Forum Discussion
NimbostratusPool redirect based on source IP Range
I need to write an IRule to route traffic to different pools based on source IP range.
Would this be the best syntax to use?
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
pool my_pool
}
}
Can I just add a subnet mask to the "equals 10.10.10.10" in \ format?
Thanks in advance.
D
14 Replies
- The_BhattmanHi Randy,
Adding another check would be as simple as the followingwhen HTTP_REQUEST { if { [IP::addr [IP::client_addr] equals 209.221.139.195] } { pool Segregation_Pool } else if { [IP::addr [IP::client_addr] equals 209.221.139.196] } { pool Segregation_pool2 } }
Or using matchclass which would contain a list of IP addresses
You can find more details here
http://devcentral.f5.com/wiki/default.aspx/iRules/IP__addr.html
I hope this helps
Bhattman 
Gideon_Chong_24Hi Randy,
I'm also in a similar situation as you.
The following iRule is also not working for me:
when CLIENT_ACCEPTED {
set rserver1 "xserver"
set rserver2 "yserver"
if { [IP::addr [IP::client_addr] equals a.a.a.a] } {
pool mypool member $rserver1 80
}
if { [IP::addr [IP::client_addr] equals b.b.b.b] } {
pool mypool member $rserver2 80
}
}I will test with HTTP_REQUEST tomorrow. But what are is the difference between the 2 and why would it work with one and not with the other? Also I'm using type "standard" as virtual server.
Any suggestion is very appreciated. Thanks.
- JRahm
Admin
if you are matching an exact IP address you only need IP::client_addr. If you are matching a network, you need a mask with that IP::addr command. Please check the wiki page for IP::addr for examples. If strictly doing IP matching/comparison, no need to use HTTP_REQUEST. Finally, depending on how many servers you end up with, a switch would be preferable to multiple if statements. If you can give me some specifics of what you are trying to accomplish (sanitized) I can cook up a sample for you.
- Gideon_Chong_24
Hi Jason,
Thank you for your quick reply.
The setup is as follow.
There are 2 proxy servers (a and b) which connects to this VS. Behind this VS there is a pool with 2 members (x and y). We see that connections are only going to server y. Only when server y is down will the connections be forwarded to server x. We think that the number of sources is the issue.
The VS has the following setup: - VS type is "standard" - TCP protocol with custom idle timeout - Default persistence profile is "source_addr"
The pool has the follow setup: - Load balancing method is "least connection"
With this setup we see the issue happening that I have described on top.
What we would like to achieve is to have each proxy server go to a specific pool member. Only when this specific pool member is down will it go to the other active one.
So normal situation: a -> x and b -> y
If either x or y is down: a -> y and b -> y or a -> x and b -> x
I hope it's clear what we want to achieve.
Thanks in advance!
