Forum Discussion

newmember_18640's avatar
newmember_18640
Icon for Nimbostratus rankNimbostratus
Jan 16, 2013

Using Data Group List in iRule in a Partition

 

Another note: we had to remove the "$::" form the data groups.

 

Is there a syntax for referencing UAT Data Groups in iRules?

 

V10.2 LTM

 

 

 

This fails to use the UAT- Data Groups that are in the UAT partition:

 

iRule in UAT partition.

 

 

 

======================================================

 

Apply SNAT as specified in snatPoolVip for all

 

packets originated from dataGroupSnatSipHa members.

 

Exclude packets addressed to members of

 

dataGroupSnatExcluded.

 

======================================================

 

when CLIENT_ACCEPTED {

 

if { [matchclass [IP::remote_addr] equals $::/UAT/UAT-dataGroupSnatSipHa] }

 

{

 

if { [matchclass [IP::local_addr] equals $::/UAT/UAT-dataGroupSnatExcluded] }

 

{

 

}

 

else

 

{

 

snatpool UAT-snatPoolSipVip

 

}

 

}

 

}

 

 

 

 

This works with the XXX- data groups in the Common Partition.

 

iRule in UAT partition.

 

 

======================================================

 

Apply SNAT as specified in snatPoolVip for all

 

packets originated from dataGroupSnatSipHa members.

 

Exclude packets addressed to members of

 

dataGroupSnatExcluded.

 

======================================================

 

when CLIENT_ACCEPTED {

 

if { [matchclass [IP::remote_addr] equals XXX-dataGroupSnatSipHa] }

 

{

 

if { [matchclass [IP::local_addr] equals XXX-dataGroupSnatExcluded] }

 

{

 

}

 

else

 

{

 

snatpool UAT-snatPoolSipVip

 

}

 

}

 

}

 

application delivery
dev
devops
iRules

3 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 17, 2013
    isn't it same as in common partition?

    class Wiki

    https://devcentral.f5.com/wiki/irules.class.ashx 

    root@ve10(Active)(tmos) show sys version|grep -i version
Sys::Version
  Version  10.2.4
root@ve10(Active)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.19.252:http
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        tcp { }
    }
    rules {
        myrule
    }
    snat automap
}
root@ve10(Active)(tmos) list ltm rule myrule
ltm rule myrule {
    when CLIENT_ACCEPTED {
  if { [class match -- [IP::client_addr] equals ip_class] } {
    log local0. "[IP::client_addr] matches [class names ip_class]"
  } else {
    log local0. "[IP::client_addr] does not match [class names ip_class]"
  }
}
}
root@ve10(Active)(tmos) list ltm data-group ip_class
ltm data-group ip_class {
    partition UAT
    records {
        172.28.19.251/32 { }
    }
    type ip
}

[root@ve10:Active] config  tail -f /var/log/ltm
Jan 17 16:57:48 local/tmm info tmm[4884]: Rule myrule : 192.168.206.33 does not match 172.28.19.251/32
Jan 17 16:58:12 local/tmm info tmm[4884]: Rule myrule : 172.28.19.251 matches 172.28.19.251/32
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 17, 2013
    You should also avoid using hyphens in DG names as these are not always correctly interpreted.