irule to Self IP depending on membership

Question

Can someone help with irule that would either

a) switch to a one-arm config (and use external Self IP) or

b) switch to a two-arm (and not do any NAT/SNAT)

depending on the member that was chosen?

Thanks

nitass · Answer

e.g. 
  
 [root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members {
      200.200.200.101:80 {}
      200.200.200.102:80 {}
   }
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when LB_SELECTED {
        switch [LB::server addr] {
                "200.200.200.101" { snat none }
                default {}
        }
}
}
[root@ve1023:Active] config  b self 200.200.200.100 list
self 200.200.200.100 {
   netmask 255.255.255.0
   unit 1
   floating enable
   vlan internal
   allow default
}

snat is not used when selecting 200.200.200.101.

[root@ve1023:Active] config  tcpdump -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
08:20:53.430472 IP 172.28.19.253.38386 &gt; 172.28.19.79.80: S 1853944844:1853944844(0) win 5840 
08:20:53.430525 IP 172.28.19.79.80 &gt; 172.28.19.253.38386: S 2114392716:2114392716(0) ack 1853944845 win 4380 
08:20:53.432521 IP 172.28.19.253.38386 &gt; 172.28.19.79.80: . ack 1 win 46 
08:20:53.432545 IP 172.28.19.253.38386 &gt; 172.28.19.79.80: P 1:156(155) ack 1 win 46 
08:20:53.432653 IP 172.28.19.253.38386 &gt; 200.200.200.101.80: S 772435025:772435025(0) win 4380 
08:20:53.532866 IP 172.28.19.79.80 &gt; 172.28.19.253.38386: . ack 156 win 4535 
08:20:54.432798 IP 172.28.19.253.38386 &gt; 200.200.200.101.80: S 772435025:772435025(0) win 4380 
08:20:55.632420 IP 172.28.19.253.38386 &gt; 200.200.200.101.80: S 772435025:772435025(0) win 4380 
08:20:56.832708 IP 172.28.19.253.38386 &gt; 200.200.200.101.80: S 772435025:772435025(0) win 4380

snat automap is used when selecting 200.200.200.102.

[root@ve1023:Active] config  tcpdump -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
08:21:47.855437 IP 172.28.19.253.38389 &gt; 172.28.19.79.80: S 2769144776:2769144776(0) win 5840 
08:21:47.855497 IP 172.28.19.79.80 &gt; 172.28.19.253.38389: S 1906244520:1906244520(0) ack 2769144777 win 4380 
08:21:47.857366 IP 172.28.19.253.38389 &gt; 172.28.19.79.80: . ack 1 win 46 
08:21:47.857419 IP 172.28.19.253.38389 &gt; 172.28.19.79.80: P 1:156(155) ack 1 win 46 
08:21:47.858505 IP 200.200.200.100.38389 &gt; 200.200.200.102.80: S 3035898411:3035898411(0) win 4380 
08:21:47.861687 IP 200.200.200.102.80 &gt; 200.200.200.100.38389: S 1070311422:1070311422(0) ack 3035898412 win 5792 
08:21:47.861703 IP 200.200.200.100.38389 &gt; 200.200.200.102.80: . ack 1 win 4380

Forum Discussion

irule to Self IP depending on membership

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

irule ports

API for Pool Membership

SSL Heartbleed iRule update

iRule to monitor dependant servers

iRule help.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS