Forum Discussion
genseek_32178
Nimbostratus
NimbostratusiRule syntax
Hi,
We ve the following iRule configured,
iRule X
when CLIENT ACCEPTED {
if {[IP::addr [ IP::local_addr] equals 10.10.10.x ] } {
snatpool pool1
} elseif {[IP::addr [IP::local_addr] equals 20.10.20.x ] } {
snatpool pool2
Here, the ranges 10.10.10.x and 20.10.20.x refer to source address or destination address?
hooleylistCirrostratus
In a clientside context event like CLIENT_ACCEPTED (when the client establishes a connection to the virtual server), [IP::local_addr] returns the client's destination address. If you're not using a network virtual server, the command returns the virtual server's IP address.
Aaron
genseek_32178Thanks for the reply Aaron but my qstn remains unanswered.. I will put it more clearly..
lets say the above iRule is mapped to a wilcard virtual server as below,
virtual VS_1
destination any:any
mask none
vlans 2 enable
profile fastl4lx
rules X
Now, if servers from vlan 2 were to initiate outbound connection, in such pkts iRule would look for 10.10.10.x OR 20.10.20.x as the source or destination address to snat the packet with the respective snatpool address in the iRule?- hooleylistIf the client's destination IP address was 10.10.10.x, the iRule would apply a SNAT using snatpool pool1 on the serverside connection. If the client's destination IP address was 20.10.20.x, the iRule would apply a SNAT using snatpool pool2 on the serverside connection. So IP::local_addr in CLIENT_ACCEPTED refers to the client's destination (TMM's local address for the clientside context).
Aaron - genseek_32178Thanks now it clears....but one more...say iRule is modified as below..
iRule X
when CLIENT ACCEPTED {
if {[IP::addr [ IP::local_addr] equals 10.10.10.22 ] } { ----> is a VIP
snatpool pool1
} elseif {[IP::addr [IP::local_addr] equals 10.10.10.x ] } {
snatpool pool2
} else {
snat none
pool poolA
}
Vlan 2 - 10.10.10.x/24..and same wildcard VS as above..
virtual VS_1
destination any:any
mask none
vlans 2 enable
profile fastl4lx
rules X
Now, say hosts in VLAN 2 with gwy as F5 float IP in VLAN 2 try accessing outbound..how the modified iRule would process the source pkts from hosts in VLAN2? - genseek_32178Thanks now it clears....but one more...say iRule is modified as below..
iRule X
when CLIENT ACCEPTED {
if {[IP::addr [ IP::local_addr] equals 10.10.10.22 ] } { ----> is a VIP
snatpool pool1
} elseif {[IP::addr [IP::local_addr] equals 10.10.10.x ] } {
snatpool pool2
} else {
snat none
pool poolA
}
Vlan 2 - 10.10.10.x/24..and same wildcard VS as above..
virtual VS_1
destination any:any
mask none
vlans 2 enable
profile fastl4lx
rules X
Now, say hosts in VLAN 2 with gwy as F5 float IP in VLAN 2 try accessing outbound..how the modified iRule would process the source pkts from hosts in VLAN2? - hooleylistRegardless of how the virtual server is defined, calling [IP::local_addr] in a clientside context event like CLIENT_ACCEPTED will return the client's destination IP address. See this post for more info:
https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/10187/showtab/groupforums/Default.aspx10235
Aaron