1 VS and 2 Pools

You are close...

 

 

You code is comparing the client address to the subnet

 

 

Let's say your client_addr is 172.1.1.1, then your if would equate to this

 

 

if { 172.1.1.1 equals 172.0.0.0 }

 

 

Obviously this will return false. To achieve what you want to do, you'll need to apply the netmask to the IP::client_addr like this

 

 

when CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr]/8 equals 172.0.0.0] } {
    pool Branchplatform_Citizens_pool
  }
  if { [IP::addr [IP::client_addr]/16 equals 10.144.0.0] } {
    pool Branchplatform_Citizens_pool
  } else {
    pool Branchplatform_COB_pool
  }
}

 

 

-Joe

Hello Joe,

 

Thanks for your input, but I still fall through to the Branchplatform_COB_pool when I on a 172 subnet. Any more idea's? Thanks in advance

 

Chuck

I'd recommend throwing in some logging to point out where things are going wrong..

when CLIENT_ACCEPTED {
  log local0. "client address: [IP::client_addr]"
  if { [IP::addr [IP::client_addr]/8 equals 172.0.0.0] } {
    log local0. "[IP::client_addr] is in the 172.0.0.0 subnet"
    pool Branchplatform_Citizens_pool
  }
  if { [IP::addr [IP::client_addr]/16 equals 10.144.0.0] } {
    log local0. "[IP::client_addr] is in the 10.144.0.0 subnet"
    pool Branchplatform_Citizens_pool
  } else {
    log local0. "[IP::client_addr] doesn't match."
    pool Branchplatform_COB_pool
  }
}

Then look in the /var/log/ltm file. If it is not clear to you based on the logged output, if you could pass the log output back here and I'll take a look.

-Joe

It appears to match the rule but goes to the else pool. Please see attached.

 

Thanks Chuck

Hi guys -

I always put the mask on the subnet side of the comparison and it works just fine, so based on your logged results, it looks like it would work either way.

Looking more closely at your logic, though it seems that your "if" construct needs to be reconsidered:

You have 2 "if"s here, which means the conditions are not mutually exclusive. The connection is only forwarded after all conditions have been evaluated and acted upon, so when you send a request from a 172 address, the first condition is True, but the 2nd condtion is False. As a result, the pool is first set to the Citzens pool, but later set to the COB pool, which is where the traffic is actually sent.

You need to combine the 3 tests into one so you get only one result. You can either combine the 2 IP tests into one, or create a single "if / elseif / else" test:

when CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr]/8 equals 172.0.0.0] } {
    pool Branchplatform_Citizens_pool
  } elseif { [IP::addr [IP::client_addr]/16 equals 10.144.0.0] } {
    pool Branchplatform_Citizens_pool
  } else {
    pool Branchplatform_COB_pool
  }
}

or

when CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr]/8 equals 172.0.0.0] or [IP::addr [IP::client_addr]/16 equals 10.144.0.0] }{
    pool Branchplatform_Citizens_pool
  } else {
    pool Branchplatform_COB_pool
  }
}

HTH

/deb