Forum Discussion

Nicolas_ROMERO_'s avatar
Nicolas_ROMERO_
Icon for Nimbostratus rankNimbostratus
Dec 30, 2015

iRule SNAT for multiple ISP

Hi,   I tried to configure an iRule to SNAT specific LAN to a specific ISP (wan link). When I bind this iRule to my default VS (in fastL4) the iRule doesn't match when I generate traffic from my l...
application delivery
iRules
isp
LTM
snat
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 04, 2016

Hi Nicolas,

I can confirm that a "fastL4" TCP profile is able to handle CLIENT_ACCEPTED iRule events. And yes you have to make sure that the iRule is attached to your VS and that the VS is configured to handle the desired traffic.

Some additional thoughts on your iRule logic...

1.) I've never seen before that a Def_GW_Pool could be assigned using the [pool] command. So I'm not sure if your code is completely valid (beside the issue that the iRule is not triggering at all). See sol15582 for further information how Def_GW_Pools are implemented.

https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15582.html

2.) To overwrite a route for a specific connection you have to use [nexthop] command.

https://devcentral.f5.com/wiki/iRules.nexthop.ashx

The code I've in my mind would then look like that...

 

when CLIENT_ACCEPTED { 
    set cli_ip [substr [IP::client_addr] 0 "%"] 
    if { ( [IP::addr $cli_ip equals X.X.X.X/26] ) or 
         ( [IP::addr $cli_ip equals Y.Y.Y.Y/26] ) } then {
         SNAT IP and GW for ISP2
        snat 1.1.1.10%1
        nexthop 1.1.1.1%1
    } else {
         Rely on VS configuration
    } 
}

 

Update: Updated the post to include additional thoughts...

Cheers, Kai