Use pool members as source address?

Question

I apologize if this is trivial, however, my GoogleFu has failed me.
I am attempting to use a pool as the source of a connection to a vserver to load balance across multiple nodes in multiple pools.. Example below:
Pool1 10.0.0.1 10.0.0.3 10.0.0.4
Pool2 10.0.0.2 10.0.0.5 10.0.0.8
PoolA 10.0.1.1 10.0.1.3 10.0.1.4
PoolB 10.0.1.2 10.0.1.5 10.0.1.8
Logic: 
when CLIENT_ACCEPTED {
    if source_addr = Pool1 where all pool1 members are checked
     pool PoolA
    if source_addr = Pool2 where all pool2 members are checked
     pool PoolB
`

Otherwise I was thinking about just normal programming logic:

` for mypool in listOfPools
     for member in mypool
         if source_addr == member.ipaddr
               pool $mypool

Is there a better way to do this? I'm sure there is something I've missed...
Thanks for your help!

ronald_van_der_ · Answer

Could you explain a bit more what you are trying to accomplish. Setting the source IP-adress of the poolmember and loadbalancing to that member (or other member) would introduce quite some issues on L2. In other words, I don't think this would work at all, even if you get the iRule right.&nbsp;
Please explain why you need this and what you want to solve?&nbsp;

ronald_van_der3 · Answer

Could you explain a bit more what you are trying to accomplish. Setting the source IP-adress of the poolmember and loadbalancing to that member (or other member) would introduce quite some issues on L2. In other words, I don't think this would work at all, even if you get the iRule right.&nbsp;
Please explain why you need this and what you want to solve?&nbsp;

ekim9190_208428 · Answer

I'm not setting anything, I'm simply attempting look at the client's ip address and check if its part of a 'list' or a pool. This is a customer's requirements based on antiquated business rules/logic. Their data flow has many load balancing points based on how they validate data and once it is in their network it has to follow a very strict path. Rudimentary visual follows:

Internet client -&gt; vip1:1234 -&gt; dataflow1_step1_pool -&gt; vip2:4321 -&gt; dataflow1_step2_pool
                          vip1:2134 -&gt; dataflow2_step1_pool -&gt; vip2:4321 -&gt; dataflow2_step2_pool

and so on... So at the second load balancing point everything gets sent to the same vserver and i need a clean way of defining where the traffic should be sent. It should be noted that the client is unable to change their infrastructure and the way they operate. The goal is to make the f5 do the hard work.

The point of this is for simplified management/administration. I can easily do this is with a datagroup or globally defined list, however, pool members can change daily and having to change the pool member and then verify the datagroups are properly reflected introduces complexity. I will not be maintaining this, the customers will.

ekim9190_208428 · Answer

I'm not setting anything, I'm simply attempting look at the client's ip address and check if its part of a 'list' or a pool. This is a customer's requirements based on antiquated business rules/logic. Their data flow has many load balancing points based on how they validate data and once it is in their network it has to follow a very strict path. Rudimentary visual follows:

Internet client -&gt; vip1:1234 -&gt; dataflow1_step1_pool -&gt; vip2:4321 -&gt; dataflow1_step2_pool
                          vip1:2134 -&gt; dataflow2_step1_pool -&gt; vip2:4321 -&gt; dataflow2_step2_pool

and so on... So at the second load balancing point everything gets sent to the same vserver and i need a clean way of defining where the traffic should be sent. It should be noted that the client is unable to change their infrastructure and the way they operate. The goal is to make the f5 do the hard work.

The point of this is for simplified management/administration. I can easily do this is with a datagroup or globally defined list, however, pool members can change daily and having to change the pool member and then verify the datagroups are properly reflected introduces complexity. I will not be maintaining this, the customers will.

Forum Discussion

Use pool members as source address?

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Related Content

The Power of Source Address

source address persistence maximum session timeout

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

How to rewrite the source IP address to an URL

CSV to Address External Datagroup File