F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

A Catch from the Codeshare: Network Translations

On the side of the road in northern Missouri just north of Mark Twain’s stomping grounds, there is a slice of hillside removed just to the side of the highway. In Arkansas, there’s a nondescript fiel...
Published Nov 21, 2016
Version 1.0
application delivery
LTM
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Nov 24, 2016

Hi Jason,

I was little bit surprised of the complexity of the provided iRule and ended up with a less complicated 20LinesOrLess edition...

when RULE_INIT {
    set static::dg_net_tsl "dg_network_translations"
}
when CLIENT_ACCEPTED {
     Read Data Group
    set original_ip [getfield [IP::client_addr] "%" 1]
    set dg_elements [class match -element $original_ip equals $static::dg_net_tsl]
    if { $dg_elements ne "" } then {
        set new_ip_prefix [findstr $dg_elements " " 1]
        set cidr_mask [findstr $dg_elements "/"  1 " "]
         IP to binary conversion
        binary scan [binary format c4 [split $original_ip "."]] B* original_ip_bin
        binary scan [binary format c4 [split $new_ip_prefix "."]] B$cidr_mask new_ip_prefix_bin
         IP prefix translation and binary to IP conversion
        binary scan [binary format B* "$new_ip_prefix_bin[string range $original_ip_bin $cidr_mask end]"] cccc oct1 oct2 oct3 oct4
        set new_ip "[expr { $oct1 & 0xff } ].[expr { $oct2 & 0xff } ].[expr { $oct3 & 0xff } ].[expr { $oct4 & 0xff } ]"
         SNAT
        snat $new_ip
    }
}

The iRule now translates the client IP by utilizing a rather simple 

[string range]
syntax on the IPs binary string representations. The binary syntax requires not only just fewer lines, but also performs much faster compared to utilizing complex math on a HEX level.

Cheers, Kai