Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

irule for specific traffic

Hi all

I need assist with irule setup

I have the followings virtual server address www.test.com

  1. pool of nodes called "TEST_POOL"
  2. in the pool, there are 4 nodes
  3. only selected users or selected IP users will need to access the "required nodes" in the pool, and rest of the users will need to access the "other live nodes" as shown in the picture

is that possible, if yes how the setup will be ? please advise see picture below

Thanks AliImage Text

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

If all your Selected users are from the same IP subnet you can use multiple Virtual Serve with the Source address set to the Select users subnet on the first one, then assign different pools based on where you want the users traffic to be directed to.

E.g.

  • VS1 Source Address=< user subnet > Pool=< Select Server pool >
  • VS2 Source Address = *(any) Pool=< Other Server Pool >

See the following for the selection order of Virtual Server on LTM: K14800: Order of precedence for virtual server matching

0
Comments on this Answer
Comment made 08-Aug-2018 by shurufade 1

Thanks AMG for your swift response

can you please put together and paste here what irule tcl will look like when using different source subnets ?

e.g
when HTTP_REQUEST {

}

and aslo can we use AD group in the source users instead of using source ip address ?

Thanks

0
Comment made 08-Aug-2018 by Andy McGrath 2563

No iRules needed, simply standard LTM Virtual Server and Pool configuration.

If you want to use AD groups to direct users to a select pool or node then you would likely need to utilise the F5 APM module, as you would need to authenticate the user first then forward them on to a select backend destination.

Though there are possible other solutions you could use but depend heavily on the application being used and what the F5 can see within each request.

0
Comment made 08-Aug-2018 by shurufade 1

Thanks again AMG

as it stands LTM source address is any(0.0.0.0/0)

  1. is there anyway possible to achieve above design through irules without creating 2 VS

  2. is it possible to create an irule that says this e.g

if traffic or request comes from ip address x.x.x.x/28>go to TEST_POOl and within the pool select >requirednodes only }

{ and if traffic or request comes from any other ip addresses >go to other nodes }

imagine like firewall or ACL please advise

0