iRule to match IP subnet in a routing domain

Question

I need an iRule that matches a network subnet that is also a routing domain. In human terms, I need to match this:
10.15.115.0%1/24
Currently I am using this code and it works, but I want to be more precise:
&nbsp;
if {[IP::client_addr] contains "10.15.115."}
&nbsp;
I was not able to get this to work:
&nbsp;
if {[class match [IP::client_addr] equals "10.15.115.0%1/24"]}
&nbsp;
If I use "log local0." to write the client IP address to the log, I definitely see the %1 after the client IP addresses so I know I have the correct routing domain.
Any ideas?
Also, a small additional question: This same iRule is enabling setting "snat automap" or "snat none" based on the client IP. Do I also need to set the pool (or any other things) in the iRule, if the pool is already configured in the virtual server? The pool is the same regardless of the client IP so I don't need to change it. I'd like to leave the pool out of the iRule so I can use the same iRule with other virtual servers.

kai_wilke · Answer

Hi Ken,
you may try this syntax...
&nbsp;
if { [IP::addr [getfield [IP::client_addr] "%" 1] equals 10.15.115.0/24 ] } then {
    match    
} else {
    no match    
}

&nbsp;
Note1: The [class] command have to be used in combination with datagroups only.
Note2: Both the [IP::addr] and [class] commands requiring to strip the route domain to work.
Note3: Your current code is performance wise the best choice for /8, /16 or /24 subnets.
Note4: Coding on a iPhone doesnt make fun at all. So please bear with me if the code has some syntax errors... 😉
Cheers, Kai

kai_wilke · Answer

Hi Ken,
Its not a shame to have a non-SNAT scenario. Well, its far better (but more complex) than auto-natting everything... 😉
A customer of mine is using the iRule below to intelligently [snat] traffic depending on the source and destination of the connections...
&nbsp;
when LB_SELECTED {
    if { [IP::addr [getfield [IP::client_addr] "%" "1"]/16 equals [getfield [LB::server addr] "%" "1"]/16] } then {
        snatpool Live_Global_SNAT_Pool 
    } 
}

&nbsp;
Note: Responding in a new answer, to enable code high lighting....
Cheers, Kai

Forum Discussion

iRule to match IP subnet in a routing domain

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

FQDN nodes in non-default route domains

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

How to find route domain OID

Using Client Subnet in DNS Requests

Enriching AFM with public domain Threat Intelligence