Forum Discussion
Joel_Breton
Nimbostratus
NimbostratusRedirect base on source IP Address for Virtual Server - Local Traffic Policy
Is it possible to have a local traffic policy to redirect traffic based on source ip address.
Here's what I've setup but I don't get any hits on the policy
Policy Name: Redirect-Traffic
Strategy: Execute first matching rule
Rule1
Rule Name: Match-Server1
Match all of the following conditions:
TCP address matches any of 10.1.1.1 at request time (apply to traffic on remote side of external interface
Forward traffic to node 10.2.2.1
Rule2
Rule Name: Match-Server1
Match all of the following conditions:
TCP address matches any of 10.1.1.2 at request time (apply to traffic on remote side of external interface
Forward traffic to node 10.2.2.2
`
I've generated traffic from both sources but the traffic policy never applies to Rule1
Here's an output of show ltm policy in tmsh
`-----------------------------------------------------
| Rule Action Invoked Succeeded
-----------------------------------------------------
| Match-Server1 0 [forward select] 0 0
| Match-Server2 0 [forward select] 118 118
Is the remote side of external interface - the source client IP address (cs-client-addr)?
Javier_Somoza_3Yes, im using the remote side of the external interface.
Im using in v13 this policy condition to filter based on source IP:
“TCP” – “address” – “matches” – “in datagroup” – at “request” time (apply traffic on “remote” side of “external” interface)
Also see:
F5 BIGIP – Bug when using datagroups in LTM policies
https://somoit.net/f5-big-ip/f5-bigip-bug-when-using-datagroups-in-ltm-policies