irule for base on source ip

Question

hi all&nbsp;
i have a irule base on source ip address, that is server mail :&nbsp;
when CLIENT_ACCEPTED {&nbsp;
if { [IP::addr [IP::client_addr] equals 10.0.x.y] } {&nbsp;
snatpool NAT_MAILServer&nbsp;
}&nbsp;
else&nbsp;
{&nbsp;
snatpool Nat_Internet_live&nbsp;
}&nbsp;
}&nbsp;
 &nbsp;
snat pool :&nbsp;
 &nbsp;

ltm snatpool NAT_MAILServer {&nbsp;
    members {&nbsp;
        222.255.x.y   ( this ip address is of line isp A)&nbsp;
        183.91.x.y     ( this ip address is of line isp B)&nbsp;
        118.69.x.y    ( this ip address is of line isp C)&nbsp;
    }&nbsp;
}&nbsp;
ltm snatpool Nat_Internet_live {&nbsp;
    members {&nbsp;
        222.255.x.z&nbsp;
        118.69.x.z&nbsp;
        183.91.x.z&nbsp;
    }&nbsp;
}&nbsp;
&nbsp;
we want to modify this irule , so when the line ISP A goes die then can not SNAT 222.255.x.y , line ISP B die then can not SNAT 183.91.x.y,...&nbsp;
 &nbsp;
pls help me&nbsp;
many thanks&nbsp;

the_bhattman · Answer

Hi Hung,
  You can add nodes to the F5 with the ping monitor.  For example each ISP has customer edge router/device that maybe pingable by your F5.  You would add the customer edge router as a node and put a ICMP ping as the default monitor for the node.  Then you modify the irule to check for the UP/DOWN Status of the node
For Example
when CLIENT_ACCEPTED {
 if {[IP::addr [IP::client_addr] eq 10.0.x.y]}{
       if { [LB::status node IP_ADDRESS_OF_ISP-A_node ] eq "up" } { 
           snatpool NAT_MAILServer member 255.255.x.y
       } elseif { [LB::status node IP_ADDRESS_OF_ISP-B_node ] eq "up" } {
           snatpool NAT_MAILServer member 183.91.x.y 
       } elseif { [LB::status node IP_ADDRESS_OF_ISP-C_node ] eq "up" } {
           snatpool NAT_MAILServer member 118.69.x.y
       }
 else
    if { [LB::status node [LB::status node IP_ADDRESS_OF_ISP-A_node ] eq "up" } { 
           snatpool NAT_MAILServer member 255.255.x.z
       } elseif { [LB::status node IP_ADDRESS_OF_ISP-B_node ] eq "up" } {
           snatpool NAT_MAILServer member 183.91.x.z
       } elseif { [LB::status node IP_ADDRESS_OF_ISP-C_node ] eq "up" } {
           snatpool NAT_MAILServer member 118.69.x.z
       }
 } }

I hope this helps
-=Bhattman=-

techgeeeg · Answer

Nice reply also in addition to this I will say one thing I am sure currently you don't have a correct monitor on your gateway pool which has the IP address of all the Three ISP routers. So when any of the link is down it still sends the traffic to that SNAT as for the F5 device the status is unknown. 
I would like to request Bhattman if you can explain how a monitor can be made that can access a google or any website at certain interval both "http &amp; https" to declare that the internet is live through that link.&nbsp;
Regards,&nbsp;

techgeeeg · Answer

Nice reply also in addition to this I will say one thing I am sure currently you don't have a correct monitor on your gateway pool which has the IP address of all the Three ISP routers. So when any of the link is down it still sends the traffic to that SNAT as for the F5 device the status is unknown. 
I would like to request Bhattman if you can explain how a monitor can be made that can access a google or any website at certain interval both "http &amp; https" to declare that the internet is live through that link.&nbsp;
Regards,&nbsp;

Forum Discussion

irule for base on source ip

3 Replies

Recent Discussions

Advise on setting up IRULE

google autenticator broken barcode

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

Related Content

iRule based RADIUS Client Stack

iRule based RADIUS Health Monitor Builder

iRule based RADIUS Server Stack

iRule based 'Natural Speech' Expression Language

Source IP Based Pool Routing