Forum Discussion

Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus

I would not use an iRule at all. It seems unnecessary. Try to take advantage of Source IP field in the Virtual Server configuration settings.

 

  1. First, create a working configuration for one ISP, refrain from using any iRules and stick to Virtual Server settings (SNAT pool, Default Pool) . Observing that you have a large number of data groups to compare against (ISP2), it might be best to create that default configuration for ISP2 users. (IP Source setting: 0.0.0.0/0)
  2. Create a second Virtual Server with the same Destination IP but different Source IP to cover for ISP1 users. Create more Virtual Servers as needed if you have more than one Source IP subnets to compare against. (IP Source setting: yourSubnet1, yourSubnet2...)

Incoming connections will be matched based on the closest-match logic. So if there's a better match to client's IP address than 0.0.0.0/0, a dedicated VS for ISP1 user will get the connection.

 

Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Aug 01, 2016

I think he probably already has a direct connection to both ISP uplinks covered by SelfIPs. If that's the case, there's no extra work with route domains. It might indeed be better to use one Virtual Server with default settings derived for ISP2 users and a single iRule attached to it which covers the fewer exceptions that apply to ISP1 users. It really depends on how many of those 0.0.0.0/0 Virtuals are needed to get away without iRules. Nevertheless, covering all user-cases as exceptions in an iRule just because it's possible is a no-go!