Forum Discussion
Kai_Wilke
Jan 20, 2019MVP
Hi Hawary,
you may use the iRule below on your
IP-Forwarding
Virtual Server, to overwrite the SNAT and Nexthop-IP based on the availability of the Def-GW for ISP1.
- If ISP1 is available it will route traffic from Network 1 to ISP1
- If ISP1 is available it will route traffic from Network 2 to ISP2
- If ISP1 is offline it will route traffic from Network 1 to ISP2
- If ISP1 is offline it will reject traffic from Network 2
Note: You don't have to care if ISP2 is offline - simply try to send traffic to ISP2 as gateway of last resort and see what happens. If ISP2 is down the traffic will be dropped anyway...
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] 10.10.10.0/24] } then {
Section for Network 1
if { [active_members GW_ISP_1_POOL] > 0 } then {
ISP 1 is online. Use VS default settings and local routing table.
} else {
ISP 1 is offline. Setting SNAT IP and Nexthop (aka. routing table overwrite) to ISP2
snat 222.222.222.10 ; Your IP for ISP2
nexthop 222.222.222.1 ; Def-GW of ISP2
}
} elseif { [IP::addr [IP::client_addr] 10.20.20.0/24] } then {
Section for Network 2
if { [active_members GW_ISP_1_POOL] > 0 } then {
ISP 1 is online. Setting SNAT IP and Nexthop (aka. routing table overwrite) to ISP2
snat 222.222.222.10 ; Your IP for ISP2
nexthop 222.222.222.1 ; Def-GW of ISP2
} else {
ISP 1 is offline. Reject access for Network 2.
reject
}
} else {
Undefined traffic will use VS default settings...
}
}
Note: If you utilize the
Virtual Server for internal communication too, then define some additional exceptions for your internal destination IPs (e.g. RFC1918 IPs) at the top of the script, so that the IP-Forwarding
/ snat
overwrites will have no effect on those connections.nexthop
Cheers, Kai