Forum Discussion

Dave_73612's avatar
Dave_73612
Icon for Nimbostratus rankNimbostratus
Jul 28, 2009

Pool redirect based on source IP Range

Hi guys,

 

 

I need to write an IRule to route traffic to different pools based on source IP range.

 

 

Would this be the best syntax to use?

 

 

when CLIENT_ACCEPTED {

 

if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {

 

pool my_pool

 

}

 

}

 

 

Can I just add a subnet mask to the "equals 10.10.10.10" in \ format?

 

 

Thanks in advance.

 

 

D

 

application delivery
dev
devops
iRules

14 Replies

Sort By
Show More
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Dec 06, 2009
    Hi Randy,

    Adding another check would be as simple as the following 

     
 when HTTP_REQUEST { 
 if { [IP::addr [IP::client_addr] equals 209.221.139.195] } { 
    pool Segregation_Pool 
 } else if  { [IP::addr [IP::client_addr] equals 209.221.139.196] } { 
    pool Segregation_pool2 
 }  
 }

    Or using matchclass which would contain a list of IP addresses

    You can find more details here

    http://devcentral.f5.com/wiki/default.aspx/iRules/IP__addr.html

    I hope this helps

    Bhattman

  • Gideon_Chong_24's avatar
    Gideon_Chong_24
    Icon for Nimbostratus rankNimbostratus
    Jan 20, 2016

    Hi Randy,

     

    I'm also in a similar situation as you.

     

    The following iRule is also not working for me:

     

    when CLIENT_ACCEPTED {

     

    set rserver1 "xserver"

     

    set rserver2 "yserver"

     

    if { [IP::addr [IP::client_addr] equals a.a.a.a] } {

     

    pool mypool member $rserver1 80

     

    }

     

    if { [IP::addr [IP::client_addr] equals b.b.b.b] } {

     

    pool mypool member $rserver2 80

     

    }

     

    }

     

    I will test with HTTP_REQUEST tomorrow. But what are is the difference between the 2 and why would it work with one and not with the other? Also I'm using type "standard" as virtual server.

     

    Any suggestion is very appreciated. Thanks.

     

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin
      Jan 20, 2016
      if you are matching an exact IP address you only need IP::client_addr. If you are matching a network, you need a mask with that IP::addr command. Please check the wiki page for IP::addr for examples. If strictly doing IP matching/comparison, no need to use HTTP_REQUEST. Finally, depending on how many servers you end up with, a switch would be preferable to multiple if statements. If you can give me some specifics of what you are trying to accomplish (sanitized) I can cook up a sample for you.
  • Gideon_Chong_24's avatar
    Gideon_Chong_24
    Icon for Nimbostratus rankNimbostratus
    Jan 21, 2016

    Hi Jason,

     

    Thank you for your quick reply.

     

    The setup is as follow.

     

    There are 2 proxy servers (a and b) which connects to this VS. Behind this VS there is a pool with 2 members (x and y). We see that connections are only going to server y. Only when server y is down will the connections be forwarded to server x. We think that the number of sources is the issue.

     

    The VS has the following setup: - VS type is "standard" - TCP protocol with custom idle timeout - Default persistence profile is "source_addr"

     

    The pool has the follow setup: - Load balancing method is "least connection"

     

    With this setup we see the issue happening that I have described on top.

     

    What we would like to achieve is to have each proxy server go to a specific pool member. Only when this specific pool member is down will it go to the other active one.

     

    So normal situation: a -> x and b -> y

     

    If either x or y is down: a -> y and b -> y or a -> x and b -> x

     

    I hope it's clear what we want to achieve.

     

    Thanks in advance!