Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

besogon_9363's avatar
besogon_9363
Icon for Nimbostratus rankNimbostratus
Dec 08, 2011

irule to Self IP depending on membership

Can someone help with irule that would either a) switch to a one-arm config (and use external Self IP) or   b) switch to a two-arm (and not do any NAT/SNAT)       depending on the member t...
application delivery
dev
devops
irules
nitass's avatar
nitass
Icon for Employee rankEmployee
Dec 08, 2011
e.g. 

[root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members {
      200.200.200.101:80 {}
      200.200.200.102:80 {}
   }
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when LB_SELECTED {
        switch [LB::server addr] {
                "200.200.200.101" { snat none }
                default {}
        }
}
}
[root@ve1023:Active] config  b self 200.200.200.100 list
self 200.200.200.100 {
   netmask 255.255.255.0
   unit 1
   floating enable
   vlan internal
   allow default
}

snat is not used when selecting 200.200.200.101.

[root@ve1023:Active] config  tcpdump -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
08:20:53.430472 IP 172.28.19.253.38386 > 172.28.19.79.80: S 1853944844:1853944844(0) win 5840 
08:20:53.430525 IP 172.28.19.79.80 > 172.28.19.253.38386: S 2114392716:2114392716(0) ack 1853944845 win 4380 
08:20:53.432521 IP 172.28.19.253.38386 > 172.28.19.79.80: . ack 1 win 46 
08:20:53.432545 IP 172.28.19.253.38386 > 172.28.19.79.80: P 1:156(155) ack 1 win 46 
08:20:53.432653 IP 172.28.19.253.38386 > 200.200.200.101.80: S 772435025:772435025(0) win 4380 
08:20:53.532866 IP 172.28.19.79.80 > 172.28.19.253.38386: . ack 156 win 4535 
08:20:54.432798 IP 172.28.19.253.38386 > 200.200.200.101.80: S 772435025:772435025(0) win 4380 
08:20:55.632420 IP 172.28.19.253.38386 > 200.200.200.101.80: S 772435025:772435025(0) win 4380 
08:20:56.832708 IP 172.28.19.253.38386 > 200.200.200.101.80: S 772435025:772435025(0) win 4380 

snat automap is used when selecting 200.200.200.102.

[root@ve1023:Active] config  tcpdump -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
08:21:47.855437 IP 172.28.19.253.38389 > 172.28.19.79.80: S 2769144776:2769144776(0) win 5840 
08:21:47.855497 IP 172.28.19.79.80 > 172.28.19.253.38389: S 1906244520:1906244520(0) ack 2769144777 win 4380 
08:21:47.857366 IP 172.28.19.253.38389 > 172.28.19.79.80: . ack 1 win 46 
08:21:47.857419 IP 172.28.19.253.38389 > 172.28.19.79.80: P 1:156(155) ack 1 win 46 
08:21:47.858505 IP 200.200.200.100.38389 > 200.200.200.102.80: S 3035898411:3035898411(0) win 4380 
08:21:47.861687 IP 200.200.200.102.80 > 200.200.200.100.38389: S 1070311422:1070311422(0) ack 3035898412 win 5792 
08:21:47.861703 IP 200.200.200.100.38389 > 200.200.200.102.80: . ack 1 win 4380