Forum Discussion

Marc_64323's avatar
Marc_64323
Icon for Nimbostratus rankNimbostratus
Oct 03, 2013

Need help debugging an iRule to route to a specific pool memeber based on source ip

Hello,

 

I am trying to create an iRule that does source based routing to specific pool members. I have found a few examples online that I based the below code off of. My iRule is not working. What seems to be the issue is the "member memberIP port" portion of the code that comes after the pool designation. If I remove that, it works fine in that it does route to the pool, just not a specific member (the virtual server does not have a default pool). Also based on observing the logging, the logic of the conditionals works, as the correct source ips attempt to route to the correct destination ips, somehow, I just can't get them to connect to a specific pool member. I have also tried this without specifying the ports of the pool members, that also fails. Incidentally, I also tried using switch statement logic and will probably go back to it, as I know it is a more efficient way to handle this; however, I ran into the same issue where the inclusion of the "member" syntax and related arguments cause the execution to fail. Any ideas would be appreciated.

 

when CLIENT_ACCEPTED {

set myPort 
set myPool ""
set destination1 ""
set destination2 ""
set destination3 ""
set destination4 ""

  if { [IP::client_addr] contains "" }{
     log local0. "IP = [IP::client_addr] attempted to connect to " 
     pool $myPool member $destination1 $myPort

     } elseif { 
     [IP::client_addr] contains "" }{
     log local0. "IP = [IP::client_addr] attempted to connect to " 
     pool $myPool member $destination2 $myPort

     } elseif { 
     [IP::client_addr] contains "" }{
     log local0. "IP = [IP::client_addr] attempted to connect to " 
     pool $myPool member $destination3 $myPort

     } elseif { 
     [IP::client_addr] contains "source4>" }{
     log local0. "IP = [IP::client_addr] attempted to connect to " 
     pool $myPool member $destination4 $myPort

     } else { 
     log local0. "IP = [IP::client_addr] attempted to connect to default location"
     pool $myPool member $destination1 $myPort}

                   }

5 Replies

  • Are the pool members you're trying to send traffic to by chance disabled? Or have failed monitors? Just out of curiosity, what happens if you replace the variables with static values. Example:

    pool local-pool member 10.70.0.1 80
    
  • I just tested this on 11.3, so something else must be going on. Can you, as a test, simply try this:

    when CLIENT_ACCEPTED {
        pool local-pool member 10.70.0.1 80
    }
    

    **changing pool name, member IP and port to reflect your local environment. Does this work? For all pool members?

  • Okay, so just to level set, the VIP and pool are in the same partition. And using the above test rule, without the partition path, it does not work? Do you see any LTM log errors?

     

  • I´m using a data group as follows to map source IPs to nodes:

     tmsh list ltm data-group internal dg_source_node
    ltm data-group internal dg_source_node {
        records {
            10.133.133.101/32 {
                data 10.131.131.101
            }
            10.133.133.102/32 {
                data 10.131.131.102
            }
            10.133.133.103/32 {
                data 10.131.131.103
            }
        }
        type ip
    }
    

    The iRule looks as follows:

    when CLIENT_ACCEPTED {
        pool pool_web member [class match -value [IP::client_addr] eq dg_source_node] 80
    }