For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Drew666's avatar
Drew666
Icon for Nimbostratus rankNimbostratus
Sep 27, 2019
Solved

iRule Creation Query

Hi,

Have created a very simple iRule to extract the incoming Client destination TCP ports using the switch cmd to redirect to specific nodes:

 

when HTTP_REQUEST  {

    switch { TCP::local_port clientside }               <<<< Incoming Destination TCP port

         8001  {node 10.100.10.101 6660}                 <<<< “Node” cmd routes to a Server – no pool member nor configuration objects required.

         8002  {node 10.100.10.102 6660}

         8003  {node 10.100.10.103 6660}

         8004  {node 10.100.10.104 6660}

                       “                        “

                       “                        “

         8150  {node 10.100.10.150 6660}

}

 

However, the above is somewhat cumbersome, therefore I would like to "optimize" the irule via the introduction of a simple loop mechanism to reduce the number of statements, but unable to apply the logic for the updated irule creation:

 

For example: something like the following...........

 

when HTTP_REQUEST  {

set dport { TCP::local_port clientside }

set TCP 8001

for {set IP 101} {$dport=$TCP} {incr IP}

switch { node 10.100.10.{$IP} 6660}

}

 

So my question is how do I update the "conditional" part {$dport=$TCP} to perform a nested loop? in order to match on the incoming TCP to the corresponding outbound Node IP address? Perhaps the question should be how do I perform nested "FOR" loops?

 

Any thoughts, hints or pointers would be most appreciated.

 

Thanking you

Cheers

Drew

 

 

 

 

 

 

 

application delivery
iRules
  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Sep 27, 2019

    Hi Drew,

    Can you try this iRule?

    when HTTP_REQUEST {
    set port [TCP::client_port]
    # log local0. "Port: $port"
    
    if { ($port > 8000) and ($port < 8151) } {
    	set newlastoctet [expr $port - 7900]
    	# log local0. "NewLastOctet: $newlastoctet"
    	node "10.100.10.$newlastoctet:6660"
    }
}

2 Replies

  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Sep 27, 2019

    Hi Drew,

    Can you try this iRule?

    when HTTP_REQUEST {
    set port [TCP::client_port]
    # log local0. "Port: $port"
    
    if { ($port > 8000) and ($port < 8151) } {
    	set newlastoctet [expr $port - 7900]
    	# log local0. "NewLastOctet: $newlastoctet"
    	node "10.100.10.$newlastoctet:6660"
    }
}
  • Drew666's avatar
    Drew666
    Icon for Nimbostratus rankNimbostratus
    Sep 27, 2019

    Hi Eaa,

     

    That's looking spot on! (I'll test it next week).

     

    (I obviously was going down the wrong path with the "for" loop logic)

     

    So I gather [TCP::client_port] extracts destination port? Why I ask is that I could determined if it referred to either the source or destination TCP port?

     

    Thank you

    Regards

    Drew