Hi Hawary,
you may use the iRule below on your
IP-Forwarding
Virtual Server, to overwrite the SNAT and Nexthop-IP based on the availability of the Def-GW for ISP1.
- If ISP1 is available it will route traffic from Network 1 to ISP1
- If ISP1 is available it will route traffic from Network 2 to ISP2
- If ISP1 is offline it will route traffic from Network 1 to ISP2
- If ISP1 is offline it will reject traffic from Network 2
Note: You don't have to care if ISP2 is offline - simply try to send traffic to ISP2 as gateway of last resort and see what happens. If ISP2 is down the traffic will be dropped anyway...
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] 10.10.10.0/24] } then {
Section for Network 1
if { [active_members GW_ISP_1_POOL] > 0 } then {
ISP 1 is online. Use VS default settings and local routing table.
} else {
ISP 1 is offline. Setting SNAT IP and Nexthop (aka. routing table overwrite) to ISP2
snat 222.222.222.10 ; Your IP for ISP2
nexthop 222.222.222.1 ; Def-GW of ISP2
}
} elseif { [IP::addr [IP::client_addr] 10.20.20.0/24] } then {
Section for Network 2
if { [active_members GW_ISP_1_POOL] > 0 } then {
ISP 1 is online. Setting SNAT IP and Nexthop (aka. routing table overwrite) to ISP2
snat 222.222.222.10 ; Your IP for ISP2
nexthop 222.222.222.1 ; Def-GW of ISP2
} else {
ISP 1 is offline. Reject access for Network 2.
reject
}
} else {
Undefined traffic will use VS default settings...
}
}
Note: If you utilize the IP-Forwarding
Virtual Server for internal communication too, then define some additional exceptions for your internal destination IPs (e.g. RFC1918 IPs) at the top of the script, so that the snat
/ nexthop
overwrites will have no effect on those connections.
Cheers, Kai