Forum Discussion

Damien_Turner_1's avatar
Damien_Turner_1
Icon for Nimbostratus rankNimbostratus
Jul 01, 2010

Traffic Forwarding.......

I've got a problem I was wondering if anyone could help?

 

I have 3 internet links from my LTM (which also has GTM) and one testing link, I have a bunch of web testers who keep asking me to create internal DNS entires so they can test sites they are creating. They are doing this as if there is no internal DNS record they will be forwarded to the outside worlod with will then reply with an external address of my LTM, if the HTTP requests is going out of one link but the reply then gives them an address on the same link to come in on they fail, if the request is sent out on one link and the responce is one of my other links the connection works.

 

 

I was wondering if an iRule could be used here, can the iRule look at the client address then the desination address and then make a desision on what outward link to use?, an example would be....

 

goto site www.mysite.co.uk (using link 80.1.94.0/24) DNS reply comes back to say you need to go to 80.1.94.1, the link controller then passes the outward connection via link 213.106.234.0 in order for the connection to work.

 

 

I have had a bash....

 

 

when CLIENT_ACCEPTED {

 

if { [matchclass [IP::client_addr] equals $::QA_VLAN ] } {

 

 

if { [matchclass [IP::remote_addr] equals $::External_Links] } {

 

 

pool QA_DIA_Pool

 

 

log local0. "Valid client IP: [IP::client_addr] - Redirected Traffic"

 

 

} else {

 

 

pool DG_POOL

 

 

log local0. "Valid client IP: [IP::client_addr] - Remote IP: [IP::remote_addr] - Not Redirected Traffic"

 

 

}

 

Uncomment the line below to turn on logging.

 

log local0. "Valid client IP: [IP::client_addr] - Same Link Traffic"

 

 

} else {

 

pool DG_POOL

 

Uncomment the line below to turn on logging.

 

log local0. "Valid client IP: [IP::client_addr] - All_Other_Traffic"

 

}

 

}

 

 

In DataClass External Links I have 80.1.94.0/24, 62.254.236.0/24 and 213.106.234.0/24

 

In DataClass QA_VLAN I have 192.168.99.0/24

 

 

When active I can see the iRule is being called but Not Redirect Traffic is handling everything and not passing the connection to my other link.

 

 

Thank you in advance for your help!

 

 

Damien

 

8 Replies

  • Hi Damien,

     

     

    Can you change IP::remote_addr to IP::local_addr and retest? IP::remote_addr in CLIENT_ACCEPTED will return the same as IP::client_addr, the client IP. IP::local_addr in CLIENT_ACCEPTED and other clientside context events will return the destination address on the client to VS packet.

     

     

    Also, if you're on 9.4.4 or higher, you can remove the $:: prefix on datagroup references to make the iRule CMP compatible.

     

     

    Aaron
  • Hi Aaron thank you for getting back to me so fast!, sorry I should have give you my version I'm on 9.4.8 HF2

     

     

    I Have made the changes to the iRule but its still not working, it now looks like.....

     

     

    when CLIENT_ACCEPTED {

     

     

    if { [matchclass [IP::client_addr] equals QA_VLAN ] } {

     

     

    if { [matchclass [IP::local_addr] equals External_Links] } {

     

     

    pool QA_DIA_Pool

     

     

    log local0. "Valid client IP: [IP::client_addr] - Redirected Traffic"

     

     

    } else {

     

     

    pool DG_POOL

     

     

    log local0. "Valid client IP: [IP::client_addr] - Remote IP: [IP::local_addr] - Not Redirected Traffic"

     

     

    }

     

    Uncomment the line below to turn on logging.

     

    log local0. "Valid client IP: [IP::client_addr] - Same Link Traffic"

     

     

     

    } else {

     

     

    pool DG_POOL

     

     

    Uncomment the line below to turn on logging.

     

    log local0. "Valid client IP: [IP::client_addr] - All_Other_Traffic"

     

     

    }

     

    }
  • It seems when I turn on logging that everything is being picked up by "Not Redirected Traffic"

     

    I was also wondering if I needed 2 else statements as they both do the same thing?
  • Can you log a debug line at the beginning of CLIENT_ACCEPTED for every connection to see the client and destination IPs as well as whether they're in the respective datagroups?

    
       log local0. "Client=[IP::client_addr], local=[IP::local_addr], QA_VLAN=[matchclass [IP::client_addr] equals QA_VLAN ]\
          External=[matchclass [IP::local_addr] equals External_Links]"
    

    Aaron
  • Hi Damien,

     

     

    I get an error when trying to access the attachment:

     

     

    http://devcentral.f5.com/Portals/0/activeforums_Attach/logs

     

     

    "We're Sorry - Your request was not completed as expected"

     

     

    Can you just post the first few lines in a [ code ] [/ code ] block?

     

     

    Thanks,

     

    Aaron
  • Hi Aaron, here you go.... [ code ] Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.98.34, local=204.74.108.253, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.98.34, local=199.7.68.253, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.98.34, local=193.108.91.137, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.61.13, local=74.114.28.110, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.98.34, local=64.211.42.196, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.98.34, local=84.53.132.14, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.60.194, local=92.123.195.36, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.60.194, local=92.123.195.36, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.60.194, local=92.123.195.36, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.60.194, local=92.123.195.36, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.60.194, local=92.123.195.36, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.60.194, local=92.123.195.36, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.60.194, local=195.245.127.105, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.98.34, local=77.109.168.31, QA_VLAN=0 External=0 Jul 5 16:55:17 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.62.2, local=209.85.227.101, QA_VLAN=0 External=0 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=88.151.219.226, local=80.1.94.191, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=88.151.219.226, local=80.1.94.190, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.191, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.190, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.191, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=192.168.61.34, local=79.125.114.179, QA_VLAN=0 External=0 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.190, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.191, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.190, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.191, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.190, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.191, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.190, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.191, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.190, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.191, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.190, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.191, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.190, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.191, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.190, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.191, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.190, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.191, QA_VLAN=0 External=3 Jul 5 16:55:18 tmm tmm[1775]: Rule External_Link_Bypass_iRule : Client=62.254.236.250, local=80.1.94.190, QA_VLAN=0 External=3 [/ code ]
  • Hi Damien,

     

     

    None of the client IP addresses are in the QA_VLAN datagroup, so the iRule logic isn't getting used. Can you clarify whether clients should be in this datagroup and if so, what the current contents of the datagroup are?

     

     

    Some of the destination addresses are showing up in the External_Links datagroup.

     

     

    Thanks, Aaron