Redirect IP to specific node or gateway

Try to write the IP address instead of node name.

Thanks Claudio, I had tried that with no success. Heres where Im at now - my irule looks like the following:

when HTTP_REQUEST { if {[HTTP::uri] contains "blocked_url" } { pool ISP_Router_Pool snat automap } }

Thing is, this seems to work if I use speedtest.net for example. It will lookup your IP on that site, and it is indeed the Charter address. However, if I use the other URL's, I still cant get to the sites, and I have confirmed that we can definitely get to them on our Charter addresses. So Im still missing something, perhaps in how it handles the return traffic? Or perhaps there is still something in the packet that identifies it as Cogent (which is why I created a pool with just the Charter router and used automap, I thought that would fix it...)

are you using oneconnect? if not, can you try?

Im not super familiar with oneconnect - I always thought of it in relation to outside connections coming in to our network - so does it hang open TCP connections for outgoing as well?

so does it hang open TCP connections for outgoing as well?

it is about serverside connection (between bigip and destination). anyway, i am not sure if it relates to issue you are facing but just want to try.

sol9800: Using an iRule to load balance HTTP requests to multiple pools

is there a way to redirect based on destination IP vs trying to do it with an HTTP_REQUEST? I see some traffic getting redirected over our Charter when I capture on the F5, but I also still see traffic by IP over Cogent - and I think that's why we are still getting blocked. Looking into the article you sent and oneconnect.

What I am seeing is the initial request on TCP 80 is still going out our Cogent connection. Its destination port is 80, but the packet doesn't contain a URI yet, so I think the irule never gets triggered. Its that initial packet that gets dropped. If I watch other sites that aren't blocked, I see traffic initially over Cogent, but then once I start seeing HTTP packets, it will send some things over Charter. Ive looked at some of the IP events, but they seem to rely on a connection getting established, which never happens.

is there a way to redirect based on destination IP vs trying to do it with an HTTP_REQUEST?

you can use CLIENT_ACCEPTED event. check destination ip and then select snat and pool.

Destination Based Routing

please be noted that $:: prefix is no longer needed to refer to data group (i.e. just use data group name).

What I am seeing is the initial request on TCP 80 is still going out our Cogent connection. Its destination port is 80, but the packet doesn't contain a URI yet, so I think the irule never gets triggered.

i do not think so. i understand you are using http profile, so serverside's syn packet is sent after http request is received on clientside.

sol8082: Overview of TCP connection setup for BIG-IP LTM virtual server types

This would seem to be my problem, from the article you linked:

If a Standard virtual server is configured with Layer 7 functionality, such as an HTTP profile, the client must send at least one data packet before the server-side connection can be initiated by the BIG-IP LTM system.

That is what I THINK is happening. If I do a tcpdump on one of the blocked IP's, I see one syn packet going out Cogent, with no reply. It would seem that without the reply, the rule doesn't trigger. But without the http profile, I cant use the http_request event. And the other lower level events, like Client_Connected never get past the syn packet either, so I don't see how they would work?

Thanks by the way for all the suggestions, I really feel like I should be able to get this to work. We load balance the two ISP's already, so if were to mark Cogent down, everyone would go out Charter and it would be fine. But trying to only do it for one site seems to be more trouble than I expected, at least based on what little I know of iRules :)

I even tried making a Virtual Server with a blocked IP as its destination on all ports, and had it automap and send to a default pool that just contains the charter router, and it will didn't work...am I right in thinking that the more specific virtual server will process the traffic, over the virtual server that grabs everything on a Performance Layer 4?