Forum Discussion

jwhitene's avatar
jwhitene
Icon for Nimbostratus rankNimbostratus
Feb 02, 2017

iRule to check if request comes from any node, any pool, or from list of pools or nodes.

Right now I have an iRule that does this: when CLIENT_ACCEPTED { Check if the client IP address is a node in the VIP's default pool if {[matchclass [IP::client_addr] equals [active_nodes -list [LB::server pool]]]}{

  log local0. "SNAT'ing for [IP::client_addr], member of pool [LB::server pool]"
  snat automap

} else { log local0. "NO SNAT [IP::client_addr]" } }

But I am getting ready to apply new iRules to that virtual server, that will redirect to other pools based on /someURL.

My problem, is that those other pools are not triggering the above iRule. They are not considered part of that virtual server. I assume because they are not the default pool.

Is there a way to just say something like:

when client_accept, if request comes from any node in any pool, then do x else do y

Or use a datagroup or something to say: when client_accept, if request comes from this list of nodes or pools do x else do y

application delivery
BIG-IP
iRules

2 Replies

Sort By
  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Feb 02, 2017

    You can use a datagroup with the IP addresses and match on it but this doesn't scale well.

     

    If you know that the node/pool member exist on a specific network, you can match on the network in order to execute the iRule.

     

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Feb 03, 2017

    Hi jwhitene,

    I'm using the iRule below to selectively enable SNAT for connection where the client and the pool member is hosted in the same subnet (via /CIDR mask). Its a much more universal approach which doesn't require any Data-Groups and 

    [active_node]
    queries...

    when LB_SELECTED {
    if { [IP::addr [getfield [IP::client_addr] "%" "1"]/24 equals [getfield [LB::server addr] "%" "1"]/24] } then {
        snat automap
    }   
}

    Cheers, Kai