Forum Discussion

CANSTAYN569's avatar
CANSTAYN569
Icon for Nimbostratus rankNimbostratus
Oct 13, 2016

GTM response according to source ip

Hi,

 

I have GTM configuration running properly. The devices can talk to each other, get update about the availability of pools.

 

I need to make another enhancement though. I need a configuration that it will answers the requests according to source ip address as well.

 

Here is how my irule looks :

 

when DNS_REQUEST { if { ( [active_members DC-DENEME] >= 1) } { if { ( [IP::addr [IP::client_addr] equals 192.168.5.1/32]) } { log local0. "dns query from local network: <[IP::client_addr]>" host 192.168.71.150 } elseif { [IP::addr[IP::client_addr] not equals 192.168.5.1/32] } { host 1.1.1.1 } } elseif { [active_members DR-DENEME] >= 1 } { host 10.0.71.150 } }

 

My algorithm is like this : If DC is active calculate the source ip address and respond accordingly. Else its always 10.0.71.150

 

I have seen under /var/log/gtm :

 

Oct 13 14:58:12 dcf51 err tmm[10396]: 011a7001:3: TCL error: Rule /Common/DC-DENEME_IRULE - invalid command name "IP::addr192.168.5.199" while executing "IP::addr[IP::client_addr] not equals 192.168.5.1/32"

 

My clients ip address is 192.168.5.199. I thought IP::addr was irrelevant and removed that.

 

Then i receive that error :

 

Oct 13 15:07:14 dcf51 err tmm1[10396]: 011a7001:3: TCL error: Rule /Common/DC-DENEME_IRULE - invalid command name "192.168.5.199" while executing "[IP::client_addr] equals 192.168.5.1/32"

 

So its all about the syntax of this if condition: What am i doing wrong?

 

if { ( [IP::addr [IP::client_addr] equals 192.168.5.1/32]) }

 

Kind regards

 

application delivery
BIG-IP DNS

3 Replies

Sort By
  • CANSTAYN569's avatar
    CANSTAYN569
    Icon for Nimbostratus rankNimbostratus
    Oct 13, 2016

    when DNS_REQUEST {

    if { ( [active_members DC-DENEME] >= 1) } {

    if {  ( [IP::addr [IP::client_addr] equals 192.168.5.1/32]) } {

    log local0. "dns query from local network: <[IP::client_addr]>"

        host 192.168.71.150

} elseif { [IP::addr[IP::client_addr] not equals 192.168.5.1/32] } {

host 1.1.1.1

}

    } elseif { [active_members DR-DENEME] >= 1 } {

        host 10.0.71.150

}

    }

  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Oct 15, 2016

    GTM sees the IP of the LDNS server that is making the DNS query and not the original client IP. Just wanted to make sure you remember this as it is easy to confuse between LTM & GTM client IP address.

     

  • CANSTAYN569's avatar
    CANSTAYN569
    Icon for Nimbostratus rankNimbostratus
    Nov 22, 2016

    Hi folks,

    found my answer, here is the irule working properly and most of you can provide

    What this basically do is, checks the pool members availability on both Datacenters and if there is less number than desired on primary dc, it returns the ip address of the Disaster web server. If there are enough members on DC then it gives the client dns response according to the client is whether LAN or WAN user. :

    when DNS_REQUEST {

    if { ( [active_members DC-ITTEST] >= 1) } {

    if { [IP::addr [IP::client_addr]/16 equals 192.169.0.0] } {

                              host 10.1.10.2

    log local0 LAN USER

               } else {

    log local0 WAN USER

               host 4.4.4.4
           }

    } elseif { [active_members DR-ITTEST] >= 1 } {

        host 3.3.3.3

}

    }