Forum Discussion

ilvista_38339's avatar
ilvista_38339
Icon for Nimbostratus rankNimbostratus
Feb 28, 2013

Redirect traffic to pool member based on ip source

I 'm trying to create an iRule to redirect traffic sourced from a specific ip address (public ip) to the right pool member.

 

we have 2 isps ,and for each isp we have many public ip addresses .the load balancing is working perfectly .i decided to use a different public from one isp for the mail server ,so i created a virtual server and the incoming mail is working .the problem is that the outgoing mail are going through the load balance pool and the traffic somtimes(depending on the load balace algorithm ) goes through the wrong isp (second one)witch causes of course a problem and the traffic is never comming back.

 

so i decided to create an iRule fo fix this issue

 

when CLIENT_ACCEPTED {

 

 

if { [IP::addr [IP::client_addr] equals 193.46.x.x /29] } {

 

pool POOL_GW member 193.46.x.x ;

 

;

 

}

 

 

}

 

 

i applied the iRule on the server but it still not working .

 

note :i 'm usin snat to map the internal mail server ip to the public ip 193.46.x.x/29

 

 

any ideas?

 

application delivery
dev
devops
iRules

9 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 28, 2013
    if { [IP::addr [IP::client_addr] equals 193.46.x.x /29] } {shouldn't ip be private ip (because it is outgoing traffic)?

     

     

    and the irule is applied to correct virtual server, isn't it? i mean, you know, incoming email and outgoing email may be handled by different virtual server.
  • ilvista_38339's avatar
    ilvista_38339
    Icon for Nimbostratus rankNimbostratus
    Feb 28, 2013

     

    yes it is applied to the right virtual server witch is the 0.0.0.0 internet load balance virtual server .but i need to route traffic to a specific pool member (the right netxt hop for this public ip address).

     

    but it ' s not working.i 'm trying to do this because the mail server needs total acces to internet (updates ...en so on).
  • ilvista_38339's avatar
    ilvista_38339
    Icon for Nimbostratus rankNimbostratus
    Feb 28, 2013
    i tried that using the private address ,bu no luck

     

    tcpdump is still showing me that traffic sourced from this public ip (first isp ip range) is going through the second isp !!!

     

    and the traffic never comes back beacause of the routing problem i suppose!!!!
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Feb 28, 2013
    OK, so can you tell us more about the SNATting please? Does the mail server always get SNATted to the same IP? How have you achieved this?
  • ilvista_38339's avatar
    ilvista_38339
    Icon for Nimbostratus rankNimbostratus
    Feb 28, 2013
    i created a nat this way :Local Traffic ›› SNATs : SNAT List ››

     

    tcp dump is showing me thatits working perfectly , the problem lies in the routing ,cause i have another defaulf virtual server 0.0.0.0 for outgoing traffic

     

    witch uses a pool of gateways (2 isps) ,now the trafffic nated from the mail server must goes via the first pool member .that why i created the iRule to fix this problem

     

     

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Feb 28, 2013
    OK, a few things to try;

     

     

    1) Add something like log local0. "[IP::addr [IP::client_addr]] hit this rule" on a new line below the if statement; this will confirm if it's matching

     

    2) Remove the space between the network and /29 prefix (if there actually is one in the rule)

     

    3) Remove the two semi-colons ;
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Feb 28, 2013
    [IP::addr [IP::client_addr]]

     

     

    There isn't a reason to use the IP::addr command to retrieve or parse an IP address. So you could just use [IP::client_addr].

     

     

    Aaron