Forum Discussion
davec_20224
Nimbostratus
NimbostratusSNAT if client IP is a pool member?
I've seen the end of:
http://devcentral.f5.com/wiki/default.aspx/iRules/SelectiveSNAT.html
but that assumes each backend subnet is a /24, which is not currently true of my setup.
...
hoolio
Cirrostratus
CirrostratusHi Dave,
The active_members -list command (Click here) returns a TCL list of the IP and port of the active pool members of a given pool. You'd need to loop through each list element and compare the client IP to the IP address from the element. I think it's a novel concept, but not very efficient to implement compared with creating two separate VIPs for the two types of traffic handling.
Now, if there was an active_nodes -list command (Click here), you could do something like:
when CLIENT_ACCEPTED {
if {[matchclass [IP::client_addr] equals [active_nodes -list [LB::server pool]]]}{
log local0. "[IP::client_addr] a member of pool [LB::server pool]"
snat automap
}
}
Oddly enough, in 9.4.7, [active_nodes -list $pool] doesn't trigger a syntax or a runtime error--it just returns the same thing that active_members -list does?!
[active_nodes [LB::server pool]]: 1
[active_nodes -list [LB::server pool]]: {10.11.2.201 82}
[active_members -list [LB::server pool]]: {10.11.2.201 82}
Aaron
