Client Source routing to virtual servers/pools

Question

Hello All 
&nbsp;  
&nbsp; I have a weird request for F5 and was wondering if anyone here could help me with getting it going. 
&nbsp;  
&nbsp; Basically, a single URL for users to get access to an application whether they are inside the organization (private IP) or outside (public IP).  I want to have a single virtual server for load balancing the pool of servers on the backend, but based on whether the user is coming from an internal address or an external address, I want to send the user to different pools on the backend.  The internal pool of servers has some additional content and functionality not available to outside users but would like to keep the same host name.  Not sure if there is a way to do source-address routing to virtual servers and pools, but any help you can give would be appreciated 
&nbsp;  
&nbsp; Nick

jrahm · Answer

sure thing.  Something like this will address your needs:

when HTTP_REQUEST { 
   if { [IP::addr [IP::client_addr]/24 equals "192.168.1.0"] } { 
     pool internal 
   } else { pool external } 
 }

If you have ranges of internal addresses, you can configure a datagroup and match against that.  Welcome to the forums!

nick_67035 · Answer

Citizen_Elah 
&nbsp;  
&nbsp; Thanks for the help with this.  So, if I use the datagroup and create a list of the internal IP's, would the logic go some thing like: 
&nbsp;  
&nbsp; If client address=datagroup then send to pool 1 else send to pool 2 
&nbsp;  
&nbsp; Just want to make sure I get it right.   
&nbsp;  
&nbsp; Thanks

colin_walker_12 · Answer

Yes, that's exactly the logic in elah's iRule.  If the IP matches the string (or the data group if you replaced the static string with a data group), then send to pool "internal". Otherwise, send to pool "external". 
&nbsp;  
&nbsp; Colin

nick_67035 · Answer

Awesome...let me test it out and will let you know how it works.  I appreciate the help guys.

nick_67035 · Answer

Hey Guys 
&nbsp;  
&nbsp; This worked...had to do some tweaking to get it working, but everything is running.  Thanks for the help with this.  Here is the final code I used. 
&nbsp;  
&nbsp; when HTTP_REQUEST { if { [matchclass [IP::client_addr] equals $::CLASS] } { pool Internal } else { pool External } } 
&nbsp;  
&nbsp; Thanks

Forum Discussion

Client Source routing to virtual servers/pools

6 Replies

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

New Virtual Server Pool, Self IP and routing configuration

pool members can't connect to another Virtual Server

IPv6 Virtual Server to IPv4 pools translation

Virtual server and pool configuration disappear...

How to get Virtual servers associated with a specific SNAT pool