Forum Discussion

Srini_Vaiyapuri's avatar
Srini_Vaiyapuri
Icon for Nimbostratus rankNimbostratus
Jan 26, 2016

Need help with an Irule

Hi,

 

We have request that when user from diferent source IP subnets ( for eg: 10.10.10.0/24 , 20.20.20.0/24 and 30.30.30.0/24) hits the F5 VIP IP, VIP needs to respond back from specific tier (web/app) servers.

 

For eg: if a dns request comes from source Ip subnet 10.10.10.0/24, VIP should respond back from web servers only

 

For eg: if a dns request comes from source Ip subnet 20.20.20.0/24, VIP should respond back from App servers only

 

Could someone help me on this? I know this requires an IRule and need help with that.

 

Any help would be appreciated.

 

BIG-IP
devops
iRules

7 Replies

  • Dinesh_22825's avatar
    Dinesh_22825
    Icon for Nimbostratus rankNimbostratus
    Jan 26, 2016

    You can create datagroups, 2 pools something like web pool and app pool and validate source IP with that datagroup using irule. Once validation is successful you can redirect it to the pool accordingly.

     Check if client IP is part of datagroup

when HTTP_REQUEST {

  if { [matchclass [IP::client_addr] equals ]}{

    pool 

  }
}
    • Srini_Vaiyapuri's avatar
      Srini_Vaiyapuri
      Icon for Nimbostratus rankNimbostratus
      Feb 11, 2016
      Hi Dinesh, Thanks again for your answer earlier. I have another question on this. Looks like data group list is available only in LTM, is there similar feature available in GTM? We have servers in different data centers so need to implement Irule in GTM. Please let me know. Thanks-Srini
  • Amy_123193's avatar
    Amy_123193
    Historic F5 Account
    Jan 26, 2016

    A few things to add:

    • the matchclass command is deprecated - the class command should be used instead
    • you could use IP::addr instead of data groups, but it will be more difficult to add additional IPs in the future if you need to. for example: 
      if { [IP::addr [IP::client_addr] equals 10.10.10.0/24] }
    • string multiple comparisons using elseif
    • Srini_Vaiyapuri's avatar
      Srini_Vaiyapuri
      Icon for Nimbostratus rankNimbostratus
      Jan 26, 2016
      Thanks Amy. Is Data Group option available in GTM? just realized that end servers are spread across in 2 different data centers, so i would need to configure wide IP list and assign LTMs VIP as virtual servers. In this case, I would require an Irule in GTM to filter the source traffic?? will this work??
  • awilhelm's avatar
    awilhelm
    Icon for Employee rankEmployee
    Jan 26, 2016

    A few things to add:

    • the matchclass command is deprecated - the class command should be used instead
    • you could use IP::addr instead of data groups, but it will be more difficult to add additional IPs in the future if you need to. for example: 
      if { [IP::addr [IP::client_addr] equals 10.10.10.0/24] }
    • string multiple comparisons using elseif
    • Srini_Vaiyapuri's avatar
      Srini_Vaiyapuri
      Icon for Nimbostratus rankNimbostratus
      Jan 26, 2016
      Thanks Amy. Is Data Group option available in GTM? just realized that end servers are spread across in 2 different data centers, so i would need to configure wide IP list and assign LTMs VIP as virtual servers. In this case, I would require an Irule in GTM to filter the source traffic?? will this work??