Forum Discussion

davec_20224's avatar
davec_20224
Icon for Nimbostratus rankNimbostratus
Jul 29, 2009

SNAT if client IP is a pool member?

I've seen the end of:

http://devcentral.f5.com/wiki/default.aspx/iRules/SelectiveSNAT.html

but that assumes each backend subnet is a /24, which is not currently true of my setup.

I haven't figured out a way to programmatically obtain the netmask associated with LB::server_addr with iRules, but I think it might be possible to obtain a list of all of the IPs in the pool and compare against that. Unfortunately I don't quite have the iRule foo yet, so I was hoping someone could help me fill in the blanks: 

 
 when LB_SELECTED { 
   if {[IP::addr "[IP::client_addr]" ***in list of node IPs for pool***]} { 
     snat automap 
   } 
 }

I realize I could also just make two separate virtual servers -- one on the external VLAN without SNAT & one on the internal VLAN with SNAT -- but somehow this seems more elegant.

Thanks,

Dave C.
application delivery
dev
devops
iRules

1 Reply

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jul 29, 2009
    Hi Dave,

    The active_members -list command (Click here) returns a TCL list of the IP and port of the active pool members of a given pool. You'd need to loop through each list element and compare the client IP to the IP address from the element. I think it's a novel concept, but not very efficient to implement compared with creating two separate VIPs for the two types of traffic handling.

    Now, if there was an active_nodes -list command (Click here), you could do something like: 

     
 when CLIENT_ACCEPTED { 
  
    if {[matchclass [IP::client_addr] equals [active_nodes -list [LB::server pool]]]}{ 
  
       log local0. "[IP::client_addr] a member of pool [LB::server pool]" 
       snat automap 
    } 
 }

    Oddly enough, in 9.4.7, [active_nodes -list $pool] doesn't trigger a syntax or a runtime error--it just returns the same thing that active_members -list does?!

    [active_nodes [LB::server pool]]: 1

    [active_nodes -list [LB::server pool]]: {10.11.2.201 82}

    [active_members -list [LB::server pool]]: {10.11.2.201 82}

    Aaron