Forum Discussion
Opimization and Error Question
Hi,
Just a quick question or two:
1. Is this the best optimization for this iRule or would something like a switch statement be better? I'm looking for lowest cpu utiliza...
Switch is a great way to make selective snat assignments:
when CLIENT_ACCEPTED {
switch [ IP::client_addr ] {
10.10.1.1 { snat 10.20.1.1 }
10.10.1.2 { snat 10.20.1.2 }
10.10.1.3 -
10.10.1.4 -
10.10.1.5 { snat 10.20.1.3 }
default { snat automap }
}
}
the problem is that you don't get a terrific way to use network blocks with switch, so you can do string matching:
when CLIENT_ACCEPTED {
switch -glob [ IP::client_addr ] {
"10.10.1.1*" { snat 10.20.1.1 }
"10.10.1.2*" { snat 10.20.1.2 }
"10.10.1.3*" -
"10.10.1.4*" -
"10.10.1.5*" { snatpool snat_pool_1 }
default { snat automap }
}
}
there is also a -regexp option for switch, which I suppose might be more efficient than a classmatch, but probably not enough to be worth the effort.
The error seems to be saying you've run out of automap ports - which makes sense as you are automapping about seventeen thousand addresses in this rule, and using at least one other irule to assign snats. Add on a couple of virtual servers, some profiles with long timeouts, and some long-lived sessions and that automap pool of 60000 or so ports can get chewed up.
