Forum Discussion
Altostratusirule to load balance to specific ISP based on source IP
hi guys,
i have 2 ISP links and i'm doing outbound load balancing across the 2 links. i have 2 subnets of users, subnet 1 and subnet 2. I need that subnet 1 go through ISP 1 and subnet 2 go through ISP 2. in case of ISP 1 down, subnet 1 go through ISP 2 and subnet 2 stop going internet. the vice versa is not correct, i mean if ISP 2 down, subnet 2 will not have internet. i mean always subnet 1 have priority to go internet. i need irule to do this scenario.
3 Replies
Stanislas_Piro2Cumulonimbus
Create 2 pools :
-
Pool_GW_ISP1
- priority group activation : less than 1
- ISP1_GW:0 priority 10
- ISP2_GW:0 priority 1
-
Pool_GW_ISP2
- priority group activation : less than 1
- ISP2_GW:0 priority 10
- ISP1_GW:0 priority 1
create 2 VS
-
VS_FWD_OUT_SUBNET1
- source : SUBNET1 (ex : 10.1.0.0/16)
- destination : 0.0.0.0/0
- service : any
- translate address : disable
- pool Pool_GW_ISP1
- source address translation : automap
-
VS_FWD_OUT_SUBNET2
- source : SUBNET2 (ex : 10.2.0.0/16)
- destination : 0.0.0.0/0
- service : any
- translate address : disable
- pool Pool_GW_ISP2
- source address translation : automap
-
- RaghavendraSY
First create a ISP pool. Based on source IP and port you can send traffic to specific pool.
when CLIENT_ACCEPTED { if {[IP::addr [IP::client_addr] equals 10.x.x.x] or [IP::addr [IP::client_addr] equals 192.x.x.x]} { if { [TCP::local_port] == 443 } { pool ISP-POOL } else { reject } } else { reject } }
- Kai_Wilke
MVP
Hi Hawary,
you may use the iRule below on your
Virtual Server, to overwrite the SNAT and Nexthop-IP based on the availability of the Def-GW for ISP1.IP-Forwarding- If ISP1 is available it will route traffic from Network 1 to ISP1
- If ISP1 is available it will route traffic from Network 2 to ISP2
- If ISP1 is offline it will route traffic from Network 1 to ISP2
- If ISP1 is offline it will reject traffic from Network 2
Note: You don't have to care if ISP2 is offline - simply try to send traffic to ISP2 as gateway of last resort and see what happens. If ISP2 is down the traffic will be dropped anyway...
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] 10.10.10.0/24] } then { Section for Network 1 if { [active_members GW_ISP_1_POOL] > 0 } then { ISP 1 is online. Use VS default settings and local routing table. } else { ISP 1 is offline. Setting SNAT IP and Nexthop (aka. routing table overwrite) to ISP2 snat 222.222.222.10 ; Your IP for ISP2 nexthop 222.222.222.1 ; Def-GW of ISP2 } } elseif { [IP::addr [IP::client_addr] 10.20.20.0/24] } then { Section for Network 2 if { [active_members GW_ISP_1_POOL] > 0 } then { ISP 1 is online. Setting SNAT IP and Nexthop (aka. routing table overwrite) to ISP2 snat 222.222.222.10 ; Your IP for ISP2 nexthop 222.222.222.1 ; Def-GW of ISP2 } else { ISP 1 is offline. Reject access for Network 2. reject } } else { Undefined traffic will use VS default settings... } }Note: If you utilize the
Virtual Server for internal communication too, then define some additional exceptions for your internal destination IPs (e.g. RFC1918 IPs) at the top of the script, so that theIP-Forwarding
/snat
overwrites will have no effect on those connections.nexthopCheers, Kai
