Forum Discussion

Nimbostratus

Jan 26, 2009

Routing iRule

Hi, We have a layer2 configuration on our LTM. There's a down stream FW, behind which the hosts to be load balanced to reside. Can a iRule be written to sent traffic des...

Historic F5 Account

Jan 26, 2009

most likely. something like this:

when CLIENT_ACCEPTED {   
      if {[IP::addr [IP::remote_addr] eq 10.0.1.0/24] }{   
         node    
      }   
      elseif {[IP::addr [IP::remote_addr] eq 10.0.2.0/24] }{   
         node    
      }   
   }

would get you started.

But really you'd probably want to build the same of gateway pools as firewalls, each using all firewalls in a different priority order, so you have some way to verify the health of the fw before sending traffic to it, and a fallback in case it fails:

pool FW1 {   
     member :0 prio 100   
     member :0 prio  50   
     monitor FW_transparent   
   }   
   pool FW2 {   
     member :0 prio 100   
     member :0 prio  50   
     monitor FW_transparent   
   }   
      
   when CLIENT_ACCEPTED {   
      if {[IP::addr [IP::remote_addr] eq 10.0.1.0/24] }{   
         pool FW1   
      }   
      elseif {[IP::addr [IP::remote_addr] eq 10.0.2.0/24] }{   
         pool FW2   
      }   
   }

Each pool member would ideally be monitored with a transparent monitor targetting a host one hop past it.

Persistence might be required for some apps as well, but might create an undesirable traffic pattern on failback after failover, so think it through & test thoroughly.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)