Forum Discussion
NimbostratusOne virtual server to many pools via iRule
Is a default pool to a virtual server required if its desired to have the traffic to the virtual server directed by an associated irule? We have a single virtual server where depending on the traffic source (internal/external) the target should MFA. One pool will have MFA and the other for internal traffic will not. So far I have the following irule built (not tested yet):
when CLIENT_ACCEPTED { if { [IP::addr[IP::client_addr] equals 50.0.0.0/8] } { pool pool_int } else {
pool pool_ext } }
However, I am unsure if a default pool associated to the virtual server is required or recommended. Any guidance is greatly appreciated.
Jeff
- P_K
Altostratus
Hello Jeff,
No, you wouldn't need a default pool associated with the virtual server as long as you are using pools in your iRule. I do this all the time. The VIP should be UP if atleast one of your Pool is green. - The_Bhattman
Hi Jeff,
It's not required. Once you define it in the iRule it will process it there.
I hope this helps
-=Bhattman=-
Jeff_124628After some testing, I can access each pool if I make each one the virtual servers "default pool". However, if I remove the default pool and rely on the iRule the traffic is not routed. Is there something I am missing in the iRule?
when CLIENT_ACCEPTED { if { [IP::addr[IP::client_addr] equals 50.0.0.0/8] } { pool pool_int } else { pool pool_ext } }
- P_K
Try using this
when HTTP_REQUEST {
if { [IP::addr[IP::client_addr] equals 10.10.10.100] } {
log local0. "Client IP is [IP::client_addr], redirecting to pool_int"
pool pool_int
} else {
log local0. "client IP did not match"
pool pool_ext
}
}If you are specifically looking to match against a range of IPs, check this link
https://devcentral.f5.com/questions/pool-redirect-based-on-source-ip-range
