Forum Discussion

smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Jun 23, 2010

switch statement, [IP::addr], and varying subnet masks

I have an irule that uses a bunch of if statements that I'd like to consolidate into a single switch statement:


when HTTP_REQUEST {
  if { [IP::addr [IP::client_addr]/26 equals xxx.xxx.xxx.xxx] or
    [IP::addr [IP::client_addr]/21 equals xxx.xxx.xxx.xxx] or
    [IP::addr [IP::client_addr]/24 equals xxx.xxx.xxx.xxx] or
    [IP::addr [IP::client_addr]/32 equals xxx.xxx.xxx.xxx] or
    [IP::addr [IP::client_addr]/32 equals xxx.xxx.xxx.xxx] } {
    pool [virtual name]_no-SM
  }
}

The xxx.xxx.xxx.xxx do not denote the same address/network - they are all different.

Is there any way write this switch statement, without referencing an external class, in a way that will evaluate these conditions with the variable subnet masks?

4 Replies

  • the [IP::addr] command is what lets you match on CIDR network masks in the code snippet you provided, not the if conditional. Unfortunately, that functionality isn't part of the switch matching engine - you can do classful networks with -glob matching (/8,/16, /24) but not CIDR networks (/21 /9 /30).
  • Could you rework the comparison logically to check if the client IP is part of the subnets (ie [IP::addr [IP::client_addr] equals xxx.xxx.xxx.xxx/26] instead of [IP::addr [IP::client_addr]/26 equals xxx.xxx.xxx.xxx]? If so, you could do an address comparison using class match (or matchclass) and an address type datagroup of the subnets.

     

     

    Aaron
  • Thanks for your feedback. Interesting idea hoolio - I had the idea if inverting this logic floating around in my head, but I guess I never formalized it. And I think the switch statement might work. I don't like to use classes if I don't need to because I they are a bit obscure to my coworkers who aren't as comfortable managing LTMs as I am. Using a switch statement, the entire code is right there in front of you - in addition to that, I assume the iRule would be faster without the external reference.

     

     

    I'll try this and post my results:

     

    
    when HTTP_REQUEST {
      switch [IP::addr [IP::client_addr]] {
        "xxx.xxx.xxx.xxx/26" -
        "xxx.xxx.xxx.xxx/21" -
        "xxx.xxx.xxx.xxx/24" -
        "xxx.xxx.xxx.xxx/32" -
        "xxx.xxx.xxx.xxx/32" { pool [virtual name]_no-SM }
      }
    }
  • As I'm sure you probably know, the [IP::addr [IP::client_addr]] statement doesn't work like this. So I will either have to retain my numerous IF statements, or use a class as hoolio suggested.

     

     

    Thanks again for the feedback.