Forum Discussion

Todd_93078's avatar
Todd_93078
Icon for Nimbostratus rankNimbostratus
Nov 26, 2012

iRule Routing for newbie

For a lot of reasons I have to use SNAT pools for 5 teleconference devices inside the network. Each have their own internet IP mapped through a NAT previously. Due to many problems with the wildcard outbound VS I had to drop the NAT and change to a SNAT design instead. Problem is that my outbound-in traffic for those IP's no longer work.

 

 

Is it possible to create an iRULE such as:

 

 

when CLIENT_ACCEPTED {

 

if { [IP::addr [IP::client_addr] equals 4.4.4.4 ] }{

 

node 10.10.10.4

 

} elseif { [IP::addr [IP::client_addr] equals 4.4.4.5 ] }{

 

node 10.10.10.5

 

} elseif { [IP::addr [IP::client_addr] equals 4.4.4.6 ] }{

 

node 10.10.10.6

 

}

 

 

 

}

 

 

but attach this to a forwarding IP VS listening to 4.4.4.4-6

 

 

Or could you recommend a better solution. No offense to the F5 folks, but the last problem I had support had me running in circles and you guys sent me towards a solution it in a few posts...

 

 

Thanks,

 

Todd

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 26, 2012

    I'm not sure you can specify a node with a forwarding IP VS. Just so I'm clear, is this for traffic initiated 'outside' to 'inside' (rather than responses over connections initiated outbound?)

     

     

    You say you've switched to an SNAT design but what exactly has that entailed VS wise? If there's no VS listening on the 'outside' that'll be your issue.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 26, 2012
    but attach this to a forwarding IP VS listening to 4.4.4.4-64.4.4.4-6 are client (source) ip, aren't they? so, i think virtual server should be listening on wildcard (0.0.0.0) rather than 4.4.4.4-6 since you know virtual server address is destination (not source) ip.

     

     

    you can configure virtual server like the article below and use your irule to route client traffic to specific gateway (node command).

     

     

    LTM: Per-VLAN Default Gateways by Deb

     

    https://devcentral.f5.com/tutorials/tech-tips/ltm-per-vlan-default-gateways
  • Todd_93078's avatar
    Todd_93078
    Icon for Nimbostratus rankNimbostratus
    Nov 26, 2012
    Thanks Steve,

     

    In my hurry to roll this out I did not finish setting up the VS to begin with. I will go ahead and create a VS for each system individually. My first though was to put a listener for the entire external IP range and use the iRULE to mimic the NAT rules. I think I am trying to put a round peg through a square hole though. Finally figured out the cli command for VS so it did not take too long.

     

     

    Nitass,

     

    I am going to read up on that tonight and see if it fits our setup better. Thanks.