For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kingoyster's avatar
kingoyster
Icon for Nimbostratus rankNimbostratus
Jul 31, 2019

Multiple ISP Gateway Outgoing iRule

Hi all F5 gurus,

I just inherited a F5 LTM from previous employee, and I am the sole IT guy in the company. I am tasked to optimize the existing outbound iRule.

The company have 5 different ISP with it's own gateway. Currently the outbound iRule as below,

when CLIENT_ACCEPTED { 
 if {[LB::status pool Gateway_Pool_1 member 1.1.1.1 0] equals "up" } {
   if {[class match -- [IP::client_addr] equals HostGroup1]} {
       snatpool SNAT_Pool_1
       pool Gateway_Pool_1
    } elseif {[class match -- [IP::client_addr] equals HostGroup2]} {
      snatpool SNAT_Pool_2
      pool Gateway_2_Pool
    } elseif {[class match -- [IP::client_addr] equals HostGroup3]} {
      snatpool SNAT_Pool_3
      pool Gateway_Pool_3
    } elseif {[class match -- [IP::client_addr] equals HostGroup4]} {
      snatpool SNAT_Pool_4
      pool Gateway_Pool_4
    } elseif {[class match -- [IP::client_addr] equals HostGroup5]} {
      snatpool SNAT_Pool_5
      pool Gateway_Pool_5
    } else {
       snatpool SNAT_Pool_1
       pool Gateway_Pool_1
    }
  } else {
     snatpool SNAT_Pool_4
     pool Gateway_Pool_4
  }
 }

Please correct me if I inteprete it wrongly,

If Gateway_Pool_1 is up, each HostGroup will use its own Gateway_Pool as outgoing, and Gateway_Pool_1 also act as default outgoing.

If Gateway_Pool_1 is down, all hosts regardless which HostGroup will use Gateway_Pool_4 as default outgoing, and this would cause ISP 4 congested.

Can I replace the it with the following iRules to only use the default Gateway_Pool_1 if individual ISP gateway is down? 

when CLIENT_ACCEPTED { 
  if {([class match -- [IP::client_addr] equals HostGroup1]) && ([LB:status pool Gateway_Pool_1 member 1.1.1.1 0] equals "up")} {
   snatpool SNAT_Pool_1
   pool Gateway_Pool_1
  } elseif {([class match -- [IP::client_addr] equals HostGroup2]) && ([LB:status pool Gateway_Pool_2 member 2.2.2.2 0] equals "up")} {
    snatpool SNAT_Pool_2
    pool Gateway_Pool_2
  } elseif {([class match -- [IP::client_addr] equals HostGroup3]) && ([LB:status pool Gateway_Pool_3 member 3.3.3.3 0] equals "up")} {
    snatpool SNAT_Pool_3
    pool Gateway_Pool_3
  } elseif {([class match -- [IP::client_addr] equals HostGroup4]) && ([LB:status pool Gateway_Pool_4 member 4.4.4.4 0] equals "up")} {
    snatpool SNAT_Pool_4
    pool Gateway_Pool_4
  } elseif {([class match -- [IP::client_addr] equals HostGroup5]) && ([LB:status pool Gateway_Pool_5 member 5.5.5.5 0] equals "up")} {
    snatpool SNAT_Pool_5
    pool Gateway_Pool_5
  } elseif {[LB::status pool Gateway_Pool_1 member 1.1.1.1 0] equals "up" } {
    snatpool SNAT_Pool_1
    pool Gateway_Pool_1
  } else {
   snatpool SNAT_Pool_4
   pool Gateway_Pool_4
  }
 }
application delivery
iRules

1 Reply

  • Andrew-F5's avatar
    Andrew-F5
    Icon for Employee rankEmployee
    Aug 08, 2019

    Please correct me if I inteprete it wrongly,

     

    If Gateway_Pool_1 is up, each HostGroup will use its own Gateway_Pool as outgoing, and Gateway_Pool_1 also act as default outgoing.

    If Gateway_Pool_1 is down, all hosts regardless which HostGroup will use Gateway_Pool_4 as default outgoing, and this would cause ISP 4 congested.

     

    Can I replace the it with the following iRules to only use the default Gateway_Pool_1 if individual ISP gateway is down? 

     

    Your correct in your interpretation and your revised iRule code appears valid.