Forum Discussion
Anthony_7417
Feb 16, 2009Historic F5 Account
Yeah, you could do that, and that'd work. You could also make the destination of the topology records a pool which is set to 'drop packet' or 'return to DNS'. But since topology records are shared, if you already have a complex set of topology records configured for other wideips, it might take a lot of thought + planning to re-work the toplogy rules to include access control. And returning non-routable addresses just doesn't seem clean to me.
With the iRule, you write it once, than apply it to whatever wideip you desire. The iRule also makes it very clear what's going on, where as someone looking at a set of topology records might not understand the intent.
The iRule might be a little difficult to maintain since GTM doesn't have matchclass, which is a bit of a shame. When GTM gets matchclass, an iRule like this should be much more maintainable.