Forum Discussion
Ameya_4149
Nimbostratus
NimbostratusiRules for Source IP based routing
Hi folks,
I am trying to write an iRule for Source IP based routing. So what I am trying to do is if a packet comes from a specific pool of IP's, my LTM should fooward it to a specific server. If the IP is not from that pool, it will be forwarded to the default pool. Also if all the servers in a specific pool are down, the packets should be forwarded to the default pool.
This is my code, want to know if we can do better. I am also looking for a low processing time.
when CLIENT_ACCEPTED {
if { [ class match [IP::client_addr] equals DataGroup_RegionA ] } {
if { [active_members Pool_A] < 1 } {
pool Default_pool}
else {pool Pool_A}
} elseif { [ class match [IP::client_addr] equals DataGroup_RegionB ] } {
if { [active_members Pool_B] < 1 } {
pool Default_pool}
else {pool Pool_B}
} elseif { [ class match [IP::client_addr] equals DataGroup_RegionC ] } {
if { [active_members Pool_C] < 1 } {
pool Default_pool}
else {pool Pool_C}
} else {pool Default_pool}
}
Pool A, B, C has more than 1 members (servers)
Default_pool has all the servers listed in Pool A, B and C
Thanks,
Ameya
13 Replies
Michael_YatesHi Ameya,
It really depends on how far you want to go. Generally the more efficient the iRule the harder it is to maintain, but you could save yourself some cycles by only performing the class match on a single Datagroup instead of three. This could be accomplished by creating an Address Datagroup and setting the value of the IP Address or Network to a specific value to key from.
Then you could do something like this:when CLIENT_ACCEPTED { log local0. "Client IP Address: [IP::client_addr]" set groupvalue [class match -value [IP::client_addr] equals address.datagroup.list ] set defaultpool "pool.ltm.ve.nightclub.com" log local0. "Group Value: $groupvalue" switch $groupvalue { "groupa" { set destination "pool.one" } "groupb" { set destination "pool.two" } "groupc" { set destination "pool.three" } default { set destination $defaultpool } } if { [active_members $destination] < 0 } { log local0. "Destination Pool: $destination" pool $defaultpool } else { log local0. "Destination Pool: $destination" pool $destination } }
Hope this helps.
Mukesh_Shah_648just wanted to know where do you define the DataGroup_RegionA DataGroup_RegionB DataGroup_RegionC pool of ip's- Mukesh_Shah_648just wanted to know where do you define the DataGroup_RegionA DataGroup_RegionB DataGroup_RegionC pool of ip's
- hoolio
Cirrostratus
Michael is spot on here.
You can define a data group in the GUI under Local Traffic | iRules | Data Group List. For this scenario, make sure you use an address type data group. As Michael suggested, you could do this more simply with one data group.
Aaron 
r_dynamo_79563I need an iRule for an IP forwarding VS that would source traffic from a specific IP address /service port, (suppose 10.1.100.100:1200) destined to a specific destination IP address (let's say 10.2.100.100:1200)? Moreover, I already have a generic wildcard IP forwarding VS that sources traffic from the same VLAN where this host (10.1.100.100:1200) is located and maintains connection tables for traffic destined to any IP add. I need to know if the new IP Forwarding VS I have will interrupt the wildcard IP forwarding VS we have configured? I need something which will cause least overhead, with ease of maintenance.
Thanks,
r_dynamo
What_Lies_Bene1So you have a wildcard VS and you are going to setup a specific VS? Or do you just want an iRule for the existing VS that'll pickup this specific flow and do something different with it?- r_dynamo_79563I'm going to setup a specific VS with a different FAST L4 profile from the wildcard VS, so I need an iRule that wll pickup this specific flow and target a specific destination/service port no.
- What_Lies_Bene1OK, shouldn't be a problem at all, the VS is selected based on the most specific to the least. So you just want to detect traffic from a particular source IP and send it somewhere specific? What about traffic not from the specific source?
- r_dynamo_79563The traffic not from the specific source will be filtered out from this VS, and will flow to the generic wildcard VS for further action.
Thanks,
r_dynamo - What_Lies_Bene1OK, so something like this I hope, on the old forwarding VS, not the new one;
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 1.1.1.1] } virtual 'new virtual name' } }
Of course, you could just route to a node or pool based on the source and destination and not have a second VS at all!
