Forum Discussion
iRules with subnet failed.
Hi,I met a problem with iRules recently, below is our iRules:
if { [IP::addr [IP::remote_addr] equals 221.177.152.0/26] } {
pool CMNET }
else { pool CMWAP_ OTHER }}
if the DNS query client with IP address 221.177.152.33 send a DNS message, f5 will answer with pool CMWAP_OTHER.
and if we change the iRules to below, the answer will be correct with pool CMNET.
if { [IP::addr [IP::remote_addr] equals 221.177.152.33/32] } {
pool CMNET }
else {
pool CMWAP_ OTHER
}
}
so , what's the difference between a host and a subnet int iRules?
thanks
- harry_35316NimbostratusI dont think we can use the euqals command for the IP range subnet...Try with using the below if statement. This may not be correct but i think we cannot use equals for a range of IPs since the equals to operator checks for the exact match only...
- statmp_87631Nimbostratusgood idear!!!
- statmp_87631Nimbostratusgot wrong message with operator "<"
- nitassEmployeeIP::addr [IP::remote_addr] equals 221.177.152.0/26 should be correct.
- statmp_87631Nimbostratusmy device is GTM 3900, and I can use "nslookup" to check the DNS query answer results from different pools.
- statmp_87631Nimbostratusmy device is GTM 3900, and I can use "nslookup" to check the DNS query answer results from different pools.
- hooleylistCirrostratusYou don't need to use /32 as it's implicit when you use a host address with IP::addr:
- statmp_87631Nimbostratusnow the problem is:
- hooleylistCirrostratus221.177.152.0/26 should match 221.177.152.0 - 221.177.152.63. Can you try logging the client IP to verify what you're getting for [IP::remote_addr]?
when RULE_INIT { for {set i 0}{$i <=63}{incr i}{ log local0. "\[IP::addr 221.177.152.$i equals 221.177.152.0/26\]: [IP::addr 221.177.152.$i equals 221.177.152.0/26]" } }
- statmp_87631NimbostratusThanks for your kindly support.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com