For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rajesh1's avatar
rajesh1
Icon for Nimbostratus rankNimbostratus
May 02, 2012

IRULE - Using a differnt snatpool based on the client ip address

Hello All,

 

 

I need to perform SNAT in the current setup to route the return traffic via the F5.

 

 

I am looking for an Irule on a virtual server to use a different snatpool based on the actual client ip address and this has to scale up to 100 differnt clients using the same virtual server.

 

 

If client ip matches X -->Use SNATPOOL Y

 

X1 --> Use SNATPOOL Y1

 

X100 --> Use SNATPOOL Y100.

 

 

 

Thanks

 

Raj

 

 

 

application delivery
dev
devops
iRules

2 Replies

  • MiLK_MaN's avatar
    MiLK_MaN
    Icon for Nimbostratus rankNimbostratus
    May 02, 2012
    You have a few options, but the best two will to either use a switch statement, or use a data group.

     

     

    By using the switch command, you can do something like:

     

     

    switch [IP::client_addr] {

    "1.1.1.1" { snatpool Y }

     

    "2.2.2.2" { snatpool Y2 }

     

    etc...

     

    }

     

     

    You can add a default statement at the end to catch anything that is not matched.

     

     

    If you want to create a data group, you can create one with a type of string, with a name := value pair of client IP := snatpool name.

     

     

    Then, an iRule with something like:

     

     

    if { [set snatpoolname [class lookup [IP::client_addr] ] ne "" } {

     

    snat $snatpoolname

     

    } else {

     

     

    }

     

     

     

  • rajesh1's avatar
    rajesh1
    Icon for Nimbostratus rankNimbostratus
    May 03, 2012
    Thanks for the suggestion ...tested and the logic works .

     

     

    Is there any limitation on adding number of entries in the data group ?