Forum Discussion
2 Replies
- Leonardo_SouzaCirrocumulus
Sorry, my initial answer was for another questions.
Not sure if with advanced routing module (ZebOS) you can do policy-based routing, anyway that requires addon license. However, looks like you can do that easily with iRules, but I never tested the nexthop command.
These solutions together should allow you to write the irule for your requirement.
https://devcentral.f5.com/wiki/irules.ip__client_addr.ashx
https://devcentral.f5.com/wiki/iRules.nexthop.ashx
Hi Greatme6,
to selectively forward certain destination IPs to a different external interface you could simply use additional Routing-Table-Entries in combination with AUTO-SNAT.
And to selectively forward certain source IPs or even a combination of source/destination IPs through a different external interface, you could implement an iRule that will look at the ingress source/destination IP combinations and then dynamically overwrite the
andnexthop
configuration of the ongoing TCP connection to match the required settings of the Other-ISP. Using this approach is 100% comparable with PBR configurations...snat
Example iRule
when CLIENT_ACCEPTED { if { ( [IP::addr [IP::client_addr] equals 10.0.0.0/8] ) or ( [IP::addr [IP::local_addr] equals 123.123.124.0/24] ) } then { log local0. " -- Forwarding to Other-ISP with SNAT IP 212.212.212.2 -- " snat 212.212.212.2 nexthop 212.212.212.1 } elseif { [IP::addr [IP::client_addr] equals 10.10.10.0/24] } then { log local0. " -- Forwarding to Other-ISP with SNAT IP 212.212.212.3 -- " snat 212.212.212.3 nexthop 212.212.212.1 } else { log local0. " -- Forwarding traffic according to local routing table with default AUTO-SNAT / SNAT-Pool settings -- " } }
Note:
is the source IP and[IP::client_addr]
is the remote IP.[IP::local_addr]
Cheers, Kai