Irule TCP Port Issue

Hi Felix,

I am guessing that your BIG-IP Version is 9.x.x. If you are running v10.x.x you should change from "matchclass" to "class match" and drop the "$::" from the class name.

Try this:

when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::src_nets ] and [[TCP::local_port] equals "8181" ] } {
snat 172.16.1.100
}
}

My version is v10.x.x.x. But the match class by itself works ?? its the destination port section Im having issues with ...

Hi Felix,

Try this and let me know how it works out. I have converted it to v10.x.x (match class), modified the second condition, and modified the event from CLIENT_ACCEPTED to HTTP_REQUEST:

 
when HTTP_REQUEST {
if { [class match [IP::client_addr] equals src_nets ] and [[LB::server port] equals "8181" ] } {
        snat 172.16.1.100
    }
}

Hi Michael,

I don't think LB::server port will return a value until a load balancing selection has been made. If you want to check the client's destination port, you can use TCP::local_port in CLIENT_ACCEPTED as you did earlier in this thread:

when HTTP_REQUEST {
    if { [class match [IP::client_addr] equals src_nets ] and [TCP::local_port] == 8181 } {
        snat 172.16.1.100
    }
}

Aaron

I actually tested it to make sure it works in the HTTP_REQUEST Event.

 

 

And while it is not listed in the Valid Events section of the Wiki Page, it utilized in the second Example.

 

 

Must have gotten missed and left out of the Valid Events section of the Wiki Page.

Hrm... [LB::server] and [LB::server pool] return the VS default pool name before a load balancing selection has been made (normally in LB_SELECTED). I wonder what LB::server port actually returns before a load balancing selection has been made. Is it the client destination port or a port of one of the pool members? I'm guessing the former, but it's not very intuitive that the command would even work as it should return info on the load balancing selection.

 

 

Aaron

The environment I tested the even in had the request incoming on Port 80, with Port Translation enabled.

I executed the following iRule and only received a response in the HTTP_REQUEST Event. A Load Balancing decision would have had to have been made in order to determine what the server Destination Port would have been.

when CLIENT_ACCEPTED {
if { [LB::server port] equals "8181" } {
log local0. "Client Accepted Event:  LB Selected Server: [LB::server] / Selected Port: [LB::server port]"
}
}
when HTTP_REQUEST {
if { [LB::server port] equals "8181" } {
log local0. "HTTP Request Event:  LB Selected Server: [LB::server] / Selected Port: [LB::server port]"
}
}

I believe that the LB Decision would have had to have already been made in order for this to function properly.

"This command allows you to query for information about the member selected after a load balancing decision has been made."

Sanitized Test Output:

Sep 28 12:06:52 local/tmm1 info tmm1[5062]: Rule Z.iRule.Development : HTTP Request Event: LB Selected Server: pool.test.pool.name 10.xxx.xxx.xxx 8181 / Selected Port: 8181

Thanks for your responses guys. So to clarify if Im adding this to a forwarding virtual server I just need to add

 when HTTP_REQUEST {
    if { [class match [IP::client_addr] equals src_nets ] and [TCP::local_port] == 8181 } {
        snat 172.16.1.100
    }
}

What about if the the traffic isnt HTTP based ?? Which in this case i dont believe it is .....

So guys want it the option for when non http traffic just going via the VS forwarder !?

 

 

Thanks for all your help..

You could use CLIENT_ACCEPTED for non-HTTP traffic.

 when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals src_nets ] and [TCP::local_port] == 8181 } {
        snat 172.16.1.100
    }
}

Aaron