NimbostratusMultiple Service Ports on a Single VS
Hey guys,
I've seen a few articles on this already, but am really new to the F5's and am looking for additional clarification. We looking at load balancing an application that uses the following ports:
1001010012 1001310014 1001510016 1001810019 1002010021 1002410025 1002610027 1012910130 1013210133 1013610137 10141
I want to spin each of these separate services up on a single VS so I can use a single IP (separate Pools for each service). I know I can use the following (below this paragraph), but I'd like to find a way to create some type of list that can be checked instead of checking these for every connection such as if { [class match [TCP::local_port] equals service-port-range] } I'm not sure how using the service-port-range list works in the F5's or where I would specify the actual list.
when CLIENT_ACCEPTED {
Check if requested port is outside our App's Port ranges
if { [TCP::client_port] not 10010 or [TCP::client_port] not 10012 or [TCP::client_port] not 10013 or [TCP::client_port] not 10014 or [TCP::client_port] not 10015 or [TCP::client_port] not 10016 or [TCP::client_port] not 10018 or [TCP::client_port] not 10019 or [TCP::client_port] not 10020 or [TCP::client_port] not 10021 or [TCP::client_port] not 10024 or [TCP::client_port] not 10025 or [TCP::client_port] not 10026 or [TCP::client_port] not 10027 or [TCP::client_port] not 10129 or [TCP::client_port] not 10130 or [TCP::client_port] not 10132 or [TCP::client_port] not 10133 or [TCP::client_port] not 10136 or [TCP::client_port] not 10137 or [TCP::client_port] not 10141}{
Drop request
drop
}
Thanks for all the help guys!
You would create 'service-port-range' as a string type data group under Local Traffic -> iRules -> Data Group List. Populate the data group with your port objects.
Then use the iRule to reference it and reject anything not in the list:
when CLIENT_ACCEPTED { if { ! [class match [TCP::local_port] equals service-port-range] } { reject } }
