Forum Discussion
Ameya_4149
Feb 16, 2012Nimbostratus
iRules for Source IP based routing
Hi folks,
I am trying to write an iRule for Source IP based routing. So what I am trying to do is if a packet comes from a specific pool of IP's, my LTM should fooward it to a specific server. If the IP is not from that pool, it will be forwarded to the default pool. Also if all the servers in a specific pool are down, the packets should be forwarded to the default pool.
This is my code, want to know if we can do better. I am also looking for a low processing time.
when CLIENT_ACCEPTED {
if { [ class match [IP::client_addr] equals DataGroup_RegionA ] } {
if { [active_members Pool_A] < 1 } {
pool Default_pool}
else {pool Pool_A}
} elseif { [ class match [IP::client_addr] equals DataGroup_RegionB ] } {
if { [active_members Pool_B] < 1 } {
pool Default_pool}
else {pool Pool_B}
} elseif { [ class match [IP::client_addr] equals DataGroup_RegionC ] } {
if { [active_members Pool_C] < 1 } {
pool Default_pool}
else {pool Pool_C}
} else {pool Default_pool}
}
Pool A, B, C has more than 1 members (servers)
Default_pool has all the servers listed in Pool A, B and C
Thanks,
Ameya
- Michael_YatesNimbostratusHi Ameya,
when CLIENT_ACCEPTED { log local0. "Client IP Address: [IP::client_addr]" set groupvalue [class match -value [IP::client_addr] equals address.datagroup.list ] set defaultpool "pool.ltm.ve.nightclub.com" log local0. "Group Value: $groupvalue" switch $groupvalue { "groupa" { set destination "pool.one" } "groupb" { set destination "pool.two" } "groupc" { set destination "pool.three" } default { set destination $defaultpool } } if { [active_members $destination] < 0 } { log local0. "Destination Pool: $destination" pool $defaultpool } else { log local0. "Destination Pool: $destination" pool $destination } }
- Mukesh_Shah_648Nimbostratusjust wanted to know where do you define the DataGroup_RegionA DataGroup_RegionB DataGroup_RegionC pool of ip's
- Mukesh_Shah_648Nimbostratusjust wanted to know where do you define the DataGroup_RegionA DataGroup_RegionB DataGroup_RegionC pool of ip's
- hoolioCirrostratusMichael is spot on here.
- r_dynamo_79563NimbostratusI need an iRule for an IP forwarding VS that would source traffic from a specific IP address /service port, (suppose 10.1.100.100:1200) destined to a specific destination IP address (let's say 10.2.100.100:1200)? Moreover, I already have a generic wildcard IP forwarding VS that sources traffic from the same VLAN where this host (10.1.100.100:1200) is located and maintains connection tables for traffic destined to any IP add. I need to know if the new IP Forwarding VS I have will interrupt the wildcard IP forwarding VS we have configured? I need something which will cause least overhead, with ease of maintenance.
- What_Lies_Bene1CirrostratusSo you have a wildcard VS and you are going to setup a specific VS? Or do you just want an iRule for the existing VS that'll pickup this specific flow and do something different with it?
- r_dynamo_79563NimbostratusI'm going to setup a specific VS with a different FAST L4 profile from the wildcard VS, so I need an iRule that wll pickup this specific flow and target a specific destination/service port no.
- What_Lies_Bene1CirrostratusOK, shouldn't be a problem at all, the VS is selected based on the most specific to the least. So you just want to detect traffic from a particular source IP and send it somewhere specific? What about traffic not from the specific source?
- r_dynamo_79563NimbostratusThe traffic not from the specific source will be filtered out from this VS, and will flow to the generic wildcard VS for further action.
- What_Lies_Bene1CirrostratusOK, so something like this I hope, on the old forwarding VS, not the new one;
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 1.1.1.1] } virtual 'new virtual name' } }
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects