle:   Converting from Ace to F5   Have configuration on Ace that has a loadbalance policy that has the criteria that if a specific source IP is matched, request is...
application delivery
iRules
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 09, 2018

Definitely a simple iRule.

  • Create an address-type data group and enter your matching IPs (or IP subnets).

  • Create both pools.

  • Optionally attach the "default" pool to the VIP if you want monitor stats to be reflected in the VIP.

  • Add an iRule like the following to the VIP:

    when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals my_ip_datagroup] } {
        pool secondary_pool
    } else {
        pool primary_pool
    }
}

You can also do this with a CPM policy, or a single static IP and the [IP::addr ] command instead of using a data group match. However the data group match is arguably more flexible. Also, if you add the default pool to the VIP, you don't technically have to add the 'else' condition, but it's generally good practice to account for all conditions.

And you may also want to add a OneConnect profile to the VIP if client traffic switches between the pools mid-session, but it doesn't sound like that's the case here.