IP addresses List

Question

Hi guys, &nbsp;
&nbsp;I have GTM 1600 running BIGIP-10.2.0.1707.0.iso , and i want to add IRule for DNS redirect. I have many IP addresses and I want to build a list to be used in the example below instead of adding a line for each IP. Any idea?? &nbsp;
&nbsp;when DNS_REQUEST { 
&nbsp;if {[IP::addr [IP::client_addr]/24 equals  10.1.1.0] \
&nbsp;or [IP::addr [IP::client_addr]/24 equals  10.1.2.0] \
&nbsp;or [IP::addr [IP::client_addr]/24 equals  10.1.3.0] \
&nbsp;or [IP::addr [IP::client_addr]/24 equals  10.1.4.0]} {
&nbsp;cname "example1.com"} else { 
&nbsp;cname "example2.com"}
&nbsp;}&nbsp;
&nbsp;I tried :
&nbsp;class address_list {
&nbsp;host 10.1.1.0
&nbsp;host 10.1.2.0
&nbsp;}
&nbsp;but i get errors: 
&nbsp;01070151:3: Rule [CNAME-REDIRECT-1] error: 
&nbsp;line 1: [undefined procedure: class] [class address_list {&nbsp;
&nbsp;Thanks&nbsp;

hooleylist · Answer

Unfortunately GTM doesn't currently support datagroups so multiple IP::addr checks are necessary.  You could open a case with F5 Support to request this feature.  If there's an existing RFE ID, they'll add your request to it.  If not, they can create one for you. 
&nbsp;  
&nbsp; Aaron

wassim · Answer

Hi Aaron,  
&nbsp;  
&nbsp; I find that  I can go around it by creating topology record "CGNO" from the GUI [Global Traffic ›› Topology : Regions]  and add all IPs to it. Then I use the "matchregion" in my irule as the following:  
&nbsp;  
&nbsp; when DNS_REQUEST { 
&nbsp;   if { [matchregion ldns CGNO]}{ 
&nbsp;       host 1.1.1.1 
&nbsp;       log local2. "**** Request from [IP::client_addr]****" 
&nbsp;  
&nbsp;       } 
&nbsp;   else { host 2.2.2.2 
&nbsp;          log local2. "****Request from [IP::client_addr] ****" 
&nbsp; } 
&nbsp; } 
&nbsp;  
&nbsp; I think using the "matchregion" in this example makes it easier to me and to my operation team to update subnets without touching the IRule.  
&nbsp;  
&nbsp; matchregion page: http://devcentral.f5.com/wiki/default.aspx/iRules/matchregion.html 
&nbsp;  
&nbsp; Thanks 
&nbsp; -Wassim &nbsp;

hooleylist · Answer

Hi Wassim, 
&nbsp;  
&nbsp; That looks like a great solution.  Thanks for posting it. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

IP addresses List

3 Replies

Recent Discussions

Advise on setting up IRULE

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Related Content

SNAT IP address logging

Virtual address from address list is down after assignment to VS

Exception for GeoBlocked Country. Without Allow-Listing a specific IP

APM custom address space by client IP?

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header