Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Why do we need to use [IP::addr [IP::client_addr]]?

Why can't we simply compare [IP::client_addr] on its own? I'm a bit confused as to why IP::addr has to be used...the thread below is what peaked my curiosity: http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/afv/topic/aft/1172675/aff/5/showtab/groupforums/Default.aspx
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
[IP::addr] - Performs comparison of IP address/subnet/supernet to IP address/subnet/supernet.

In the example they are asking if incoming Client IP Address is contained within any of the listed subnets, then send that traffic to a specific pool, not the one tied to the Virtual Server:


[IP::addr [IP::client_addr]]/24 equals xxx.xxx.xxx.xxx][


The Wiki Entry has some good examples: http://devcentral.f5.com/Wiki/default.aspx/iRules.IP__addr
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
I was looking for a post from unRuleY which had more detail, but couldn't find it. I believe IP::addr does a more efficient byte comparison than you could do with a string comparison. And as Michael points out, IP::addr allows you to do CIDR comparisons that you couldn't easily do with string operations.

Aaron
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Posted By hoolio on 06/24/2010 11:18 AM
I was looking for a post from unRuleY which had more detail, but couldn't find it. I believe IP::addr does a more efficient byte comparison than you could do with a string comparison. And as Michael points out, IP::addr allows you to do CIDR comparisons that you couldn't easily do with string operations.

Aaron


Most of my comparisons are comparing client_addr or server_addr to address-type datagroups which contain both networks and hosts...is there any benefit to using [IP::addr[IP::server_addr]] or should I just save myself the characters?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
I expect [IP::addr $ip] would return 1 if $ip was an IP address and a runtime error if it's not. So I don't see any reason to use that. Running a class command (class, matchclass, etc) with an IP address/network against an address type datagroup should use a byte comparison and be more efficient than a string comparison.

Aaron
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Just an FYI, most efficient format for comparison is

[IP::addr [IP::client_addr] equals xxx.xxx.xxx.0/24]
0
Comments on this Answer
Comment made 1 month ago by Suresh Gurugubilli 27

How can I compare with more then one subnet. Can i use more subnet here, or create data-grop with match all subnets and call data-grop?

0
Comment made 1 month ago by Root44 389

Creating a data-group looks more easy for me.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hey Jason,

Thanks again for all of your testing and the article for this!

Aaron
0