For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Source IP Based Pool Routing

Problem this snippet solves:

I had an issue where my company wanted to have more than one mail server sending mail out of our building, they wanted to start sending ¨information emails¨ out but we found that we started to get black listed by mail servers on our main email server due to the ¨information¨ mail servers were using it's external address to send. To get around this I have written this iRule (with the help of the Dev Central Guys) which looks at the source IP of the client and then re-directs to a set pool, then if the source address doesn't match it will use a default pool. You can use this iRule to point any port as long as a virtual server is there listening for that port, you will also need a SNAT pool too.

Code :

when CLIENT_ACCEPTED {

if { [IP::client_addr] equals "*.*.*.*" } {
   pool ¨enter pool name¨
   
#Uncomment the line below to turn on logging.
   #log local0.  "Valid client IP: [IP::client_addr] - HostName"

} elseif { 

[IP::client_addr] equals "*.*.*.*" } {
   pool ¨enter pool name¨

   #Uncomment the line below to turn on logging. 
   #log local0.  "Valid client IP: [IP::client_addr] - HostName"

} elseif { 

[IP::client_addr] equals "*.*.*.*" } {
   pool ¨enter pool name¨

   #Uncomment the line below to turn on logging. 
   #log local0.  "Valid client IP: [IP::client_addr] - HostName"

} elseif {

[IP::client_addr] equals "*.*.*.*" } {
   pool ¨enter pool name¨

   #Uncomment the line below to turn on logging. 
   #log local0.  "Valid client IP: [IP::client_addr] - HostName"

} else {

snatpool ¨enter pool name¨

#Uncomment the line below to turn on logging.
                #log local0.  "Valid client IP: [IP::client_addr] - HostName"

} 
}

### update by cmbhatt to switch ###

when CLIENT_ACCEPTED {
switch -glob [IP::client_addr] {
  "*.*.*.*" { 
                 #Uncomment the line below to turn on logging.         
                 #log local0.  "Valid client IP: [IP::client_addr] - HostName"
                 pool poolname 
                    }
  "*.*.*.*" { 
                 #Uncomment the line below to turn on logging.         
                 #log local0.  "Valid client IP: [IP::client_addr] - HostName"
                 pool poolname
                     }
  default {
                 #Uncomment the line below to turn on logging.         
                 #log local0.  "Valid client IP: [IP::client_addr] - HostName"
                 snatpool pooname3 
                  }
}
}
Published Jan 30, 2015
Version 1.0
application delivery
devops
iRules
pool
No CommentsBe the first to comment