Forum Discussion
NimbostratusiRule Code
Hi,
Just trying to under stand how irules work. Got some couple of basic doubts, 1st one is as below,
In the above sample irule,
a)- "server_connected" this is a event triggered for connection from external client To LTM or from LTM to pool member server?
b) IP:addr is mentioned twice in the 2nd line condition. What is the meaning of 1st instance and then the 2nd one?
c) what is the meaning of " clientside " word? And what is its significance in being used after ?
d) - remote_addr here points to the external client or the pool member server?
thanks- gseek
10 Replies
- nitass
Employee
is the irule correct? number of open and close bracket is not equal. also, ip::addr seems not in correct syntax.
IP::addr
https://devcentral.f5.com/wiki/irules.ip__addr.ashx[root@ve10:Active] config cat genseek.txt rule genseek { when SERVER_CONNECTED { if { [IP::addr [IP::addr [clientside {IP::remote_addr}] equals 10.1.1.80] } { discard } } } [root@ve10:Active] config b merge genseek.txt Reading configuration from genseek.txt. Loading the configuration ... BIGpipe rule creation error: 01070151:3: Rule [genseek] error: line 2: [parse error: PARSE missingBracket 31 {missing close-bracket}] [{ [IP::addr [IP::addr [clientside {IP::remote_addr}] equals 10.1.1.80] }] 
What_Lies_Bene1Cirrostratus
a) LTM to Pool Member
b) I don't understand why it's there twice
c) Clientside refers to the context the IP::remote_addr command is used in, in this case the client side of the proxy (client to F5) not serverside (F5 to real server)
d) External client
The rule can be must improved, I'll post an example shortly.
genseek_32178I don't get it.
If the connection is accepted between LTM to the pool member server, by this time or at this time, LTM already knows the client side IP and
if it matches the IP mentioned in the rule, then LTM shud discard the pkt from the client right?
Can't LTM identify that client needs to be discarded before making a connection with the pool member?
I picked up the irule from the below link
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_rules.html ( Figure 17.9 )
what does the command " cat genseek.txt" and "b merge genseek.txt" do? Merging with what? They look very interesting, would like to know how i can make use of them?- What_Lies_Bene1Regarding the rule you first posted about, this would be much better and sends a TCP RST to the client;
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.1.1.80] } { reject } } - genseek_32178
What does - [IP::addr [IP::client_addr] syntax mean ? How does LTM understands it?
gseek - What_Lies_Bene1
As this is a client side event (when CLIENT_ACCEPTED) [IP::addr [IP::client_addr] is the source IP of the connecting client. You can find much more information on the iRules wiki here: https://devcentral.f5.com/wiki/iRules.Commands.ashx
natheCirrocumulus
genseek,
"I picked up the irule from the below link
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_rules.html ( Figure 17.9 )"
Looks like there's a documentation typo - they've got the same (correct) example here:
https://devcentral.f5.com/wiki/iRules.clientside.ashx
It's all about the context: https://devcentral.f5.com/tutorials/tech-tips/irules-concepts-considering-context-part-1
Please forgive my two-pence worth.
N- genseek_32178thank you nathan and steve.
Can any one please help in understanding,
what does the command " cat genseek.txt" and "b merge genseek.txt" do? Merging with what? They look very interesting, would like to know how i can make use of them?
gsk - What_Lies_Bene1cat is a Linux command for display files and way more, type 'man cat' at the command prompt/CLI for more information.
b merge merges the configuration from the specified file into the device's running configuration. - nitassthanks, Steve.
Michael has written nice article about b merge here.
BIG-IP and Merge File Configuration Changes by Michael
https://devcentral.f5.com/tutorials/tech-tips/big-ip-and-merge-file-configuration-changes
