cancel
Showing results for 
Search instead for 
Did you mean: 

Redirect traffic to pool member based on ip source

ilvista_38339
Nimbostratus
Nimbostratus

I 'm trying to create an iRule to redirect traffic sourced from a specific ip address (public ip) to the right pool member.

 

we have 2 isps ,and for each isp we have many public ip addresses .the load balancing is working perfectly .i decided to use a different public from one isp for the mail server ,so i created a virtual server and the incoming mail is working .the problem is that the outgoing mail are going through the load balance pool and the traffic somtimes(depending on the load balace algorithm ) goes through the wrong isp (second one)witch causes of course a problem and the traffic is never comming back.

 

so i decided to create an iRule fo fix this issue

 

when CLIENT_ACCEPTED {

 

 

if { [IP::addr [IP::client_addr] equals 193.46.x.x /29] } {

 

pool POOL_GW member 193.46.x.x ;

 

;

 

}

 

 

}

 

 

i applied the iRule on the server but it still not working .

 

note :i 'm usin snat to map the internal mail server ip to the public ip 193.46.x.x/29

 

 

any ideas?

 

9 REPLIES 9

nitass
F5 Employee
F5 Employee
if { [IP::addr [IP::client_addr] equals 193.46.x.x /29] } {shouldn't ip be private ip (because it is outgoing traffic)?

 

 

and the irule is applied to correct virtual server, isn't it? i mean, you know, incoming email and outgoing email may be handled by different virtual server.

ilvista_38339
Nimbostratus
Nimbostratus

 

yes it is applied to the right virtual server witch is the 0.0.0.0 internet load balance virtual server .but i need to route traffic to a specific pool member (the right netxt hop for this public ip address).

 

but it ' s not working.i 'm trying to do this because the mail server needs total acces to internet (updates ...en so on).

What_Lies_Bene1
Cirrostratus
Cirrostratus
I think you need to be using the pre-SNAT IP address of the server in your iRule.

ilvista_38339
Nimbostratus
Nimbostratus
i tried that using the private address ,bu no luck

 

tcpdump is still showing me that traffic sourced from this public ip (first isp ip range) is going through the second isp !!!

 

and the traffic never comes back beacause of the routing problem i suppose!!!!

What_Lies_Bene1
Cirrostratus
Cirrostratus
OK, so can you tell us more about the SNATting please? Does the mail server always get SNATted to the same IP? How have you achieved this?

ilvista_38339
Nimbostratus
Nimbostratus
i created a nat this way :Local Traffic ›› SNATs : SNAT List ››

 

tcp dump is showing me thatits working perfectly , the problem lies in the routing ,cause i have another defaulf virtual server 0.0.0.0 for outgoing traffic

 

witch uses a pool of gateways (2 isps) ,now the trafffic nated from the mail server must goes via the first pool member .that why i created the iRule to fix this problem

 

 

 

What_Lies_Bene1
Cirrostratus
Cirrostratus
OK, a few things to try;

 

 

1) Add something like log local0. "[IP::addr [IP::client_addr]] hit this rule" on a new line below the if statement; this will confirm if it's matching

 

2) Remove the space between the network and /29 prefix (if there actually is one in the rule)

 

3) Remove the two semi-colons ;

hoolio
Cirrostratus
Cirrostratus
[IP::addr [IP::client_addr]]

 

 

There isn't a reason to use the IP::addr command to retrieve or parse an IP address. So you could just use [IP::client_addr].

 

 

Aaron

What_Lies_Bene1
Cirrostratus
Cirrostratus
One day I really will remember that! =]