Terry_Rodecker_
Dec 09, 2010Nimbostratus
Group multiple gateway and SNAT pools
We have 2 Link Controllers that are doing ingress load balancing between 3 different ISPs. There are some sites we visit that are firewalled and will only allow our traffic from a certain IP address. Through the support of this forum, we were able to create an iRule that made allowances for that and I really appreciate the help I got. I'm going back to the well again to get some help adjusting that iRule or, to see if there's a different way to do this.
We are talking to one of the sites about opening up their firewall to allow our data from more than one IP address. If they do make that change, I'm not for certain what the iRule would look like. What I would like to do is have the iRule set in basically 3 parts. The first part references a datagroup of destination IP addresses and sends that traffic down the primary ISP connection. The second part would also reference a datagroup of destination IP addresses but would allow the traffic down either of two links. The third part would be the "catch-all" that does autosnat. What I don't know is how to reference both of the links in the second group. Is there a way to create a logical grouping of the gateway pools and SNATs and reference that?
Here's our existing iRule. Thanks.
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals A.A.A.A]}
{snat 1.1.1.1
pool ISP1_gw_pool}
elseif { [IP::addr [IP::client_addr] equals B.B.B.B]}
{snat 1.1.1.2
pool ISP1_gw_pool}
elseif { [IP::addr [IP::client_addr] equals C.C.C.C]}
{snat 1.1.1.3
pool ISP1_gw_pool}
else {
if { [class match [IP::local_addr] equals ISP1-Firewalled-Destinations] }
{snatpool ISP1_150_snat
pool ISP1_gw_pool }
else {
snat automap
}
}
}