Forum Discussion
brad_anton_1025
Nimbostratus
Nimbostratuspool selection based on client ip
i am trying to do a basic pool selection i have this, but its just not working
userlista is datagroup
when CLIENT_ACCEPTED {
if { [ matchclass [IP::client_addr] equals $::UserListA ]} {
pool pool1
}
}
6 Replies
brad_anton_1025this is so depressing, nothing is working: my latest attempt:
when RULE_INIT {
log local0. "qa-rule --BRAD"
}
when CLIENT_ACCEPTED {
if { [ matchclass [IP::remote_addr] equals $::test ] } {
pool qa-01-101-7200
} else {
[ drop ]
}
}
its like nothing is loading, also i noticed some wierd thing in the ltm after the b load, (and the qa-rule --BRAD didnt show up in the ltm) it looks like all the audit logs are 3 hours begin the others... pretty strange..
SOMEONE PLEASE HELP!@- You clearly have something going wrong. You should contact support.
BTW, you don't need the [] around the drop command (the [] mean evaluate the command and use the results, as opposed to simply evaluate the command). - brad_anton_1025funny, support told me to post here..
can you confirm that the irule itself should work? - I'd like to see the data group that's associated with your rule.
I think your first attempt was closer, as you were using the client_addr variable.
Try something like:when RULE_INIT { log local0. "qa-rule --BRAD" } when CLIENT_ACCEPTED { if { [ matchclass [IP::client_addr] equals $::test ] > 0 } { pool qa-01-101-7200 } else { drop } }
But yes, things look fine in general, and that rule should allow you to select a pool based on the IP.
-Colin - brad_anton_1025ok so i finally figured it all out...my problems where as follows:
1. the drop wasnt fully dropping, the connection was being passed on to the server, but the client-to-bigip was still being held..
solution: use TCP::close
2. data group names with hyphens dont work! i guess it sees it as a subtraction sign or something nonetheless i couldnt get anything to match because the it would reference the whole data group
solution DONT use datagroup names with hyphens in them
i think that pretty much does it [moderated] - Two things regarding RULE_INIT:
First, RULE_INIT is common to all rules. It is also only executed when rules are initially loaded or when anything in the entire rule has changed. The RULE_INIT event is evaluated regardless of whether the rule is associated to any virtuals.
Second, the default namespace for RULE_INIT is the global namespace. So, a local variable is actually in the global namespace. EG, "set dirt hello" in RULE_INIT is equivalent to "set ::dirt hello".
Hope that helps!
