Forum Discussion

Eric_Stewart_36's avatar
Eric_Stewart_36
Icon for Nimbostratus rankNimbostratus
Oct 15, 2018

Verify iRule Syntax

Hello all

I am trying to write an iRule that will check for the incoming port, and then, check source IP address, and choose a Pool accordingly. This is my first iRule. Please let me know if this looks like I am programming it correctly. Obviously the X.X.X.X entries will have my desired IPs inserted. The Virtual Server has a default pool assigned that should catch anything that does not get caught by the iRule. There is also a Default Persistence Profile on the Virtual Server that I do not want used if a match is found in the iRule, thus the "persist none" entries. Please let me know if that is correct also.

Thanks!!! Eric

when CLIENT_ACCEPTED {

if {[TCP::local_port] equals 7002 or [TCP::local_port] equals 443 or [TCP::local_port] equals 8443} {

    if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP1
    }

    if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP2
    }

    if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP3
    }

    if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP4
    }

    if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP5
    }
}
if {[TCP::local_port] equals 7001 or [TCP::local_port] equals 80} {
    if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP1
    }

    if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP2
    }

    if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP3
    }

    if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP4
    }

    if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP5
    }
}

}

application delivery
iRules
LTM
  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Icon for Nacreous rankNacreous
    Oct 17, 2018

    I would try to avoid using so many repeated 'if' statements as it can be come quite cumbersome and small changes could ended up breaking your iRule.

    Using a datagroup with IP to pool mappings can be a cleaner way to achieve the same result. Switch statements are also faster and are a good alternative to using successive 'or' operators. Also the second 'if' block looks like it could be placed within the first - for this reason I've included it within the same switch 'or' block.

    Datagroup

    ltm data-group internal my_dg {
    records {
        10.1.1.1 {
            data pool_a
        }
        10.1.1.2 {
            data pool_b
        }
    }
    type string
}

    iRule

    when CLIENT_ACCEPTED {
    switch [TCP::local_port] {
        "7002" -
        "443" -
        "8443" -
        "7001" -
        "80" {
            if {[set my_app [class match -value [IP::addr[IP::client_addr] equals "my_dg"]]]} {
                persist none
                pool $my_app
            }
        }
    }
}