Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Redirect base on source IP Address for Virtual Server - Local Traffic Policy

Is it possible to have a local traffic policy to redirect traffic based on source ip address.

Here's what I've setup but I don't get any hits on the policy

Policy Name: Redirect-Traffic
Strategy: Execute first matching rule 

Rule1
Rule Name: Match-Server1
Match all of the following conditions:
TCP address matches any of 10.1.1.1 at request time (apply to traffic on remote side of external interface
Forward traffic to node 10.2.2.1 

Rule2 
Rule Name: Match-Server1
Match all of the following conditions:
TCP address matches any of 10.1.1.2 at request time (apply to traffic on remote side of external interface
Forward traffic to node 10.2.2.2
`</pre>

I've generated traffic from both sources but the traffic policy never applies to Rule1

Here's an output of show ltm policy in tmsh

<pre>`-----------------------------------------------------
| Rule                       Action Invoked Succeeded
-----------------------------------------------------
| Match-Server1 0  [forward select]       0         0
| Match-Server2 0  [forward select]       118     118

Is the remote side of external interface - the source client IP address (cs-client-addr)?

0
Rate this Question
Comments on this Question
Comment made 26-Oct-2017 by Javier Somoza 122

Yes, im using the remote side of the external interface.

Im using in v13 this policy condition to filter based on source IP:

“TCP” – “address” – “matches” – “in datagroup” – at “request” time (apply traffic on “remote” side of “external” interface)

Also see:

F5 BIGIP – Bug when using datagroups in LTM policies

https://somoit.net/f5-big-ip/f5-bigip-bug-when-using-datagroups-in-ltm-policies

0

Answers to this Question