How can i create an iRule for one VIP with multiple service ports.

Question

For a clean look I would like to create an iRule for one VIP with 8 specific service ports.  (Not a range)&nbsp;

samir_jha_52506 · Accepted Answer

It's possible but you need to set VIP destination port to 0. And write irule to allow defined port and block rest of the service.
Below irule might help...
&nbsp;
    when CLIENT_ACCEPTED {
       if { [TCP::local_port] == 5540 } {
        pool test_PROD_pool1
        } elseif { [TCP::local_port] == 5580 } {
        pool test_PROD_pool2
        } else {
            reject
    }
}

&nbsp;
Cheers...
&nbsp;

kderrough_26121 · Answer

Will this syntax be correct?  With the VIP destiation set to 0?&nbsp;
when CLIENT_ACCEPTED {
 if {([TCP::local_port] == 443 )} { pool pool_443 }
 if {([TCP::local_port] == 5554 )} { pool pool_5443 }
 if {([TCP::local_port] == 8080 )} { pool pool_8080 }
 if {([TCP::local_port] == 4900 )} { pool pool_4900 }
 if {([TCP::local_port] == 4889 )} { pool pool_4889 }
 if {([TCP::local_port] == 8081 )} { pool pool_8081 }
 if {([TCP::local_port] == 7301 )} { pool pool_7301 }
 if {([TCP::local_port] == 7302 )} { pool pool_7302 }
 if {([TCP::local_port] == 7788 )} { pool pool_7788 }
 if {([TCP::local_port] == 7799 )} { pool pool_7799 }
 if {([TCP::local_port] == 9851 )} { pool pool_9851 }
 if {([TCP::local_port] == 9788 )} { pool pool_9788 }
 else reject }&nbsp;

kderrough_26121 · Answer

Thanks for the info&nbsp;

samir_jha_52506 · Answer

You can try with this code:
    when CLIENT_ACCEPTED {
     if {([TCP::local_port] == 443 )} { pool pool_443 } 
    elseif {([TCP::local_port] == 5554 )} { pool pool_5443 }    
    elseif {([TCP::local_port] == 8080 )} { pool pool_8080 }
    elseif {([TCP::local_port] == 4900 )} { pool pool_4900 }
    elseif {([TCP::local_port] == 4889 )} { pool pool_4889 }
    elseif {([TCP::local_port] == 8081 )} { pool pool_8081 }
    elseif {([TCP::local_port] == 7301 )} { pool pool_7301 }
    elseif {([TCP::local_port] == 7302 )} { pool pool_7302 }
    elseif {([TCP::local_port] == 7788 )} { pool pool_7788 }
    elseif {([TCP::local_port] == 7799 )} { pool pool_7799 }
    elseif {([TCP::local_port] == 9851 )} { pool pool_9851 }
    elseif {([TCP::local_port] == 9788 )} { pool pool_9788 }
    else { reject }
 }

$1  * use a data group containing pool name as value. You can add as many port in datagroup...
        ltm data-group internal DG_TCP { 
        records { 
        443 {pool_443} 
        5554 {pool_5554} 
        8080 {Pool_8080}
        4900 {pool_4900}
        4889 {pool_4889}
        xxxx {pool_xxx}
             } 
        type string 
        }

when CLIENT_ACCEPTED {
        if {[set pool [class match -value [TCP::local_port] equals "DG_TCP"]] ne ""} {
         pool $pool
        } else {
            reject
        }
    }

cheers...

kderrough_26121 · Answer

That's clever, but because adding and subtracting pool want change i'll use the first iRule suggested.  Thanks for the prompt input.&nbsp;

rob_carr · Answer

For the number of comparisons you are making, you really should look into the 'switch' structure.¬†

Forum Discussion

How can i create an iRule for one VIP with multiple service ports.

6 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

unable create service case in my.f5.com

Create a DevCentral account

Per-app failover for Kubernetes-based services using F5 Distributed Cloud Services

Service discovery and registration with BIG-IP

Manage F5 BIG-IP FAST with Terraform (Part 1 - Create multiple HTTP applications in the same tenant)