For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kev_245_28249's avatar
kev_245_28249
Icon for Nimbostratus rankNimbostratus
Apr 21, 2011

Nexthop

Hi,   I am trying to configure the nexthop global cmd via an iRule inorder to send traffic to a particular gateway depending upon which vlan it hits.   In a simple vm lab I have one vlan 'Prod'...
application delivery
dev
devops
iRules
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Aug 31, 2015

Hi,

in case you are using a node and a nexthop command in your iRule the order of the commands seems to matter.

At least in TMOS v11.5.1HF8 it is required to set the node first and then to set the nexthop.

I.e. as follows: 
when CLIENT_ACCEPTED {
     snat [IP::local_addr]
     node 10.131.131.62
     nexthop vlan_dmz 2:f5:f5:20:b0:2
}

In my clients scenario the node is locally attached to the BIG-IP but the request has to be forwarded through a locally attached firewall in another VLAN.

This failed, if the nexthop was set before setting the node.

In this case the nexthop command was simply ignored and the request forwarded directly to the locally attached node (firewall bypassed).

Thanks, Stephan