Forum Discussion

Timi_343757's avatar
Timi_343757
Icon for Nimbostratus rankNimbostratus
Mar 09, 2018

How to create a dynamic datagroup list that can be referenced in irule

I need some assistance with creating an irule that will reference a datagroup list. The datagroup list entries will be dynamic (i.e. the IP addresses will be changing based on the DNS resolution of an external site - example microsoft).

 

This is my irule: when CLIENT_ACCEPTED { if { not [class match [IP::client_addr] equals List_of_microsoft_servers_Datagroup]}{ reject } }

 

I am not sure of how to make List_of_microsoft_servers_Datagroup a dynamic list. Under the group the options that I have are just static addresses, there is no way to add a fqdn? Please assist.

 

1 Reply

  • If your intent is to have one or more FQDN you specify in a datagroup automatically resolve to their respective IP addresses, then I am afraid that is not possible. First of all, an IP address type datagroup must contain an IP address or IP address range as the key portion of the "key := value" pair. (The "value" portion is optional.) It cannot contain text such as an FQDN. (A string type datagroup could be used for a list of FQDN, but they will not be automatically resolved.) However, you can use an IP address type datagroup and dynamically update its contents using an external source, such as a TMSH script or iControl program that runs periodically. An iRule can only read a datagroup; it cannot modify the contents. (Read more about datagroups here.)

     

    You might look at the RESOLV::lookup command which provides a way to dynamically obtain the IP address(es) of an FQDN at run-time. However, I would use extreme caution with this approach, as the iRule will repeat the lookup for each connection, and that can quickly consume resources and impact performance, especially if you need to resolve more than one FQDN or if traffic volumes are high.