Forum Discussion

Ameya_4149's avatar
Ameya_4149
Icon for Nimbostratus rankNimbostratus
Feb 16, 2012

iRules for Source IP based routing

Hi folks,

 

I am trying to write an iRule for Source IP based routing. So what I am trying to do is if a packet comes from a specific pool of IP's, my LTM should fooward it to a specific server. If the IP is not from that pool, it will be forwarded to the default pool. Also if all the servers in a specific pool are down, the packets should be forwarded to the default pool.

 

 

This is my code, want to know if we can do better. I am also looking for a low processing time.

 

 

when CLIENT_ACCEPTED {

 

if { [ class match [IP::client_addr] equals DataGroup_RegionA ] } {

 

if { [active_members Pool_A] < 1 } {

 

pool Default_pool}

 

else {pool Pool_A}

 

} elseif { [ class match [IP::client_addr] equals DataGroup_RegionB ] } {

 

if { [active_members Pool_B] < 1 } {

 

pool Default_pool}

 

else {pool Pool_B}

 

} elseif { [ class match [IP::client_addr] equals DataGroup_RegionC ] } {

 

if { [active_members Pool_C] < 1 } {

 

pool Default_pool}

 

else {pool Pool_C}

 

} else {pool Default_pool}

 

}

 

 

 

Pool A, B, C has more than 1 members (servers)

 

Default_pool has all the servers listed in Pool A, B and C

 

 

Thanks,

 

Ameya
application delivery
dev
devops
iRules
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Feb 16, 2012
    Hi Ameya,

    It really depends on how far you want to go. Generally the more efficient the iRule the harder it is to maintain, but you could save yourself some cycles by only performing the class match on a single Datagroup instead of three. This could be accomplished by creating an Address Datagroup and setting the value of the IP Address or Network to a specific value to key from.

    Then you could do something like this: 

    
  when CLIENT_ACCEPTED {
log local0. "Client IP Address:  [IP::client_addr]"  
set groupvalue [class match -value [IP::client_addr] equals address.datagroup.list ]
set defaultpool "pool.ltm.ve.nightclub.com"
log local0. "Group Value:  $groupvalue"
switch $groupvalue {
"groupa" { set destination "pool.one" }
"groupb" { set destination "pool.two" }
"groupc" { set destination "pool.three" }
default { set destination $defaultpool }
}
if { [active_members $destination] < 0 } {
log local0. "Destination Pool:  $destination"
pool $defaultpool
}
else {
log local0. "Destination Pool:  $destination"
pool $destination
}
}

    Hope this helps.
  • Mukesh_Shah_648's avatar
    Mukesh_Shah_648
    Icon for Nimbostratus rankNimbostratus
    Aug 16, 2012
    just wanted to know where do you define the DataGroup_RegionA DataGroup_RegionB DataGroup_RegionC pool of ip's
  • Mukesh_Shah_648's avatar
    Mukesh_Shah_648
    Icon for Nimbostratus rankNimbostratus
    Aug 16, 2012
    just wanted to know where do you define the DataGroup_RegionA DataGroup_RegionB DataGroup_RegionC pool of ip's
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 16, 2012
    Michael is spot on here.

     

     

    You can define a data group in the GUI under Local Traffic | iRules | Data Group List. For this scenario, make sure you use an address type data group. As Michael suggested, you could do this more simply with one data group.

     

     

    Aaron
  • r_dynamo_79563's avatar
    r_dynamo_79563
    Icon for Nimbostratus rankNimbostratus
    Nov 30, 2012
    I need an iRule for an IP forwarding VS that would source traffic from a specific IP address /service port, (suppose 10.1.100.100:1200) destined to a specific destination IP address (let's say 10.2.100.100:1200)? Moreover, I already have a generic wildcard IP forwarding VS that sources traffic from the same VLAN where this host (10.1.100.100:1200) is located and maintains connection tables for traffic destined to any IP add. I need to know if the new IP Forwarding VS I have will interrupt the wildcard IP forwarding VS we have configured? I need something which will cause least overhead, with ease of maintenance.

     

     

    Thanks,

     

     

    r_dynamo

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 30, 2012
    So you have a wildcard VS and you are going to setup a specific VS? Or do you just want an iRule for the existing VS that'll pickup this specific flow and do something different with it?
  • r_dynamo_79563's avatar
    r_dynamo_79563
    Icon for Nimbostratus rankNimbostratus
    Nov 30, 2012
    I'm going to setup a specific VS with a different FAST L4 profile from the wildcard VS, so I need an iRule that wll pickup this specific flow and target a specific destination/service port no.
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 30, 2012
    OK, shouldn't be a problem at all, the VS is selected based on the most specific to the least. So you just want to detect traffic from a particular source IP and send it somewhere specific? What about traffic not from the specific source?
  • r_dynamo_79563's avatar
    r_dynamo_79563
    Icon for Nimbostratus rankNimbostratus
    Nov 30, 2012
    The traffic not from the specific source will be filtered out from this VS, and will flow to the generic wildcard VS for further action.

     

     

    Thanks,

     

     

    r_dynamo
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 30, 2012
    OK, so something like this I hope, on the old forwarding VS, not the new one; 

    
when CLIENT_ACCEPTED {
 if { [IP::addr [IP::client_addr] equals 1.1.1.1] }
 virtual 'new virtual name'
 }
}

    Of course, you could just route to a node or pool based on the source and destination and not have a second VS at all!