Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Forward UDP traffic to different Pool using iRule

Subrun
Cirrostratus
Cirrostratus

‎30-Nov-2020 08:18

Hello,

 

I made an iRule to forward traffic to other F5 Pool if source is Different , seems it does not work. If source is other than Defined in iRule expectation is traffic should be processed by default pool. But when I see from F5 , it always hitting to the default pool even traffic is sourcing from defined sources from iRule.

 

What could be the issue from iRule ?

 

when CLIENT_ACCEPTED {

 

#Firewall

set FW1 "10.7.10.10"

#Firewall

set FW2 "10.7.11.10"

#Firewall

set FW3 "10.7.12.10"

#Firewall

set FW4 "10.7.13.10"

 

 switch [IP::client_addr] {

 

      $FW1 {

             if { [LB::status pool ASA_Pool member 10.8.11.23 1514] eq "up" or [LB::status pool ASA_Pool member 10.8.11.24 1514] eq "up" } {

                pool ASA_Pool

          } else { pool Default_Pool }

         }

     $FW2 {

             if { [LB::status pool ASA_Pool member 10.8.11.23 1514] eq "up" or [LB::status pool ASA_Pool member 10.8.11.24 1514] eq "up" } {

                pool ASA_Pool

          } else { pool Default_Pool }

         }

     $FW3 { if { [LB::status pool ASA_Pool member 10.8.11.23 1514] eq "up" or [LB::status pool ASA_Pool member 10.8.11.24 1514] eq "up" } {

                pool ASA_Pool

          } else { pool Default_Pool }

         }

      $FW4 { if { [LB::status pool ASA_Pool member 10.8.11.23 1514] eq "up" or [LB::status pool ASA_Pool member 10.8.11.24 1514] eq "up" } {

                pool ASA_Pool

          } else { pool Default_Pool }

         }

     default { pool Default_Pool }

 

 }

 

}

 

 

 

Labels:
0 Kudos
3 REPLIES 3

Enes_Afsin_Al
MVP
MVP

‎09-Dec-2020 14:04 - last edited on ‎04-Jun-2023 21:09 by Fog

Hi Subrun,

Can you investigate ltm logs?

tail -f /var/log/ltm | grep ASAtestlog

simplified iRule:

when CLIENT_ACCEPTED {
	switch [IP::client_addr] {
		"10.7.10.10" -
		"10.7.11.10" -
		"10.7.12.10" -
		"10.7.13.10" {
			if { [LB::status pool ASA_Pool member 10.8.11.23 1514] eq "up" or [LB::status pool ASA_Pool member 10.8.11.24 1514] eq "up" } {
				log local0. "ASAtestlog-1 | CIP: [IP::client_addr] | 10.8.11.23 is [LB::status pool ASA_Pool member 10.8.11.23 1514] | 10.8.11.24 is [LB::status pool ASA_Pool member 10.8.11.24 1514]"
				pool ASA_Pool
			}
			else {
				log local0. "ASAtestlog-2 | CIP: [IP::client_addr] | 10.8.11.23 is [LB::status pool ASA_Pool member 10.8.11.23 1514] | 10.8.11.24 is [LB::status pool ASA_Pool member 10.8.11.24 1514]"
				pool Default_Pool
			}
		}
		default {
			log local0. "ASAtestlog-3 | CIP: [IP::client_addr] | 10.8.11.23 is [LB::status pool ASA_Pool member 10.8.11.23 1514] | 10.8.11.24 is [LB::status pool ASA_Pool member 10.8.11.24 1514]"
			pool Default_Pool
		}
	}
}
0 Kudos

Subrun
Cirrostratus
Cirrostratus
In response to Enes_Afsin_Al

‎10-Dec-2020 09:54

I may be wrong but do we need an else loop because technically at ELSE you are assigning Default Pool. Or it may be for Programming Logic once an if there should be an ELSE ?

 

Also just note that my default pool is listening on 8514. I may not have clearly mentioned that.

 

I did this below still traffic is moving to DEFAULT Pool

 

   when CLIENT_ACCEPTED {

      switch [IP::client_addr] {

         "10.7.10.10" -

         "10.7.11.10" -

         "10.7.12.10" -

         "10.7.13.10" {

            if { [LB::status pool ASA_Pool member 10.8.11.23 1514] eq "up" or [LB::status pool ASA_Pool member 10.8.11.24 1514] eq "up" } {

               log local0. "ASAtestlog-1 | CIP: [IP::client_addr] | 10.8.11.23 is [LB::status pool ASA_Pool member 10.8.11.23 1514] | 10.8.11.24 is [LB::status pool ASA_Pool member 10.8.11.24 1514]"

               pool ASA_Pool

            }

            else {

               log local0. "ASAtestlog-2 | CIP: [IP::client_addr] | 10.8.11.23 is [LB::status pool Default_Pool member 10.8.11.23 8514] | 10.8.11.24 is [LB::status pool Default_Pool member 10.8.11.24 8514]"

               pool Default_Pool

            }

         }

         default {

            log local0. "ASAtestlog-3 | CIP: [IP::client_addr] | 10.8.11.23 is [LB::status pool Default_Pool member 10.8.11.23 8514] | 10.8.11.24 is [LB::status pool Default_Pool member 10.8.11.24 8514]"

            pool Default_Pool

         }

      }

   }

 

 

 

0 Kudos

Subrun
Cirrostratus
Cirrostratus

‎10-Dec-2020 09:56

Is there an issue you think it could be reading UDP Payload ?

0 Kudos
Copyright © 2023 Khoros, LLC