Forum Discussion

jdam_41848's avatar
jdam_41848
Icon for Altocumulus rankAltocumulus
Jan 31, 2013

iRule - select rate class based on source IP match in data group

Hello iRule gurus -

 

I am trying to create an iRule/Datagroup that applies a rate class based on matching source IP to a network definition in a data group. The matching IP to network does not seem to be working and I don't know why.

 

Regardless of what network the source IP is part of, the CatchAll rate class is always applied. Anyone have any thoughts on why this doesn't work?

 

 

The iRule looks like -

 

when CLIENT_ACCEPTED {

 

if { [ rateclass [class match [IP::client_addr] equals RateClasses ] ] } {

 

rateclass CatchAll

 

 

}

 

}

 

 

Several rate classes have been created (CatchAll, rateclass1, rateclass2, ...)

 

The data group is an internal DG called RateClasses and is of type Address (network). Once created in the GUI, the data group class definition looks like this in bigip.conf -

 

 

class RateClasses {

 

{

 

network 10.50.0.0/22 { "{ \"rateclass1\" }" }

 

network 10.50.4.0/24 { "{ \"rateclass2" }" }

 

network 10.50.5.0/24 { "{ \"rateclass3\" }" }

 

network 10.50.6.0/24 { "{ \"rateclass4" }" }

 

network 10.50.7.0/24 { "{ \"rateclass5\" }" }

 

network 10.50.8.0/24 { "{ \"rateclass6" }" }

 

network 10.50.11.0/24 { "{ \"rateclass7\" }" }

 

network 10.51.0.0/16 { "{ \"rateclass8\" }" }

 

network 172.30.1.0/24 { "{ \"rateclass9" }" }

 

network 172.31.0.0/22 { "{ \"rateclass10\" }" }

 

network 192.168.254.0/24 { "{ \"rateclass11" }" }

 

}

 

}

 

application delivery
dev
devops
iRules

3 Replies

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 31, 2013
    I'd suggest this, assuming the DG is correctly configured; 

    
when HTTP_REQUEST {
 Compare the request source IP with the addresses in the thoseclasses data group
 and populate the variable 'thatclass' with the associated string value if
 there is a match
  set thatclass [class match -value [IP::client_addr] equals thoseclasses]
   As long as our variable: thatclass isn't empty, continue
   if { $thatclass ne "" } {
    Apply the rateclass
    rateclass $thatclass
   }
   If there wasn't a match and variable 'thatclass' is empty, use a default
   else {
    rateclass CatchAll
  }
}
  • jdam_41848's avatar
    jdam_41848
    Icon for Altocumulus rankAltocumulus
    Jan 31, 2013

    Thank you for your response. I found the issue was in the definition of the data group, the format was off a little bit in that I added characters that I didn't need to include manually. For example the first entry now looks like this -

     

    network 10.50.0.0/22 { "rateclass1" }

     

    I did try using your iRule except I kept when CLIENT_ACCEPTED rather than using when HTTP_REQUEST. The iRule you provided does work.

     

    Thanks again for your help!