Forum Discussion

vegetax's avatar
vegetax
Icon for Nimbostratus rankNimbostratus
May 29, 2020

Irule SNATPOOL ECMP

Hi, I am trying to use the irule provided by F5 on link below on using snatpools with ecmp

setup I have copied and pasted the irule below also currently how its set it works with directing

traffic coming from specific load balancer and using specific snatpool. The problem I have having lets

say if SNATPOOL1 lives in traff-group1 for LB01 and SNATPOOL2 lives in traffic-group2 for LB02 also the virtual servers

using these SNATPOOL are not tied to a traffic-group since they using the ECMP setup. If LB01 would fail and move over traffic-group1 to LB02 and that means that it would take SNATPOOL1 to LB02 this would break incoming connections since irule

is still directing traffic coming from LB01 to SNATPOOL1 but the problem is SNTPOOL1 now lives on LB02. I am curious if anyone using this irule has added the logic to make sure to send traffic LBO1 to SNATPOOL1 if traffic-group1 still lives on LB01 if not bypass LB01 and just use LB02 and SNATPOOL2 to send traffic or if anyone has other suggestions with my problem

https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-ecmp-clustering-11-6-0/4.html

when RULE_INIT {
    #Want to log debug messages to /var/log/ltm? type 1=yes, 0=no
    set static::debug_rule 0
    set static::local_machine_name $::tcl_platform(machine)
}
when CLIENT_ACCEPTED {
    if { $static::debug_rule } { log local0.info "local_machine_name is $static::local_machine_name" }
    set cluster_snatpool [ class match -value -- $static::local_machine_name equals dg.prod.rgl.ecmpsnat ]
    #Check to see if there's a match in the datagroup.
    if { $cluster_snatpool ne "" } {
        if { $static::debug_rule } { log local0.info "Attempting to use snatpool $cluster_snatpool" }
            #Try to assign snatpool. Make sure snatpool itself exists.
            if { [catch {snatpool $cluster_snatpool } result] }{
            #Log a message with the snatpool name which failed.
            log local0.err "Error: Client: [IP::client_addr]:[TCP::client_port]: Error assigning snatpool \"$cluster_snatpool\": \$result: $result"
        }
    }
}
devops
iRules
LTM
Super-NetOps
  • Nathan_Zeng's avatar
    Nathan_Zeng
    Icon for Employee rankEmployee
    Jul 02, 2020

    I don't think you should worry about that, when your LB01 goes down, set static::local_machine_name $::tcl_platform(machine) make sure you can't get to LB01 in the first place, you can refer to:

     

    https://clouddocs.f5.com/api/irules/tcl_platform.html

     

    so if the traffic group 1 failover to LB02, this VS in traffic group 1 should be using SNATPOOL2.