Forum Discussion
iRule on GTM to allow a specific IP to a specific node
Hi,
I am kinda new to iRules. The scenario is we have GTM and LTM configured on BIG-IP and I want to allow traffic from one particular public IP to one of the 4 available servers (when he hits the URL).
Current scenario: GTM pool does a ratio Load Balancing to select DC1 or DC2 (2 datacenters) LTM pool does least connection load balancing to select one of the 2 physical servers. (Same configuration on both data centers so 2+2=4 servers in total). Persistence settings are also enabled.
When I try to apply the following iRule on GTM, it throws an error: " Rule [/W_partition/test_g] error: /W_partition/test_g:3: error: [undefined procedure: node][node 10.1.1.1:443] "
when DNS_REQUEST { if { [IP::addr [IP::client_addr] equals 100.1.1.1/24] } { node 10.1.1.1:443 } }
I tried pool xxxx member xxxx but also no use. Should the iRule is applied on GTM and LTM or just GTM? Please help! Thanks in advance. Version: 11.6.0
You need to understand it would never be the Client IP's which would be querying for Wide IP instead it would be the DNS servers from clients which will be querying for the wide IP.
You can choose Topology based loadbalancing and try specific DNS Server to land go to specific DC, if you are sure about the DNS Servers configured on the clients.
But again you want specific Source IP to talk to specific Server, hence best would be if possible to put all 4 server in a single pool and attach it to both the VIP's on LTM's and then put an i-rule which forces specific Source IP to talk to specific node.
This approach would rule out GTM from the journey let GTM send to any of the DC and irule logic on the LTM takes care of the requirement.
- Maneesh_72711Cirrostratus
You need to understand it would never be the Client IP's which would be querying for Wide IP instead it would be the DNS servers from clients which will be querying for the wide IP.
You can choose Topology based loadbalancing and try specific DNS Server to land go to specific DC, if you are sure about the DNS Servers configured on the clients.
But again you want specific Source IP to talk to specific Server, hence best would be if possible to put all 4 server in a single pool and attach it to both the VIP's on LTM's and then put an i-rule which forces specific Source IP to talk to specific node.
This approach would rule out GTM from the journey let GTM send to any of the DC and irule logic on the LTM takes care of the requirement.
- Vijay_ECirrus
You can certainly use static persist to increase the chances.
- aveharsha_30644Nimbostratus
Thank you Maneesh. Can I try using Static Persist Load Balancing method on GTM Pool (where it selects one among the 2 available DC)? If I am not wrong, this should allow requests coming from a particular LDNS should go through same DC?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com