Forum Discussion

nkroon1's avatar
nkroon1
Icon for Cirrus rankCirrus
Sep 25, 2019

iRule to redirect pool based on header and ignoring SNAT

I'm currently trying to setup an iRule where when a user comes in and the header has iPhone in it, they are redirected to a different pool.

I'm able to confirm my iRule is functional, however the phone will still time out. After looking at TCPDumps and Connection logs, I'm able to see it was trying to use a weird IP, which I found to be a SNAT IP.

After further looking, I found in my VIP a iRule that does the following...

when RULE_INIT {
  set static::snat_ips_CAS x.x.x.x

It creates about 6 SNAT's, and the last one is the one i'm using being used.

I'm unable to delete this iRule in the VIP as its needed for our exchange setup, however it seems to be conflicting with my other irule in the same VIP to redirect users.

I've tried adding in my irule event disable all and snat none but that doesn't seem to make a difference.

Im also unable to direct traffic coming in for phones to a different VIP.

Anyone have any ideas or suggestions?

application delivery
iRules
LTM

2 Replies

Sort By
  • cjunior's avatar
    cjunior
    Icon for Nacreous rankNacreous
    Nov 14, 2019

    Hello, this is not clear to me so maybe I go wrong here.

    Is not a case to you decrease event priority to be executed late and disable snat when condition has reached?

    when HTTP_REQUEST priority 900 {
    if { condition is true } {
        snat none
    }
}

    Best regards.

  • Islam_Nadim1's avatar
    Islam_Nadim1
    Icon for Cirrus rankCirrus
    Nov 15, 2019

    Hello,

    The first question I might ask is, which header field? Keep in mind that iRule is case insensitive .. So, you can try something like this adding it after the closure tag for the "when RULE_INIT":

    when HTTP_REQUEST
{
	if ( tolower [HTTP::header <header_name>] contains "iphone" ) {
		snat none
		pool <Your_Destination_pool>
	}
}

    Give it a try and inform me if it works with you.