Forum Discussion

genseek_32178's avatar
genseek_32178
Icon for Nimbostratus rankNimbostratus
Feb 15, 2013

Rules

Hi Experts,

 

We ve the following iRule,

 

rule rule_mix {

 

when CLIENT_ACCEPTED {

 

if { [IP::addr [IP::local_addr]/8 equals 10.112.1.0] }{

 

snat none

 

}

 

else {

 

snatpool pool_mix

 

pool AX

 

}

 

}

 

}

 

applied to the following VS,

 

virtual apps_ax_out {

 

pool ax

 

destination any:any

 

mask 0.0.0.0

 

rules rule_mix

 

profiles xy {}

 

vlans 20 enable

 

}

 

there is a self IP on vlan 20 as below, which is setup as GWY of hosts in VLAN 20. When hosts are sending traffic to access internet sites, traffic is reaching F5 self

 

self 10.10.20.10 {

 

netmask 255.255.255.0

 

vlan 20

 

}

 

Ip but not going beyond. Seems iRule for some reason is not being hit. Not sure why. Will removing and reapplying the iRule help? or Any other thoughts?

 

thanks- gensek

 

 

basic
getting started
new to f5

5 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 15, 2013
    but not going beyond.how did you know? did you see in tcpdump?

     

     

    Seems iRule for some reason is not being hit.can you put some log command in the irule?
  • genseek_32178's avatar
    genseek_32178
    Icon for Nimbostratus rankNimbostratus
    Feb 15, 2013
    Did a trace from the host to an internet ip and found trace stopping after F5 self ip.

     

     

    How to put some log command in the irule.? Is there any other way to find out if traffic from the host is not hitting iRule..bcoz for sure packet is reaching F5 but dropping in there.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 15, 2013
    i think running tcpdump on bigip would be helpful to see what happens.

    i do not think irule is not hit. for logging, you may start by logging ip and port.

    e.g. 

    when CLIENT_ACCEPTED {
  log local0. "[IP::client_addr]:[TCP::client_port] > [IP::local_addr]:[TCP::local_port]"
  if { [IP::addr [IP::local_addr]/8 equals 10.112.1.0] }{
    snat none
  } else {
    snatpool pool_mix
    pool AX
  }
}
when SERVER_CONNECTED {
  log local0. "[IP::local_addr]:[TCP::local_port] > [IP::remote_addr]:[TCP::remote_port]"
}
  • genseek_32178's avatar
    genseek_32178
    Icon for Nimbostratus rankNimbostratus
    Feb 15, 2013
    thank you for the response nitass, will try this and let you know.

     

     

    On a different note, can you plz let me know that if i need to modify the iRule by removing the snatpool pool_mx and pool AX, do we need to remove the complete iRule and reapply with new pools or is there a way to edit only the pool component of it.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 15, 2013
    On a different note, can you plz let me know that if i need to modify the iRule by removing the snatpool pool_mx and pool AX, do we need to remove the complete iRule and reapply with new pools or is there a way to edit only the pool component of it. don't you modify it via gui or irule editor?? i usually don't remove irule from virtual server when modifying.