Forum Discussion

Kannan_Thalaia1's avatar
Kannan_Thalaia1
Icon for Cirrus rankCirrus
Apr 13, 2021

Query on GTM irule based on Pool Availability

Hello,   I am very beginner to iRule creation. In GTM I tried to create irule as below. But getting error.   Our intention is we need to reroute the DNS query to different pool based on cli...
application delivery
BIG-IP DNS
iRules
log
  • crodriguez's avatar
    crodriguez
    Apr 14, 2021

    Data groups are available in BIG-IP DNS systems. Per the support article SanjayP identified, in versions prior to 12.1, you can only configure them using TMSH as a workaround. In v12.1 and later, you can also define them using the Configuration utility at DNS > GSLB > Delivery > iRules > Data Group List.

    In the datagroup, you could define the IP network address ranges as the key and the associated pool name to use as the value. For example:

    (In case the screen shot is too small...)

    (tmos)# list /ltm data-group internal special_pool_ips
ltm data-group internal special_pool_ips {
    records {
        10.221.152.0/24 {
            data AOA_LDS0_WIPRO_POOL
        }
        10.222.152.0/24 {
            data EUR_LDS0_WIPRO_POOL
        }
        10.223.152.0/24 {
            data AMS_LDS0_WIPRO_POOL
        }
        10.234.24.64/27 {
            data AMS_LDS0_ITHUBPR_POOL
        }
        10.235.24.64/27 {
            data EUR_LDS0_ITHUBPR_POOL
        }
        10.236.24.64/27 {
            data AOA_LDS0_ITHUBPR_POOL
        }
    }
    type ip
}

    Then your iRule could be reduced to something like below. I included log commands to write to /var/log/gtm when testing. These should be commented out for production. I checked for a match with the data group first, before checking to see if there are active members. That way you don't have to do two comparisons on every DNS query, only on those from the special client IPs:

    when DNS_REQUEST {
    # set default pool for load balancing
    pool GLOBAL_LDS0_POOL
    # if DNS request is from a client
    # with a special IP address, select
    # a different load balancing pool but 
    # only if it has an available pool member. 
    # If no available pool members,
    # use GLOBAL_FAILBACK_LDS0_POOL
    if { [class match [IP::client_addr] equals special_pool_ips] } {
        log local2. "Match with special_pool_ips datagroup for [IP::client_addr]"
        if { [active_members [class lookup [IP::client_addr] special_pool_ips]] > 0 } {
            log local2. "Pool [class lookup [IP::client_addr] special_pool_ips] has active members"
            pool [class lookup [IP::client_addr] special_pool_ips]
        } else {
            log local2. "Pool [class lookup [IP::client_addr] special_pool_ips] has no active members; using failback pool"
            pool GLOBAL_FAILBACK_LDS0_POOL
        }
    }
}
crodriguez's avatar
crodriguez
Ret. Employee
Apr 14, 2021

Data groups are available in BIG-IP DNS systems. Per the support article SanjayP identified, in versions prior to 12.1, you can only configure them using TMSH as a workaround. In v12.1 and later, you can also define them using the Configuration utility at DNS > GSLB > Delivery > iRules > Data Group List.

In the datagroup, you could define the IP network address ranges as the key and the associated pool name to use as the value. For example:

(In case the screen shot is too small...)

(tmos)# list /ltm data-group internal special_pool_ips
ltm data-group internal special_pool_ips {
    records {
        10.221.152.0/24 {
            data AOA_LDS0_WIPRO_POOL
        }
        10.222.152.0/24 {
            data EUR_LDS0_WIPRO_POOL
        }
        10.223.152.0/24 {
            data AMS_LDS0_WIPRO_POOL
        }
        10.234.24.64/27 {
            data AMS_LDS0_ITHUBPR_POOL
        }
        10.235.24.64/27 {
            data EUR_LDS0_ITHUBPR_POOL
        }
        10.236.24.64/27 {
            data AOA_LDS0_ITHUBPR_POOL
        }
    }
    type ip
}

Then your iRule could be reduced to something like below. I included log commands to write to /var/log/gtm when testing. These should be commented out for production. I checked for a match with the data group first, before checking to see if there are active members. That way you don't have to do two comparisons on every DNS query, only on those from the special client IPs:

when DNS_REQUEST {
    # set default pool for load balancing
    pool GLOBAL_LDS0_POOL
    # if DNS request is from a client
    # with a special IP address, select
    # a different load balancing pool but 
    # only if it has an available pool member. 
    # If no available pool members,
    # use GLOBAL_FAILBACK_LDS0_POOL
    if { [class match [IP::client_addr] equals special_pool_ips] } {
        log local2. "Match with special_pool_ips datagroup for [IP::client_addr]"
        if { [active_members [class lookup [IP::client_addr] special_pool_ips]] > 0 } {
            log local2. "Pool [class lookup [IP::client_addr] special_pool_ips] has active members"
            pool [class lookup [IP::client_addr] special_pool_ips]
        } else {
            log local2. "Pool [class lookup [IP::client_addr] special_pool_ips] has no active members; using failback pool"
            pool GLOBAL_FAILBACK_LDS0_POOL
        }
    }
}
  • spalande's avatar
    spalande
    Icon for Nacreous rankNacreous
    Apr 15, 2021

    Nice example and looks better optimized one.

    • Kannan_Thalaia1's avatar
      Kannan_Thalaia1
      Icon for Cirrus rankCirrus
      Apr 15, 2021

      Hello Sanjay,

       

      Thanks for your advice on this.

       

      Regards,

      Kannan.