Forum Discussion
intadm_38648
Nimbostratus
NimbostratusNew to iRules...need some guidance
Hey all! This iRule that I'm trying so hard to create is racking my brain...was wondering if you experts can help me. Below is the rule and basically, I would like to send inbound traffic (inbound to this virtual address on the LTM where this rule is attached, that is) to one of the two pools(based on whether the destination address is part of the SPOE_IPS list but it appears that nothing is being sent to the second pool. I've created a class called "SPOE_IPS" and the 2 pool names are correct. It appears that traffic is hitting the first part of the rule correctly but not the second part. That is, all traffic seems to terminate before the "else" statement. Am I using the correct syntax (IP::local_addr) if I'm trying to filter by destination?
Thank you in advance,
Nelson.
when CLIENT_ACCEPTED {
if { [matchclass [IP::local_addr] equals $::SPOE_IPS] } {
pool pool_spoe_proxies }
else {
pool pool_BC_proxies
}
}
intadm_38648Basically what I'm trying to accomplish is that if a user tries to target a destination that is contained in the SPOE_IPS class, use the pool_spoe_proxies pool. Everything else should go to pool_BC_proxies.
HamishCirrocumulus
Firstly, what version of BigIP are you using? I'd use v10 syntax myself with the class command rather than the $::SPOE_IPS syntax (Because that's deprecated). At some stage, it'll stop working... Might as well use the new syntax since it's there.
Now, as to why you only ever hit the first pool and never the second, are you aware that in the CLIENT_ACCEPTED event, IP::local_addr is going to be the IP address of the VS... And thus will never change... So if the local IP is in SPOE_IPS you're never going to hit pool_BC_proxies anyway... (See http://devcentral.f5.com/wiki/iRules.IP__local_addr.ashx)
H- intadm_38648Hi, Hamish. Thank you very much for your response. Yes, we are using v. 10.2.1 and I'm not familiar with the version 10 syntax for the equivalent of $::SPOE_IPS...would you happen to have a link to this info? I'm sorry...I'm very new at iRules.
Since IP::local_addr looks at the address of the VS, I'm guessing my syntax is incorrect and this would never work. Is there such a thing as "IP::destination_addr" or something to that effect? What I'm trying to create is when the inbound request reaches the VS which then points to this iRule, I want to be able to see what destination IP the client is requesting. If the destination IP is one that is part of the SPOE_IPS, then I'll send them to pool 1, else pool 2. That's all.
Is the syntax "when CLIENT_ACCEPTED" the proper one to use for something like this? I apologize for all the questions and look forward to any assistance I can obtain...thanks a bunch.
Nelson. 
Michael_YatesHi intadm,
You can find additional information for the Class Command here: http://devcentral.f5.com/wiki/iRules.class.ashx
As Hamish pointed out the Global Variable “$::” has been updated from v9.x to v10.x. You can change the usage.when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals SPOE_IPS] } { pool pool_spoe_proxies } else { pool pool_BC_proxies } }
For your other question, I would take a look at the following commands:
[IP::client_addr]
[IP::server_addr]
There are also additional options available depending on what you need.
Hope this helps.