Forum Discussion

xiaolin_chen_11's avatar
xiaolin_chen_11
Icon for Nimbostratus rankNimbostratus
Jun 21, 2006

how to write an iRule to redirect traffic to different pool based on URIs and need do client IP nat

I am a new comer to iRules. Now we have following requirement :

 

 

default or main page/site :

 

https://default.domain.com

 

 

siteA

 

https://ht.domain.com/gw

 

siteB

 

https://ht.domain.com/sec

 

 

siteC

 

https://ht-prd.domain.com/gw

 

SiteD

 

heeps://ht-prd.domain.com/sec

 

 

Pools :

 

 

Default_pool

 

PoolA (for siteA and site B ) use tcp port 8398

 

PoolC (for site C and site D) use tcp port 8240

 

 

SSL terminate on LB .

 

 

when the uri equals https://ht.domain.com/gw or https://ht.domain.com/sec , send them to PoolA , port 8398, and client souce address need to be nat.

 

 

when the uri equals https://ht-prd.domain.com/gw or https://ht-prd.domain.com/sec , send them to PoolB , port 8240, and client souce address need to be nat.

 

 

when the uri is other than above four. then send them to default Pool.

 

 

Additional Notes :

 

 

1. All the clients are from Internet . Web servers in PoolA and PoolB are not connected to LB direcly. It need L3 routing to get to them . So we need nat client souce IP to a specifc ip address, then when web server's reply can come back to LB , otherwise the reply will go to internet through another route.

 

 

 

I tried to write an iRule for this, but do not know how to do nat:

 

 

 

when HTTP_REQUEST {

 

set myURI [string tolower [HTTP::uri]]

 

if { $myURI contains "ht.domain.com/gw" } {

 

HTTP::uri /ht.domain.com:8398/gw

 

pool poolA

 

} elseif { $myURI contains "ht.domain.com/sec" } {

 

HTTP::uri /ht.domain.com:8398/sec

 

pool pollA

 

} elseif { $myURI contains "ht-prd.domain.com/gw" } {

 

HTTP::uri /ht-prod.domain.com:8240/gw

 

pool poolC

 

} elseif { $myURI contains "ht-prd.domain.com/sec" } {

 

HTTP::uri /ht-prod.domain.com:8240/sec

 

pool poolC

 

}else { pool Default_Pool }

 

}

 

 

Any assistance/examples/suggestions would be greatly appreciated.

 

 

Thanks

 

Xiaolin

 

 

 

 

application delivery
dev
devops
iRules
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Jun 22, 2006
    Some things that will help terminology wise:

    https://ht.domain.com/gw is a URL, not a URI. A URI is everything after the hostname, so here ht.domain.com is returned by [HTTP::host]. [HTTP::uri] only returns /gw. So you'll need to fix your if statements to reflect that.

    What you are referring to as client NAT is called a SNAT on BIG-IP. So you'll need to add a snat statement to the rule where you want that to happen.

    Finally, BIG-IP will do the port translation to the pool by default so you don't need to manually set the URI to use the ports.

    So you should end up with something like this (I have not validated syntax exactly):

    
when HTTP_REQUEST {
set myURI [string tolower [HTTP::uri]]
set myHOST [string tolower [HTTP::host]]
if { $myHOST == "ht.domain.com" and $myURI contains "gw" } {
  snat automap
  pool poolA
} elseif { $myHOST == "ht.domain.com" and $myURI contains "sec" } {
  snat automap
  pool poolA
} elseif ...
(and so on)
}else { pool Default_Pool }
}

    Hope that helps,

    Denny
  • xiaolin_chen_11's avatar
    xiaolin_chen_11
    Icon for Nimbostratus rankNimbostratus
    Jun 23, 2006
    Thank you very much , i think i can modify a little and test it soon . I am on vocaion next week , Maybe my colleague will go on this . I will let you know the result.