Forum Discussion

swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Sep 16, 2013

undefined procedure error in iRule

Hello Folks,

Could you please help me correcting my following iRule?

================================================================ when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 172.22.64.0/24] } { snat 172.22.64.68 log local0. "SNATTed of SiteB" pool Test_pool }

elseif { [IP::addr [IP::remote_addr] equals 2.2.2.0/24] }

    {
        snatpool NAME_OF_SNAT_POOL
        pool Pool_Name
        log local0. "SNATTed of SiteA"
    }

else { pool Normal }

}

I am getting following errors while adding it to my F5.

"01070151:3: Rule [/Common/Test] error: line 11: [undefined procedure: elseif] [elseif { [IP::addr [IP::remote_addr] equals 2.2.2.0/24] }] line 15: [undefined procedure: snatpool NAME_OF_SNAT_POOL pool Pool_Name log local0. "SNATTed of SiteA" ] [{ snatpool NAME_OF_SNAT_POOL pool Pool_Name log local0. "SNATTed of SiteA" }] line 21: [undefined procedure: else] [else { pool Normal }]"

I am newbie to programming, hence I couldn't figure out the syntax error. :( Seek for your help.

Thanks, Darshan

application delivery
devops
irule
iRules
syntax error
  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Sep 16, 2013
    when CLIENT_ACCEPTED {
    if { [IP::addr [IP::remote_addr] equals 172.22.64.0/24] } {
        snat 172.22.64.68
        log local0. "SNATTed of SiteB"
        pool Test_pool
    } elseif { [IP::addr [IP::remote_addr] equals 2.2.2.0/24] } {
        snatpool NAME_OF_SNAT_POOL
        pool Pool_Name
        log local0. "SNATTed of SiteA"
    } else {
        pool Normal
    }
}

    There was a closing curly bracket missing at the end (related to the event).

    Make sure to have all resources defined (pools, SNATPools) before referencing them in your iRule.

    Are you dealing with a large number of client IPs to translate with different SNATs? Perhaps the 'switch' command will be a better choice:

  • swo0sh_gt_13163's avatar
    swo0sh_gt_13163
    Icon for Altostratus rankAltostratus
    Sep 16, 2013

    Hi Stephan,

     

    Thank you very much for your reply. Yes I need to use an SNAT Pool for "Elseif" part instead of using single SNAT IP address.

     

    Any example to use switch in this scenario? Really appreciate your help.

     

    Cheers! Darshan

     

  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Sep 16, 2013

    Hi Darshan, I will look for a working example based on switch.

    Another alternative is using datagroups (classes).

    In the following example an external datagroup (file based) is used: 
    [root@ltmve:Active] config  cat dg_snat_mapping_ip
host 10.100.100.20 := "10.100.100.120",
host 10.100.100.21 := "10.100.100.121",
host 10.100.100.22 := "10.100.100.122",
host 10.100.100.23 := "10.100.100.123",
host 10.100.100.24 := "10.100.100.124",
network 10.100.100.0/24 := "10.100.100.126",

[root@ltmve:Active] config  bigpipe class ext_dg_snat list
class ext_dg_snat {
    type ip
    filename "/config/dg_snat_mapping_ip"
    mode read
    separator ":="
}

when CLIENT_ACCEPTED {
    set entry [class match -value [IP::client_addr] equals ext_dg_snat]
    if { $entry ne "" } {
        snat $entry
    }
    else {
        log local0. "No SNAT for [IP::client_addr]"
    }
}

    Thanks,

    Stephan
  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Sep 16, 2013

    Hi Darshan,

    the datagroup based version is more flexible regarding subnet mask length.

    Using the following 'switch' based approach limits you to a fixed subnet mask length. 
    when CLIENT_ACCEPTED {
    switch [IP::addr [IP::client_addr] mask 255.255.255.0] {
    10.10.1.0   { snat 10.232.232.1 }
    10.10.2.0   { snat 10.232.232.2 }
    10.10.3.0   { snat 10.232.232.3 }
    default     { snat 10.232.232.4 }
    }
}

    Thanks,

    Stephan
  • swo0sh_gt_13163's avatar
    swo0sh_gt_13163
    Icon for Altostratus rankAltostratus
    Sep 16, 2013

    Hi Stephan,

     

    Thank you very much for your extensive help. However can you please guide me how can I embed the switch command within elseif? I know its below newbie level. Apologies to embarrass you for such a nominal query.

     

    Thanks again, Darshan

     

  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Sep 16, 2013

    Hi Darshan,

    this will be just a combination of both commands.

    Now 'switch' will be evaluated in the context of 'elseif': 
    when CLIENT_ACCEPTED {
    if { [IP::addr [IP::remote_addr] equals 10.10.0.0/16] } {
        snat 10.232.10.1
    } elseif { [IP::addr [IP::remote_addr] equals 10.11.0.0/16] } {
        switch [IP::addr [IP::client_addr] mask 255.255.255.0] {
        10.11.1.0   { snat 10.232.11.1 }
        10.11.2.0   { snat 10.232.11.2 }
        10.11.3.0   { snat 10.232.11.3 }
        default     { snat 10.232.11.8 }
        }
    } else {
        snat 10.232.8.8
    }
}

    Thanks, Stephan

  • swo0sh_gt_13163's avatar
    swo0sh_gt_13163
    Icon for Altostratus rankAltostratus
    Sep 16, 2013

    Hey Stephan,

     

    One more thing, the actual requirement is to route the SNATTed traffic to specific pool as well. So I believe I just have to add "pool " command within IF and ELSEIF statements, right?

     

    Please confirm if its not correct.

     

    Cheers! Darshan

     

  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Sep 16, 2013

    Hi Darshan, you are right, it´s just adding the pool selection as an additional command i.e. as follows: 

        switch [IP::addr [IP::client_addr] mask 255.255.255.0] {
    10.11.1.0   { 
            snat 10.232.11.1
            pool pool_1
        }
    10.11.2.0   { 
            snat 10.232.11.2
            pool pool_2   
        }
    10.11.3.0   { snat 10.232.11.3 }
    default     { snat 10.232.11.8 }
    }

    Thanks, Stephan