For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

greatme6_294653's avatar
greatme6_294653
Icon for Nimbostratus rankNimbostratus
Nov 08, 2016

how to select the isp outbound interface

i want to select a certain outbound interface for a fixed ip address .how can i do it ,or does the big ip support the routing PBR?  
application delivery
BIG-IP
iRules
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Nov 08, 2016

Hi Greatme6,

to selectively forward certain destination IPs to a different external interface you could simply use additional Routing-Table-Entries in combination with AUTO-SNAT.

And to selectively forward certain source IPs or even a combination of source/destination IPs through a different external interface, you could implement an iRule that will look at the ingress source/destination IP combinations and then dynamically overwrite the 

nexthop
and 
snat
configuration of the ongoing TCP connection to match the required settings of the Other-ISP. Using this approach is 100% comparable with PBR configurations...

Example iRule

when CLIENT_ACCEPTED { 
    if { ( [IP::addr [IP::client_addr] equals 10.0.0.0/8] ) or 
         ( [IP::addr [IP::local_addr] equals 123.123.124.0/24] ) } then {
        log local0. " -- Forwarding to Other-ISP with SNAT IP 212.212.212.2 -- "
        snat 212.212.212.2
        nexthop 212.212.212.1 
    } elseif { [IP::addr [IP::client_addr] equals 10.10.10.0/24] } then {
        log local0. " -- Forwarding to Other-ISP with SNAT IP 212.212.212.3 -- "
        snat 212.212.212.3
        nexthop 212.212.212.1         
    } else {
        log local0. " -- Forwarding traffic according to local routing table with default AUTO-SNAT / SNAT-Pool settings -- "
    }
}

Note: 

[IP::client_addr]
is the source IP and 
[IP::local_addr]
is the remote IP.

Cheers, Kai