Forum Discussion
Deon
Nimbostratus
NimbostratusSelect Alternate Pool Based On Client IP?
This would appear to be a common enough idea but I can't locate any examples that lead me down the direction I need. I am looking for an iRule that looks at the client IP address at the time the load balance decision is made and then changes to a different pool in the case where the client IP is within a specific subnet.
Thanks
DeonOK, I think I might have the solution figured out. This is what I have so far and it appears to be working. Anybody see any issue with what I am doing here? Critiques welcome!
-Deonwhen RULE_INIT { log local0. "Select_CSS_Pool rule loading..." } when CLIENT_ACCEPTED { log local0. "Select_CSS_Pool: accepted client" TCP::collect } when CLIENT_DATA { set clientip [IP::client_addr] log local0. "Select_CSS_Pool: accepted client- $clientip" if { $clientip starts_with "172.22.166." } { log local0. "Selecting alternate pool CSS_2" pool CSS_2 } TCP::release }
hoolioCirrostratus
Hi Deon,
You don't need to collect the TCP payload to select a pool based on the IP address. Take a look at the IP::addr wiki page (Click here). The first example does this. If you have more than one IP address or subnet to compare, you should consider adding the IP addresses/ranges to a datagroup and using matchclass to perform the evaluation (Click here) .
Aaron- hoolioHi Deon,
It's more exact and faster to perform an IP address comparison versus a string comparison on the client IP address. It's actually the third example on the IP::addr wiki page which I was referring to:when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr]/24 equals 172.22.166.0] } { pool CSS_2 } }
On a standard TCP VIP, CLIENT_ACCEPTED is triggered when the client establishes a TCP connection with the VIP. CLIENT_DATA is only triggered if you collect the TCP payload with TCP::collect. There is more detail on events on the events wiki page (Click here).
Aaron - DeonI think this is what you might be looking for.
-Deonwhen CLIENT_ACCEPTED { if { not [IP::addr [IP::client_addr]/24 equals 10.1.1.0] } { pool maintenance_pool } } - DeonIt sounds like then you want to send a redirect back to the client instead of selecting a specific pool. sending a redirect and choosing a specific pool to me would be mutually exclusive choices. in other words, you would not do both in the same condition in one iRule. A redirect looks something like this:
HTTP::redirect "http://[HTTP::host][/MyAppURI]"
HTTP::host will be the value of the host as requested or sent by the client browser. Replace with a hardcoded value if you want to. Also adjust http/https as you need. Hope this helps.
-Deon - DeonFrom your description or inclusion of the words "maintenance page", I think you are really looking for a redirect. Selecting a pool (or member for that matter) to use is a different type of decision that is made in the BigIP and determines where the users request(s) will be sent along to for processing.
You can also code the maintenance page directly on the BigIP. Use an HTTP::respond with the maintenance page contents if you do not want to redirect to another server/page. Simple pages that do not have any images or that have their images hosted elsewhere are fairly easy to send back from the BigIP in this manner.
http://devcentral.f5.com/wiki/default.aspx/iRules/HTTP__respond.html