Forum Discussion

matus_c_59161's avatar
matus_c_59161
Icon for Nimbostratus rankNimbostratus
Dec 21, 2011

node with dynamic IP

hello guys,

 

 

We're trying to add node that has a dynamic IP to the LTM virtual server pool.

 

The goal is to forward the outbound traffic to the internet via LTM to host that has a dynamic IP.

 

 

For better understanding

 

 

 

source (DMZ) ----> LTM VIP -- source NAT --> dynamic IP pool member

 

how can we manage the LTM to forward source natted traffic to the FQDN instead to the fixed IP?

 

 

thanks

 

 

Matt

 

  • how can we manage the LTM to forward source natted traffic to the FQDN instead to the fixed IP?i think we can use RESOLV::lookup to resolve fqdn to ip address and then use node command to send traffic to.

     

     

    RESOLV::lookup wiki

     

    http://devcentral.f5.com/wiki/iRules.resolv__lookup.ashx

     

     

    node wiki

     

    http://devcentral.f5.com/wiki/iRules.node.ashx

     

     

    by the way, just curious why it is not wildcard forwarding virtual.
  • e.g.

    [root@ve1023:Active] config  b virtual bar list
    virtual bar {
       snat automap
       destination 172.28.19.79:80
       ip protocol 6
       rules myrule
       profiles {
          http {}
          tcp {}
       }
    }
    [root@ve1023:Active] config  b rule myrule list
    rule myrule {
       when HTTP_REQUEST {
            set dest [RESOLV::lookup @8.8.8.8 -a "www.google.com"]
            log local0. "\[RESOLV::lookup @8.8.8.8 -a \"www.google.com\"\]: $dest"
            log local0. "\[getfield $dest \" \" 1\]: [getfield $dest " " 1]"
            node [getfield $dest " " 1] 80
    }
    
    when HTTP_RESPONSE {
            log local0. "[IP::client_addr]:[TCP::client_port] -> [IP::remote_addr]:[TCP::remote_port]"
    }
    }
    
    [root@ve1023:Active] config  curl -I http://172.28.19.79
    HTTP/1.1 200 OK
    Date: Thu, 22 Dec 2011 06:20:00 GMT
    Expires: -1
    Cache-Control: private, max-age=0
    Content-Type: text/html; charset=ISO-8859-1
    Server: gws
    X-XSS-Protection: 1; mode=block
    X-Frame-Options: SAMEORIGIN
    Transfer-Encoding: chunked
    
    [root@ve1023:Active] config  
    Dec 21 22:25:07 local/tmm info tmm[26866]: Rule myrule : [RESOLV::lookup @8.8.8.8 -a "www.google.com"]: 74.125.235.19 74.125.235.16 74.125.235.18 74.125.235.17 74.125.235.20
    Dec 21 22:25:07 local/tmm info tmm[26866]: Rule myrule : [getfield 74.125.235.19 74.125.235.16 74.125.235.18 74.125.235.17 74.125.235.20 " " 1]: 74.125.235.19
    Dec 21 22:25:07 local/tmm info tmm[26866]: Rule myrule : 172.28.19.80:58281 -> 74.125.235.19:80
    
  • Hey nitass,

     

     

    Thanks a lot, works great, but I've got one more question :

     

     

    from DNS reply I'm getting a set of IPs :

     

    example :

     

    xxx.xxx.xxx.xxx xxx.xxx.xxx.yyy

     

     

    As both of them are set to $dest I'm getting :

     

    TCL error: dynamic4-m - bad IP address format

     

     

    ==========

     

    How can I get the first element parsed ?
  • You can use lindex to get the first list element:

    
     From: https://devcentral.f5.com/wiki/iRules.resolv__lookup.ashx
    
     Select the first returned IP address as the destination IP (inherits the destination port from the client's destination port).
    when RULE_INIT {
       set static::dns_vs my_dns_vs
    }
    when CLIENT_ACCEPTED {
    
        Get IP(s) for hostname www.example.com against 4.2.2.1 name server
       set ips [RESOLV::lookup @$static::dns_vs -a "www.example.com"]
    
        Log result. If there are multiple IP's it could be a TCL list like {1.1.1.1 2.2.2.2 3.3.3.3}.
       log local0. "Looked up www.example.com and found $ips, parsed first element: [lindex $ips 0]"
    
        Check if the first list element was empty
       if {$ips eq ""}{
           Input wasn't an IP address, take some default action?
       } else {
           Select the IP 
          node [lindex $ips 0]
       }
    }
    

    Aaron