Forum Discussion
statmp_87631
Nimbostratus
NimbostratusiRules with subnet failed.
Hi,I met a problem with iRules recently, below is our iRules:
if { [IP::addr [IP::remote_addr] equals 221.177.152.0/26] } {
pool CMNET }
else { pool CMWAP_ OTHER }}
if the DNS query client with IP address 221.177.152.33 send a DNS message, f5 will answer with pool CMWAP_OTHER.
and if we change the iRules to below, the answer will be correct with pool CMNET.
if { [IP::addr [IP::remote_addr] equals 221.177.152.33/32] } {
pool CMNET }
else {
pool CMWAP_ OTHER
}
}
so , what's the difference between a host and a subnet int iRules?
thanks
13 Replies
harry_35316I dont think we can use the euqals command for the IP range subnet...Try with using the below if statement. This may not be correct but i think we cannot use equals for a range of IPs since the equals to operator checks for the exact match only...
if{ [221.177.152.0< IP::addr[IP::remote_addr] ] & [IP::addr[IP::remote_addr]<=221.177.152.63]}{
pool CMNET
}
else..
statmp_87631good idear!!!
but, below sentence was copied from DevCentral Wiki, the descripion of IP::addr:
To perform comparison of client-side IP address with subnet 10.0.0.0. (Will return 1 or 0, depending on client IP address.)
view sourceprint?1 [IP::addr [IP::client_addr] equals 10.0.0.0/8]- statmp_87631got wrong message with operator "<"
line 2: [undefined procedure: 221.177.152.0] [221.177.152.0 < IP::addr [ IP::remote_addr ] ]
line 2: [invalid option "<" must be: equals mask parse] [IP::addr [ IP::remote_addr ] < 221.177.152.63 ]
seems the only opreator is "equals"
Syntax¶
1 IP::addr [/] equals [/]
2 IP::addr parse [-swap] []
3
4 v11 Additions/Changes:
5 IP::addr parse [-ipv6|-ipv4 [-swap]] [] - nitass
Employee
IP::addr [IP::remote_addr] equals 221.177.152.0/26 should be correct.
how do you know if traffic is sent to wrong pool? can you make some log in event such as SERVER_CONNECTED? - statmp_87631my device is GTM 3900, and I can use "nslookup" to check the DNS query answer results from different pools.
this means different pools return different DNS answers.
In my case, IP::addr [IP::remote_addr] equals 221.177.152.0/26 will never match the DNS query host IP address, but 221.177.152.33/32 will be correct, do I need some licence or have some special settings in the system? - statmp_87631my device is GTM 3900, and I can use "nslookup" to check the DNS query answer results from different pools.
this means different pools return different DNS answers.
In my case, IP::addr [IP::remote_addr] equals 221.177.152.0/26 will never match the DNS query host IP address, but 221.177.152.33/32 will be correct, do I need some licence or have some special settings in the system? 
hoolioCirrostratus
You don't need to use /32 as it's implicit when you use a host address with IP::addr:
if { [IP::addr [IP::remote_addr] equals 221.177.152.33] } {
Aaron- statmp_87631now the problem is:
1. [IP::addr [IP::remote_addr] equals 221.177.152.33/32] works fine.
2. [IP::addr [IP::remote_addr] equals 221.177.152.0/26] never match the source clients. - hoolio221.177.152.0/26 should match 221.177.152.0 - 221.177.152.63. Can you try logging the client IP to verify what you're getting for [IP::remote_addr]?
Here's a v11 rule you can use to confirm this:when RULE_INIT { for {set i 0}{$i <=63}{incr i}{ log local0. "\[IP::addr 221.177.152.$i equals 221.177.152.0/26\]: [IP::addr 221.177.152.$i equals 221.177.152.0/26]" } }
[IP::addr 221.177.152.0 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.1 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.2 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.3 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.4 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.5 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.6 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.7 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.8 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.9 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.10 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.11 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.12 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.13 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.14 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.15 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.16 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.17 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.18 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.19 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.20 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.21 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.22 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.23 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.24 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.25 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.26 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.27 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.28 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.29 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.30 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.31 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.32 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.33 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.34 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.35 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.36 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.37 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.38 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.39 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.40 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.41 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.42 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.43 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.44 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.45 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.46 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.47 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.48 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.49 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.50 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.51 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.52 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.53 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.54 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.55 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.56 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.57 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.58 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.59 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.60 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.61 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.62 equals 221.177.152.0/26]: 1
[IP::addr 221.177.152.63 equals 221.177.152.0/26]: 1
Aaron - statmp_87631Thanks for your kindly support.
here is my iRules:
when DNS_REQUEST {
if { [IP::addr [IP::remote_addr] equals 10.97.188.0/24] } {
log local0. "[IP::remote_addr] equals 10.97.188.0/24 Correct!!!! : [IP::addr [IP::remote_addr] equals 10.97.188.0/24]"
}
else {
log local0. "[IP::remote_addr] equals 10.97.188.0/24 Error!!!!! : [IP::addr [IP::remote_addr] equals 10.97.188.0/24]"
}
}
and got log with ERROR:
Rule HN_GGSN_Pool_rules: 10.97.188.124 equals 10.97.188.0/24 Error!!!!! : 0
this can make sure [IP::addr 10.97.188.124 equals 10.97.188.0/24] returns 0, that's joke?
