cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Using Data Group List in iRule in a Partition

newmember_18640
Nimbostratus
Nimbostratus

 

Another note: we had to remove the "$::" form the data groups.

 

Is there a syntax for referencing UAT Data Groups in iRules?

 

V10.2 LTM

 

 

 

This fails to use the UAT- Data Groups that are in the UAT partition:

 

iRule in UAT partition.

 

 

 

======================================================

 

Apply SNAT as specified in snatPoolVip for all

 

packets originated from dataGroupSnatSipHa members.

 

Exclude packets addressed to members of

 

dataGroupSnatExcluded.

 

======================================================

 

when CLIENT_ACCEPTED {

 

if { [matchclass [IP::remote_addr] equals $::/UAT/UAT-dataGroupSnatSipHa] }

 

{

 

if { [matchclass [IP::local_addr] equals $::/UAT/UAT-dataGroupSnatExcluded] }

 

{

 

}

 

else

 

{

 

snatpool UAT-snatPoolSipVip

 

}

 

}

 

}

 

 

 

 

This works with the XXX- data groups in the Common Partition.

 

iRule in UAT partition.

 

 

======================================================

 

Apply SNAT as specified in snatPoolVip for all

 

packets originated from dataGroupSnatSipHa members.

 

Exclude packets addressed to members of

 

dataGroupSnatExcluded.

 

======================================================

 

when CLIENT_ACCEPTED {

 

if { [matchclass [IP::remote_addr] equals XXX-dataGroupSnatSipHa] }

 

{

 

if { [matchclass [IP::local_addr] equals XXX-dataGroupSnatExcluded] }

 

{

 

}

 

else

 

{

 

snatpool UAT-snatPoolSipVip

 

}

 

}

 

}

 

3 REPLIES 3

nitass
F5 Employee
F5 Employee
isn't it same as in common partition?

 

 

class Wiki

 

https://devcentral.f5.com/wiki/irules.class.ashx

 

 

root@ve10(Active)(tmos) show sys version|grep -i version Sys::Version Version 10.2.4 root@ve10(Active)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.19.252:http ip-protocol tcp mask 255.255.255.255 pool foo profiles { tcp { } } rules { myrule } snat automap } root@ve10(Active)(tmos) list ltm rule myrule ltm rule myrule { when CLIENT_ACCEPTED { if { [class match -- [IP::client_addr] equals ip_class] } { log local0. "[IP::client_addr] matches [class names ip_class]" } else { log local0. "[IP::client_addr] does not match [class names ip_class]" } } } root@ve10(Active)(tmos) list ltm data-group ip_class ltm data-group ip_class { partition UAT records { 172.28.19.251/32 { } } type ip } [root@ve10:Active] config tail -f /var/log/ltm Jan 17 16:57:48 local/tmm info tmm[4884]: Rule myrule : 192.168.206.33 does not match 172.28.19.251/32 Jan 17 16:58:12 local/tmm info tmm[4884]: Rule myrule : 172.28.19.251 matches 172.28.19.251/32

What_Lies_Bene1
Cirrostratus
Cirrostratus
You should also avoid using hyphens in DG names as these are not always correctly interpreted.

newmember_18640
Nimbostratus
Nimbostratus
Great feedback.

 

We will do all of the suggestions.

 

 

Thanks