Forum Discussion

Jeff_124628's avatar
Jeff_124628
Icon for Nimbostratus rankNimbostratus
May 02, 2017

One virtual server to many pools via iRule

Is a default pool to a virtual server required if its desired to have the traffic to the virtual server directed by an associated irule? We have a single virtual server where depending on the traffic source (internal/external) the target should MFA. One pool will have MFA and the other for internal traffic will not. So far I have the following irule built (not tested yet):

 

when CLIENT_ACCEPTED { if { [IP::addr[IP::client_addr] equals 50.0.0.0/8] } { pool pool_int } else {

 

pool pool_ext } }

 

However, I am unsure if a default pool associated to the virtual server is required or recommended. Any guidance is greatly appreciated.

 

Jeff

 

application delivery
iRules

4 Replies

Sort By
  • P_K's avatar
    P_K
    Icon for Altostratus rankAltostratus
    May 02, 2017

    Hello Jeff,

     

    No, you wouldn't need a default pool associated with the virtual server as long as you are using pools in your iRule. I do this all the time. The VIP should be UP if atleast one of your Pool is green.

     

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    May 02, 2017

    Hi Jeff,

     

    It's not required. Once you define it in the iRule it will process it there.

     

    I hope this helps

     

    -=Bhattman=-

     

  • Jeff_124628's avatar
    Jeff_124628
    Icon for Nimbostratus rankNimbostratus
    May 02, 2017

    After some testing, I can access each pool if I make each one the virtual servers "default pool". However, if I remove the default pool and rely on the iRule the traffic is not routed. Is there something I am missing in the iRule?

     

    when CLIENT_ACCEPTED { if { [IP::addr[IP::client_addr] equals 50.0.0.0/8] } { pool pool_int } else { pool pool_ext } }

     

  • P_K's avatar
    P_K
    Icon for Altostratus rankAltostratus
    May 02, 2017

    Try using this

     

    when HTTP_REQUEST {

     

    if { [IP::addr[IP::client_addr] equals 10.10.10.100] } {

     

    log local0. "Client IP is [IP::client_addr], redirecting to pool_int"

     

    pool pool_int

     

    } else {

     

    log local0. "client IP did not match"

     

    pool pool_ext

     

    }

     

    }

     

    If you are specifically looking to match against a range of IPs, check this link

     

    https://devcentral.f5.com/questions/pool-redirect-based-on-source-ip-range