Forum Discussion
Dave_73612
Nimbostratus
NimbostratusPool redirect based on source IP Range
Hi guys,
I need to write an IRule to route traffic to different pools based on source IP range.
Would this be the best syntax to use?
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
pool my_pool
}
}
Can I just add a subnet mask to the "equals 10.10.10.10" in \ format?
Thanks in advance.
D
14 Replies
hoolioCirrostratus
Hi,
With IP::addr (Click here), you can use /cidr notation:when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr]/24 equals 10.10.10.0] } { pool my_pool } }
Aaron
Dave_73612Yep,
Thanks for that - should work fine.
I actually need to do it this way round however;
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.0/24] } {
pool my_pool
}
}
Cheers,
D- Dave_73612Yep they are for that example however:
I dont want to define the client IP
I want to check [IP::addr [IP::client_addr] against a known defined range and only redirect IP's of that range off to another pool.
Or am I missunderstanding you here hehe.
Also with this example
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.0/24] } {
pool my_pool
}
}
Would i need an else pool default_pool ? Or is it implied.
D - hoolioIt's the same whether you're explicitly providing an IP address or using IP::client_addr to get the client IP address. So the first two are equivalent, as are the second two if the client IP address for the test was 10.42.2.2
[IP::addr 10.42.2.2/24 equals 10.42.2.1]: 1
[IP::addr 10.42.2.2 equals 10.42.2.1/24]: 1
[IP::addr [IP::client_addr]/24 equals 10.42.2.1]: 1
[IP::addr [IP::client_addr] equals 10.42.2.1/24]: 1
If you have a default pool on the VIP and you're making the pool decision for the entire TCP connection, you don't need to explicitly define a pool in an else clause.
Aaron 
paul_79097is there a way to specify a range for ips?
like from 67.195.0.1 to 67.195.254.254- hoolioIf 67.195.0.0 - 67.195.255.255 is close enough you could use [IP::addr [IP::client_addr]/16 equals 67.195.0.0].
Aaron - paul_79097awesome - THANK YOU
Randy_Johnson_1Where would a rule like this be applied ?
I've applied the following rule to the Virtual Server that users would access:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 209.221.139.195] } {
pool Segregation_Pool
}
}
However, requests coming from the IP 209.221.139.195 are NOT redirected to the pool called Segregation_Pool, and instead are directed to the 'default pool'- hoolioHi Randy,
That iRule looks straightforward enough. Which LTM version are you testing with? Do you have ASM or WAM enabled on the VIP? What type of VIP are you using the iRule on?
If it's not working as you expect, can you add debug logging to confirm the client IP address and whether the pool selection is being hit?when CLIENT_ACCEPTED { log local0. "client IP:port [IP::client_addr][TCP::client_port]: [virtual name] [IP::local_addr][TCP::local_port]" if { [IP::addr [IP::client_addr] equals 209.221.139.195] } { log local0. "client IP:port [IP::client_addr][TCP::client_port]: Matched IP check, selecting Segregation_Pool" pool Segregation_Pool } } when LB_SELECTED { log local0. "client IP:port [IP::client_addr][TCP::client_port]: Selected server: [LB::server]" } when SERVER_CONNECTED { log local0. "client IP:port [IP::client_addr][TCP::client_port]: Connected server: [IP::server_addr]:[TCP::server_port]" }
Aaron - Randy_Johnson_1Thanks !
I had actually gotten this working with a slight change -
when HTTP_REQUEST {
if { [IP::addr [IP::client_addr] equals 209.221.139.195] } {
pool Segregation_Pool
}
}
Next step of my project is to evaluate for a different IP ... Would this be as simple as adding another IP::addr statement ?
when HTTP_REQUEST {
if { [IP::addr [IP::client_addr] equals 209.221.139.195] } {
or if { [IP::addr [IP::client_addr] equals 222.201.139.195] } {
pool Segregation_Pool
}
}
