matching a host or network inside a data group using class match

Chris,

 

i did it, this is the result

 

In bigip.conf the class is...

 

class NavControlAndSnat {

 

{

 

network 192.168.1.0/24 { "172.17.170.12" }

 

network 192.168.163.0/24 { "172.17.170.11" }

 

host 192.168.163.228 { "172.17.170.103" }

 

host 192.168.163.229 { "172.17.170.103" }

 

}

 

}

 

 

the irule is....

 

when CLIENT_ACCEPTED {

 

set snataddr [class match -value [IP::client_addr] equals $::NavControlAndSnat ]

 

if { not ($snataddr equals "") } {

 

log local0. "i am [IP::client_addr] my snat is $snataddr"

 

snat $snataddr

 

}

 

else {

 

log local0. "drop traffic from [IP::client_addr]"

 

}

 

}

 

 

and the log is...

 

Aug 9 09:44:42 local/tmm info tmm[5761]: Rule NavControlAndSnat : i am 192.168.163.29 my snat is 172.17.170.11

 

Aug 9 09:44:43 local/tmm info tmm[5761]: Rule NavControlAndSnat : i am 192.168.163.229 my snat is 172.17.170.103

 

Aug 9 09:44:43 local/tmm info tmm[5761]: Rule NavControlAndSnat : i am 192.168.163.20 my snat is 172.17.170.11

 

Aug 9 09:44:44 local/tmm info tmm[5761]: Rule NavControlAndSnat : i am 192.168.1.168 my snat is 172.17.170.12

 

Aug 9 09:44:44 local/tmm info tmm[5761]: Rule NavControlAndSnat : i am 192.168.163.29 my snat is 172.17.170.11

 

 

conclusion...

 

looks like "class match" match the most exact ip definition in the class...like a route resolution.

 

there is a document explaining this feature?

 

 

thanks