Forum Discussion
iRule to Force Source IP to Specific Backend Node
Hi everyone,
Hope someone could help me with this kind of setup. We need an iRule to force specific IPs to connect on specific backend server of the VS. Please see flow below.
Client (1.1.1.1) when connecting to VS1 traffic should go to Node1
Client (2.2.2.2) when connecting to VS1 traffic should go to Node2
I saw this discussion but I think there's something to add? Instead of deny. Thank you so much.
https://community.f5.com/discussions/technicalforum/f5-whitelisting-allowing-a-specific-range-of-traffic-to-vs/195967
Jison111 to force the source IP to a specific Pool member you can use an Irule or an LTM Policy.
I found some information that could help answer your questions on our myf5 portal, please click on the links below .
K43431442: Configuring an iRule to select an alternate Pool from the Default Pool based on client IP address.
https://my.f5.com/manage/s/article/K43431442K73862425: Creating external data groups
https://my.f5.com/manage/s/article/K73862425https://clouddocs.f5.com/api/irules/IP__client_addr.html
I hope this helps.
- Jison111Nimbostratus
Thanks, everyone on you suggestions. It was solved by irule on each VIPs
Jison111 You can definitely force traffic to a specific node or pool member in a pool based on source IP but when you do that it tends to cause some persistence issues. What I would recommend is configuring a pool for each pool member and then one pool with all three pool members in it. Use the pool with all three members as the default pool to balance traffic to and then if a specific source IP comes in then you balance traffic to the respective pool with the pool member you would like to use which will reduce the chance of persistence issues that have been encountered before when forcing traffic to a specific node or pool member inside a pool with multiple members. So the logic should be as follows.
client request -> VS -> pool with all pool members in it
client request with specific source IP -> VS -> pool with single pool member for that source IPYou would use an iRule or Traffic Policy, I prefer iRules when I can use them.
- zamroni777Nacreous
instead of irules, you can use gui based local traffic policy.
put node1 to pool1 and node2 to pool2
create lt policy and rules such as below
then attach the lt policy to the vserver - akonuModerator
Jison111 to force the source IP to a specific Pool member you can use an Irule or an LTM Policy.
I found some information that could help answer your questions on our myf5 portal, please click on the links below .
K43431442: Configuring an iRule to select an alternate Pool from the Default Pool based on client IP address.
https://my.f5.com/manage/s/article/K43431442K73862425: Creating external data groups
https://my.f5.com/manage/s/article/K73862425https://clouddocs.f5.com/api/irules/IP__client_addr.html
I hope this helps.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com