Forum Discussion

demi_21705's avatar
demi_21705
Icon for Nimbostratus rankNimbostratus
Apr 08, 2009

IP detection, iRules optimization

I am working on a project that involves using the F5 Big-IP to inject a header for a range of countries based on IP address. There are around 20+ countries and about 7000+ ip ranges (address + netmask) that are in those 20+ countries. Each country, when detected, will get its own version of the header.

 

 

This all has to be created programmatically through iControl API - currently using Perl. My thought is to add 20+ data groups (which would each contain some portion of these 7000+ ip ranges) and associate an iRule for each data group.

 

 

Thus, an incoming request will have to pass through match checks on 20+ data groups, each with a large number of ip ranges.

 

 

My questions are:

 

- is the F5 likely capable of handling this quantity of address values in data groups?

 

- will there be significant performance hits with this design?

 

- is there a better suggestion for how to do this? What is the optimal manner in which to handle large quantities of ip ranges in the F5?
dev
devops
iControl

1 Reply

Sort By
  • David_Homoney's avatar
    David_Homoney
    Icon for Nimbostratus rankNimbostratus
    Apr 09, 2009
    demiart,

     

     

    The LTM can handle that amount of data. Using data groups for this is exactly what you want to do, it will provide the most efficient way to handle this. While there are a few challenges to overcome scanning through 20 different data groups, this can be done. The optimal way to deal with IPs is using the Address Data group along with matchclass to check it. There may be other ways to handle this depending on the data. There might be a more efficient way to do this, but without the data that is hard to say. Furthermore, without knowing your hardware it is tough to say what level of strain this may put on your system.